Hi,

Gil Vidals wrote:
> snort_rule_dl isn't working any longer. I added rule 2003099 with danger
> level of zero and restarted psad and cleared out iptables and yet rule
> 2003099 kicks in and blocks my access:
> 
>   # GV 20090726 - this rule triggers just by visiting the site on my laptop
> running ubuntu & firefox
>   2003099    0;
> 
> Back in January 2007, a bug was found in psad where SID's added to
> snort_rule_dl were being ignored. You can see the post here:
> 
> http://www.mail-archive.com/debian-bugs-clo...@lists.debian.org/msg127188.html
> 
> I'm running this version of psad:
> 
> [+] psad v2.1.5 (file revision: 2253)

It looks like it works fine for me with :

[+] psad v2.1.6-pre3 (file revision: 2267)

Enabling/Disabling SID 2003099 works as expected.

Could you give it a try?

Regards,

-- 
Franck Joncourt
http://debian.org - http://smhteam.info/wiki/

Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
psad-discuss mailing list
psad-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/psad-discuss

Reply via email to