Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Origin 'Snort Alert' value in signature.sig_name field?

From: Robert Craig <robert.craig () alcatel com>
Date: Wed, 28 Jan 2004 14:22:02 -0600
mysql> select sig_id, sig_name from signature order by 1;

sig_id | sig_name

193 | CHAT AIM login                                          
194 | Yahoo Messenger - User Login                         
196 | NETBIOS SMB IPC$ share access (unicode)            
197 | IMAP authenticate literal overflow attempt           
198 | IMAP login literal buffer overflow attempt             
212 | MISC MS Terminal server request                        
221 | "Outgoing FTP PUT                                      
223 | Snort Alert [116:55:0]                                 
224 | Snort Alert [116:54:0]         


What is the origin of these 'Snort Alert' values?  Why
isn't the proper name of the alert being entered into the
table?  I wouldn't care if it didn't show up in ACID.

Hope someone else has seen this!  Thanks!


-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: