Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Tagging and Acid

From: Andreas Hasenack <andreas () conectiva com br>
Date: Tue, 21 May 2002 15:52:26 -0300
I've been using tagging and noticed that Acid can't figure out
the signature name of the tagged packets.

For example, the /etc/passwd rule has a tag to count two packets
in the session. This generates three alerts, but Acid only sees
the first one as "web-misc /etc/passwd", the other two get the
"(123)Unknown Sig Name" name, probably because snort doesn't
supply the signature name for tagged packets.

Any workaround for that? This with snort-1.8.6 and acid-0.9.6b21.


_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: