Snort mailing list archives
Re: Unknown ClassType: protocol-command-decode
From: waldo kitty <wkitty42 () windstream net>
Date: Tue, 13 Aug 2013 14:34:57 -0400
On 8/13/2013 13:55, Avery Rozar wrote:
I just installed Snort 2.9.5.3. Ran pulled pork with "snort_version=2.9.5.3". When I try starting snort, it errors out. Below is the error. At first I was thinking maybe I uploaded the wrong rules, but the config looks good. Initializing rule chains... ERROR: /etc/snort/rules/snort.rules(8) Unknown ClassType: protocol-command-decode Fatal Error, Quitting..
looks like you do not have a proper classifications.conf file... cat /etc/classification.config # $Id$ # The following includes information for prioritizing rules # # Each classification includes a shortname, a description, and a default # priority for that classification. # # This allows alerts to be classified and prioritized. You can specify # what priority each classification has. Any rule can override the default # priority for that rule. # # Here are a few example rules: # # alert TCP any any -> any 80 (msg: "EXPLOIT ntpdx overflow"; # dsize: > 128; classtype:attempted-admin; priority:10; # # alert TCP any any -> any 25 (msg:"SMTP expn root"; flags:A+; \ # content:"expn root"; nocase; classtype:attempted-recon;) # # The first rule will set its type to "attempted-admin" and override # the default priority for that type to 10. # # The second rule set its type to "attempted-recon" and set its # priority to the default for that type. # # # config classification:shortname,short description,priority # config classification: not-suspicious,Not Suspicious Traffic,3 config classification: unknown,Unknown Traffic,3 config classification: bad-unknown,Potentially Bad Traffic, 2 config classification: attempted-recon,Attempted Information Leak,2 config classification: successful-recon-limited,Information Leak,2 config classification: successful-recon-largescale,Large Scale Information Leak,2 config classification: attempted-dos,Attempted Denial of Service,2 config classification: successful-dos,Denial of Service,2 config classification: attempted-user,Attempted User Privilege Gain,1 config classification: unsuccessful-user,Unsuccessful User Privilege Gain,1 config classification: successful-user,Successful User Privilege Gain,1 config classification: attempted-admin,Attempted Administrator Privilege Gain,1 config classification: successful-admin,Successful Administrator Privilege Gain,1 # NEW CLASSIFICATIONS config classification: rpc-portmap-decode,Decode of an RPC Query,2 config classification: shellcode-detect,Executable Code was Detected,1 config classification: string-detect,A Suspicious String was Detected,3 config classification: suspicious-filename-detect,A Suspicious Filename was Detected,2 config classification: suspicious-login,An Attempted Login Using a Suspicious Username was Detected,2 config classification: system-call-detect,A System Call was Detected,2 config classification: tcp-connection,A TCP Connection was Detected,4 config classification: trojan-activity,A Network Trojan was Detected, 1 config classification: unusual-client-port-connection,A Client was Using an Unusual Port,2 config classification: network-scan,Detection of a Network Scan,3 config classification: denial-of-service,Detection of a Denial of Service Attack,2 config classification: non-standard-protocol,Detection of a Non-Standard Protocol or Event,2 config classification: protocol-command-decode,Generic Protocol Command Decode,3 config classification: web-application-activity,Access to a Potentially Vulnerable Web Application,2 config classification: web-application-attack,Web Application Attack,1 config classification: misc-activity,Misc activity,3 config classification: misc-attack,Misc Attack,2 config classification: icmp-event,Generic ICMP event,3 config classification: inappropriate-content,Inappropriate Content was Detected,1 config classification: policy-violation,Potential Corporate Privacy Violation,1 config classification: default-login-attempt,Attempt to Login By a Default Username and Password,2 config classification: sdf,Sensitive Data was Transmitted Across the Network,2 config classification: file-format,Known malicious file or file based exploit,1 config classification: malware-cnc,Known malware command and control traffic,1 config classification: client-side-exploit,Known client side exploit attempt,1 -- NOTE: No off-list assistance is given without prior approval. Please keep mailing list traffic on the list unless private contact is specifically requested and granted. ------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Unknown ClassType: protocol-command-decode Avery Rozar (Aug 13)
- Re: Unknown ClassType: protocol-command-decode Y M (Aug 13)
- Re: Unknown ClassType: protocol-command-decode Avery Rozar (Aug 13)
- Re: Unknown ClassType: protocol-command-decode waldo kitty (Aug 13)
- <Possible follow-ups>
- Re: Unknown ClassType: protocol-command-decode Y M (Aug 13)
- Re: Unknown ClassType: protocol-command-decode Y M (Aug 13)