Snort mailing list archives
RE: Strange..
From: "Briggs, Bruce" <Bruce.Briggs () suny edu>
Date: Fri, 18 Mar 2005 19:20:50 -0500
Can't help with your 1st question. For the lookups- in acid_conf.php change: "snort" => array("http://www.snort.org/snort-db/sid.html?sid=", ""), to: "snort" => array("http://www.snort.org/pub-bin/sigs.cgi?sid=", ""), Bruce _____ From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Marc Hering Sent: Friday, March 18, 2005 5:06 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Strange.. Hey, Ever since they shut down the direct snort lookup from ACID my life has sucked.... Anyway, I am getting LOTS of these errors. (spp_stream4) possible EVASIVE RST detection Are they normal *(We are an ASP, so people hit our database via the website all day long)* and if so where would this rule be soI can comment it out? Thanks! (Also how can I fix the ACID rule lookup?) Thaks Marc Hering Manager of Network Operations Reval 100 Broadway 22nd Floor New York, NY 10005 Direct: 212-901-9710 Fax: 212-901-9797 www.reval.com <http://www.reval.com/>
Current thread:
- Strange.. Marc Hering (Mar 18)
- <Possible follow-ups>
- RE: Strange.. Briggs, Bruce (Mar 18)