Snort mailing list archives
Re: [Emerging-Sigs] Multiple rule issues after upgrade
From: L0rd Ch0de1m0rt <l0rdch0de1m0rt () gmail com>
Date: Wed, 29 Dec 2010 10:13:38 -0600
It's a Christmas Miracle! Glad to hear that WinCo Foods is protected again. I was worried there for a second that I wouldn't have a place to securely get SPAM. -L0rd C. P.S. Please tell me the "Win" in "WinCo" has nothing to do with Windows. ;) On Wed, Dec 29, 2010 at 9:51 AM, Lay, James <james.lay () wincofoods com> wrote:
Thanks for the quick responses all. I extracted both snortrules-snapshot-2901 and latest emerging-threats files, nuked all rules files from my snort dir, copied the latest rules files, then completed redid my rules section in my snort.conf file. All is running good now…thanks again…guess it pays to clean these out every so often. James From: Matthew Jonkman [mailto:jonkman () jonkmans com] Sent: Wednesday, December 29, 2010 8:44 AM To: Lay, James Cc: <emerging-sigs () emergingthreats net>; <snort-sigs () lists sourceforge net> Subject: Re: [Emerging-Sigs] Multiple rule issues after upgrade See below: Dec 29 08:12:01 10.21.10.2 snort[21149]: FATAL ERROR: /usr/local/etc/snort/rules/porn.rules(24) Unknown ClassType: kickass-porn You're using the VRT porn rules, you need to add their classifications in there too then. Dec 29 08:13:42 10.21.10.2 snort[21166]: FATAL ERROR: /usr/local/etc/snort/rules/emerging-botcc.rules(41) threshold (in rule): could not create threshold - only one per sig_id=2404000. Dec 29 08:15:27 10.21.10.2 snort[21171]: FATAL ERROR: /usr/local/etc/snort/rules/emerging-compromised.rules(49) threshold (in rule): could not create threshold - only one per sig_id=2500000. Dec 29 08:23:54 10.21.10.2 snort[21222]: FATAL ERROR: /usr/local/etc/snort/rules/emerging-drop.rules(41) threshold (in rule): could not create threshold - only one per sig_id=2400000. Dec 29 08:24:20 10.21.10.2 snort[21224]: FATAL ERROR: /usr/local/etc/snort/rules/emerging-rbn.rules(44) threshold (in rule): could not create threshold - only one per sig_id=2406000. Dec 29 08:24:34 10.21.10.2 snort[21226]: FATAL ERROR: /usr/local/etc/snort/rules/emerging-tor.rules(44) threshold (in rule): could not create threshold - only one per sig_id=2520000. These are all likely because of the duped tor and rbn rulesets in the Dir. Can you clear it and update? I’ve had to disable the above rulesets to get snort running again, which is not a really great option currently. Using the latest 2.9.0 ET rules, and registered 2.9.0.1 snort ruleset. You'll have signature double coverage going this way. Highly recommend using one or the other. Matt James Lay IT Security Analyst WinCo Foods 208-672-2014 Office 208-559-1855 Cell 650 N Armstrong Pl. Boise, Idaho 83704 _______________________________________________ Emerging-sigs mailing list Emerging-sigs () emergingthreats net http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreatspro.com The ONLY place to get complete premium rulesets for Snort 2.4.0 through Current! _______________________________________________ Emerging-sigs mailing list Emerging-sigs () emergingthreats net http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreatspro.com The ONLY place to get complete premium rulesets for Snort 2.4.0 through Current!
------------------------------------------------------------------------------ Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
Current thread:
- Multiple rule issues after upgrade Lay, James (Dec 29)
- Re: [Emerging-Sigs] Multiple rule issues after upgrade Joel Esler (Dec 29)
- Re: [Emerging-Sigs] Multiple rule issues after upgrade Matthew Jonkman (Dec 29)
- Re: [Emerging-Sigs] Multiple rule issues after upgrade Lay, James (Dec 29)
- Re: [Emerging-Sigs] Multiple rule issues after upgrade L0rd Ch0de1m0rt (Dec 29)
- Re: [Emerging-Sigs] Multiple rule issues after upgrade Lay, James (Dec 29)