Snort mailing list archives
Re: How to search for SID?
From: Joel Esler <jesler () sourcefire com>
Date: Fri, 16 Apr 2010 09:49:03 -0400
Use grep. Take the message that you see below and search through the snort rules files for the message using grep. -- Sent from my iPad AIM: eslerjoel On Apr 15, 2010, at 11:21 PM, "Chong Lee Poh" <Chong.LeePoh () allianz com my> wrote:
Hi,
My Snort report tool (SnortALog) generated info such as "WEB-MISC SSLv3
invalid data version attempt {tcp}", without showing the SID.
I do not have the SID, but I would like to find out if this alert
relevant to me. Is there a web site that I can key in the alert to look
for SID or explanation of the alert?
I use "http://www.snortid.com/"; to look for description when I have the
SID. However, for alert without SID, where can I obtain further
information?
Please assist!! Many thanks in advance.
Regards,
Chong
This e-mail and any attachments therewith are intended only for the use of the address. This e-mail may contain
confidential and privileged information. Any unauthorized use, copying or disclosure of information contained in
this e-mail or its attachments is strictly prohibited and may be unlawful. If you have received this e-mail in error,
please contact the sender via return e-mail and delete this e-mail and attachments thereafter. Any confidentiality or
privilege is not waived or lost because this e-mail has been sent to you by mistake. Any liability for viruses is
excluded to the fullest extent permitted by law.
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
Current thread:
- Re: Sourcefire VRT Certified Snort Rules Update2010-04-13, (continued)
- Re: Sourcefire VRT Certified Snort Rules Update2010-04-13 evilghost () packetmail net (Apr 14)
- Re: Sourcefire VRT Certified Snort Rules Update2010-04-13 Nigel Houghton (Apr 14)
- Re: Sourcefire VRT Certified Snort RulesUpdate2010-04-13 evilghost () packetmail net (Apr 14)
- Re: Sourcefire VRT Certified Snort Rules Update2010-04-13 Jeff Nathan (Apr 14)
- Re: Sourcefire VRT Certified Snort Rules Update2010-04-13 evilghost () packetmail net (Apr 14)
- Re: Sourcefire VRT Certified Snort Rules Update2010-04-13 Jeff Nathan (Apr 14)
- Re: Sourcefire VRT Certified Snort Rules Update2010-04-13 evilghost () packetmail net (Apr 14)
- Message not available
- Re: Sourcefire VRT Certified Snort Rules Update2010-04-13 evilghost () packetmail net (Apr 14)
- How to search for SID? Chong Lee Poh (Apr 15)
- Re: How to search for SID? Rodrigo Montoro(Sp0oKeR) (Apr 16)
- Re: How to search for SID? Joel Esler (Apr 16)
- SSLv2 alerts Chong Lee Poh (Jun 02)
- Re: Sourcefire VRT Certified Snort Rules Update2010-04-13 Nigel Houghton (Apr 14)
- Re: Sourcefire VRT Certified Snort Rules Update2010-04-13 evilghost () packetmail net (Apr 14)
- Re: Sourcefire VRT Certified Snort Rules Update2010-04-13 chris . kniseley (Apr 14)
- Re: Sourcefire VRT Certified Snort Rules Update2010-04-13 infosec posts (Apr 14)
- Re: Sourcefire VRT Certified Snort Rules Update2010-04-13 evilghost () packetmail net (Apr 14)