[Snort-users] Couldn't resolve hostname HOME_NET

dotslash dotslash at ...1760...
Tue Apr 24 02:09:57 EDT 2001

> Heh, you've got coffee--I've got good scotch.  ;-)  Troubleshooting may
> be the same!
ahh, now you're talking.  maybe after this you can be called the drunken
master of snort :-)

> Hrm...  Ok, not to sound silly--But did you customize the rules any?  I
had a
> rather silly error in mine where I was using "HOME_NET" instead of

nope i didn't touch the rules files.  here's the supposed to be offending

alert tcp $EXTERNAL_NET 80 -> $HOME_NET any (msg:"EXPLOIT netscape 4.7
client ov
erflow"; content: "|33 C9 B1 10 3F E9 06 51 3C FA 47 33 C0 50 F7 D0 50|";
 A+; reference:arachnids,215; classtype:attempted-user;)

> "$HOME_NET".  From the output you showed it seems like line 4 of the
> exploit.rules is where the trouble is.  If you comment out that line, does
> error still occur?

i thought of that and i've actually started remarking the offending line/s
one by one but what happens is the offending line would just go to the next,
unremarked line!  i also remarked exploit.rules and still got the same
message for the next rule in line (which is scan.rules).

> > well, i'll finish coffee first then d/l snort again.  hell maybe i'll
> > 1.8 then...l8rs
> I would suggest it!  Granted 1.8 is still beta, but with all the nifty
> that Marty and Company (You guys Rock!) have tossed in, it's damn spiffy.
> Vlans, uricontent, rpc decoding, command line params not 'needed', it
> coffee....  ;-)

well, i got 1.8 and the ruleset that goes with it.  same error. :-(

this is beginning to irritate me.  i think i'll have vodka.  maybe alcohol
will help. ;-)

> -----
> Erek Adams
> Nifty-Type-Guy
> TheAdamsFamily.Net

More information about the Snort-users mailing list