Snort mailing list archives
snort warnings and such
From: kalin m <kalin () el net>
Date: Mon, 21 Jun 2010 23:52:54 -0400
hi all... i just installed snort. it looks like it's working. i downloaded the vrt rules of the month. subscribed and everything.... but i see a lot of these at stat up: Encoded Rule Plugin SID: 15227, GID: 3 not registered properly. Disabling this rule. Encoded Rule Plugin SID: 14648, GID: 3 not registered properly. Disabling this rule. Encoded Rule Plugin SID: 16229, GID: 3 not registered properly. Disabling this rule. Encoded Rule Plugin SID: 15208, GID: 3 not registered properly. Disabling this rule. .............................................................. ............................................................. digging at the SID #s i mostly get plugins that a referring to windows exploits. and this is running on a unix system. is that why i get all these? and then a bunch of those here... what does "is set but not ever checked" mean... thanks.... ........................................................... Warning: flowbits key 'http.rtf' is set but not ever checked. Warning: flowbits key 'http.wma' is set but not ever checked. Warning: flowbits key 'xls.download' is set but not ever checked. Warning: flowbits key 'http.doc' is set but not ever checked. ......................................................... ------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort warnings and such kalin m (Jun 21)