Snort mailing list archives
Re: Stopping repeats in Snort/Acid
From: Wynn Fenwick <wfenwick () FHLSim com>
Date: Mon, 07 Jan 2002 18:25:11 -0500
This is kludgey but avoids .htaccess and SSL. We use SSH into the management console running Apache, then ssh forward port localhost:80 to the remote machine. A local /etc/hosts entry for 127.0.0.1 may be required if the web server redirects to a fully qualified domain name, which will force the browser to use the real addressrather than the tunnel. Make sure the web server only listens to localhost and voila you have some access control on the ACID console... W snort-users-request () lists sourceforge net wrote:
Subject: Re: [Snort-users] Stopping repeats in Snort/Acid Date: Mon, 7 Jan 2002 03:34:24 +0000 (GMT) From: Mike Coles <bluelip () radserv phd-computers com> To: "Madziarczyk, Jonathan" <than () cityofevanston org> C: "'snort-users () lists sourceforge net'" <snort-users () lists sourceforge net>My question is this, I'm starting to get listings of people with"Kick-A$$P0rn" (this appears to be coming through from people getting htmlspammail...among other things ;-) When I look at ACID to get details on"K-A-P"I get more alerts from my machine to the ACID box. How do I keepthese frompopping up? By simply investigating 6 alerts in Acid, I cangeneratehundreds of additional alerts. What's my solution?My solution is more of a klidge, but I ssh into the demarc/acid box, export the display back to my own computer and run netscape. Netscape will get the demarc/acid page from localhost and not eth? and then send the display over to your own computer. Mike Coles
Current thread:
- Stopping repeats in Snort/Acid Madziarczyk, Jonathan (Jan 04)
- Re: Stopping repeats in Snort/Acid Andreas Hasenack (Jan 04)
- Re: Stopping repeats in Snort/Acid Mike Coles (Jan 06)
- Re: Stopping repeats in Snort/Acid Frank (Jan 06)
- <Possible follow-ups>
- Re: Stopping repeats in Snort/Acid Wynn Fenwick (Jan 07)