Re: [Emerging-Sigs] FATALs with snort-2.9.0.3

[Matthew Jonkman <jonkman () emergingthreatspro com>]

I *thought* we got them all last night in that release. Can you shoot me your error output on the current tarball 
offlist? We'll chase it down that way.

Matt

On Dec 22, 2010, at 10:05 AM, Lay, James wrote:

> Thanks Joel.  Does anyone have an ETA on when ET rules will be fixed?  Tested this morning with the 8:31 tarball and 
> still got the same thing.  My upgrade is now waiting on this to be fixed before I can go any further.  Thanks.
>  
> James
>  
> From: Joel Esler [mailto:jesler () sourcefire com] 
> Sent: Wednesday, December 22, 2010 8:03 AM
> To: Matthew Jonkman
> Cc: Lay, James; emerging-sigs () emergingthreats net Signatures; snort-users () lists sourceforge net; snort-sigs () 
> lists sourceforge net
> Subject: Re: [Emerging-Sigs] FATALs with snort-2.9.0.3
>  
> As promised, here's that blog post I was talking about:
>  
> http://blog.snort.org/2010/12/wheres-content.html
>  
>  
> Thanks all!
>  
> Joel
>  
> On Dec 21, 2010, at 10:55 AM, Matthew Jonkman wrote:
>
>
> Hi James, looks like we have a lot of style issues to fix up. We're on it!!
>  
> Matt
>  
> On Dec 21, 2010, at 10:39 AM, Lay, James wrote:
>
>
> Yep…latest et rules:
>  
> Dec 21 08:32:14 10.21.88.2 snort[30722]: FATAL ERROR: /usr/local/etc/snort/rules/emerging-p2p.rules(110) depth can't 
> be used with itself, distance, or within
> Dec 21 08:32:50 10.21.88.2 snort[30725]: FATAL ERROR: /usr/local/etc/snort/rules/emerging-p2p.rules(114) depth can't 
> be used with itself, distance, or within
> Dec 21 08:33:04 10.21.88.2 snort[30728]: FATAL ERROR: /usr/local/etc/snort/rules/emerging-p2p.rules(118) depth can't 
> be used with itself, distance, or within
> Dec 21 08:33:27 10.21.88.2 snort[30731]: FATAL ERROR: /usr/local/etc/snort/rules/emerging-p2p.rules(230) within can't 
> be used with itself, offset, or depth
> Dec 21 08:33:47 10.21.88.2 snort[30734]: FATAL ERROR: /usr/local/etc/snort/rules/emerging-p2p.rules(390) depth can't 
> be used with itself, distance, or within
> Dec 21 08:34:10 10.21.88.2 snort[30737]: FATAL ERROR: /usr/local/etc/snort/rules/emerging-p2p.rules(394) depth can't 
> be used with itself, distance, or within
> Dec 21 08:34:44 10.21.88.2 snort[30740]: FATAL ERROR: /usr/local/etc/snort/rules/emerging-p2p.rules(398) depth can't 
> be used with itself, distance, or within
> Dec 21 08:34:57 10.21.88.2 snort[30743]: FATAL ERROR: /usr/local/etc/snort/rules/emerging-p2p.rules(402) depth can't 
> be used with itself, distance, or within
>  
> Got tired of commenting things out, so I’ll wait until this is fixed...
>  
>  
>    ,,_     -*> Snort! <*-
>   o"  )~   Version 2.9.0.3 (Build 98)
>    ''''    By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team
>            Copyright (C) 1998-2010 Sourcefire, Inc., et al.
>            Using libpcap version 1.0.0
>            Using PCRE version: 7.6 2008-01-28
>            Using ZLIB version: 1.2.3
>  
> These are the nogpl badboys.
>  
> 2010-12-17 19:30 emerging-attack_response.rules
> 2010-12-17 19:30 emerging-p2p.rules
>  
> James Lay
> IT Security Analyst
> WinCo Foods
> 208-672-2014 Office
> 208-559-1855 Cell
> 650 N Armstrong Pl.
> Boise, Idaho 83704
>  
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs () emergingthreats net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreatspro.com
> The ONLY place to get complete premium rulesets for Snort 2.4.0 through Current!
>  
>
> ----------------------------------------------------
> Matthew Jonkman
> Emergingthreats.net
> Emerging Threats Pro
> Open Information Security Foundation (OISF)
> Phone 765-807-8630
> Fax 312-264-0205
> http://www.emergingthreatspro.com
> http://www.openinfosecfoundation.org
> ----------------------------------------------------
>
> PGP: http://www.jonkmans.com/mattjonkman.asc
>
>
>  
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs () emergingthreats net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreatspro.com
> The ONLY place to get complete premium rulesets for Snort 2.4.0 through Current!
>  
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs () emergingthreats net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
> Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreatspro.com
> The ONLY place to get complete premium rulesets for Snort 2.4.0 through Current!


----------------------------------------------------
Matthew Jonkman
Emergingthreats.net
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 765-807-8630
Fax 312-264-0205
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc



------------------------------------------------------------------------------
Forrester recently released a report on the Return on Investment (ROI) of
Google Apps. They found a 300% ROI, 38%-56% cost savings, and break-even
within 7 months.  Over 3 million businesses have gone Google with Google Apps:
an online email calendar, and document program that's accessible from your 
browser. Read the Forrester report: http://p.sf.net/sfu/googleapps-sfnew

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users