OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: romandanyliw.com
Date: Tue Mar 06 2001 - 01:02:47 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    This is correct. The DB schema does not currently support the "reference" item,
    hence why ACID has no conception of it.

    I do however remember seeing someone post the patch for the db plugin. Did
    I miss it when browsing through the archive?

    cheers,
    Roman

    >
    > --h3LYUU6HlUDSAOzy
    > Content-Type: text/plain; charset=us-ascii
    > Content-Disposition: inline
    > Content-Transfer-Encoding: quoted-printable
    >
    > I upgraded to 01-Mar-2001 rules and it broke the IDS url inside of ACID rep=
    > orts.
    > Looking at my old rules I see entries like this:
    >
    > alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"IDS017 - RPC -
    > portmap-request-cmsd"; content:"|01 86 E4 00 00|";offset:40;depth:8;)
    >
    > The same rule in the new rule set:
    >
    > alert udp $EXTERNAL_NET any -> $HOME_NET 111 (msg:"RPC portmap request cmsd=
    > ";
    > content:"|01 86 E4 00 00|";offset:40;depth:8; reference:arachnids,17;)
    >
    > I see the reference to arachnids,17, is it just ACID does not understand th=
    > e new
    > rule sets?
    >
    > --=20
    > Bob Tanner <tannerreal-time.com> | Phone : (952)943-8700
    > http://www.mn-linux.org | Fax : (952)943-8500
    > Key fingerprint =3D 02E0 2734 A1A1 DBA1 0E15 623D 0036 7327 93D9 7DA3
    >
    >
    > --h3LYUU6HlUDSAOzy
    > Content-Type: application/pgp-signature
    > Content-Disposition: inline
    >
    > -----BEGIN PGP SIGNATURE-----
    > Version: GnuPG v1.0.4 (GNU/Linux)
    > Comment: For info see http://www.gnupg.org
    >
    > iD8DBQE6pUVTADZzJ5PZfaMRAmB6AJ9dxrMrdq0nstXXDrkJO3/45IZf+gCfVVri
    > 3CWDSLPLCHV8Bqt1eXIDyQs=
    > =8L5S
    > -----END PGP SIGNATURE-----
    >
    > --h3LYUU6HlUDSAOzy--
    >
    > _______________________________________________
    > Snort-users mailing list
    > Snort-userslists.sourceforge.net
    > Go to this URL to change user options or unsubscribe:
    > http://lists.sourceforge.net/lists/listinfo/snort-users
    >

    ---------------------------------------------
    This message was sent using Voicenet WebMail.
          http://www.voicenet.com/webmail/

    _______________________________________________
    Snort-users mailing list
    Snort-userslists.sourceforge.net
    Go to this URL to change user options or unsubscribe:
    http://lists.sourceforge.net/lists/listinfo/snort-users