[Snort-sigs] Two missing for scan

DFIRob rd.seclists at gmail.com
Mon Jun 18 17:43:12 EDT 2018


Well, look for the (commented out) rules that set the ms_sql_seen_dns
flowbit and uncomment them, and look for rules that check the other one and
uncomment them as well. Or do the opposite.
http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node33.html#SECTION004610000000000000000
Anyway, this error is non blocking and unless those rules are essential to
you you could as well let them slide.

-Rob'

On Fri, Jun 15, 2018 at 10:04 PM Dorian ROSSE <dorianbrice at hotmail.fr>
wrote:

> Dear IT Snort Community,
>
>
> This is my error when I try to launch a scan :
>
> WARNING: flowbits key 'ms_sql_seen_dns' is checked but not ever set.
>
> WARNING: flowbits key 'smb.tree.create.llsrpc' is set but not ever checked.
>
> How to repair this two problems for do a scan ?
>
> I was follow this link :
>
> http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node6.html
>
> Thank you in advance to repair my two errors,
>
> Regards.
>
>
> Dorian ROSSE.
>
>
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.snort.org
> https://lists.snort.org/mailman/listinfo/snort-sigs
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
> Please follow these rules:
> https://snort.org/faq/what-is-the-mailing-list-etiquette
>
> Visit the Snort.org to subscribe to the official Snort ruleset, make sure
> to stay up to date to catch the most <a href="
> https://snort.org/downloads/#rule-downloads">emerging threats</a>!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20180618/e19f4a0f/attachment.html>


More information about the Snort-sigs mailing list