Snort mailing list archives
Re: [Spam] Re: [Emerging-Sigs] FATALs with snort-2.9.0.3
From: "Lay, James" <james.lay () wincofoods com>
Date: Wed, 22 Dec 2010 10:10:21 -0700
Thanks Matthew...these look good now. On with the upgrade! James From: Matthew Jonkman [mailto:jonkman () emergingthreatspro com] Sent: Wednesday, December 22, 2010 8:12 AM To: Lay, James Cc: emerging-sigs () emergingthreats net; snort-users () lists sourceforge net Subject: [Spam] Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Importance: Low I *thought* we got them all last night in that release. Can you shoot me your error output on the current tarball offlist? We'll chase it down that way. Matt On Dec 22, 2010, at 10:05 AM, Lay, James wrote: Thanks Joel. Does anyone have an ETA on when ET rules will be fixed? Tested this morning with the 8:31 tarball and still got the same thing. My upgrade is now waiting on this to be fixed before I can go any further. Thanks. James From: Joel Esler [mailto:jesler () sourcefire com] Sent: Wednesday, December 22, 2010 8:03 AM To: Matthew Jonkman Cc: Lay, James; emerging-sigs () emergingthreats net Signatures; snort-users () lists sourceforge net; snort-sigs () lists sourceforge net Subject: Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 As promised, here's that blog post I was talking about: http://blog.snort.org/2010/12/wheres-content.html Thanks all! Joel On Dec 21, 2010, at 10:55 AM, Matthew Jonkman wrote: Hi James, looks like we have a lot of style issues to fix up. We're on it!! Matt On Dec 21, 2010, at 10:39 AM, Lay, James wrote: Yep...latest et rules: Dec 21 08:32:14 10.21.88.2 snort[30722]: FATAL ERROR: /usr/local/etc/snort/rules/emerging-p2p.rules(110) depth can't be used with itself, distance, or within Dec 21 08:32:50 10.21.88.2 snort[30725]: FATAL ERROR: /usr/local/etc/snort/rules/emerging-p2p.rules(114) depth can't be used with itself, distance, or within Dec 21 08:33:04 10.21.88.2 snort[30728]: FATAL ERROR: /usr/local/etc/snort/rules/emerging-p2p.rules(118) depth can't be used with itself, distance, or within Dec 21 08:33:27 10.21.88.2 snort[30731]: FATAL ERROR: /usr/local/etc/snort/rules/emerging-p2p.rules(230) within can't be used with itself, offset, or depth Dec 21 08:33:47 10.21.88.2 snort[30734]: FATAL ERROR: /usr/local/etc/snort/rules/emerging-p2p.rules(390) depth can't be used with itself, distance, or within Dec 21 08:34:10 10.21.88.2 snort[30737]: FATAL ERROR: /usr/local/etc/snort/rules/emerging-p2p.rules(394) depth can't be used with itself, distance, or within Dec 21 08:34:44 10.21.88.2 snort[30740]: FATAL ERROR: /usr/local/etc/snort/rules/emerging-p2p.rules(398) depth can't be used with itself, distance, or within Dec 21 08:34:57 10.21.88.2 snort[30743]: FATAL ERROR: /usr/local/etc/snort/rules/emerging-p2p.rules(402) depth can't be used with itself, distance, or within Got tired of commenting things out, so I'll wait until this is fixed... ,,_ -*> Snort! <*- o" )~ Version 2.9.0.3 (Build 98) '''' By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team Copyright (C) 1998-2010 Sourcefire, Inc., et al. Using libpcap version 1.0.0 Using PCRE version: 7.6 2008-01-28 Using ZLIB version: 1.2.3 These are the nogpl badboys. 2010-12-17 19:30 emerging-attack_response.rules 2010-12-17 19:30 emerging-p2p.rules James Lay IT Security Analyst WinCo Foods 208-672-2014 Office 208-559-1855 Cell 650 N Armstrong Pl. Boise, Idaho 83704 _______________________________________________ Emerging-sigs mailing list Emerging-sigs () emergingthreats net http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreatspro.com <http://www.emergingthreatspro.com/> The ONLY place to get complete premium rulesets for Snort 2.4.0 through Current! ---------------------------------------------------- Matthew Jonkman Emergingthreats.net <http://Emergingthreats.net/> Emerging Threats Pro Open Information Security Foundation (OISF) Phone 765-807-8630 Fax 312-264-0205 http://www.emergingthreatspro.com http://www.openinfosecfoundation.org ---------------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc _______________________________________________ Emerging-sigs mailing list Emerging-sigs () emergingthreats net http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreatspro.com The ONLY place to get complete premium rulesets for Snort 2.4.0 through Current! _______________________________________________ Emerging-sigs mailing list Emerging-sigs () emergingthreats net http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreatspro.com The ONLY place to get complete premium rulesets for Snort 2.4.0 through Current! ---------------------------------------------------- Matthew Jonkman Emergingthreats.net Emerging Threats Pro Open Information Security Foundation (OISF) Phone 765-807-8630 Fax 312-264-0205 http://www.emergingthreatspro.com http://www.openinfosecfoundation.org ---------------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc
------------------------------------------------------------------------------ Forrester recently released a report on the Return on Investment (ROI) of Google Apps. They found a 300% ROI, 38%-56% cost savings, and break-even within 7 months. Over 3 million businesses have gone Google with Google Apps: an online email calendar, and document program that's accessible from your browser. Read the Forrester report: http://p.sf.net/sfu/googleapps-sfnew
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- FATALs with snort-2.9.0.3 Lay, James (Dec 21)
- Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Matthew Jonkman (Dec 21)
- Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Joel Esler (Dec 22)
- Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Lay, James (Dec 22)
- Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Matthew Jonkman (Dec 22)
- Re: [Spam] Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Lay, James (Dec 22)
- Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Joel Esler (Dec 22)
- Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Matthew Jonkman (Dec 21)
- Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 evilghost () packetmail net (Dec 22)
- Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Joel Esler (Dec 21)
- Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 evilghost () packetmail net (Dec 22)
- Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Matthew Jonkman (Dec 21)
- Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Joel Esler (Dec 21)
- Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 Matthew Jonkman (Dec 21)
- Re: [Emerging-Sigs] FATALs with snort-2.9.0.3 evilghost () packetmail net (Dec 22)