Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: All shellcode rules invalid

From: Andreas Östling <andreaso () it su se>
Date: Sat, 13 Apr 2002 10:21:10 +0200 (CEST)

On 13 Apr 2002, Rob Hughes wrote:


It looks like someone had a great idea to speed up the shellcode rules,
but forgot to set to var for $SHELLCODE_PORTS. This causes snort to barf
on the rules. Adding "var SHELLCODE_PORTS 21 23 25 53 80 143 110 111 513
8880" gets it running, though I haven't determined yet if this is a
proper list of shellcode ports or not. Probably 22 and a few others
should be added. Gonna have to go rule surfin'....

Rob


It looks like someone forgot to check the new snort.conf.

$ grep "var SHELLCODE_PORTS" *
snort.conf:var SHELLCODE_PORTS !80

/Andreas


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: