Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: is acid 0.9.6b22 missing reference for url sigs ?

From: jay.archibald () L-3com com
Date: Mon, 2 Dec 2002 13:27:44 -0700
I have recently installed ACID 0.9.6b22 and have noticed the same problem.
The reference for 'URL', 'BUGTRAC', 'CVE', 'ARACHNIDS' show up, but there is
no link created to the actual reference, just text.  The interesting thing
though is that 'SNORT' references have links and work fine, but they are the
only reference with a link.

I have installed acid three times with the same results.

The following is copied from my "acid_conf.php" file:

/* Signature references */
$external_sig_link = array("bugtraq"   =>
array("http://www.securityfocus.com/bid/";, ""),
                           "snort"     =>
array("http://www.snort.org/snort-db/sid.html?sid=";, ""),
                           "cve"       =>
array("http://cve.mitre.org/cgi-bin/cvename.cgi?name=";, ""),
                           "arachnids" =>
array("http://www.whitehats.com/info/ids";, ""),
                           "mcafee"    =>
array("http://vil.nai.com/vil/content/v_";, ".htm"),
                           "icat"      =>
array("http://icat.nist.gov/icat.cfm?cvename=";, ""));

It appears that these links should be created, but again only the "snort"
links are the only ones being created.

If anyone can come up with a reason why, I am interested in a solution.  In
the meantime, I have found that I can go to SNORTCENTER and look up the rule
and get the link there.  It is just annoying to take those extra steps.

Regards

Jay Archibald




I just upgraded to acid 0.9.6b22 and noticed some nice things:



automatic snort sig refrences (thanks).



But I also noticed that it looks like 'url' refrences are missing.



I looked in an old version of acid_signature.inc and found it there, but
in the 0.9.6b22, I didn't find it.



Now when looking at acid detail, I see sigs for a lot of new things (snort
id, icat) but the reference for url us just 'url' with no link.



-- 
Michael Scheidell, CEO
SECNAP Network Security, LLC 
Sales: 866-SECNAPNET / (1-866-732-6276)
Main: 561-368-9561 / www.secnap.net
Looking for a career in Internet security?
http://www.secnap.net/employment/




-------------------------------------------------------
This SF.net email is sponsored by: Get the new Palm Tungsten T 
handheld. Power & Color in a compact size! 
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: