Snort mailing list archives
RE: Rules for Snort 2.6 RC1
From: "Miner, Jonathan W (CSC) (US SSA)" <jonathan.w.miner () baesystems com>
Date: Thu, 27 Apr 2006 11:10:53 -0400
From: Frank Knobbe [mailto:frank () knobbe us] Sent: Thu 04/27/2006 11:06 AM To: Miner, Jonathan W (CSC) (US SSA) Cc: snort-users () lists sourceforge net Subject: RE: [Snort-users] Rules for Snort 2.6 RC1 On Thu, 2006-04-27 at 09:08 -0400, Miner, Jonathan W (CSC) (US SSA) wrote:I have also tried the most recent Bleeding Snort ruleset, but discovered that Snort seems to be crashing on SID:2002087 (Spambot Inbound). Still investigation that.Do you have SMTP_SERVERS defined in snort.conf?
Yes, I do... but that particular rule does not depend on SMTP_SERVERS. I should clarify that the crash occures when the rule is triggered, not when it is parsed. alert tcp !$HOME_NET any -> $HOME_NET 25 (msg: "BLEEDING-EDGE POLICY Inbound Frequent Emails -- Possible Spambot Inbound"; flags: S,12; threshold: type threshold, track by_src,count 10, seconds 60; classtype: misc-activity; sid: 2002087; rev:4;) ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid0709&bid&3057&dat1642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Rules for Snort 2.6 RC1 Roberto Pereyra (Apr 27)
- RE: Rules for Snort 2.6 RC1 Miner, Jonathan W (CSC) (US SSA) (Apr 27)
- RE: Rules for Snort 2.6 RC1 Frank Knobbe (Apr 27)
- RE: Rules for Snort 2.6 RC1 Miner, Jonathan W (CSC) (US SSA) (Apr 27)
- RE: Rules for Snort 2.6 RC1 Frank Knobbe (Apr 27)
- RE: Rules for Snort 2.6 RC1 Frank Knobbe (Apr 27)
- RE: Rules for Snort 2.6 RC1 Miner, Jonathan W (CSC) (US SSA) (Apr 27)
- Re: Rules for Snort 2.6 RC1 Nigel Houghton (Apr 27)
- Re: Re: Rules for Snort 2.6 RC1 Roberto Pereyra (Apr 27)
- Re: Re: Rules for Snort 2.6 RC1 Roberto Pereyra (Apr 28)
- Re: Rules for Snort 2.6 RC1 Nigel Houghton (Apr 28)
- <Possible follow-ups>
- RE: Re: Rules for Snort 2.6 RC1 Jason Monroe (Apr 28)
- Re: Rules for Snort 2.6 RC1 Nigel Houghton (Apr 28)
- Re: Re: Rules for Snort 2.6 RC1 Justin Heath (May 10)