[Snort-sigs] [Emerging-Sigs] FATALs with snort-2.9.0.3

Joel Esler jesler at ...435...
Wed Dec 22 10:03:18 EST 2010


As promised, here's that blog post I was talking about:

http://blog.snort.org/2010/12/wheres-content.html


Thanks all!

Joel

On Dec 21, 2010, at 10:55 AM, Matthew Jonkman wrote:

> Hi James, looks like we have a lot of style issues to fix up. We're on it!!
> 
> Matt
> 
> On Dec 21, 2010, at 10:39 AM, Lay, James wrote:
> 
>> Yep…latest et rules:
>>  
>> Dec 21 08:32:14 10.21.88.2 snort[30722]: FATAL ERROR: /usr/local/etc/snort/rules/emerging-p2p.rules(110) depth can't be used with itself, distance, or within
>> Dec 21 08:32:50 10.21.88.2 snort[30725]: FATAL ERROR: /usr/local/etc/snort/rules/emerging-p2p.rules(114) depth can't be used with itself, distance, or within
>> Dec 21 08:33:04 10.21.88.2 snort[30728]: FATAL ERROR: /usr/local/etc/snort/rules/emerging-p2p.rules(118) depth can't be used with itself, distance, or within
>> Dec 21 08:33:27 10.21.88.2 snort[30731]: FATAL ERROR: /usr/local/etc/snort/rules/emerging-p2p.rules(230) within can't be used with itself, offset, or depth
>> Dec 21 08:33:47 10.21.88.2 snort[30734]: FATAL ERROR: /usr/local/etc/snort/rules/emerging-p2p.rules(390) depth can't be used with itself, distance, or within
>> Dec 21 08:34:10 10.21.88.2 snort[30737]: FATAL ERROR: /usr/local/etc/snort/rules/emerging-p2p.rules(394) depth can't be used with itself, distance, or within
>> Dec 21 08:34:44 10.21.88.2 snort[30740]: FATAL ERROR: /usr/local/etc/snort/rules/emerging-p2p.rules(398) depth can't be used with itself, distance, or within
>> Dec 21 08:34:57 10.21.88.2 snort[30743]: FATAL ERROR: /usr/local/etc/snort/rules/emerging-p2p.rules(402) depth can't be used with itself, distance, or within
>>  
>> Got tired of commenting things out, so I’ll wait until this is fixed...
>>  
>>  
>>    ,,_     -*> Snort! <*-
>>   o"  )~   Version 2.9.0.3 (Build 98)
>>    ''''    By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team
>>            Copyright (C) 1998-2010 Sourcefire, Inc., et al.
>>            Using libpcap version 1.0.0
>>            Using PCRE version: 7.6 2008-01-28
>>            Using ZLIB version: 1.2.3
>>  
>> These are the nogpl badboys.
>>  
>> 2010-12-17 19:30 emerging-attack_response.rules
>> 2010-12-17 19:30 emerging-p2p.rules
>>  
>> James Lay
>> IT Security Analyst
>> WinCo Foods
>> 208-672-2014 Office
>> 208-559-1855 Cell
>> 650 N Armstrong Pl.
>> Boise, Idaho 83704
>>  
>> _______________________________________________
>> Emerging-sigs mailing list
>> Emerging-sigs at ...3335...
>> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>> 
>> Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreatspro.com
>> The ONLY place to get complete premium rulesets for Snort 2.4.0 through Current!
> 
> 
> ----------------------------------------------------
> Matthew Jonkman
> Emergingthreats.net
> Emerging Threats Pro
> Open Information Security Foundation (OISF)
> Phone 765-807-8630
> Fax 312-264-0205
> http://www.emergingthreatspro.com
> http://www.openinfosecfoundation.org
> ----------------------------------------------------
> 
> PGP: http://www.jonkmans.com/mattjonkman.asc
> 
> 
> 
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at ...3335...
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
> 
> Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreatspro.com
> The ONLY place to get complete premium rulesets for Snort 2.4.0 through Current!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20101222/7a6cf09a/attachment.html>


More information about the Snort-sigs mailing list