Snort mailing list archives
Re: Understanding SNORT ID 47649
From: wkitty42--- via Snort-sigs <snort-sigs () lists snort org>
Date: Wed, 3 Apr 2019 14:45:24 -0400
On 4/1/19 1:52 PM, Migell Roberts wrote:
reference:cve,2018-11776;reference:url,cwiki.apache.org/confluence/display/WW/S2-057;
see those two reference lines above? look up the CVE and visit the cwiki site link...
aside from that, looking at the rule will tell you what the matches are for the rule... if the traffic made it to your server, the server logs should tell you exactly what was being looked for...
the only other thing i can think of is to look at the snort.log.xxxxxxxxxxxx file containing the pcap of the traffic... the pcap will tell you what the server cannot if the traffic didn't make it that far...
-- NOTE: No off-list assistance is given without prior approval. *Please keep mailing list traffic on the list unless* *a signed and pre-paid contract is in effect with us.* _______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Understanding SNORT ID 47649 Migell Roberts (Apr 03)
- Re: Understanding SNORT ID 47649 wkitty42--- via Snort-sigs (Apr 03)
- Re: Understanding SNORT ID 47649 Alex McDonnell (Apr 03)
- Re: Understanding SNORT ID 47649 wkitty42--- via Snort-sigs (Apr 03)