|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Vadim Pushkin (wiskbroom
hotmail.com)Date: Wed May 08 2002 - 09:11:23 CDT
oldest first, click on the ">" next to timestamp
to reorder by most recent first.
Vadim
>From: John Sage <jsagefinchhaven.com>
>To: snort-userslists.sourceforge.net
>Subject: [Snort-users] ACID default sort order
>Date: Tue, 7 May 2002 11:55:16 -0700
>
>I tried asking this a week ago and got no response, so, being a
>glutton for punishment I'll ask again:
>
>What is the default sort order for ACID when displaying the very
>fundamental query: "Last 24 hours" "alerts" "listing"?
>
>In other words, show me all alerts for the last 24 hours.
>
>The sort order returned is not obvious, or rather there doesn't seem
>to be any:
>
>
>To: blahblahblahfoobar.com
>Subject: ACID Incident Report
>From: ACID Alert <acidfoobar.com>
>
>Generated by ACID v0.9.6b21 on Tue May 07, 2002 10:47:09
>
>#109-2| [2002-05-07 09:28:28] 12.243.218.140 -> 12.82.128.54 ICMP echo
>request
>
>This (above) is out of order by time and by sensor-id
>
>#109-8| [2002-05-07 10:19:41] 12.165.7.15:137 -> 12.82.128.54:137 UDP to
>137 netBIOS ns
>#109-7| [2002-05-07 10:19:41] 12.165.7.15:137 -> 12.82.128.54:137 UDP to
>137 netBIOS ns
>#109-6| [2002-05-07 10:19:39] 12.165.7.15:137 -> 12.82.128.54:137 UDP to
>137 netBIOS ns
>#109-5| [2002-05-07 10:19:10] 12.165.7.15:137 -> 12.82.128.54:137 UDP to
>137 netBIOS ns
>#109-4| [2002-05-07 10:19:07] 12.165.7.15:137 -> 12.82.128.54:137 UDP to
>137 netBIOS ns
>#109-3| [2002-05-07 10:19:04] 12.165.7.15:137 -> 12.82.128.54:137 UDP to
>137 netBIOS ns
>#109-1| [2002-05-07 09:11:33] 12.82.128.120:1065 -> 12.82.128.54:137 UDP
>to 137 netBIOS ns
>
>#108-14| [2002-05-07 07:26:15] 199.84.183.4:137 -> 12.82.129.79:137 UDP to
>137 netBIOS ns
>#108-13| [2002-05-07 07:26:14] 199.84.183.4:137 -> 12.82.129.79:137 UDP to
>137 netBIOS ns
>#108-12| [2002-05-07 07:26:12] 199.84.183.4:137 -> 12.82.129.79:137 UDP to
>137 netBIOS ns
>
>The above alerts are out-of-order relative to those above..
>
>#108-7| [2002-05-07 04:19:09] 12.82.129.235:1028 -> 12.82.129.79:137 UDP
>to 137 netBIOS ns
>#108-6| [2002-05-07 04:07:07] 12.165.7.15:137 -> 12.82.129.79:137 UDP to
>137 netBIOS ns
>#108-5| [2002-05-07 04:07:06] 12.165.7.15:137 -> 12.82.129.79:137 UDP to
>137 netBIOS ns
>#108-4| [2002-05-07 04:07:04] 12.165.7.15:137 -> 12.82.129.79:137 UDP to
>137 netBIOS ns
>#108-3| [2002-05-07 04:06:43] 12.165.7.15:137 -> 12.82.129.79:137 UDP to
>137 netBIOS ns
>#108-2| [2002-05-07 04:06:42] 12.165.7.15:137 -> 12.82.129.79:137 UDP to
>137 netBIOS ns
>#108-1| [2002-05-07 04:06:40] 12.165.7.15:137 -> 12.82.129.79:137 UDP to
>137 netBIOS ns
>
>#108-11| [2002-05-07 05:26:55] 65.117.191.10:55742 -> 12.82.129.79:111 TCP
>to 111 sunrpc
>#108-10| [2002-05-07 05:26:52] 65.117.191.10:55742 -> 12.82.129.79:111 TCP
>to 111 sunrpc
>
>The above alerts are out-of-order..
>
>#108-9| [2002-05-07 04:55:18] 148.235.14.185:32263 -> 12.82.129.79:80 TCP
>to 80 http
>#108-8| [2002-05-07 04:55:12] 148.235.14.185:32263 -> 12.82.129.79:80 TCP
>to 80 http
>
>The above alerts are out-of-order..
>
>#107-3| [2002-05-06 22:07:37] 217.136.191.9 -> 12.82.131.37 ICMP echo
>request
>
>#107-4| [2002-05-06 22:51:34] 131.183.60.105:4659 -> 12.82.131.37:1433 TCP
>to 1433 MS MySQL server
>
>blah blah blah...
>
>#107-2| [2002-05-06 16:44:24] 12.245.236.184:4630 -> 12.82.131.37:80 TCP
>to 80 http
>#107-1| [2002-05-06 16:44:21] 12.245.236.184:4630 -> 12.82.131.37:80 TCP
>to 80 http
>
>#106-1| [2002-05-06 11:29:25] 12.82.131.207:1238 -> 12.82.131.64:137 UDP
>to 137 netBIOS ns
>#106-2| [2002-05-06 12:42:44] 166.114.114.2:3937 -> 12.82.131.64:53 TCP to
>53 domain
>
>and blah blah blah..
>
>
>
>Is the sensor-id pair not a primary key, or in fact any key whatsoever?
>
>Is the date-time not a primary key, or in fact any key whatsoever?
>
>Again, at the risk of repetition, what should be the primary sort
>order for this very fundamental query?
>
>
>- John
>--
>In those days, you could not buy a $2000 200MHz Pentium server.
>
>PGP key http://www.finchhaven.com/pages/gpg_pubkey.html
>Fingerprint FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5
>
>_______________________________________________________________
>
>Have big pipes? SourceForge.net is looking for download mirrors. We supply
>the hardware. You get the recognition. Email Us: bandwidthsourceforge.net
>_______________________________________________
>Snort-users mailing list
>Snort-userslists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users
_________________________________________________________________
MSN Photos is the easiest way to share and print your photos:
http://photos.msn.com/support/worldwide.aspx
_______________________________________________________________
Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidthsourceforge.net
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]