Snort mailing list archives
Re: Another empty IP list
From: Matt Jonkman <jonkman () jonkmans com>
Date: Fri, 24 Oct 2008 11:03:10 -0400
Good. I will get these issues worked out, a bad compare in the script prevented this one from being caught. I'd like to say it won't happen again, but that'd jinx it and make sure it would. Matt James Lay wrote:
Looks good on this end, thanks Matt. James On 10/24/08 7:10 AM, "Matt Jonkman" <jonkman () jonkmans com> wrote:Fixed up. Can you recheck? matt James Lay wrote:FWIW. These are becoming more and more frequent. This machine updates snort weekday mornings at 6 AM MST. Is there a better time to avoid these kids of errors? Just downloaded the latest from emerging threats and it's still there ;) alert tcp [] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic Inbound"; flow:established; reference:url,www.spamhaus.org/drop/drop.lasso; threshold: type limit, track by_src, seconds 3600, count 1; classtype:misc-attack; sid:2400008; rev:1336;) Commented out, but eh....still kinda weird. JamesSubject: Oct 24 06:04:20 gateway snort[2568]: FATAL ERROR: /chroot/snort/etc/snort/rules/emerging-drop.rules(49) => Empty IP used either as source IP or as destination IP in a rule. IP list: []. Sent on: Fri, 24 Oct 2008 06:04:22 -0600 On System: Linux 2.6.20.20 i686------ End of Forwarded Message ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- -------------------------------------------- Matthew Jonkman Emerging Threats Phone 765-429-0398 Fax 312-264-0205 http://www.emergingthreats.net -------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Another empty IP list James Lay (Oct 24)
- Re: Another empty IP list Matt Jonkman (Oct 24)
- Re: Another empty IP list James Lay (Oct 24)
- Re: Another empty IP list Matt Jonkman (Oct 24)
- Re: Another empty IP list James Lay (Oct 24)
- Re: Another empty IP list Matt Jonkman (Oct 24)