Snort mailing list archives

RE: Strange..

From: "Briggs, Bruce" <Bruce.Briggs () suny edu>
Date: Fri, 18 Mar 2005 19:20:50 -0500

Can't help with your 1st question.
 
 
For the lookups- in acid_conf.php change:
"snort" => array("http://www.snort.org/snort-db/sid.html?sid=";, ""), 
to:
"snort" => array("http://www.snort.org/pub-bin/sigs.cgi?sid=";, ""),
 
Bruce

  _____  

From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Marc
Hering
Sent: Friday, March 18, 2005 5:06 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Strange..


Hey, Ever since they shut down the direct snort lookup from ACID my life
has sucked....  Anyway, I am getting LOTS of these errors.
(spp_stream4) possible EVASIVE RST detection
 
Are they normal *(We are an ASP, so people hit our database via the
website all day long)*  and if so where would this rule be soI can
comment it out?
 
Thanks!
 
 
(Also how can I fix the ACID rule lookup?)
 
Thaks
 
Marc Hering
Manager of Network Operations
Reval
100 Broadway 22nd Floor
New York, NY 10005
Direct: 212-901-9710
Fax: 212-901-9797
www.reval.com <http://www.reval.com/>

Current thread:

Strange.. Marc Hering (Mar 18)
- <Possible follow-ups>
- RE: Strange.. Briggs, Bruce (Mar 18)