[Snort-users] Slight Problem

John Paul Martin jpmartin at ...601...
Mon Oct 9 13:16:20 EDT 2000


Hello fellow snorters!
I'm new to the list and I've got a slight problem. I've been hashing out all
of the rules file, but keep getting this error  when I run the following:

/usr/sbin/snort -c /etc/snort/10042k.rules -i eth0 -l /var/log/snort -d -A
fast -v

THE ERROR:
Initializing rule chains...
ERROR /etc/snort/10042k.rules (31) => No netmask specified for IP address

Here is a snipit, IP's XXX'd out, of my rules file. Does anything look
wrong?

#---------------------------------------------
# http://www.snort.org     Snort 1.6.3 Ruleset
#    Current Database Updated -- 10/04/2000
#Contact:  Jim Forster - jforster at ...176...
#---------------------------------------------

preprocessor http_decode: 80 443 8080
preprocessor minfrag: 128
preprocessor portscan: xx.xx.xxx.xxx/24  3 5 /var/log/snort_portscan.log
#                      ^^^^^^^^^^^    ^ ^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^
#                               |     | |              |
#Your IP address or Network here+     | |              |
#                                     | |              |
#Ammount of ports being connected-----+ |              |
#   in this                             |              |
#Interval (in seconds)------------------+              |
#                                                      |
#Log file (path/name)----------------------------------+

#preprocessor portscan-ignorehosts: Hosts to ignore in portscan detection

#---------------------------------------------
# CHANGE THE NEXT LINE TO REFLECT YOUR NETWORK
# (Single system = your ip/32)
var mynet.net xx.xx.xxx.xxx/24
#---------------------------------------------


Thanks in advance and please pardon my ignorance,
John Paul Martin




More information about the Snort-users mailing list