Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Unknown rule keyword

From: Simon Dzn via Snort-devel <snort-devel () lists snort org>
Date: Thu, 6 Jul 2017 16:16:11 +0300
Hey all,

I am running Snort 3(a4-236) on arm(Raspberry pi) and I have a big problem
loading rules I am getting this error: unknown rule keyword: x.
some of the problematic keywords: distance, nocase, offset, fast_pattern.
Example for a rule: alert udp any any -> any any (msg:"ET SHELLCODE
Bindshell2 Decoder Shellcode (UDP)"; content:"|53 53 53 53 53 43 53 43 53
FF D0 66 68|"; content:"|66 53 89 E1 95 68 A4 1A|"; distance:0;
reference:url,doc.emergingthreats.net/2009285; classtype:shellcode-detect;
sid:2009285; rev:2; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Here the "distance" keyword is the problem.
Any ideas?

_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: