Snort mailing list archives
dynamic (so) rules
From: chris ryan <chris.ryan () gmx de>
Date: Tue, 01 Jul 2008 11:14:16 +0200
Hi, i've just compiled the so-rules with snort 2.8.2.1 from the latest tarball. Some default rule files where included, too. I set the SNORT_VERSION in the makefile to 2.8.1. When i compile the modules in the /src directory, some new rule files were created. The only include a subset of the default rules in the upper directory, ie: generated bad-traffic.rules (in /src) --------------------------- # Autogenerated skeleton rules file. Do NOT edit by hand alert ip $EXTERNAL_NET any -> $HOME_NET any (msg:"BAD-TRAFFIC linux ICMP header dos attempt"; sid:13307; ... alert ip $EXTERNAL_NET any -> $HOME_NET any (msg:"BAD-TRAFFIC PGM nak list overflow attempt"; sid:8351; ... default bad-traffic.rules from tarball: --------------------------------------- # Autogenerated skeleton rules file. Do NOT edit by hand alert udp any 53 <> any any (msg:"BAD-TRAFFIC dns cache poisoning attempt"; ... alert udp $HOME_NET 67 <> $HOME_NET 68 (msg:"BAD-TRAFFIC invalid dhcp offer denial of service attempt"; ... alert ip $EXTERNAL_NET any -> $HOME_NET any (msg:"BAD-TRAFFIC linux ICMP header dos attempt"; ... alert ip any any <> any any (msg:"BAD-TRAFFIC Windows remote kernel tcp/ip igmp vulnerability exploit attempt"; ... alert icmp $HOME_NET any <> 224.0.0.1 any (msg:"BAD-TRAFFIC Windows remote kernel tcp/ip icmp vulnerability exploit attempt"; alert ip $EXTERNAL_NET any -> $HOME_NET any (msg:"BAD-TRAFFIC PGM nak list overflow attempt"; ... I guess it has sth. to do with my snort.conf or makefile. Just for curiosity, can anybody explain that to me? Thanks in advance, Chris. PS: there is a "web-misc" in the libs section of the makefile with has no corresponding files in the tarball ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- dynamic (so) rules chris ryan (Jul 01)
- Re: dynamic (so) rules chris ryan (Jul 01)
- Re: dynamic (so) rules Nerijus Krukauskas (Jul 01)
- Message not available
- Re: dynamic (so) rules Nerijus Krukauskas (Jul 02)
- Re: dynamic (so) rules chris ryan (Jul 02)
- Re: dynamic (so) rules Nerijus Krukauskas (Jul 02)
- Re: dynamic (so) rules Nerijus Krukauskas (Jul 01)
- Re: dynamic (so) rules chris ryan (Jul 01)
- Re: dynamic (so) rules chris ryan (Jul 02)