Snort mailing list archives
Re: broke snort. file_data_ports
From: Michael Scheidell <michael.scheidell () secnap com>
Date: Thu, 8 Dec 2011 13:49:45 +0000
http://vrt-blog.snort.org/2011/11/say-hello-to-file-identify-category.html and, just where does it say these will be in anywhere but file-identify.rules? -----Original Message----- From: Nigel Houghton [mailto:nhoughton () sourcefire com] Sent: Thursday, December 08, 2011 8:48 AM To: Michael Scheidell Cc: <snort-users () lists sourceforge net> Subject: Re: [Snort-users] broke snort. file_data_ports http://seclists.org/snort/2011/q4/246 http://vrt-blog.snort.org/2011/11/say-hello-to-file-identify-category.html http://blog.snort.org/2011/11/vrt-rule-update-for-11022011.html On Dec 8, 2011, at 4:46 AM, Michael Scheidell wrote:
didn't we decide YEARS AGO, not to arbitrarily add $VAR' to VRT rules? thank you for breaking this and waking me up at 4am Dec 8 03:06:13 scanner2 snort[3457]: FATAL ERROR: /etc/snort/rules/web-client.rules(142) ***PortVar Lookup failed on '$FILE_DATA_PORTS'. oh, and its NOT in the distributed snort.conf file. pwd /usr/local/etc/snort scanner2.hackertrap.net# grep FILE_DATA_PORTS * no, i did NOT enable, as you see, these are in web-client.rules file-identify.rules yes, your block says to add this. portvar FILE_DATA_PORTS [$HTTP_PORTS,110,143] but, you should have left the mucked up rules in file-identify.rules, NOT put them into otherwise active rules. or, find some way to have a default, in the .rules, like first line would be: portvar FILE_DATA_PORTS? [$HTTP_PORTS,110,143] -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259| SECNAP Network Security Corporation* Best Mobile Solutions Product of 2011 * Best Intrusion Prevention Product * Hot Company Finalist 2011 * Best Email Security Product * Certified SNORT Integrator This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.spammertrap.com/ ---------------------------------------------------------------------- -------- Cloud Services Checklist: Pricing and Packaging Optimization This white paper is intended to serve as a reference, checklist and point of discussion for anyone considering optimizing the pricing and packaging model of a cloud services business. Read Now! http://www.accelacomm.com/jaw/sfnl/114/51491232/______________________ _________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
-- Nigel Houghton Head Mentalist SF VRT Department of Intelligence Excellence http://vrt-blog.snort.org/ && http://labs.snort.org/ ______________________________________________________________________ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.spammertrap.com/ ______________________________________________________________________ ------------------------------------------------------------------------------ Cloud Services Checklist: Pricing and Packaging Optimization This white paper is intended to serve as a reference, checklist and point of discussion for anyone considering optimizing the pricing and packaging model of a cloud services business. Read Now! http://www.accelacomm.com/jaw/sfnl/114/51491232/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- broke snort. file_data_ports Michael Scheidell (Dec 08)
- Re: broke snort. file_data_ports Nigel Houghton (Dec 08)
- Re: broke snort. file_data_ports Michael Scheidell (Dec 08)
- Re: broke snort. file_data_ports Nigel Houghton (Dec 08)
- Re: broke snort. file_data_ports Michael Scheidell (Dec 08)
- Re: broke snort. file_data_ports Nigel Houghton (Dec 08)