Snort mailing list archives
Re: command line options...
From: waldo kitty <wkitty42 () windstream net>
Date: Sat, 25 Sep 2010 23:37:23 -0400
On 9/25/2010 21:07, Joel Esler wrote:
The rest of the email I'll answer, if I can, when I am on my laptop. However, this part, dynamic does not mean "shared object". Two different things. Dynamic here means dynamic and activate rules. A depreciated rule chaining system that has been replaced by flowbits.
ahhhh... thanks for that... i was rather confused about it because several places in documentation/logs/config_notes use the term "dynamic rules" and similar in relation to the SO rules stuff... for example: Sep 25 21:20:09 perseus snort[6858]: Loading all dynamic detection libs from /usr/lib/snort_dynamicrules... Sep 25 21:20:09 perseus snort[6858]: Loading dynamic detection library /usr/lib/snort_dynamicrules/bad-traffic.so... Sep 25 21:20:09 perseus snort[6858]: done Sep 25 21:20:09 perseus snort[6858]: Loading dynamic detection library /usr/lib/snort_dynamicrules/chat.so... Sep 25 21:20:09 perseus snort[6858]: done Sep 25 21:20:09 perseus snort[6858]: Loading dynamic detection library /usr/lib/snort_dynamicrules/dos.so... Sep 25 21:20:09 perseus snort[6858]: done Sep 25 21:20:09 perseus snort[6858]: Loading dynamic detection library /usr/lib/snort_dynamicrules/exploit.so... Sep 25 21:20:09 perseus snort[6858]: done Sep 25 21:20:09 perseus snort[6858]: Loading dynamic detection library /usr/lib/snort_dynamicrules/icmp.so... Sep 25 21:20:09 perseus snort[6858]: done Sep 25 21:20:09 perseus snort[6858]: Loading dynamic detection library /usr/lib/snort_dynamicrules/imap.so... Sep 25 21:20:09 perseus snort[6858]: done Sep 25 21:20:09 perseus snort[6858]: Loading dynamic detection library /usr/lib/snort_dynamicrules/misc.so... Sep 25 21:20:09 perseus snort[6858]: done Sep 25 21:20:09 perseus snort[6858]: Loading dynamic detection library /usr/lib/snort_dynamicrules/multimedia.so... Sep 25 21:20:09 perseus snort[6858]: done Sep 25 21:20:09 perseus snort[6858]: Loading dynamic detection library /usr/lib/snort_dynamicrules/netbios.so... Sep 25 21:20:09 perseus snort[6858]: done Sep 25 21:20:09 perseus snort[6858]: Loading dynamic detection library /usr/lib/snort_dynamicrules/nntp.so... Sep 25 21:20:09 perseus snort[6858]: done Sep 25 21:20:09 perseus snort[6858]: Loading dynamic detection library /usr/lib/snort_dynamicrules/p2p.so... Sep 25 21:20:09 perseus snort[6858]: done Sep 25 21:20:09 perseus snort[6858]: Loading dynamic detection library /usr/lib/snort_dynamicrules/pop3.so... Sep 25 21:20:09 perseus snort[6858]: done Sep 25 21:20:09 perseus snort[6858]: Loading dynamic detection library /usr/lib/snort_dynamicrules/smtp.so... Sep 25 21:20:09 perseus snort[6858]: done Sep 25 21:20:09 perseus snort[6858]: Loading dynamic detection library /usr/lib/snort_dynamicrules/sql.so... Sep 25 21:20:09 perseus snort[6858]: done Sep 25 21:20:09 perseus snort[6858]: Loading dynamic detection library /usr/lib/snort_dynamicrules/web-activex.so... Sep 25 21:20:09 perseus snort[6858]: done Sep 25 21:20:09 perseus snort[6858]: Loading dynamic detection library /usr/lib/snort_dynamicrules/web-client.so... Sep 25 21:20:09 perseus snort[6858]: done Sep 25 21:20:09 perseus snort[6858]: Loading dynamic detection library /usr/lib/snort_dynamicrules/web-iis.so... Sep 25 21:20:09 perseus snort[6858]: done Sep 25 21:20:09 perseus snort[6858]: Loading dynamic detection library /usr/lib/snort_dynamicrules/web-misc.so... Sep 25 21:20:09 perseus snort[6858]: done Sep 25 21:20:09 perseus snort[6858]: Finished Loading all dynamic detection libs from /usr/lib/snort_dynamicrules none of those existed until i installed and enabled the SO rules... i take it that there's no specific counter that tells how many SO rules are in operation? it would be nice to see that stat as well as one for the normal text based rules ;) ALSO: i've been seeing the following in my logs for several months (at least) since implementing the SO rules... Encoded Rule Plugin SID: 13416, GID 3 not registered properly. Disabling this rule. it is in dos.rules :) ------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- command line options... waldo kitty (Sep 23)
- Re: command line options... Jefferson, Shawn (Sep 23)
- Re: command line options... waldo kitty (Sep 23)
- Re: command line options... Russ Combs (Sep 23)
- Re: command line options... waldo kitty (Sep 23)
- Re: command line options... Russ Combs (Sep 24)
- Re: command line options... waldo kitty (Sep 24)
- Re: command line options... Joel Esler (Sep 25)
- Re: command line options... waldo kitty (Sep 25)
- Re: command line options... Joel Esler (Sep 25)
- Re: command line options... waldo kitty (Sep 25)
- Re: command line options... waldo kitty (Sep 23)
- Re: command line options... Jefferson, Shawn (Sep 23)