Snort mailing list archives
Re: Acid 0.9.6b6 Reference Links
From: roman () danyliw com
Date: Fri, 20 Jul 2001 15:48:42 US/Eastern
From my rules file "...(msg:"MISC Large ICMP Packet"; dsize: >800;reference:arachnids,246;)". So I should be seeing hyperlinks, right?
Indeed you should see hyperlinks. Update to ACID v0.9.6b9+ Roman
----- Original Message ----- From: <rdanyliw () voicenet com> To: "Brad T." <bthaler () webstream net> Cc: <snort-users () lists sourceforge net> Sent: Friday, July 20, 2001 10:35 AM Subject: Re: [Snort-users] Acid 0.9.6b6 Reference LinksFor example, when snort detects a "Large ICMP Packet", and puts it intothedatabase, Acid shows "MISC Large ICMP Packet" in the "signature" fieldofits output. Shouldn't this be a hyperlink to the corresponding entry inthearachnids database?Examine the specific rule "Large ICMP Packet" in the Snort rules file, do you see a corresponding "reference: arachnids, 123"? (the number is unimportant). I checked the default Snort-1.7 rule set and this particular rule did not come with a reference. Hence ACID cannot provide a link for it. If you do have a reference tag though, then this confirms that ACID is broken, which if memory serves, there was a bug in reference support at some point in the past. I recommend upgrading to a mimimum of b9 to fix this issue. Roman----- Original Message ----- From: <roman () danyliw com> To: "Brad T." <bthaler () webstream net> Cc: <snort-users () lists sourceforge net> Sent: Friday, July 20, 2001 10:03 AM Subject: Re: [Snort-users] Acid 0.9.6b6 Reference LinksI can't figure out why I'm not able to use the whitehats.comreferencehyperlinks that acid is supposed to generate. I'm no PHP programmerbyanymeans, but I can see the code that is supposed to do this inacid_common.php(lines 379-391 and 414-418).Do you signatures look like "IDS/100 foo"?BTW, I've tried acid-0.9.6b12 and got a bunch of PHP errors, so Iwentbackto b6 for now.What were these errors? Roman--------------------------------------------- This message was sent using Voicenet WebMail. http://www.voicenet.com/webmail/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
---------------------------------------------
This message was sent using Voicenet WebMail.
http://www.voicenet.com/webmail/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Acid 0.9.6b6 Reference Links Brad T. (Jul 20)
- <Possible follow-ups>
- Re: Acid 0.9.6b6 Reference Links roman (Jul 20)
- Re: Acid 0.9.6b6 Reference Links Brad T. (Jul 20)
- Re: Acid 0.9.6b6 Reference Links rdanyliw (Jul 20)
- Re: Acid 0.9.6b6 Reference Links Brad T. (Jul 20)
- Re: Acid 0.9.6b6 Reference Links roman (Jul 20)
- Re: Acid 0.9.6b6 Reference Links Brad T. (Jul 20)
- Re: Acid 0.9.6b6 Reference Links roman (Jul 23)
- Re: Acid 0.9.6b6 Reference Links Brad T. (Jul 23)
- Re: Acid 0.9.6b6 Reference Links Brad T. (Jul 23)
- Re: Acid 0.9.6b6 Reference Links roman (Jul 24)
- Re: Acid 0.9.6b6 Reference Links roman (Jul 24)