Snort mailing list archives

RE: ACID errors

From: pbsarnac () ThoughtWorks com
Date: Tue, 25 Sep 2001 16:29:28 -0500


Looks like I didn't paste the full version number. I'm really on 0.9.6b13.
I'll try upgrading to b15.

Thanks!
pat s.



|--------+--------------------------------------->
|        |          Steve Halligan               |
|        |          <agent33 () geeksquad com>      |
|        |          Sent by:                     |
|        |          snort-users-admin@lists.sourc|
|        |          eforge.net                   |
|        |                                       |
|        |                                       |
|        |          09/25/2001 04:15 PM          |
|        |                                       |
|--------+--------------------------------------->
  >----------------------------------------------------------------------------------------------------|
  |                                                                                                    |
  |      To:     "'snort-users () lists sourceforge net'" <snort-users () lists sourceforge net>             |
  |      cc:                                                                                           |
  |      Subject:     RE: [Snort-users] ACID errors                                                    |
  >----------------------------------------------------------------------------------------------------|




If this is accurate and you are using ACID v0.9.6b1, you should upgrade to
a
newer version.  It is up to v0.9.6b16 in CVS and b15 in tarball.
-steve


Snort Version 1.8.1-RELEASE (Build 74)
ACID v0.9.6b1

These are the signatures (from the snort.sourcefire.com ruleset):
web-misc.rules:alert tcp $EXTERNAL_NET 80 -> $HOME_NET any
(msg:"WEB-MISC
readme.eml autoload attempt"; flags:A+; content:"window.open
(\"readme.eml\""; nocase; classtype:attempted-user; sid:1290; rev:3;
reference:url,www.cert.org/advisories/CA-2001-26.html;)
web-misc.rules:alert tcp $EXTERNAL_NET 80 -> $HOME_NET any
(msg:"WEB-MISC
readme.eml attempt"; flags:A+; uricontent:"readme.eml"; nocase;
classtype:attempted-user; sid:1284; rev:3;
reference:url,www.cert.org/advisories/CA-2001-26.html;)

Any help is greatly appreciated!

Thanks,
pat s.


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

RE: acid errors, (continued)
- RE: acid errors Steve Moran (Jul 16)
- Re: acid errors rdanyliw (Jul 16)
- acid errors Steve Moran (Aug 27)
  - General snort problem V. (Aug 27)
- RE: acid errors Steve Halligan (Aug 27)
- RE: acid errors Steve Moran (Aug 27)
- RE: acid errors roman (Aug 27)
- ACID errors pbsarnac (Sep 25)
- RE: ACID errors Karen Marino (Sep 25)
- RE: ACID errors Steve Halligan (Sep 25)
- RE: ACID errors pbsarnac (Sep 25)
- RE: ACID errors pbsarnac (Sep 25)
- RE: ACID errors pbsarnac (Sep 25)
- Re: ACID errors frank . bussink (Sep 26)
  - Re: ACID errors Mark Rowlands (Sep 26)
- Re: ACID errors pbsarnac (Sep 26)
- Re: ACID errors roman (Sep 26)