Snort mailing list archives

RE: Snort 1.8.7 & new rules

From: "Cassani Alexio" <alexio.cassani () bhuman it>
Date: Tue, 19 Nov 2002 13:02:02 +0100

Thanks for your prompt reply (I'm just subscribed to the ml and I haven't received my first mail yet :)

My only problem with version 1.9 was the db plug in for sql server, this is merely a practical issue: I haven't any 
linux box available at the moment.
ASAP I will set it up a linux box with ids on it.

Best Regards
Alexio

-----Original Message-----
From: Michael Boman [mailto:michael.boman () securecirt com] 
Sent: martedì 19 novembre 2002 12.55
To: Cassani Alexio
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Snort 1.8.7 & new rules


On Tue, Nov 19, 2002 at 12:32:33PM +0100, Cassani Alexio wrote:

Hi all,
I've installed Snort 1.8.7 on a win2000 server (I've

followed the docs

at Silicon Defense), everything is fine, it's all

functioning but if I

update the rules with the last ones I got errors when snort is 
starting. It seems to be runtime error, the first I get is: 
bad-traffic.rules(20) => Bad protocol name ">134" I've replaced the 
new bad-traffic.rules with the old one and I get another

error in the

exploit.rules...

The question  is: can I hope to have a Snort 1.8.7 
up&running&...updated?


yes, yes and no (or, if you spend the time doing it). Basicly 
there is no updated rules for snort 1.8.x, and will probibly 
never be (except for the few that drops in on snort-sigs once 
in a while). My reccomendation is to go with 1.9 series, 
unless you have the time to back-port each and every new and 
updated rule from 1.9.

From your error message I would say that you are missing some 
var's in your snort.conf (like $HTTP_SERVERS, $HOME and so on).

Best regards
 Michael Boman

-- 
Michael Boman
Security Architect, SecureCiRT (A SBU of Z-Vance Pte Ltd)

http://www.securecirt.com


-------------------------------------------------------
This sf.net email is sponsored by: To learn the basics of securing
your web site with SSL, click here to get a FREE TRIAL of a Thawte
Server Certificate: http://www.gothawte.com/rd524.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort 1.8.7 & new rules Cassani Alexio (Nov 19)
- Re: Snort 1.8.7 & new rules Michael Boman (Nov 19)
- <Possible follow-ups>
- RE: Snort 1.8.7 & new rules Cassani Alexio (Nov 19)