Snort mailing list archives
Re: More problems with pulledpork 0.6.0
From: JJC <cummingsj () gmail com>
Date: Fri, 1 Apr 2011 08:28:00 -0600
I'll test and let ya know shortly.. these look like ET open rules? On Fri, Apr 1, 2011 at 8:22 AM, carlopmart <carlopmart () gmail com> wrote:
Hi all,
I am trying to configure a suricata sensor as an IPS with ET rules. To
do this I have configured pulledpork to enable drop on some rules and
discard others ... but doesn't works.
My disablesid.conf:
ET-drop,ET-emerging-activex,ET-emerging-attack_response,ET-emerging-chat,ET-emerging-current_events,ET-emerging-deleted,ET-emerging-dns,ET-emerging-dos,ET-emerging-exploit,ET-emerging-ftp,ET-emerging-games,ET-emerging-icmp_info,ET-emerging-icmp,ET-emerging-imap,ET-emerging-inappropriate,ET-emerging-misc,ET-emerging-mobile_malware,ET-emerging-netbios,ET-emerging-p2p,ET-emerging-policy,ET-emerging-pop3,ET-emerging-rpc,ET-emerging-scada,ET-emerging-scan,ET-emerging-shellcode,ET-emerging-smtp,ET-emerging-snmp,ET-emerging-sql,ET-emerging-telnet,ET-emerging-tftp,ET-emerging-user_agents,ET-emerging-voip,ET-emerging-web_client,ET-emerging-web_server,ET-emerging-web_specific_apps,ET-tor
And my dropsid.conf:
ET-botcc,ET-ciarmy,ET-compromised,ET-dshield,ET-emerging-malware,ET-emerging-trojan,ET-emerging-virus,ET-emerging-worm,ET-rbn
And result is:
Rule Stats....
New:-------12911
Deleted:---0
Enabled Rules:----10435
Dropped Rules:----0
Disabled Rules:---2476
Total Rules:------12911
Done
Please review /tmp/sid_changes_inet.log for additional details
Fly Piggy Fly!
Impossible!! ...Where is the problem?? What am I doing worng??
Thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com
------------------------------------------------------------------------------
Create and publish websites with WebMatrix
Use the most popular FREE web apps or write code yourself;
WebMatrix provides all the features you need to develop and
publish your website. http://p.sf.net/sfu/ms-webmatrix-sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Create and publish websites with WebMatrix Use the most popular FREE web apps or write code yourself; WebMatrix provides all the features you need to develop and publish your website. http://p.sf.net/sfu/ms-webmatrix-sf
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- More problems with pulledpork 0.6.0 carlopmart (Apr 01)
- Re: More problems with pulledpork 0.6.0 JJC (Apr 01)
- Re: More problems with pulledpork 0.6.0 carlopmart (Apr 01)
- Re: More problems with pulledpork 0.6.0 JJC (Apr 01)
- Re: More problems with pulledpork 0.6.0 carlopmart (Apr 01)
- Re: More problems with pulledpork 0.6.0 JJC (Apr 01)
- Re: More problems with pulledpork 0.6.0 carlopmart (Apr 01)
- Re: More problems with pulledpork 0.6.0 JJC (Apr 01)
- Re: More problems with pulledpork 0.6.0 JJC (Apr 01)
- Re: More problems with pulledpork 0.6.0 carlopmart (Apr 01)
- Re: More problems with pulledpork 0.6.0 JJC (Apr 01)
- Re: More problems with pulledpork 0.6.0 carlopmart (Apr 01)
- Re: More problems with pulledpork 0.6.0 carlopmart (Apr 01)
- Re: More problems with pulledpork 0.6.0 JJC (Apr 01)