Developers help please! WAS: Re: [Snort-users] Couldn't resolve hostname HOME_NET
jlewis at ...1831...
Tue Apr 24 08:17:15 EDT 2001
How about posting the snort.conf you are using to the list? I imagine it is
a syntax error.
"All you can do is manage the risks. There is no security."
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of dotslash
Sent: Tuesday, April 24, 2001 8:03 AM
Subject: Developers help please! WAS: Re: [Snort-users] Couldn't resolve
Sorry but I'm getting really frustrated. I've removed the firewall, done
all those things I've mentioned earlier in the original thread, and I still
can't figure out why on earth snort would give "couldn't resolve hostname
It is defined as well as the other needed variables plus I've remarked all
those unneeded vars.
Here's my system:
FreeBSD 4-2.RELEASE, 32Mb ram, 1Gb hd, P3 133Mhz.
I've used the snort.conf that came with the tarball, created my own, and
still I get the same message!
Appreciate your help!
> > Hrm... Ok, not to sound silly--But did you customize the rules any? I
> had a
> > rather silly error in mine where I was using "HOME_NET" instead of
> nope i didn't touch the rules files. here's the supposed to be offending
> alert tcp $EXTERNAL_NET 80 -> $HOME_NET any (msg:"EXPLOIT netscape 4.7
> client ov
> erflow"; content: "|33 C9 B1 10 3F E9 06 51 3C FA 47 33 C0 50 F7 D0 50|";
> A+; reference:arachnids,215; classtype:attempted-user;)
> > "$HOME_NET". From the output you showed it seems like line 4 of the
> > exploit.rules is where the trouble is. If you comment out that line,
> > error still occur?
> i thought of that and i've actually started remarking the offending line/s
> one by one but what happens is the offending line would just go to the
> unremarked line! i also remarked exploit.rules and still got the same
> message for the next rule in line (which is scan.rules).
> > > well, i'll finish coffee first then d/l snort again. hell maybe i'll
> > > 1.8 then...l8rs
> > I would suggest it! Granted 1.8 is still beta, but with all the nifty
> > that Marty and Company (You guys Rock!) have tossed in, it's damn
> > Vlans, uricontent, rpc decoding, command line params not 'needed', it
> > coffee.... ;-)
> well, i got 1.8 and the ruleset that goes with it. same error. :-(
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
More information about the Snort-users