RE: PORN Virgin

["Clint Byrum" <cbyrum () spamaps org>]

McCammon, Keith said:
> Because someone likely tripped that rule by viewing a web page that
> matched that string.  Then, when you pull up a web page that reports
> the alert, it trips again, because the string is being passed to you.
> That's why you don't typically inspect your management interface.

To add a bit more to this... ACID allows a lot of control over your alerts
database. You really should be using something like SSL and Browser
Auth(such as basic auth, or even certificates) to secure it. Otherwise,
think of what a malicious person could do.
The main thing that comes to mind is, scan the network, then go in and
delete all the alerts from their host.
> > -----Original Message-----
> > From: Tony Wong [mailto:tony.wong () stanford edu]
> > Sent: Wednesday, August 28, 2002 4:03 PM
> > To: snort-users () lists sourceforge net
> > Subject: [Snort-users] PORN Virgin
> >
> >
> > Everytime I bring up ACID from my workstation browser. I see "PORN
> > Virgin" from my workstation to the IDS box which is also running ACID.
> >
> > Why is that?





-------------------------------------------------------
This sf.net email is sponsored by: Jabber - The world's fastest growing 
real-time communications platform! Don't just IM. Build it in! 
http://www.jabber.com/osdn/xim
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users