Snort mailing list archives

RE: BASE SID Lookup

From: "Briggs, Bruce" <Bruce.Briggs () suny edu>
Date: Wed, 06 Apr 2005 12:57:58 -0400

Yes, annoying isn't it.
 
Enter 119:4 to get the correct display.
http://www.snort.org/pub-bin/sigs.cgi?sid=119%3A4
 
You can find  http_inspect: BARE BYTE UNICODE ENCODING   in
Snort\rules\gen-msg.map
That tells you that the snort general alert and tag is 119 & 4 
 
Then you can read a description in 119-4.txt in    Snort\doc\signatures
or   enter  SID 119:4 on the Snort site.
 
Bruce

  _____  

From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Dominic
Sent: Wednesday, April 06, 2005 10:44 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] BASE SID Lookup



HI,

 

I have recently started using BASE1.1 for snort. I am having a problem
looking up the signature database from the snort webpage - I get "Sorry,
no such sid-gen" for a lot of the events logged (eg: BARE BYTE UNICODE
ENCODING which is SID=4) when I reference the snort site.

 

Thanks

Dominic.

Current thread:

BASE SID Lookup Dominic (Apr 06)
- <Possible follow-ups>
- RE: BASE SID Lookup Briggs, Bruce (Apr 06)