Snort mailing list archives
Again, bBrackets around 1st varible in snort.conf
From: Randy <leganza () phillib net>
Date: Mon, 03 Sep 2001 08:26:56 +0900
OK - by request, here's my snort.conf with the net numbers edited out. I even stuck in var INTERNAL for the 1st variable, and substituted it in for HOME_NET in the later variables. (Needed to make it the entire class B, to get it to cover my several class Cs.) Just like before, this fails, because of the brackets around the value in var INTERNAL. "snort: FATAL ERROR: ERROR /etc/snort/exploit.rules (6) => Rule IP addr ([143.138.0.0) didn't x-late, WTF?" No brackets around the value for var INTERNAL, it's works fine I also ask - WTF? Randy #-------------------------------------------------- # http://www.snort.org Snort 1.8.0 Ruleset # Contact: snort-sigs () lists sourceforge net #-------------------------------------------------- # NOTE:This ruleset only works for 1.8.0 and later #-------------------------------------------------- # $Id: snort.conf,v 1.62 2001/08/12 04:31:01 roesch Exp $ # ################################################### var INTERNAL [nnn.nnn.0.0/16] var HOME_NET $INTERNAL var EXTERNAL_NET [!$INTERNAL] var EXTERNAL [!$INTERNAL] var SMTP [nnn.nnn.nnn.nn/32,nnn.nnn.nnn.nn/32] var HTTP_SERVERS [nnn.nnn.nnn.n/32,nnn.nnn.nnn.nn/32] var SQL_SERVERS $INTERNAL preprocessor frag2 preprocessor stream4: detect_scans detect_state_problems preprocessor stream4_reassemble preprocessor unidecode: 80 preprocessor rpc_decode: 111 preprocessor bo: -nobrute preprocessor telnet_decode #preprocessor arpspoof preprocessor portscan: $INTERNAL 8 3 portscan.log preprocessor portscan-ignorehosts: [nnn.nnn.nnn.nn/32,nnn.nnn.nnn.nn/32,<and so on>] include /etc/snort/classification.config #include /etc/snort/localpass.rules include /etc/snort/exploit.rules include /etc/snort/scan.rules include /etc/snort/finger.rules include /etc/snort/ftp.rules include /etc/snort/telnet.rules include /etc/snort/smtp.rules include /etc/snort/rpc.rules include /etc/snort/rservices.rules include /etc/snort/backdoor.rules include /etc/snort/dos.rules include /etc/snort/ddos.rules include /etc/snort/dns.rules include /etc/snort/netbios.rules include /etc/snort/web-cgi.rules include /etc/snort/web-coldfusion.rules include /etc/snort/web-frontpage.rules include /etc/snort/web-iis.rules include /etc/snort/web-misc.rules include /etc/snort/sql.rules include /etc/snort/x11.rules include /etc/snort/icmp.rules # include /etc/snort/shellcode.rules include /etc/snort/misc.rules # include /etc/snort/policy.rules # include /etc/snort/info.rules # include /etc/snort/icmp-info.rules # include /etc/snort/virus.rules include /etc/snort/local.rules _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Brackets around 1st varible in snort.conf Randy (Sep 01)
- Brackets around 1st varible in snort.conf Kari Suomela (Sep 02)
- Re: Brackets around 1st varible in snort.conf John Sage (Sep 02)
- Re: Brackets around 1st varible in snort.conf Erek Adams (Sep 02)
- Re: Brackets around 1st varible in snort.conf John Sage (Sep 02)
- Again, bBrackets around 1st varible in snort.conf Randy (Sep 02)
- Re: Again, bBrackets around 1st varible in snort.conf Erek Adams (Sep 03)
- Again, bBrackets around 1st varible in snort.conf Randy (Sep 02)
- Brackets around 1st varible in snort.conf Kari Suomela (Sep 02)