[Snort-users] 1.8: alert garbage and rules issue.

Scott A. McIntyre scott at ...1050...
Thu Apr 19 03:28:56 EDT 2001


With 1.8 (taken from this mornings CVS checkout) I'm seeing a lot of
garbage in the output:

[**] MISC traceroute [**]
[Classification: ô8A
                   ] [Priority: 3]
04/19/01-09:24:16.676819 xxx.xx.xx.xxx -> xxx.xxx.x.xx
ICMP TTL:1 TOS:0x0 ID:32502 IpLen:20 DgmLen:84
Type:8  Code:0  ID:256   Seq:48255  ECHO
[Xref => http://www.whitehats.com/info/3]


Any idea why?

Secondly, there are loads of problems with the rules as distributed with
1.8; there are duplicates all over the place and quite a few more errors
(snort won't even startup with the rules as distributed due to these
errors) -- I'd be happy to volunteer to clean these up but would like to
know how best to go about that (cvs checkin prvis for rules?)...


More information about the Snort-users mailing list