[7.450][BUG][FIXED] Link in Snort notification leads to Error 404

Just received a number of (until now unexplainable) IPS alarms, I clicked the link for more information:

Intrusion Protection Alert



An intrusion has been detected. The packet has been dropped automatically.

You can toggle this rule between "drop" and "alert only" in WebAdmin.



Details about the intrusion alert:



Message........: SHELLCODE x86 inc ecx NOOP

Details........: www.snort.org/.../sigs.cgi

Time...........: 2009:06:09-18:41:55

Packet dropped.: yes

Priority.......: 1 (high)

Classification.: Executable code was detected IP protocol....: 6 (TCP)

But http://www.snort.org/pub-bin/sigs.cgi?sid=1394 does not exist!

Regards,
Bastian

Parents

0 Billybob over 16 years ago

Man you beat me to this... I have noticed it before but was too lazy to point it out. Since snort.org is redesigned, all the old links don't work anymore which sucks since I had a lot of things saved in my favourites that are worthless now.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Sascha Paris over 16 years ago in reply to Billybob

Funny...I got the same IPS warning here and wasn't able to find any information to this under snort.org, Astaro IPS Rules or search engines.

Posted today a feature request for such issues [:)]
Link IPS, and Malware events in Reports to description

However, up to now I like the updated and tweaked IPS a lot [:D]
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Monarch over 16 years ago in reply to Sascha Paris

Funny...I got the same IPS warning here and wasn't able to find any information to this under snort.org, Astaro IPS Rules or search engines.

Well I get this warnings since today, but they are becoming more and more [:S]

Edit: Receiving lots of these warnings when I browse normal web pages. Will disable the rule for now, until I now what it stands for.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Monarch over 16 years ago in reply to Sascha Paris

Funny...I got the same IPS warning here and wasn't able to find any information to this under snort.org, Astaro IPS Rules or search engines.

Well I get this warnings since today, but they are becoming more and more [:S]

Edit: Receiving lots of these warnings when I browse normal web pages. Will disable the rule for now, until I now what it stands for.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 dmzalarm over 16 years ago in reply to Monarch

Well I get this warnings since today, but they are becoming more and more [:S]

Edit: Receiving lots of these warnings when I browse normal web pages. Will disable the rule for now, until I now what it stands for.

Folks,

I am receiving same alert from both of my 2 beta machine, what is really strange is my sec beta instance is only fronting a ACC machine which I am using to manage the 2 beta machine. The alert is telling me that intrusion originated from my ACC?!

Just a wild guess: maybe a gif image used by Astaro is triggering this?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

0 Astaro Beta Bot over 16 years ago in reply to dmzalarm

Astaro Beta Report
--------------------------------
Version: 7.450
Type: BUG
State: FIXED
Reporter: Monarch
Contributor: Sascha Paris
MantisID: 10610
--------------------------------