[Snort-users] Errors in vision.conf
vision at ...4...
Mon Nov 13 13:15:46 EST 2000
Yep, mistake on my part - since these two are exactly the same as the TCP
equivalents, I had copied the records and made minor changes - I forgot to
remove the TCP flags. This is fixed now. In your copy just remove the
On Mon, 13 Nov 2000, Ron 'The InSaNe One' Rosson wrote:
> With these 2 lines in the current vision.conf from whitehats will not
> allow my snort to start.
> alert UDP $EXTERNAL any -> $INTERNAL any (msg: "IDS436/shellcode-x86-setuid0-udp"; flags: AP; content: "|b017 cd80|";)
> alert UDP $EXTERNAL any -> $INTERNAL any (msg: "IDS437/shellcode-x86-setgid0-udp"; flags: AP; content: "|b0b5 cd80|";)
> Here is the error I get:
> ERROR Line /etc/snort/vision.conf (443): TCP Options on non-TCP rule
> Anyone know what is causing this?
More information about the Snort-users