Snort mailing list archives
Re: Unknown rule option sip_header
From: Y M <snort () outlook com>
Date: Wed, 1 Oct 2014 15:40:28 +0000
To: snort-users () lists sourceforge net Date: Wed, 1 Oct 2014 08:09:10 -0600 From: jlay () slave-tothe-box net Subject: [Snort-users] Unknown rule option sip_header Oct 1 14:02:31 192.168.1.1 snort[5722]: FATAL ERROR: /etc/snort/rules/snort.rules(31729) Unknown rule option: 'sip_header'. alert udp $EXTERNAL_NET any -> $SIP_SERVERS $SIP_PORTS (msg:"OS-OTHER Bash environment variable injection attempt"; flow:stateless; sip_header; content:"() {"; metadata:policy balanced-ips drop, policy security-ips drop, ruleset community, service sip; reference:cve,2014-6271; reference:cve,2014-7169; classtype:attempted-admin; sid:32041; rev:1;) Anyone else seeing this?
Running fine on my side. Is the SIP preprocessor enabled? YM
James ------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Unknown rule option sip_header James Lay (Oct 01)
- Re: Unknown rule option sip_header Y M (Oct 01)
- Re: Unknown rule option sip_header James Lay (Oct 01)
- Re: Unknown rule option sip_header Jeremy Hoel (Oct 01)
- Re: Unknown rule option sip_header James Lay (Oct 01)
- Re: Unknown rule option sip_header Joel Esler (jesler) (Oct 01)
- Re: Unknown rule option sip_header Jeremy Hoel (Oct 01)
- Re: Unknown rule option sip_header James Lay (Oct 01)
- Re: Unknown rule option sip_header waldo kitty (Oct 01)
- Re: Unknown rule option sip_header James Lay (Oct 01)
- Re: Unknown rule option sip_header Y M (Oct 01)
- Re: Unknown rule option sip_header Y M (Oct 01)
- Re: Unknown rule option sip_header Shirkdog (Oct 01)
- Re: Unknown rule option sip_header James Lay (Oct 01)