RE: Slammer Virus ruined my ACID and SNORT

["Maynard, Jeff S." <Jeff.Maynard () banctec com>]

Here is my source to convert IP address to int and back.  Not really fancy
but it does the job.  Just run the getaddress.php in your web browser with
the convertip.php in the same directory.
 
#file getaddress.php
<?
print "<form action='convertip.php' method='GET'>";
//session_unset();   // Unset session variables.
print "Long<input type='text' name='long'>IP Address<input type='text'
name='ip'
> ";
print "<input type='submit'>";
session_register('ip');
session_register('long');
?>

#file convertip.php
<?
if ($long) {
        $y = $long;
        $x = convert_ip($long);
} elseif ($ip) {
        $y = $ip;
        $x = acidIP2long($ip);
}
$ip = "";
$long = "";
print "Conversion completed from $y to $x<br>";
session_unset();   // Unset session variables.
session_destroy(); // End Session we created earlier.
 
function convert_ip($long_ip) {
 
   $tmp_IP = $long_ip;
   if ( $long_ip > 2147483647 )
   {
      $tmp_IP = 4294967296 -  $tmp_IP;
      $tmp_IP = $tmp_IP * (-1);
   }
 
   $tmp_IP = long2ip($tmp_IP);
   return $tmp_IP;
 
}
 
function acidIP2long($IP_str)
{
   $tmp_long = ip2long($IP_str);
   if ( $tmp_long < 0 )
      $tmp_long = 4294967296 - abs($tmp_long);
   return $tmp_long;
}
?>


-----Original Message-----
From: Andrade, Leonardo F. Buonsanti de (IT - Brasil)
[mailto:leoandrade () deloitte com br] 
Sent: Thursday, March 27, 2003 1:04 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Slammer Virus ruined my ACID and SNORT



Hi all,

 

This week one of the computers here got that slammer virus ( the one that
attacks SQL servers )...which made my ACID and SNORT go totally nuts and
generate more 300000 alerts...now when I try to load my ACID site, it takes
minutes!!! and I just can't delete all of the alerts at once...

Anyone has a good idea of how I can delete all these alerts ?

 

Thanks in advance,

 

Leonardo