[Snort-sigs] New revs? of old sigs causing Snort to die
nigel at ...435...
Sun Oct 21 19:14:40 EDT 2007
On 10/21/07 5:31 PM, "Paul Melson" <pmelson at ...2420...> wrote:
> Starting Friday I noticed the following problems with the following
> The following rules start with 'alert udp' and contain flow: statements.
> I'm using Snort 220.127.116.11 on RHEL4 and it's complaining and refusing to
> run until these rules are commented out.
> Also, the following rules are using a comma-delimited list of ports,
> which is causing Snort to barf:
> What's up?
Which ruleset are you using? If it is not the one intended for 2.7 then you
will have problems like that because those rules are intended for 2.8 and
higher, which are able to use flow with UDP rules and port lists.
More information about the Snort-sigs