Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: RE: arachNIDS, CVE, bugtraq

From: Brian <bmc () snort org>
Date: Sat, 16 Nov 2002 17:01:26 -0500
On Fri, Nov 15, 2002 at 03:39:57PM -0500, L. Christopher Luther wrote:

I use the "-G url" command line parameter to cause Snort to reference the
ids back to the alert message.  I get output something like this:  

11/15/02-09:13:47.755531  [**] [1:1243:6] WEB-IIS ISAPI .ida attempt -
http://www.whitehats.com/info/IDS552 - http://www.securityfocus.com/bid/1065
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071 [**]
[Classification: Web Application Attack] [Priority: 1] {TCP}
200.196.105.83:4571 -> xxx.xxx.xxx.xxx:80

However, I don't know if this will work with ACID.  


FYI, We're removing the -G (G is for Ghetto) in the future.  Its a horrid
hack that I slung together.  Don't count on that feature being there in the
future.

-brian


-------------------------------------------------------
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: