Re: Stopping repeats in Snort/Acid

[Wynn Fenwick <wfenwick () FHLSim com>]

This is kludgey but avoids .htaccess and SSL.

We use SSH into the management console running Apache, then ssh forward
port localhost:80 to the remote machine.

A local /etc/hosts entry for 127.0.0.1 may be required if the web server
redirects to a fully qualified domain name, which will force the browser
to use the real addressrather than the tunnel. Make sure the web server
only listens to localhost and voila you have some access control on the
ACID console...

W

snort-users-request () lists sourceforge net wrote:

> Subject: Re: [Snort-users] Stopping repeats in Snort/Acid
> Date: Mon, 7 Jan 2002 03:34:24 +0000 (GMT)
> From: Mike Coles <bluelip () radserv phd-computers com>
> To: "Madziarczyk, Jonathan" <than () cityofevanston org>
>
> C: "'snort-users () lists sourceforge net'" <snort-users () lists sourceforge net>
>
> > My question is this, I'm starting to get listings of people with
> "Kick-A$$
> > P0rn" (this appears to be coming through from people getting html
> spam
> > mail...among other things ;-)  When I look at ACID to get details on
> "K-A-P"
> > I get more alerts from my machine to the ACID box.  How do I keep
> these from
> > popping up?  By simply investigating 6 alerts in Acid, I can
> generate
> > hundreds of additional alerts.  What's my solution?
>
>
>         My solution is more of a klidge, but I ssh into the
> demarc/acid
> box, export the display back to my own computer and run netscape.
> Netscape
> will get the demarc/acid page from localhost and not eth? and then
> send the display over to your own computer.
>
> Mike Coles