Snort mailing list archives
RE: Is this a valid rule?
From: "McCammon, Keith" <Keith.McCammon () eadvancemed com>
Date: Thu, 24 Oct 2002 15:17:08 -0400
No semi-colon after the msg definition?
-----Original Message----- From: Lefevre, Steven [mailto:SLefevre () i-m-i-international com] Sent: Thursday, October 24, 2002 2:52 PM To: Snort-List Subject: [Snort-users] Is this a valid rule? I have this rule in my local rule file: alert tcp $EXTERNAL_NET any -> $HOME_NET 6008:6009 (msg:"IRC Activity") (It's to detect IRC traffic ;) Why does snort always choke on it? I've looked it over 100 times and it seems to follow the syntax. ------------------------------------------------------- This sf.net email is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0003en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0003en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Is this a valid rule? McCammon, Keith (Oct 24)
- <Possible follow-ups>
- Re: Is this a valid rule? Phil Wood (Oct 25)
- Re: Is this a valid rule? Phil Wood (Oct 25)
- RE: Re: Is this a valid rule? Hicks, John (Oct 25)