Re: shellcode error

[matt <mkettler () evi-inc com>]

Yeah, and the latest snort rules tarball should also include a snort.conf 
containing a SHELLCODE_PORTS variable.. put that in your snort.conf and it 
should work fine.

Don't assume that the baseline snort.conf is unchanged when updating your 
rule sets, it is VERY common for it to have new variables used by the new 
ruleset.


At 04:25 PM 5/30/2002 -0400, Hugo Ferr wrote:
> Downloaded latest stable rules for Snort 1.8.6, when I stort snort I get the
> following;
>
> [!] ERROR ./snortrules/shellcode.rules(14) => Bad port number:
> "(msg:"SHELLCODE"
> Fatal Error, Quitting..
>
> The only thing I've found on the web suggests:
> "Probably your variable SHELLCODE_PORTS is not defined or misconfigured in
> snort.conf file."
> I don't have this variable in snort.conf
> (When I disable shellcode rules snort starts fine, but....what the hell..it
> should work with those rules as well :-)
>
>
>
>
>
>
>
>
> _______________________________________________________________
>
> Don't miss the 2002 Sprint PCS Application Developer's Conference
> August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users