Snort mailing list archives

Previous By Date Next
Previous By Thread Next

ACID v0.9.6b24, spp_portscan2 and spp_portscan

From: "Richard Pesce" <RPesce () co amador ca us>
Date: Tue, 13 Jan 2004 10:47:01 -0800
ACID v0.9.6b24 and snort 2.06 on red-hat 9 and NO patches :)

spp_ portscan(2) was showing up in acid, however not within the
acid_stat_common.php page. they were lumped under the TCP and UDP bar's
and stats. In order for "fix" this I made these changes:

file:acid_common.php
search for: (rawurlencode("spp_portscan")).
replace with: (rawurlencode("%_portscan%")).

file: acid_stat_common.php
search for: "WHERE sig_name LIKE '%spp_portscan%'");
replace with: "WHERE sig_name LIKE '%_portscan%'");
search for: "WHERE signature LIKE 'spp_portscan%'");
replace with: "WHERE signature LIKE '%_portscan%'");

For some reason the spp_portscan(2) was showing up as spp\_portscan(2)
and thus breaking the acid portscan functionality.

I hope this helps with all those notorious "Acid not displaying
portscans" help requests.

rpesce () co amador ca us


-------------------------------------------------------
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: