Re: FYI: Empty IP used either as source IP or as destination IP in a rule. IP list: [].

[Joel Esler <jesler () sourcefire com>]

On Tue, Apr 28, 2009 at 8:54 AM, James Lay <jlay () slave-tothe-box net> wrote:

> Ruleset gets updated at midnight:
>
>
> Apr 28 06:29:52 gateway snort[12383]: FATAL ERROR: >
> /chroot/snort/etc/snort/rules/emerging-drop.rules(49) => Empty IP used
> either as source IP or as destination IP in a rule. IP list: [].

This is an emerging threats rule, so they'll see this email.  However, I'd
still love to see these IP lists developed into Firewall rules for different
Firewalls, or even routers.  People could then utilize the proper device to
drop the traffic to and from these IPs instead of trying to use an IPS as a
firewall.  This has needed to be done for a long time coming now.

-- 
joel esler | Sourcefire | gtalk: jesler () sourcefire com | 302-223-5974 |
http://twitter.com/joelesler

------------------------------------------------------------------------------
Register Now & Save for Velocity, the Web Performance & Operations 
Conference from O'Reilly Media. Velocity features a full day of 
expert-led, hands-on workshops and two days of sessions from industry 
leaders in dedicated Performance & Operations tracks. Use code vel09scf 
and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users