Hosting Provided By

[Snort-users] Re: Problem with web-iis rules

From: Yan Zhai <yzhai(at)unity.ncsu.edu>
Date: Sat Oct 11 2003 - 15:34:51 EDT

I actually had the http decoder on, I deleted it accidentally when posting the configuration here (while deleting all the comments).

The attacks are real attacks instead of a packet containing those patterns.

I tried different ways to make the 2.0.2 detect the attacks, including turning on/off stream4 and removing the flow:established in the rule file. But when I finally went back to the 1.9.1, which used to detect those attacks in an experiment several months ago, the snort can detect my attacks again. I don't know what caused the problem, but I think I will use the 1.9.1 in the later experiments for this time.

BTW, is there any option that I can use to make the snort output the unformatted timestamps(the long int format) instead of the formatted ones?

This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php

Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users Received on Sat Oct 11 16:17:34 2003

This message: [ Message body ]
Next message: Yan Zhai: "RE: [Snort-users] Problem with web-iis rules"
Previous message: Jeff Nathan: "Re: [Snort-users] Visual Intrusion Analyzer Bugs, feedback, and a little background."

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 11:57:14 EDT