Snort mailing list archives

Re: [Spam] Re: [Emerging-Sigs] FATALs with snort-2.9.0.3

From: "Lay, James" <james.lay () wincofoods com>
Date: Wed, 22 Dec 2010 10:10:21 -0700

Thanks Matthew...these look good now.  On with the upgrade!

 

James

 

From: Matthew Jonkman [mailto:jonkman () emergingthreatspro com] 
Sent: Wednesday, December 22, 2010 8:12 AM
To: Lay, James
Cc: emerging-sigs () emergingthreats net; snort-users () lists sourceforge net
Subject: [Spam] Re: [Emerging-Sigs] FATALs with snort-2.9.0.3
Importance: Low

 

I *thought* we got them all last night in that release. Can you shoot me
your error output on the current tarball offlist? We'll chase it down
that way.

 

Matt

 

On Dec 22, 2010, at 10:05 AM, Lay, James wrote:





Thanks Joel.  Does anyone have an ETA on when ET rules will be fixed?
Tested this morning with the 8:31 tarball and still got the same thing.
My upgrade is now waiting on this to be fixed before I can go any
further.  Thanks.

 

James

 

From: Joel Esler [mailto:jesler () sourcefire com] 
Sent: Wednesday, December 22, 2010 8:03 AM
To: Matthew Jonkman
Cc: Lay, James; emerging-sigs () emergingthreats net Signatures;
snort-users () lists sourceforge net; snort-sigs () lists sourceforge net
Subject: Re: [Emerging-Sigs] FATALs with snort-2.9.0.3

 

As promised, here's that blog post I was talking about:

 

http://blog.snort.org/2010/12/wheres-content.html

 

 

Thanks all!

 

Joel

 

On Dec 21, 2010, at 10:55 AM, Matthew Jonkman wrote:






Hi James, looks like we have a lot of style issues to fix up. We're on
it!!

 

Matt

 

On Dec 21, 2010, at 10:39 AM, Lay, James wrote:






Yep...latest et rules:

 

Dec 21 08:32:14 10.21.88.2 snort[30722]: FATAL ERROR:
/usr/local/etc/snort/rules/emerging-p2p.rules(110) depth can't be used
with itself, distance, or within

Dec 21 08:32:50 10.21.88.2 snort[30725]: FATAL ERROR:
/usr/local/etc/snort/rules/emerging-p2p.rules(114) depth can't be used
with itself, distance, or within

Dec 21 08:33:04 10.21.88.2 snort[30728]: FATAL ERROR:
/usr/local/etc/snort/rules/emerging-p2p.rules(118) depth can't be used
with itself, distance, or within

Dec 21 08:33:27 10.21.88.2 snort[30731]: FATAL ERROR:
/usr/local/etc/snort/rules/emerging-p2p.rules(230) within can't be used
with itself, offset, or depth

Dec 21 08:33:47 10.21.88.2 snort[30734]: FATAL ERROR:
/usr/local/etc/snort/rules/emerging-p2p.rules(390) depth can't be used
with itself, distance, or within

Dec 21 08:34:10 10.21.88.2 snort[30737]: FATAL ERROR:
/usr/local/etc/snort/rules/emerging-p2p.rules(394) depth can't be used
with itself, distance, or within

Dec 21 08:34:44 10.21.88.2 snort[30740]: FATAL ERROR:
/usr/local/etc/snort/rules/emerging-p2p.rules(398) depth can't be used
with itself, distance, or within

Dec 21 08:34:57 10.21.88.2 snort[30743]: FATAL ERROR:
/usr/local/etc/snort/rules/emerging-p2p.rules(402) depth can't be used
with itself, distance, or within

 

Got tired of commenting things out, so I'll wait until this is fixed...

 

 

   ,,_     -*> Snort! <*-

  o"  )~   Version 2.9.0.3 (Build 98)

   ''''    By Martin Roesch & The Snort Team:
http://www.snort.org/snort/snort-team

           Copyright (C) 1998-2010 Sourcefire, Inc., et al.

           Using libpcap version 1.0.0

           Using PCRE version: 7.6 2008-01-28

           Using ZLIB version: 1.2.3

 

These are the nogpl badboys.

 

2010-12-17 19:30 emerging-attack_response.rules

2010-12-17 19:30 emerging-p2p.rules

 

James Lay

IT Security Analyst

WinCo Foods

208-672-2014 Office

208-559-1855 Cell

650 N Armstrong Pl.

Boise, Idaho 83704

 

_______________________________________________
Emerging-sigs mailing list
Emerging-sigs () emergingthreats net
http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs

Support Emerging Threats! Subscribe to Emerging Threats Pro
http://www.emergingthreatspro.com <http://www.emergingthreatspro.com/> 
The ONLY place to get complete premium rulesets for Snort 2.4.0 through
Current!

 


----------------------------------------------------
Matthew Jonkman

Emergingthreats.net <http://Emergingthreats.net/> 
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 765-807-8630
Fax 312-264-0205
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc




 

_______________________________________________
Emerging-sigs mailing list
Emerging-sigs () emergingthreats net
http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs

Support Emerging Threats! Subscribe to Emerging Threats Pro
http://www.emergingthreatspro.com
The ONLY place to get complete premium rulesets for Snort 2.4.0 through
Current!

 

_______________________________________________
Emerging-sigs mailing list
Emerging-sigs () emergingthreats net
http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs

Support Emerging Threats! Subscribe to Emerging Threats Pro
http://www.emergingthreatspro.com
The ONLY place to get complete premium rulesets for Snort 2.4.0 through
Current!

 


----------------------------------------------------
Matthew Jonkman

Emergingthreats.net
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 765-807-8630
Fax 312-264-0205
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc

------------------------------------------------------------------------------
Forrester recently released a report on the Return on Investment (ROI) of
Google Apps. They found a 300% ROI, 38%-56% cost savings, and break-even
within 7 months.  Over 3 million businesses have gone Google with Google Apps:
an online email calendar, and document program that's accessible from your 
browser. Read the Forrester report: http://p.sf.net/sfu/googleapps-sfnew

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

FATALs with snort-2.9.0.3 Lay, James (Dec 21)
- Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Matthew Jonkman (Dec 21)
  - Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Joel Esler (Dec 22)
    - Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Lay, James (Dec 22)
    - Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Matthew Jonkman (Dec 22)
    - Re: [Spam] Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Lay, James (Dec 22)
- Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Joel Esler (Dec 21)
  - Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 evilghost () packetmail net (Dec 22)
    - Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Joel Esler (Dec 21)
    - Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 evilghost () packetmail net (Dec 22)
    - Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Matthew Jonkman (Dec 21)
    - Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Joel Esler (Dec 21)
    - Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Matthew Jonkman (Dec 21)
    - Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 evilghost () packetmail net (Dec 22)
    - Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Matthew Jonkman (Dec 21)