Snort mailing list archives
RE: ACID errors
From: pbsarnac () ThoughtWorks com
Date: Tue, 25 Sep 2001 16:29:28 -0500
Looks like I didn't paste the full version number. I'm really on 0.9.6b13. I'll try upgrading to b15. Thanks! pat s. |--------+---------------------------------------> | | Steve Halligan | | | <agent33 () geeksquad com> | | | Sent by: | | | snort-users-admin@lists.sourc| | | eforge.net | | | | | | | | | 09/25/2001 04:15 PM | | | | |--------+---------------------------------------> >----------------------------------------------------------------------------------------------------| | | | To: "'snort-users () lists sourceforge net'" <snort-users () lists sourceforge net> | | cc: | | Subject: RE: [Snort-users] ACID errors | >----------------------------------------------------------------------------------------------------| If this is accurate and you are using ACID v0.9.6b1, you should upgrade to a newer version. It is up to v0.9.6b16 in CVS and b15 in tarball. -steve
Snort Version 1.8.1-RELEASE (Build 74) ACID v0.9.6b1 These are the signatures (from the snort.sourcefire.com ruleset): web-misc.rules:alert tcp $EXTERNAL_NET 80 -> $HOME_NET any (msg:"WEB-MISC readme.eml autoload attempt"; flags:A+; content:"window.open (\"readme.eml\""; nocase; classtype:attempted-user; sid:1290; rev:3; reference:url,www.cert.org/advisories/CA-2001-26.html;) web-misc.rules:alert tcp $EXTERNAL_NET 80 -> $HOME_NET any (msg:"WEB-MISC readme.eml attempt"; flags:A+; uricontent:"readme.eml"; nocase; classtype:attempted-user; sid:1284; rev:3; reference:url,www.cert.org/advisories/CA-2001-26.html;) Any help is greatly appreciated! Thanks, pat s. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: acid errors, (continued)
- RE: acid errors Steve Moran (Jul 16)
- Re: acid errors rdanyliw (Jul 16)
- acid errors Steve Moran (Aug 27)
- General snort problem V. (Aug 27)
- RE: acid errors Steve Halligan (Aug 27)
- RE: acid errors Steve Moran (Aug 27)
- RE: acid errors roman (Aug 27)
- ACID errors pbsarnac (Sep 25)
- RE: ACID errors Karen Marino (Sep 25)
- RE: ACID errors Steve Halligan (Sep 25)
- RE: ACID errors pbsarnac (Sep 25)
- RE: ACID errors pbsarnac (Sep 25)
- RE: ACID errors pbsarnac (Sep 25)
- Re: ACID errors frank . bussink (Sep 26)
- Re: ACID errors Mark Rowlands (Sep 26)
- Re: ACID errors pbsarnac (Sep 26)
- Re: ACID errors roman (Sep 26)