Snort mailing list archives
RE: PORN Virgin
From: "Clint Byrum" <cbyrum () spamaps org>
Date: Wed, 28 Aug 2002 15:26:33 -0700 (PDT)
McCammon, Keith said:
Because someone likely tripped that rule by viewing a web page that matched that string. Then, when you pull up a web page that reports the alert, it trips again, because the string is being passed to you. That's why you don't typically inspect your management interface.
To add a bit more to this... ACID allows a lot of control over your alerts database. You really should be using something like SSL and Browser Auth(such as basic auth, or even certificates) to secure it. Otherwise, think of what a malicious person could do. The main thing that comes to mind is, scan the network, then go in and delete all the alerts from their host.
-----Original Message----- From: Tony Wong [mailto:tony.wong () stanford edu] Sent: Wednesday, August 28, 2002 4:03 PM To: snort-users () lists sourceforge net Subject: [Snort-users] PORN Virgin Everytime I bring up ACID from my workstation browser. I see "PORN Virgin" from my workstation to the IDS box which is also running ACID. Why is that?
------------------------------------------------------- This sf.net email is sponsored by: Jabber - The world's fastest growing real-time communications platform! Don't just IM. Build it in! http://www.jabber.com/osdn/xim _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- PORN Virgin Tony Wong (Aug 28)
- Re: PORN Virgin Phil Wood (Aug 28)
- Re: PORN Virgin Ian Macdonald (Sep 03)
- <Possible follow-ups>
- RE: PORN Virgin McCammon, Keith (Aug 28)
- RE: PORN Virgin Clint Byrum (Aug 28)
- RE: PORN Virgin Matthew Wagenknecht (Aug 29)
- Re: PORN Virgin Alexander Hoogerhuis (Aug 31)
- Re: PORN Virgin Phil Wood (Aug 28)