[Snort-users] Couldn't resolve hostname HOME_NET
dotslash at ...1760...
Tue Apr 24 02:09:57 EDT 2001
> Heh, you've got coffee--I've got good scotch. ;-) Troubleshooting may
> be the same!
ahh, now you're talking. maybe after this you can be called the drunken
master of snort :-)
> Hrm... Ok, not to sound silly--But did you customize the rules any? I
> rather silly error in mine where I was using "HOME_NET" instead of
nope i didn't touch the rules files. here's the supposed to be offending
alert tcp $EXTERNAL_NET 80 -> $HOME_NET any (msg:"EXPLOIT netscape 4.7
erflow"; content: "|33 C9 B1 10 3F E9 06 51 3C FA 47 33 C0 50 F7 D0 50|";
A+; reference:arachnids,215; classtype:attempted-user;)
> "$HOME_NET". From the output you showed it seems like line 4 of the
> exploit.rules is where the trouble is. If you comment out that line, does
> error still occur?
i thought of that and i've actually started remarking the offending line/s
one by one but what happens is the offending line would just go to the next,
unremarked line! i also remarked exploit.rules and still got the same
message for the next rule in line (which is scan.rules).
> > well, i'll finish coffee first then d/l snort again. hell maybe i'll
> > 1.8 then...l8rs
> I would suggest it! Granted 1.8 is still beta, but with all the nifty
> that Marty and Company (You guys Rock!) have tossed in, it's damn spiffy.
> Vlans, uricontent, rpc decoding, command line params not 'needed', it
> coffee.... ;-)
well, i got 1.8 and the ruleset that goes with it. same error. :-(
this is beginning to irritate me. i think i'll have vodka. maybe alcohol
will help. ;-)
> Erek Adams
More information about the Snort-users