[Snort-users] Couldn't resolve hostname HOME_NET

dotslash dotslash at ...1760...
Tue Apr 24 02:09:57 EDT 2001


> Heh, you've got coffee--I've got good scotch.  ;-)  Troubleshooting may
never
> be the same!
>
ahh, now you're talking.  maybe after this you can be called the drunken
master of snort :-)

>
> Hrm...  Ok, not to sound silly--But did you customize the rules any?  I
had a
> rather silly error in mine where I was using "HOME_NET" instead of

nope i didn't touch the rules files.  here's the supposed to be offending
line:

alert tcp $EXTERNAL_NET 80 -> $HOME_NET any (msg:"EXPLOIT netscape 4.7
client ov
erflow"; content: "|33 C9 B1 10 3F E9 06 51 3C FA 47 33 C0 50 F7 D0 50|";
flags:
 A+; reference:arachnids,215; classtype:attempted-user;)



> "$HOME_NET".  From the output you showed it seems like line 4 of the
> exploit.rules is where the trouble is.  If you comment out that line, does
the
> error still occur?
>

i thought of that and i've actually started remarking the offending line/s
one by one but what happens is the offending line would just go to the next,
unremarked line!  i also remarked exploit.rules and still got the same
message for the next rule in line (which is scan.rules).

> > well, i'll finish coffee first then d/l snort again.  hell maybe i'll
use
> > 1.8 then...l8rs
>
> I would suggest it!  Granted 1.8 is still beta, but with all the nifty
stuff
> that Marty and Company (You guys Rock!) have tossed in, it's damn spiffy.
> Vlans, uricontent, rpc decoding, command line params not 'needed', it
makes
> coffee....  ;-)
>

well, i got 1.8 and the ruleset that goes with it.  same error. :-(

this is beginning to irritate me.  i think i'll have vodka.  maybe alcohol
will help. ;-)

> -----
> Erek Adams
> Nifty-Type-Guy
> TheAdamsFamily.Net
>
>
>
>





More information about the Snort-users mailing list