Snort mailing list archives

Previous By Date Next
Previous By Thread Next

ACID portscan log parsing (0.9.6b21)

From: Robby <rdesmond () els ucsb edu>
Date: Tue, 06 Aug 2002 17:47:42 -0700
Dunno if this is improved already in another version of ACID, but since I'm no PHP whiz, I gotta ask:
why does the ereg function in the portscan.log parsing section of ACID (acid_stat_ipaddr.php -> PrintPortscanEvents($db,$ip) ) match not only xxx.xxx.xxx.10 but also xxx.xxx.xxx.10x (initial 3 dot triplets are the same, but final is similar, but is 100 or 101 etc.) when I ask for the porscan events on xxx.xxx.xxx.10/32? 

It makes for excessively long tables when requesting portscan events.

Am I asking the wrong people?
-Robby


Robert Desmond
Systems Administrator
UCSB Extended Learning Services
805-893-4906



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: