RE: The System works !! one question please !

["Harper, Patrick" <patrick.harper () phns com>]

Can you use cidr?  I am not sure if there is a limit or not but would
imagine there is. 

 
-----Original Message-----
From: Juan Fernandez [mailto:Juan.Fernandez () deltathree com] 
Sent: Monday, September 20, 2004 5:08 AM
To: 'snort-users () lists sourceforge net'
Subject: [Snort-users] The System works !! one question please !

Hi,

 

 

I tried to insert all of my http servers in HTTP_SERVERS in snort.conf
(I have a 99 servers).

 

Before modifying the https servers it worked.

 

DO I have a limitation of ip to enter ( I cant find any syntax error).

 

After I insert those ip's  and started snort I received the following
error in /var/log/messeges: 

 

Sep 20 12:20:12 sensjrlan snort: FATAL ERROR: /etc/snort/snort.conf(66)
=> Unknown rule type:
70.171.150,208.170.171.152,208.170.171.154,208.170.171.157,208.170.171.1
60,208.170.171.166,208.170.171.171,208.170.171.188,208.170.171.199,208.1
70.171.202,208.170.171.210,208.170.171.224,212.127.71.22,212.127.71.24,2
12.127.71.20,212.127.71.21,212.127.71.22,212.127.71.24,212.127.71.44,212
.127.71.45,212.127.71.52,212.127.71.81,212.127.71.99,212.127.71.100,212.
127.71.102,212.127.71.111,212.127.71.112,212.127.71.112,212.127.71.117,2
12.127.71.119,212.127.71.140,212.127.71.212]

~

This is the relevant section in snort.conf ( line 65 starts in "var
HTTP.." and line 66 in the empty line after all the ip list):

 

 

 

 

var HTTP_SERVERS
[212.127.72.16,212.127.72.26,212.127.72.27,212.127.72.42,212.127.72.48,2
12.127.72.49,212.127.72.55,212.127.72.55,212.127.72.57,212.127.72.58,212
.127.72.76,212.127.72.92,212.127.72.98,212.127.72.100,212.127.72.107,212
.127.72.108,212.127.72.111,212.127.72.112,212.127.72.112,212.127.72.122,
212.127.72.122,212.127.72.124,212.127.72.142,212.127.72.152,212.127.72.2
10,212.127.70.5,212.127.70.17,212.127.70.21,208.170.171.7,208.170.171.12
,208.170.171.12,208.170.171.15,208.170.171.17,208.170.171.22,208.170.171
.24,208.170.171.27,208.170.171.28,208.170.171.21,208.170.171.22,208.170.
171.26,208.170.171.27,208.170.171.42,208.170.171.46,208.170.171.48,208.1
70.171.49,208.170.171.57,208.170.171.61,208.170.171.65,208.170.171.66,20
8.170.171.72,208.170.171.77,208.170.171.78,208.170.171.82,208.170.171.95
,208.170.171.101,208.170.171.105,208.170.171.110,208.170.171.111,208.170
.171.112,208.170.171.115,208.170.171.119,208.170.171.120,208.170.171.122
,208.170.171.121,208.170.171.126,208.170.171.127,208.170.171.142,208.170
.171.150,208.170.171.152,208.170.171.154,208.170.171.157,208.170.171.160
,208.170.171.166,208.170.171.171,208.170.171.188,208.170.171.199,208.170
.171.202,208.170.171.210,208.170.171.224,212.127.71.22,212.127.71.24,212
.127.71.20,212.127.71.21,212.127.71.22,212.127.71.24,212.127.71.44,212.1
27.71.45,212.127.71.52,212.127.71.81,212.127.71.99,212.127.71.100,212.12
7.71.102,212.127.71.111,212.127.71.112,212.127.71.112,212.127.71.117,212
.127.71.119,212.127.71.140,212.127.71.212]

 

thanks !!

~





Disclaimer:
This electronic message, including any attachments, is confidential and intended solely for use of the intended 
recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by 
applicable law. Any unauthorized disclosure, dissemination, use or reproduction is strictly prohibited. If you have 
received this message in error, please delete it and notify the sender immediately. 





-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users