Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Difference of results when proccessing pcap files

From: Roberto Suarez Soto <robe () alfa21 com>
Date: Wed, 13 Nov 2002 13:39:34 +0100
Hi,
        I have a nasty problem with snort. I have a snort in a remote
box, writing to pcap files as usual. When I get those pcap files and
proccess them again to put the data into a Postgres DB, the results are
slightly different.

        It only happens with Nimda related alerts. I believe that it's
because some of their patterns ("../.." and the like) could fit into
several alerts :-m

        Well, I don't know if I've made myself clear O:-) Has anyone
experienced something alike?

        Thanks in advance :-)

-- 
Roberto Suarez Soto                                     Alfa21 Outsourcing
    robe () alfa21 com                               http://www.alfa21.com


-------------------------------------------------------
This sf.net email is sponsored by: Are you worried about 
your web server security? Click here for a FREE Thawte 
Apache SSL Guide and answer your Apache SSL security 
needs: http://www.gothawte.com/rd523.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: