Snort mailing list archives

Re: snort inline && current rules.

From: Matt Kettler <mkettler () evi-inc com>
Date: Tue, 25 Nov 2003 15:38:05 -0500

http://www.snort.org/dl/rules/

"If you are using 2.0.X, please use STABLE rules.

If you are using 2.1.X, please use CURRENT rules. "

Don't use "current" rules with 2.0.x.

At 02:07 PM 11/25/2003, /dev/null wrote:

I need an inline snort to help control some of the attacks against our
windows servers.  They aren't high-speed access, so the sluggishness
shouldn't be noticed.

When I run the compiled inline version with -T I see a bunch of:

 Unknown keyword 'byte_jump' in rule!

along with byte_test and rawbytes

There are way to many of these that will be ignored for me to not try to
resolve this.

I've adding the sp_byte_jump and sp_byte_test source files from the 2.0rc3
to the inline detection plugins section, but I'm keep having to drag more
and more files from th 2.0 into the inline src to get through compile
problems, and then some of the inline files don't like the new source
files... the problem grows bigger and bigger.


So now I'm wondering, is there a newer version of the inline?  Or is there
an easier way to do this (maybe pull just a few of the inline files into the
2.0 src?).

The inline source I'm using is the snort-inline.tgz on this page:
http://www.snort.org/dl/contrib/patches/inline/.

Thanks for any help/comments.



-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?  SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?  SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

bad frag bits Samuel C. Adams (Nov 25)
- Re: bad frag bits Brian (Nov 25)
  - snort inline && current rules. /dev/null (Nov 25)
    - Re: snort inline && current rules. Matt Kettler (Nov 25)
    - Re: snort inline && current rules. /dev/null (Nov 25)
    - Re: snort inline && current rules. Jeff Nathan (Nov 25)
    - Re: snort inline && current rules. Matt Kettler (Nov 25)
    - Re: snort inline && current rules. /dev/null (Nov 25)
    - Re: snort inline && current rules. Josh Berry (Nov 25)
    - snort inline behavior /dev/null (Nov 25)
    - Re: snort inline behavior /dev/null (Nov 26)
    - Re: snort inline behavior Stephan Scholz (Nov 26)
    - Re: snort inline behavior /dev/null (Nov 26)
    - Re: snort inline behavior Stephan Scholz (Nov 26)

(Thread continues...)