Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: broke snort. file_data_ports

From: Nigel Houghton <nhoughton () sourcefire com>
Date: Thu, 8 Dec 2011 08:48:01 -0500

 http://seclists.org/snort/2011/q4/246

 http://vrt-blog.snort.org/2011/11/say-hello-to-file-identify-category.html

 http://blog.snort.org/2011/11/vrt-rule-update-for-11022011.html


On Dec 8, 2011, at 4:46 AM, Michael Scheidell wrote:


didn't we decide YEARS AGO, not to arbitrarily add $VAR' to VRT rules?
thank you for breaking this and waking me up at 4am 

Dec  8 03:06:13 scanner2 snort[3457]: FATAL ERROR: /etc/snort/rules/web-client.rules(142) ***PortVar Lookup failed on 
'$FILE_DATA_PORTS'.

oh, and its NOT in the distributed snort.conf file.
pwd
/usr/local/etc/snort
scanner2.hackertrap.net# grep FILE_DATA_PORTS *

no, i did NOT enable, as you see, these are in web-client.rules
 
file-identify.rules


yes, your block says to add this. portvar FILE_DATA_PORTS [$HTTP_PORTS,110,143]

but, you should have left the mucked up rules in file-identify.rules, NOT put them into otherwise active rules.
or, find some way to have a default, in the .rules, like first line would be:

portvar FILE_DATA_PORTS? [$HTTP_PORTS,110,143]


-- 
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259

| SECNAP Network Security Corporation

      • Best Mobile Solutions Product of 2011
      • Best Intrusion Prevention Product
      • Hot Company Finalist 2011
      • Best Email Security Product
      • Certified SNORT Integrator

This email has been scanned and certified safe by SpammerTrap®.
For Information please see http://www.spammertrap.com/

------------------------------------------------------------------------------
Cloud Services Checklist: Pricing and Packaging Optimization
This white paper is intended to serve as a reference, checklist and point of 
discussion for anyone considering optimizing the pricing and packaging model 
of a cloud services business. Read Now!
http://www.accelacomm.com/jaw/sfnl/114/51491232/_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


--
Nigel Houghton
Head Mentalist
SF VRT Department of Intelligence Excellence
http://vrt-blog.snort.org/ && http://labs.snort.org/


------------------------------------------------------------------------------
Cloud Services Checklist: Pricing and Packaging Optimization
This white paper is intended to serve as a reference, checklist and point of 
discussion for anyone considering optimizing the pricing and packaging model 
of a cloud services business. Read Now!
http://www.accelacomm.com/jaw/sfnl/114/51491232/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: