Re: command line options...

[waldo kitty <wkitty42 () windstream net>]

On 9/25/2010 21:07, Joel Esler wrote:
> The rest of the email I'll answer, if I can, when I am on my laptop.
>
> However, this part, dynamic does not mean "shared object". Two different things. Dynamic here means dynamic and 
> activate rules. A depreciated rule chaining system that has been replaced by flowbits.

ahhhh... thanks for that... i was rather confused about it because several 
places in documentation/logs/config_notes use the term "dynamic rules" and 
similar in relation to the SO rules stuff...

for example:
Sep 25 21:20:09 perseus snort[6858]: Loading all dynamic detection libs from 
/usr/lib/snort_dynamicrules...
Sep 25 21:20:09 perseus snort[6858]:   Loading dynamic detection library 
/usr/lib/snort_dynamicrules/bad-traffic.so...
Sep 25 21:20:09 perseus snort[6858]: done
Sep 25 21:20:09 perseus snort[6858]:   Loading dynamic detection library 
/usr/lib/snort_dynamicrules/chat.so...
Sep 25 21:20:09 perseus snort[6858]: done
Sep 25 21:20:09 perseus snort[6858]:   Loading dynamic detection library 
/usr/lib/snort_dynamicrules/dos.so...
Sep 25 21:20:09 perseus snort[6858]: done
Sep 25 21:20:09 perseus snort[6858]:   Loading dynamic detection library 
/usr/lib/snort_dynamicrules/exploit.so...
Sep 25 21:20:09 perseus snort[6858]: done
Sep 25 21:20:09 perseus snort[6858]:   Loading dynamic detection library 
/usr/lib/snort_dynamicrules/icmp.so...
Sep 25 21:20:09 perseus snort[6858]: done
Sep 25 21:20:09 perseus snort[6858]:   Loading dynamic detection library 
/usr/lib/snort_dynamicrules/imap.so...
Sep 25 21:20:09 perseus snort[6858]: done
Sep 25 21:20:09 perseus snort[6858]:   Loading dynamic detection library 
/usr/lib/snort_dynamicrules/misc.so...
Sep 25 21:20:09 perseus snort[6858]: done
Sep 25 21:20:09 perseus snort[6858]:   Loading dynamic detection library 
/usr/lib/snort_dynamicrules/multimedia.so...
Sep 25 21:20:09 perseus snort[6858]: done
Sep 25 21:20:09 perseus snort[6858]:   Loading dynamic detection library 
/usr/lib/snort_dynamicrules/netbios.so...
Sep 25 21:20:09 perseus snort[6858]: done
Sep 25 21:20:09 perseus snort[6858]:   Loading dynamic detection library 
/usr/lib/snort_dynamicrules/nntp.so...
Sep 25 21:20:09 perseus snort[6858]: done
Sep 25 21:20:09 perseus snort[6858]:   Loading dynamic detection library 
/usr/lib/snort_dynamicrules/p2p.so...
Sep 25 21:20:09 perseus snort[6858]: done
Sep 25 21:20:09 perseus snort[6858]:   Loading dynamic detection library 
/usr/lib/snort_dynamicrules/pop3.so...
Sep 25 21:20:09 perseus snort[6858]: done
Sep 25 21:20:09 perseus snort[6858]:   Loading dynamic detection library 
/usr/lib/snort_dynamicrules/smtp.so...
Sep 25 21:20:09 perseus snort[6858]: done
Sep 25 21:20:09 perseus snort[6858]:   Loading dynamic detection library 
/usr/lib/snort_dynamicrules/sql.so...
Sep 25 21:20:09 perseus snort[6858]: done
Sep 25 21:20:09 perseus snort[6858]:   Loading dynamic detection library 
/usr/lib/snort_dynamicrules/web-activex.so...
Sep 25 21:20:09 perseus snort[6858]: done
Sep 25 21:20:09 perseus snort[6858]:   Loading dynamic detection library 
/usr/lib/snort_dynamicrules/web-client.so...
Sep 25 21:20:09 perseus snort[6858]: done
Sep 25 21:20:09 perseus snort[6858]:   Loading dynamic detection library 
/usr/lib/snort_dynamicrules/web-iis.so...
Sep 25 21:20:09 perseus snort[6858]: done
Sep 25 21:20:09 perseus snort[6858]:   Loading dynamic detection library 
/usr/lib/snort_dynamicrules/web-misc.so...
Sep 25 21:20:09 perseus snort[6858]: done
Sep 25 21:20:09 perseus snort[6858]:   Finished Loading all dynamic detection 
libs from /usr/lib/snort_dynamicrules

none of those existed until i installed and enabled the SO rules...

i take it that there's no specific counter that tells how many SO rules are in 
operation? it would be nice to see that stat as well as one for the normal text 
based rules ;)



ALSO: i've been seeing the following in my logs for several months (at least) 
since implementing the SO rules...

Encoded Rule Plugin SID: 13416, GID 3 not registered properly. Disabling this rule.

it is in dos.rules :)

------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users