[Snort-users] 1.8: alert garbage and rules issue.
Scott A. McIntyre
scott at ...1050...
Thu Apr 19 03:28:56 EDT 2001
With 1.8 (taken from this mornings CVS checkout) I'm seeing a lot of
garbage in the output:
[**] MISC traceroute [**]
] [Priority: 3]
04/19/01-09:24:16.676819 xxx.xx.xx.xxx -> xxx.xxx.x.xx
ICMP TTL:1 TOS:0x0 ID:32502 IpLen:20 DgmLen:84
Type:8 Code:0 ID:256 Seq:48255 ECHO
[Xref => http://www.whitehats.com/info/3]
Any idea why?
Secondly, there are loads of problems with the rules as distributed with
1.8; there are duplicates all over the place and quite a few more errors
(snort won't even startup with the rules as distributed due to these
errors) -- I'd be happy to volunteer to clean these up but would like to
know how best to go about that (cvs checkin prvis for rules?)...
More information about the Snort-users