Snort mailing list archives
Re: Snort 2.1.0, getting mixed up signatures.
From: Jason Haar <Jason.Haar () trimble co nz>
Date: Mon, 9 Feb 2004 12:41:02 +1300
On Tue, Jan 20, 2004 at 12:14:00PM +0100, Patrik Astrom wrote:
I noticed today that Snort seems to be mixing up signatures, below you will find a example from my alerts log. [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] 01/09-16:34:45.969351 212.160.185.194:53 -> 62.xx.xx.xx:0 ... Clearly the first example is NOT a MS-SQL Worm, is there a known issue with Snort mixing up signatures ?, I would be most grateful for any hints or suggestions you might have.
I think this is an old bug I reported ages ago ("Definite corruption of addresses in Snort 2.02 alert" ; Message-ID: <20030929030424.GA20830 () trimble co nz>). i.e. I too have had snort claim to see things that just didn't happen. Has this issue being verified? -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort 2.1.0, getting mixed up signatures. Patrik Astrom (Jan 20)
- Re: Snort 2.1.0, getting mixed up signatures. Jason Haar (Feb 08)
- Re: Snort 2.1.0, getting mixed up signatures. Erek Adams (Feb 09)
- Re: Snort 2.1.0, getting mixed up signatures. Skip Carter (Feb 09)
- Re: Snort 2.1.0, getting mixed up signatures. Jason Haar (Feb 08)