Snort Alert [3:16408:0] <- Incorrect Name

  • kryptikET

    kryptikET - 2010-07-26

    Just updated to Snort 2.8.6, Base 1.4.5.  Use oinkmaster to update signatures, use to create sidmap and barnyard to upload from sensors to base mysql db.

    Barnyard called w/
    /usr/local/bin/barnyard -D -c /etc/snort/barnyard.conf -d /var/log/snort -s /etc/snort/ -g /etc/snort/ -p /etc/snort/classification.config -w /etc/snort/barnyard.bookmark -n -X /var/run/ -f snort_unified.log

    ~$ grep 16408 /etc/snort/
    16408 || DOS Microsoft Windows TCP SACK invalid range denial of service attempt || url, || cve,2010-0242

    Even though the sids are defined in and barnyard is pointing to in its start up, base is still showing:
    Snort Alert  attempted-dos  as the alert name.

    Does anyone have any ideas?

  • Will Urbanski

    Will Urbanski - 2010-07-28

    Hi! Please check your `alerts` table in the database to ensure that the signature name is being populated there by BY. I suspect that BY is not correctly reading the


Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks