Snort mailing list archives

RE: RE: arachNIDS, CVE, bugtraq

From: "L. Christopher Luther" <CLuther () Xybernaut com>
Date: Mon, 18 Nov 2002 11:59:14 -0500

Hack or not, it's been a useful feature when one is using IDScenter.  What,
if anything, will "-G" be replaced with???  

- Christopher


-----Original Message-----
From: Brian [mailto:bmc () snort org]
Sent: Saturday, November 16, 2002 5:01 PM
To: L. Christopher Luther
Cc: 'Jay Archibald'; 'snort-users () lists sourceforge net'
Subject: Re: [Snort-users] RE: arachNIDS, CVE, bugtraq


On Fri, Nov 15, 2002 at 03:39:57PM -0500, L. Christopher Luther wrote:

I use the "-G url" command line parameter to cause Snort to reference the
ids back to the alert message.  I get output something like this:  

11/15/02-09:13:47.755531  [**] [1:1243:6] WEB-IIS ISAPI .ida attempt -
http://www.whitehats.com/info/IDS552 -

http://www.securityfocus.com/bid/1065

- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0071 [**]
[Classification: Web Application Attack] [Priority: 1] {TCP}
200.196.105.83:4571 -> xxx.xxx.xxx.xxx:80

However, I don't know if this will work with ACID.


FYI, We're removing the -G (G is for Ghetto) in the future.  Its a horrid
hack that I slung together.  Don't count on that feature being there in the
future.

-brian

Current thread:

arachNIDS, CVE, bugtraq Jay Archibald (Nov 15)
- Re: arachNIDS, CVE, bugtraq Jens Krabbenhoeft (Nov 15)
- <Possible follow-ups>
- RE: arachNIDS, CVE, bugtraq L. Christopher Luther (Nov 15)
  - Re: RE: arachNIDS, CVE, bugtraq Brian (Nov 16)
- RE: RE: arachNIDS, CVE, bugtraq L. Christopher Luther (Nov 18)
  - Re: RE: arachNIDS, CVE, bugtraq Andrew R. Baker (Nov 19)
- RE: RE: arachNIDS, CVE, bugtraq L. Christopher Luther (Nov 20)