UDP Alerts

["Frank Reid" <fcreid () ourcorner org>]

I suspected there was a differing definition for "authentication" being used
during the discussion!

On an unrelated note, is anyone (everyone) seeing streaming media sources
(Akamai, RealMedia, AOL and others) trigger the "BAD-TRAFFIC udp port 0"
alert?  I have to disable that alert manually on each update as a result.
Is there ever a case where one must watch this traffic for surreptitious
activity?

Frank

-----Original Message-----
From: Saad Kadhi [mailto:bsdguy () docisland org]
Sent: Sunday, January 13, 2002 8:18 AM
To: Frank Reid
Cc: Snort Users; kamesh_rajaram () sify com
Subject: RE: [Snort-users] Patch for ACID....!!


On Sun, 2002-01-13 at 14:01, Frank Reid wrote:
> It could be a useful feature to have both an "anonymous" and
"administrator"
> (authenticated) mode on ACID.  The anonymous user would be allowed to
> search/display alerts, graph data, etc., but not delete, archive, etc.  In
> fact, it would be great to support granular accounts in both ACID and
> Demarc, probably associated with specified database criteria such as the
> alert type, address space, etc.  So, if "User X" is associated with
address
> 1.2.3.0/24 and has non-administrative permissions (no delete), "User X" is
> only able to query within those bounds after authenticating.  "User Y" is
a
> website administrator, so he only has non-administrative permissions for
> 1.2.3.4/32 and only for alerts WEB-IIS, WEB-MISC, etc.
Now I got the picture. I thought it was just a need to authenticate
access to the acid subdir. My sincere apologies to kamesh for such a
misunderstanding.

Regards.



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users