Snort mailing list archives

Re: snortrules-snapshot-2_1.tar.gz and flowbits?

From: Brian <bmc () snort org>
Date: Fri, 6 Feb 2004 11:32:35 -0500

On Thu, Feb 05, 2004 at 04:10:15PM -0500, David Gianndrea wrote:

Did I miss something on the list? Is the snortrules-snapshot-2_1.tar.gz
Rules updates supposed to have the flowbits option? I know that
2.1.1-RC1 has this option, but I thought that it would be in the
CURRENT rules. Im running 2.1 so which rules snapshot should be
used?


FATAL ERROR: Warning: 
/usr/local/snort-eth3/etc/../rules/netbios.rules(30) => Unknown keyword 
' flowbits'
 in rule!


Sorry about that.  2.1.0 has a number of bugs and will be unsupported
as soon as 2.1.1 is released.  (hopefully very soon)

You have 3 options.  

1) disable all of the rules that have flowbits.  There are only 6 of
   them, so it should not be hard to find them.
2) use the 2.0 rulesets with the 2.1 snort.conf
3) upgrade to 2.1.1RC1 

Brian


-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

snortrules-snapshot-2_1.tar.gz and flowbits? David Gianndrea (Feb 05)
- Re: snortrules-snapshot-2_1.tar.gz and flowbits? Brian (Feb 06)