[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IDS: SHADOW anomaly

To: ids@uow.edu.au
Subject: IDS: SHADOW anomaly
From: Brian Hughes <hughbria@isu.edu>
Date: Fri, 07 May 1999 15:09:32 +0000
Organization: Idaho State University
Sender: owner-ids@uow.edu.au

FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems.. Then email questions to ids-owner@uow.edu.au
NOTE: You MUST remove this line from reply messages as it will be filtered.
SPAM: DO NOT send unsolicted mail to this list.
USUB: email "unsubscribe ids" to majordomo@uow.edu.au
---------------------------------------------------------------------------

Hello Everyone,

If this is not the correct place for this post please point me in the
right direction.  I sent email to sans@clark.net, but only received an
automated response.

I'm currently deploying SHADOW and am seeing some strange behavior. 
I've created a bad_events filter which produces one set of results when
run manually using tcpdump and yields another set of results when shadow
uses it to display its Web page.  I was wondering if anyone else had
encountered this problem or better yet solved this problem :-).

Best Regards,
Brian
-- 
Brian Hughes               mailto:hughbria@isu.edu
Idaho State University     http://www.isu.edu/~hughbria

Follow-Ups:
- Re: IDS: SHADOW anomaly
  - From: Jerome Carrere <Jerome.Carrere@cert.fr>

Prev by Date: IDS: Active Countermeasures
Next by Date: Re: IDS: Have you heard about Specter?
Prev by thread: Re: IDS: Active Countermeasures
Next by thread: Re: IDS: SHADOW anomaly
Index(es):
- Date
- Thread