PacketFence - BTS - PacketFence 1.6.2 | |||||
| View Issue Details | |||||
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0000024 | PacketFence 1.6.2 | public | 2006-05-03 12:44 | 2006-05-06 16:46 | |
| Reporter | user4 | ||||
| Assigned To | |||||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Platform | OS | OS Version | |||
| Summary | 0000024: violations.conf and snort rule IDs not matching up ? | ||||
| Description | In violations.conf we have for example: [2001219] desc=SSH Scan priority=6 url=/content/scanning disable=N auto_enable=N trigger=Detect::2001919 On the other hand, in snort/bleeding-all.rules the corresponding rule #alert tcp $EXTERNAL_NET any -> $HOME_NET 25 (msg: "BLEEDING-EDGE VIRUS - Greeting card gif.exe email incoming SMTP"; flow: established,to_server; content:"postcard.gif.exe"; nocase; classtype: trojan-activity; reference:url,securityresponse.symantec.com/avcenter/venc/data/vbs.postcard@mm.html; sid: 2001919; rev:3; ) is commented out and does not check for a ssh scan | ||||
| Steps To Reproduce | |||||
| Additional Information | |||||
| Tags | No tags attached. | ||||
| Relationships | |||||
| Attached Files | |||||
| Issue History | |||||
| Date Modified | Username | Field | Change | ||
| 2006-05-03 12:44 | user4 | New Issue | |||
| 2006-05-03 12:44 | user4 | Note Added: 0000030 | |||
| 2006-05-03 12:56 | user4 | Note Added: 0000031 | |||
| 2006-05-06 16:26 | kevmcs | Note Added: 0000047 | |||
| 2006-05-06 16:46 | kevmcs | Status | new => closed | ||
| 2006-05-06 16:46 | kevmcs | Note Added: 0000050 | |||
| 2006-05-06 16:46 | kevmcs | Resolution | open => fixed | ||
| Notes | |||||
|
|
|||||
|
|
||||
|
|
|||||
|
|
||||
|
|
|||||
|
|
||||
|
|
|||||
|
|
||||