Snort mailing list archives

More problems with pulledpork 0.6.0

From: carlopmart <carlopmart () gmail com>
Date: Fri, 01 Apr 2011 16:22:12 +0200

Hi all,

  I am trying to configure a suricata sensor as an IPS with ET rules. To 
do this I have configured pulledpork to enable drop on some rules and 
discard others ... but doesn't works.

  My disablesid.conf:

  
ET-drop,ET-emerging-activex,ET-emerging-attack_response,ET-emerging-chat,ET-emerging-current_events,ET-emerging-deleted,ET-emerging-dns,ET-emerging-dos,ET-emerging-exploit,ET-emerging-ftp,ET-emerging-games,ET-emerging-icmp_info,ET-emerging-icmp,ET-emerging-imap,ET-emerging-inappropriate,ET-emerging-misc,ET-emerging-mobile_malware,ET-emerging-netbios,ET-emerging-p2p,ET-emerging-policy,ET-emerging-pop3,ET-emerging-rpc,ET-emerging-scada,ET-emerging-scan,ET-emerging-shellcode,ET-emerging-smtp,ET-emerging-snmp,ET-emerging-sql,ET-emerging-telnet,ET-emerging-tftp,ET-emerging-user_agents,ET-emerging-voip,ET-emerging-web_client,ET-emerging-web_server,ET-emerging-web_specific_apps,ET-tor

  And my dropsid.conf:

  
ET-botcc,ET-ciarmy,ET-compromised,ET-dshield,ET-emerging-malware,ET-emerging-trojan,ET-emerging-virus,ET-emerging-worm,ET-rbn

  And result is:

  Rule Stats....
     New:-------12911
     Deleted:---0
     Enabled Rules:----10435
     Dropped Rules:----0
     Disabled Rules:---2476
     Total Rules:------12911
     Done
Please review /tmp/sid_changes_inet.log for additional details
Fly Piggy Fly!

  Impossible!! ...Where is the problem?? What am I doing worng??

  Thanks.

-- 
CL Martinez
carlopmart {at} gmail {d0t} com


------------------------------------------------------------------------------
Create and publish websites with WebMatrix
Use the most popular FREE web apps or write code yourself; 
WebMatrix provides all the features you need to develop and 
publish your website. http://p.sf.net/sfu/ms-webmatrix-sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

More problems with pulledpork 0.6.0 carlopmart (Apr 01)
- Re: More problems with pulledpork 0.6.0 JJC (Apr 01)
  - Re: More problems with pulledpork 0.6.0 carlopmart (Apr 01)
    - Re: More problems with pulledpork 0.6.0 JJC (Apr 01)
    - Re: More problems with pulledpork 0.6.0 carlopmart (Apr 01)
    - Re: More problems with pulledpork 0.6.0 JJC (Apr 01)
    - Re: More problems with pulledpork 0.6.0 carlopmart (Apr 01)
    - Re: More problems with pulledpork 0.6.0 JJC (Apr 01)
    - Re: More problems with pulledpork 0.6.0 JJC (Apr 01)
    - Re: More problems with pulledpork 0.6.0 carlopmart (Apr 01)
    - Re: More problems with pulledpork 0.6.0 JJC (Apr 01)

(Thread continues...)