Snort mailing list archives

Snort

From: frank.bussink () ch novartis com
Date: Tue, 25 Sep 2001 17:05:20 +0200

Using: snort-1.8.1-RELEASE

When a special attempt occurs ( this is a simulation case of a client
surfing a Nimda infected web site)
Snort produce an error, and corrupts the consistency of my MySQL database.

Error Message : database: Unable to insert the alert reference into the DB


Rule in web-misc.rule
...
alert tcp $EXTERNAL_NET 80 -> $HOME_NET any (msg:"WEB-MISC readme.eml autoload attempt"; flags:A+; 
content:"window.open(\"readme.eml\""; nocase;
classtype:attempted-user; sid:1290; rev:3; reference:url,www.cert.org/advisories/CA-2001-26.html;)
...

help !!!! Can anybody guide me ?

     Frank Bussink



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

SNORT Mel Chandler PMI (Aug 14)
- Re: SNORT Erek Adams (Aug 14)
- Re: SNORT Phil Wood (Aug 15)
  - Re: SNORT Brian Caswell (Aug 15)
- <Possible follow-ups>
- RE: SNORT Dan Fiorito (Aug 14)
- RE: SNORT Dr SuSE (Aug 14)
- Snort frank . bussink (Sep 25)
- Re: Snort roman (Sep 25)
  - Win32 Snort Dies jmad (Sep 25)