Snort mailing list archives
RE: Snort 1.8.7 & new rules
From: "Cassani Alexio" <alexio.cassani () bhuman it>
Date: Tue, 19 Nov 2002 13:02:02 +0100
Thanks for your prompt reply (I'm just subscribed to the ml and I haven't received my first mail yet :) My only problem with version 1.9 was the db plug in for sql server, this is merely a practical issue: I haven't any linux box available at the moment. ASAP I will set it up a linux box with ids on it. Best Regards Alexio
-----Original Message----- From: Michael Boman [mailto:michael.boman () securecirt com] Sent: martedì 19 novembre 2002 12.55 To: Cassani Alexio Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Snort 1.8.7 & new rules On Tue, Nov 19, 2002 at 12:32:33PM +0100, Cassani Alexio wrote:Hi all, I've installed Snort 1.8.7 on a win2000 server (I'vefollowed the docsat Silicon Defense), everything is fine, it's allfunctioning but if Iupdate the rules with the last ones I got errors when snort is starting. It seems to be runtime error, the first I get is: bad-traffic.rules(20) => Bad protocol name ">134" I've replaced the new bad-traffic.rules with the old one and I get anothererror in theexploit.rules... The question is: can I hope to have a Snort 1.8.7 up&running&...updated?yes, yes and no (or, if you spend the time doing it). Basicly there is no updated rules for snort 1.8.x, and will probibly never be (except for the few that drops in on snort-sigs once in a while). My reccomendation is to go with 1.9 series, unless you have the time to back-port each and every new and updated rule from 1.9. From your error message I would say that you are missing some var's in your snort.conf (like $HTTP_SERVERS, $HOME and so on). Best regards Michael Boman -- Michael Boman Security Architect, SecureCiRT (A SBU of Z-Vance Pte Ltd)
http://www.securecirt.com ------------------------------------------------------- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort 1.8.7 & new rules Cassani Alexio (Nov 19)
- Re: Snort 1.8.7 & new rules Michael Boman (Nov 19)
- <Possible follow-ups>
- RE: Snort 1.8.7 & new rules Cassani Alexio (Nov 19)