[Snort-devel] Unknown rule keyword

Simon Dzn sikking23 at gmail.com
Thu Jul 6 09:16:11 EDT 2017


Hey all,

I am running Snort 3(a4-236) on arm(Raspberry pi) and I have a big problem
loading rules I am getting this error: unknown rule keyword: x.
some of the problematic keywords: distance, nocase, offset, fast_pattern.
Example for a rule: alert udp any any -> any any (msg:"ET SHELLCODE
Bindshell2 Decoder Shellcode (UDP)"; content:"|53 53 53 53 53 43 53 43 53
FF D0 66 68|"; content:"|66 53 89 E1 95 68 A4 1A|"; distance:0;
reference:url,doc.emergingthreats.net/2009285; classtype:shellcode-detect;
sid:2009285; rev:2; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Here the "distance" keyword is the problem.
Any ideas?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20170706/7d0bc85d/attachment.html>


More information about the Snort-devel mailing list