Snort mailing list archives
Re: New revs? of old sigs causing Snort to die
From: "M. Shirk" <shirkdog_list () hotmail com>
Date: Sun, 21 Oct 2007 18:10:59 -0400
Short Answer, stop using snortrules_current, since their are port-lists in Snort 2.8, as well as flow tracking for UDP in Stream5 (which I guess is default now). There is now a ruleset for Snort 2.7.x Shirkdog ' or 1=1-- http://www.shirkdog.us
Date: Sun, 21 Oct 2007 17:31:24 -0400 From: pmelson () gmail com To: snort-users () lists sourceforge net; snort-sigs () lists sourceforge net Subject: [Snort-users] New revs? of old sigs causing Snort to die Starting Friday I noticed the following problems with the following signatures. The following rules start with 'alert udp' and contain flow: statements. 634,635,636,637,2004 I'm using Snort 2.7.0.1 on RHEL4 and it's complaining and refusing to run until these rules are commented out. Also, the following rules are using a comma-delimited list of ports, which is causing Snort to barf: 12635,12642 What's up? PaulM ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_________________________________________________________________ Windows Live Hotmail and Microsoft Office Outlook – together at last. Get it now. http://office.microsoft.com/en-us/outlook/HA102225181033.aspx?pid=CL100626971033
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- New revs? of old sigs causing Snort to die Paul Melson (Oct 21)
- Re: New revs? of old sigs causing Snort to die M. Shirk (Oct 21)
- Re: New revs? of old sigs causing Snort to die Paul Melson (Oct 22)
- Re: New revs? of old sigs causing Snort to die M. Shirk (Oct 21)