Snort mailing list archives
Re: More problems with pulledpork 0.6.0
From: JJC <cummingsj () gmail com>
Date: Fri, 1 Apr 2011 08:28:00 -0600
I'll test and let ya know shortly.. these look like ET open rules? On Fri, Apr 1, 2011 at 8:22 AM, carlopmart <carlopmart () gmail com> wrote:
Hi all, I am trying to configure a suricata sensor as an IPS with ET rules. To do this I have configured pulledpork to enable drop on some rules and discard others ... but doesn't works. My disablesid.conf: ET-drop,ET-emerging-activex,ET-emerging-attack_response,ET-emerging-chat,ET-emerging-current_events,ET-emerging-deleted,ET-emerging-dns,ET-emerging-dos,ET-emerging-exploit,ET-emerging-ftp,ET-emerging-games,ET-emerging-icmp_info,ET-emerging-icmp,ET-emerging-imap,ET-emerging-inappropriate,ET-emerging-misc,ET-emerging-mobile_malware,ET-emerging-netbios,ET-emerging-p2p,ET-emerging-policy,ET-emerging-pop3,ET-emerging-rpc,ET-emerging-scada,ET-emerging-scan,ET-emerging-shellcode,ET-emerging-smtp,ET-emerging-snmp,ET-emerging-sql,ET-emerging-telnet,ET-emerging-tftp,ET-emerging-user_agents,ET-emerging-voip,ET-emerging-web_client,ET-emerging-web_server,ET-emerging-web_specific_apps,ET-tor And my dropsid.conf: ET-botcc,ET-ciarmy,ET-compromised,ET-dshield,ET-emerging-malware,ET-emerging-trojan,ET-emerging-virus,ET-emerging-worm,ET-rbn And result is: Rule Stats.... New:-------12911 Deleted:---0 Enabled Rules:----10435 Dropped Rules:----0 Disabled Rules:---2476 Total Rules:------12911 Done Please review /tmp/sid_changes_inet.log for additional details Fly Piggy Fly! Impossible!! ...Where is the problem?? What am I doing worng?? Thanks. -- CL Martinez carlopmart {at} gmail {d0t} com ------------------------------------------------------------------------------ Create and publish websites with WebMatrix Use the most popular FREE web apps or write code yourself; WebMatrix provides all the features you need to develop and publish your website. http://p.sf.net/sfu/ms-webmatrix-sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Create and publish websites with WebMatrix Use the most popular FREE web apps or write code yourself; WebMatrix provides all the features you need to develop and publish your website. http://p.sf.net/sfu/ms-webmatrix-sf
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- More problems with pulledpork 0.6.0 carlopmart (Apr 01)
- Re: More problems with pulledpork 0.6.0 JJC (Apr 01)
- Re: More problems with pulledpork 0.6.0 carlopmart (Apr 01)
- Re: More problems with pulledpork 0.6.0 JJC (Apr 01)
- Re: More problems with pulledpork 0.6.0 carlopmart (Apr 01)
- Re: More problems with pulledpork 0.6.0 JJC (Apr 01)
- Re: More problems with pulledpork 0.6.0 carlopmart (Apr 01)
- Re: More problems with pulledpork 0.6.0 JJC (Apr 01)
- Re: More problems with pulledpork 0.6.0 JJC (Apr 01)
- Re: More problems with pulledpork 0.6.0 carlopmart (Apr 01)
- Re: More problems with pulledpork 0.6.0 JJC (Apr 01)
- Re: More problems with pulledpork 0.6.0 carlopmart (Apr 01)
- Re: More problems with pulledpork 0.6.0 carlopmart (Apr 01)
- Re: More problems with pulledpork 0.6.0 JJC (Apr 01)