Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Two missing for scan

From: DFIRob via Snort-sigs <snort-sigs () lists snort org>
Date: Mon, 18 Jun 2018 23:43:12 +0200
Well, look for the (commented out) rules that set the ms_sql_seen_dns
flowbit and uncomment them, and look for rules that check the other one and
uncomment them as well. Or do the opposite.
http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node33.html#SECTION004610000000000000000
Anyway, this error is non blocking and unless those rules are essential to
you you could as well let them slide.

-Rob'

On Fri, Jun 15, 2018 at 10:04 PM Dorian ROSSE <dorianbrice () hotmail fr>
wrote:


Dear IT Snort Community,


This is my error when I try to launch a scan :

WARNING: flowbits key 'ms_sql_seen_dns' is checked but not ever set.

WARNING: flowbits key 'smb.tree.create.llsrpc' is set but not ever checked.

How to repair this two problems for do a scan ?

I was follow this link :

http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node6.html

Thank you in advance to repair my two errors,

Regards.


Dorian ROSSE.


_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules:
https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure
to stay up to date to catch the most <a href="
https://snort.org/downloads/#rule-downloads";>emerging threats</a>!


_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
Previous By Date Next
Previous By Thread Next

Current thread: