Snort mailing list archives

Re: Fw: Whitehats rules don't work

From: Phil Wood <cpw () lanl gov>
Date: Tue, 5 Jun 2001 08:44:58 -0600

On Mon, Jun 04, 2001 at 10:31:52PM +0530, Sid wrote:

Jun  4 14:43:12 e220r trons[10691]: ERROR /sw/trons/conf/vision18.rules(1)

                                                                    ^
1. use the current version of snort found in cvs.

=> Bad Priority setting

 "attempted-dos"

And so on and so forth  ....... i think Snort does not recognise the 20
priority-system which whitehats follows.


2. use the whitehats classification system that can be found
   in vision.conf.

   grep "^config classification" vision.conf > classification.vision

3. don't use the <group>.rules files.  The best way to do this is
   to use vision.conf.

(Remember, 1.8 is not released, you are treading water with the rest of us)


Siddhartha


-- 
Phil Wood, cpw () lanl gov


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Whitehats rules don't work Sid (Jun 04)
- Re: Whitehats rules don't work Chris Green (Jun 04)
- Re: Whitehats rules don't work Max Vision (Jun 04)
- Re: Whitehats rules don't work François Désarménien (Jun 05)
  - Whitehats rules work :) (was Re: Whitehats rules don't work) Max Vision (Jun 05)
    - Re: Whitehats rules work :) (was Re: Whitehats rules don't work) Max Vision (Jun 05)
- <Possible follow-ups>
- RE: Whitehats rules don't work Ginnetty, James (Jun 04)
- RE: Whitehats rules don't work Caruso, Ken (Jun 04)
- Fw: Whitehats rules don't work Sid (Jun 04)
  - Re: Fw: Whitehats rules don't work Phil Wood (Jun 05)