OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Bob Tanner (tannerreal-time.com)
Date: Tue Mar 06 2001 - 14:15:15 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    I upgraded to 01-Mar-2001 rules and it broke the IDS url inside of ACID reports.
    Looking at my old rules I see entries like this:

    alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"IDS017 - RPC -
    portmap-request-cmsd"; content:"|01 86 E4 00 00|";offset:40;depth:8;)

    The same rule in the new rule set:

    alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request cmsd";
    content:"|01 86 E4 00 00|";offset:40;depth:8; reference:arachnids,17;)

    I see the reference to arachnids,17, is it just ACID does not understand the new
    rule sets? 

    -- 
Bob Tanner <tannerreal-time.com>       | Phone : (952)943-8700
http://www.mn-linux.org                 | Fax   : (952)943-8500
Key fingerprint = 02E0 2734 A1A1 DBA1 0E15  623D 0036 7327 93D9 7DA3

    -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org

    iD8DBQE6pUVTADZzJ5PZfaMRAmB6AJ9dxrMrdq0nstXXDrkJO3/45IZf+gCfVVri 3CWDSLPLCHV8Bqt1eXIDyQs= =8L5S -----END PGP SIGNATURE-----

    _______________________________________________ Snort-users mailing list Snort-userslists.sourceforge.net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users