Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Rules for Snort 2.6 RC1

From: "Miner, Jonathan W (CSC) (US SSA)" <jonathan.w.miner () baesystems com>
Date: Thu, 27 Apr 2006 11:10:53 -0400



From:  Frank Knobbe [mailto:frank () knobbe us]
Sent:  Thu 04/27/2006 11:06 AM
To:    Miner, Jonathan W (CSC) (US SSA)
Cc:    snort-users () lists sourceforge net
Subject:       RE: [Snort-users] Rules for Snort 2.6 RC1


On Thu, 2006-04-27 at 09:08 -0400, Miner, Jonathan W (CSC) (US SSA)
wrote:

I have also tried the most recent Bleeding Snort ruleset, but
discovered that Snort seems to be crashing on SID:2002087 (Spambot
Inbound).  Still investigation that.


Do you have SMTP_SERVERS defined in snort.conf?


Yes, I do... but that particular rule does not depend on SMTP_SERVERS.  I should clarify that the crash occures when 
the rule is triggered, not when it is parsed.

alert tcp !$HOME_NET any -> $HOME_NET 25 (msg: "BLEEDING-EDGE POLICY Inbound Frequent Emails -- Possible Spambot 
Inbound"; flags: S,12; threshold: type threshold, track by_src,count 10, seconds 60; classtype: misc-activity; sid: 
2002087; rev:4;)





-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0709&bid&3057&dat1642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: