Snort mailing list archives
Re: Incorrect SID 108
From: Todd Wease <twease () sourcefire com>
Date: Tue, 31 Oct 2006 09:51:36 -0500
On Tue, 2006-10-31 at 09:34 +0900, Ian Masters wrote:
When I click on the 'Snort' link for '(snort_decoder) Unknown Datagram decoding problem!' I get information about BACKDOOR QAZ Worm Client Login access. The SID is 108. Surely this isn't right. Regards Ian Masters
What version of Snort are you using and what web interface are you using? Both alerts have the same SID; however, they each have a different generator id (GID). It sounds like whatever web interface you are using is not taking the GID into account when creating the link. Todd ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Incorrect SID 108 Ian Masters (Oct 30)
- Re: Incorrect SID 108 Todd Wease (Oct 31)
- Re: Incorrect SID 108 Ian Masters (Oct 31)
- Re: Incorrect SID 108 Todd Wease (Oct 31)
- Re: Incorrect SID 108 Brian (Nov 01)
- Re: Incorrect SID 108 Ian Masters (Oct 31)
- Re: Incorrect SID 108 Todd Wease (Oct 31)