[Secureideas-base-devel] Signature display
Brought to you by:
secureideas,
sinukas
From: Christian S. <Chr...@ti...> - 2005-02-15 16:56:34
|
Security: Restricted Hi Could someone please explain to me why this happends (check picture)? mysql> select * from signature; +--------+-------------------------------------------------------------- -------------+--------------+--------------+---------+---------+ | sig_id | sig_name | sig_class_id | sig_priority | sig_rev | sig_sid | +--------+-------------------------------------------------------------- -------------+--------------+--------------+---------+---------+ | 1 | BLEEDING-EDGE SCAN NMAP -sA | 1 | 2 | 0 | 2000540 | | 2 | BLEEDING-EDGE SCAN NMAP -sA | 1 | 2 | 0 | 2000538 | | 3 | NETBIOS SMB-DS Trans2 FIND_FIRST2 response overflow attempt | 2 | 3 | 0 | 3145 | | 4 | tag: Tagged Packet | 0 | 3 | 0 | 1 | | 5 | NETBIOS SMB-DS DCERPC LSASS DsRolerUpgradeDownlevelServer exploit attempt | 3 | 1 | 0 | 2514 | | 6 | NETBIOS SMB Trans2 FIND_FIRST2 response overflow attempt | 2 | 3 | 0 | 3143 | | 7 | ATTACK-RESPONSES directory listing | 4 | 2 | 0 | 1292 | +--------+-------------------------------------------------------------- -------------+--------------+--------------+---------+---------+ 7 rows in set (0.00 sec) This problem i got on my fresh 1.0.2 install. [Feb 15 2005 17:56:15] /base/base_qry_main.php - db version ------------------------------------------------------------------------ -------- SELECT sid FROM sensor SELECT MAX(cid) FROM event WHERE sid=3D'1' SELECT MAX(cid) FROM acid_event WHERE sid=3D'1' SELECT acid_event.sid, acid_event.cid, signature, timestamp, acid_event.ip_src, acid_event.ip_dst, acid_event.ip_proto FROM acid_event WHERE 1 =3D 1 ORDER BY timestamp DESC SELECT layer4_sport, layer4_dport FROM acid_event WHERE sid=3D'1' AND cid=3D'18' SELECT layer4_sport, layer4_dport FROM acid_event WHERE sid=3D'1' AND cid=3D'17' SELECT layer4_sport, layer4_dport FROM acid_event WHERE sid=3D'1' AND cid=3D'16' SELECT layer4_sport, layer4_dport FROM acid_event WHERE sid=3D'1' AND cid=3D'15' SELECT layer4_sport, layer4_dport FROM acid_event WHERE sid=3D'1' AND cid=3D'14' SELECT layer4_sport, layer4_dport FROM acid_event WHERE sid=3D'1' AND cid=3D'13' SELECT layer4_sport, layer4_dport FROM acid_event WHERE sid=3D'1' AND cid=3D'12' SELECT layer4_sport, layer4_dport FROM acid_event WHERE sid=3D'1' AND cid=3D'11' SELECT layer4_sport, layer4_dport FROM acid_event WHERE sid=3D'1' AND cid=3D'10' SELECT layer4_sport, layer4_dport FROM acid_event WHERE sid=3D'1' AND cid=3D'9' SELECT layer4_sport, layer4_dport FROM acid_event WHERE sid=3D'1' AND cid=3D'8' SELECT layer4_sport, layer4_dport FROM acid_event WHERE sid=3D'1' AND cid=3D'7' SELECT layer4_sport, layer4_dport FROM acid_event WHERE sid=3D'1' AND cid=3D'6' SELECT layer4_sport, layer4_dport FROM acid_event WHERE sid=3D'1' AND cid=3D'5' SELECT layer4_sport, layer4_dport FROM acid_event WHERE sid=3D'1' AND cid=3D'4' Regards Christian Svensson |