Snort mailing list archives
Re: All shellcode rules invalid
From: Rob Hughes <rob () robhughes com>
Date: 13 Apr 2002 13:12:29 -0500
Actually, that was the first place I looked. Wasn't in the snort.conf in my build directory. Maybe I hit between commits? On Sat, 2002-04-13 at 03:21, Andreas Östling wrote:
On 13 Apr 2002, Rob Hughes wrote:It looks like someone had a great idea to speed up the shellcode rules, but forgot to set to var for $SHELLCODE_PORTS. This causes snort to barf on the rules. Adding "var SHELLCODE_PORTS 21 23 25 53 80 143 110 111 513 8880" gets it running, though I haven't determined yet if this is a proper list of shellcode ports or not. Probably 22 and a few others should be added. Gonna have to go rule surfin'.... RobIt looks like someone forgot to check the new snort.conf. $ grep "var SHELLCODE_PORTS" * snort.conf:var SHELLCODE_PORTS !80 /Andreas
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- All shellcode rules invalid Rob Hughes (Apr 12)
- Re: All shellcode rules invalid Andreas Östling (Apr 13)
- Re: All shellcode rules invalid Rob Hughes (Apr 13)
- Re: All shellcode rules invalid Andreas Östling (Apr 13)