Snort mailing list archives
Incorrect payload on acid alerts
From: <snortman () hotpop com>
Date: Tue, 9 Nov 2004 15:46:08 +0200
I have a snort version 2.1.0 installed a few month now and it worked fine. Alerts output is to mysql and acid. Recently I added a Microsoft sms server which createstons of alerts For example : WEB-MISC http directory traversal The problem is when I look at the payload I can see the beginning of the payload which was actually sent to the sms server and the rest completely different sessions (parts of email messages , part of telnet sessions) the alert is generated by the wrong part of the payload. Can anyone help me ?
Current thread:
- Incorrect payload on acid alerts snortman (Nov 09)
- Re: Incorrect payload on acid alerts Dirk Geschke (Nov 09)
- Re: Incorrect payload on acid alerts Alex Butcher, ISC/ISYS (Nov 09)
- <Possible follow-ups>
- RE: Incorrect payload on acid alerts Joshua Berry (Nov 09)
- Re: Incorrect payload on acid alerts Jason Haar (Nov 09)
- Re: Incorrect payload on acid alerts M. Shirk (Nov 10)
- Re: Incorrect payload on acid alerts Dirk Geschke (Nov 09)