[Snort-devel] [Bug #131641] include directives do not work right.

noreply at ...12... noreply at ...12...
Thu Feb 8 22:15:50 EST 2001


Bug #131641, was updated on 2001-Feb-08 19:15
Here is a current snapshot of the bug.

Project: Snort
Category: None
Status: Open
Resolution: None
Bug Group: None
Priority: 5
Submitted by: ajlill
Assigned to : nobody
Summary: include directives do not work right.

Details: Invoking snort 1.7 with the following options:
/usr/local/bin/snort -opNs -c /usr/local/etc/vision.conf -i eth0
the following vision.conf, and the ping-lib from the snort distribution
causes alerts for IDS152. The pass rule is copied from the ping-lib file
and alert changed to pass. If I include the contents of ping-lib in the
vision.conf file instead of using the include directive, no alert is
generated, as I expect. This is on RedHat 6.2 and 7.0

var HOME_NET 192.168.0.4/32
include /usr/local/etc/snort/ping-lib
pass icmp any any -> $HOME_NET any (msg:"IDS152 - PING BSD"; content: "|08
09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16 17|"; itype: 8; depth: 32;) 


For detailed info, follow this link:
http://sourceforge.net/bugs/?func=detailbug&bug_id=131641&group_id=3357




More information about the Snort-devel mailing list