Re: Warning: flowbits key 'realplayer.playlist' is checked but not ever set.

[Brian <bmc () snort org>]

On Wed, Aug 18, 2004 at 09:01:15AM -0500, Lance Boon wrote:
> I just upgraded one of my sensors to 2.2.0 from 2.1.3. When I issue
> the command kill -SIGUSR1 pid, then tail var/log/messages I notice
> something that I've never seen before. I see the following message
> "Warning: flowbits key 'realplayer.playlist' is checked but not ever
> set." What exactly is this referring to? Snort starts successfully
> and logs alerts to my remote mysql server so I'm not sure if this is
> something to be concerned about.

New rules can tie to each other via the flow preprocessor using the
flowbits keyword.

Some of the rules that are tied together via flowbits show up in
different categories.  There are rules that check the realplayer
playlists for buffer overflows, but since they validate client side
data, the rule makes sure that the data we are looking from a
realplayer playlist request.

turn on multimedia.rules and then that warning won't show up.

-b


-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users