Re: shellcode error

[Matt Kettler <mkettler () evi-inc com>]

Why? The updated snort.conf is *INCLUDED* with the rules. Everything needed 
to update the ruleset is included, and if you download a ruleset, it has a 
snort.conf, you should look at it and use it. It is merely a false 
assumption to believe that the snort.conf included in the rules tarball is 
superfluous that causes this problem. No more.

The way things are set up the snort.conf is an integral part of the 
ruleset. It is not merely a config file, and it makes no sense for snort to 
have a configuartion file which is not an integral part of the rules set.



At 10:46 AM 5/31/2002 -0400, john wrote:
> Shouldn't additions to snort.conf like this be limited to the -CURRENT
> branch?
>
>
> On  0, matt <mkettler () evi-inc com> wrote:
> > Yeah, and the latest snort rules tarball should also include a snort.conf
> > containing a SHELLCODE_PORTS variable.. put that in your snort.conf and it
> > should work fine.
> >
> > Don't assume that the baseline snort.conf is unchanged when updating your
> > rule sets, it is VERY common for it to have new variables used by the new
> > ruleset.
> >
> >
> > At 04:25 PM 5/30/2002 -0400, Hugo Ferr wrote:
> > >Downloaded latest stable rules for Snort 1.8.6, when I stort snort I 
> get the
> > >following;
> > >
> > >[!] ERROR ./snortrules/shellcode.rules(14) => Bad port number:
> > >"(msg:"SHELLCODE"
> > >Fatal Error, Quitting..
> > >
> > >The only thing I've found on the web suggests:
> > >"Probably your variable SHELLCODE_PORTS is not defined or misconfigured in
> > >snort.conf file."
> > >I don't have this variable in snort.conf
> > >(When I disable shellcode rules snort starts fine, but....what the 
> hell..it
> > >should work with those rules as well :-)
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >_______________________________________________________________
> > >
> > >Don't miss the 2002 Sprint PCS Application Developer's Conference
> > >August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm
> > >
> > >_______________________________________________
> > >Snort-users mailing list
> > >Snort-users () lists sourceforge net
> > >Go to this URL to change user options or unsubscribe:
> > >https://lists.sourceforge.net/lists/listinfo/snort-users
> > >Snort-users list archive:
> > >http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> >
> > _______________________________________________________________
> >
> > Don't miss the 2002 Sprint PCS Application Developer's Conference
> > August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> --
> john () bad-current net
> publickey: http://www.bad-current.net/~john/key.html
> fingerprint: 7A96 24BE F9B1 1092 B4F6  B53D 1DB4 139B F217 DE50


_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users