OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq Archives: SHADOW and Y2K Problems

SHADOW and Y2K Problems

Subject: SHADOW and Y2K Problems
From: Bill Ralph (wralphNSWC.NAVY.MIL)
Date: Tue Jan 04 2000 - 07:41:20 CST

Version 1.6 of the SHADOW intrusion detection system passed through 1/1/00
with no problems. Those with earlier versions had a problem on their
sensors. Our suggestion is to fetch the latest version of SHADOW (Version
1.6) from http://www.nswc.navy.mil/ISSEC/CID/shadowForm.html and install it.

For the short term, line 22 in start_logger.pl of pre-1.6 versions reads:

$tmp = sprintf("%02d%02d%02d%02d", T[5],T[4]+1,T[3],T[2]);

Change it to:

$tmp = strftime("%y%m%d%H", T);

This should keep your SHADOW system functioning until you upgrade to Version
1.6. As a by-product of that upgrade, you will get other worthwhile
improvements:

       Multiple day pattern search.
       Improved sensor scripts.
       Ability to run simultaneous tcpdumps with differing parameter files.
       Improvement in stopping previously started tcpdump.
       Raw data file names now use 4-digit year.
       Automatic archival of Incident Reports.
       Automatic generation of incident report number.
       Removal of obsolete accessories from package.
       Searching improved with abort button.
       New graphics and colors.
       NMAP button included in tool window.
       Four digit years throughout all scripts with backward compatibility.

---------------------------------------
 ___ _ _ _ ___ _ _
| . ><_>| || | | . \ ___ | | ___ | |_
| . \| || || | | /<_> || || . \| . |
|___/|_||_||_| |_\_\<___||_|| _/|_|_|
Member of NSWC SHADOW Team |_|
wralphnswc.navy.mil - (540)653-5593
---------------------------------------

This archive was generated by hypermail 2b27 : Tue Jan 04 2000 - 15:06:58 CST