[Snort-users] Snort complains about rules file

lists lists at ...297...
Sun Apr 1 19:43:26 EDT 2001


I'm also having this problem with the new rulesets... I have my EXTERNAL_NET defined in snort.conf as:

var EXTERNAL_NET any

This is no good with the new rules?

Joe
---------- Original Message ----------------------------------
From: Joe McAlerney <joey at ...155...>
Date: Fri, 30 Mar 2001 09:24:33 -0800

>Tom Sevy wrote:
>
>> +++++++++++++++++++++++++++++++++++++++++++++++++++
>> Initializing rule chains...
>> ERROR netbios.rules:7 => Port value missing in rule!
>> 
>> Here is what is in netbios.rules, as downloaded from snort.org:
>> 
>> #--------------
>> # NETBIOS RULES
>> #--------------
>> # UPDATED 03/28/2001
>> #
>> alert tcp $EXTERNAL_NET any -> $HOME_NET 139 (msg:"NETBIOS DOS RFPoison";
>> flags: A+; content: "|5C 0
>
>EXTERNAL_NET is undefined.  It's interpreting the first "any" as the
>network address, and therefore can not find a port.  If HOME_NET was
>undefined, it would interpret "(msg:"NETBIOS" as the port number.
>
>-Joe M.
>
>-- 
>|   Joe McAlerney     joey at ...155...   |
>| Silicon Defense - Technical Support for Snort |
>|       http://www.silicondefense.com/          |
>+--                                           --+
>
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>http://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users
>




More information about the Snort-users mailing list