Snort mailing list archives
Re: Problem with web-iis rules
From: "Yan Zhai" <yzhai () unity ncsu edu>
Date: Sat, 11 Oct 2003 15:34:51 -0400 (EDT)
I actually had the http decoder on, I deleted it accidentally when posting the configuration here (while deleting all the comments). The attacks are real attacks instead of a packet containing those patterns. I tried different ways to make the 2.0.2 detect the attacks, including turning on/off stream4 and removing the flow:established in the rule file. But when I finally went back to the 1.9.1, which used to detect those attacks in an experiment several months ago, the snort can detect my attacks again. I don't know what caused the problem, but I think I will use the 1.9.1 in the later experiments for this time. BTW, is there any option that I can use to make the snort output the unformatted timestamps(the long int format) instead of the formatted ones? ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Problem with web-iis rules Yan Zhai (Oct 10)
- Re: Problem with web-iis rules Matt Kettler (Oct 10)
- Re: Problem with web-iis rules Erek Adams (Oct 10)
- Re: Problem with web-iis rules Josh Berry (Oct 10)
- Re: Problem with web-iis rules Josh Berry (Oct 10)
- <Possible follow-ups>
- RE: Problem with web-iis rules snort-ml (Oct 10)
- RE: Problem with web-iis rules Yan Zhai (Oct 11)
- Re: Problem with web-iis rules Yan Zhai (Oct 11)
- RE: Problem with web-iis rules Alex Alborzfard (Oct 13)