Snort mailing list archives
Re: Snort 2.8.5 RC Now Available
From: Russ Combs <rcombs () sourcefire com>
Date: Tue, 21 Jul 2009 09:35:25 -0400
Snort's parsing code has been tightened up and made more uniform in a number of places. It looks like you found a constructive use for what was actually a flaw that could also conceal errors. At this point you will have to move the comments to a separate line. We do have a bug to allow such comments and to allow freer use of white space in general. However, that is not targeted for a release at this point. On a related note, SnortSP introduced Lua for its configuration. Hopefully we'll move in that direction some day. :) Thanks Russ On Tue, Jul 21, 2009 at 8:52 AM, Nerijus Krukauskas <nkrukauskas () gmail com>wrote:
On 2009-07-21, Joel Esler <jesler () sourcefire com> wrote:It appears, from this email, that your commented "#hostname.domain.dom"isline wrapped. Is it that way in your file?No. It's one single line holding suppress statement and comment with a tab right before the #. The mail client wrapped it at the sending time.On Tue, Jul 21, 2009 at 3:32 AM, Nerijus Krukauskas <nkrukauskas () gmail com>wrote:On 2009-07-14, Snort Releases <snortreleases () snort org> wrote:- Rate Based Attack Prevention for Connection Attempts, Concurrent Connections, and improved rule/event filtering. See README.filters for details.The new filtering system does not support comments properly. In my threshold.conf I have a line: suppress gen_id 1, sig_id 466, track by_dst, ip 10.0.2.6 # hostname.domain.dom The snort process barks: threshold.conf(45): Couldn't resolve hostname # Up to version 2.8.4 this worked like charm. It would be nice to have this capability back. -- http://nk99.org/------------------------------------------------------------------------------Enter the BlackBerry Developer Challenge This is your chance to win up to $100,000 in prizes! For a limited time, vendors submitting new applications to BlackBerry App World(TM) willhavethe opportunity to enter the BlackBerry Developer Challenge. See full prize details at: http://p.sf.net/sfu/Challenge _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users-- joel esler | Sourcefire | AIM: eslerjoel | Google Voice: 302-223-5974-- http://nk99.org/
------------------------------------------------------------------------------ Enter the BlackBerry Developer Challenge This is your chance to win up to $100,000 in prizes! For a limited time, vendors submitting new applications to BlackBerry App World(TM) will have the opportunity to enter the BlackBerry Developer Challenge. See full prize details at: http://p.sf.net/sfu/Challenge
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort 2.8.5 RC Now Available Snort Releases (Jul 14)
- Re: Snort 2.8.5 RC Now Available Nerijus Krukauskas (Jul 21)
- Re: Snort 2.8.5 RC Now Available Joel Esler (Jul 21)
- Re: Snort 2.8.5 RC Now Available Nerijus Krukauskas (Jul 21)
- Re: Snort 2.8.5 RC Now Available Russ Combs (Jul 21)
- Re: Snort 2.8.5 RC Now Available Joel Esler (Jul 21)
- Re: Snort 2.8.5 RC Now Available Nerijus Krukauskas (Jul 21)