Snort mailing list archives
Re: ACID v0.9.6b24, spp_portscan2 and spp_portscan
From: "Richard Pesce" <RPesce () co amador ca us>
Date: Tue, 13 Jan 2004 11:46:32 -0800
It may be that the wildcards are causing high database utilization... How many alerts do you have? (approx) Were you experiencing the problem that I entended to "fix"?
"Michael Scheidell" <scheidell () blah net> 01/13/04 11:28AM >>>
makes the startup screen take 10 times as long.. ""Richard Pesce"" <RPesce () co amador ca us> wrote in message news:<s003ccba.020 () co amador ca us>...
ACID v0.9.6b24 and snort 2.06 on red-hat 9 and NO patches :) spp_ portscan(2) was showing up in acid, however not within the acid_stat_common.php page. they were lumped under the TCP and UDP
bar's
and stats. In order for "fix" this I made these changes: file:acid_common.php search for: (rawurlencode("spp_portscan")). replace with: (rawurlencode("%_portscan%")). file: acid_stat_common.php search for: "WHERE sig_name LIKE '%spp_portscan%'"); replace with: "WHERE sig_name LIKE '%_portscan%'"); search for: "WHERE signature LIKE 'spp_portscan%'"); replace with: "WHERE signature LIKE '%_portscan%'"); For some reason the spp_portscan(2) was showing up as
spp\_portscan(2)
and thus breaking the acid portscan functionality. I hope this helps with all those notorious "Acid not displaying portscans" help requests. rpesce () co amador ca us ------------------------------------------------------- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System
offering
advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ---
------------------------------------------------------- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: ACID v0.9.6b24, spp_portscan2 and spp_portscan Richard Pesce (Jan 13)
- <Possible follow-ups>
- Re: ACID v0.9.6b24, spp_portscan2 and spp_portscan Richard Pesce (Jan 13)
- Re: ACID v0.9.6b24, spp_portscan2 and spp_portscan Richard Pesce (Jan 13)