OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: [Snort-users] Signature Lookup Confusion

From: Ian Bowers (iggdawggmail.com)
Date: Tue May 07 2013 - 12:33:48 CDT

See this link

http://manual.snort.org/node18.html

for a list of preprocessor gen IDs and their meanings.

On Tue, May 7, 2013 at 1:24 PM, Josh Bitto <jbittoonlineschool.ca> wrote:

> I'm having a bit of a problem fully grasping how to search up rules that
> have been fired.....
>
> 2013-05-07T10:14:05-07:00 firewall snort[62223]: [120:8:1] (http_inspect)
> INVALID CONTENT-LENGTH OR CHUNK SIZE [Classification: Unknown Traffic]
> [Priority: 3] {TCP} 209.97.200.53:32459 -> 216.178.47.38:80
>
>
> Ok so what I understand from the log is that rule 120 fired. Either I need
> some caffeine or it's a horrible Tuesday for me to comprehend this, but I'm
> just not getting it. The instructions on how to search for the group id and
> the sid for some reason are not sticking. Can someone dumb this down for
> me....I'm gonna run out and get a pop and hopefully come back to someone
> who has awesomely helped me out.
>
>
> Basically I want to be able to search for explanations on whatever event
> happens so I can determine if I need to take action or not.
>
>
>
> Josh
>
>
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and
> their applications. This 200-page book is written by three acclaimed
> leaders in the field. The early access version is available now.
> Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
> _______________________________________________
> Snort-users mailing list
> Snort-userslists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and
their applications. This 200-page book is written by three acclaimed
leaders in the field. The early access version is available now.
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may

_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!