[Snort-users] Snort Error (Newbie Alert)
bmc at ...312...
Tue Mar 6 12:52:54 EST 2001
Bob Staaf wrote:
> Have successfully got snort 1.7 running on my Red Hat 6.2 server and am
> now trying to get the latest rules running. I am getting the following
> error when my server starts up snortd. Any ideas?
> Mar 6 11:44:45 swshost snort: [!] ERROR /etc/snort/rules/exploit.rules(21)
> => Bad port number: "(msg:"EXPLOIT"
Are you sure you setup $HOME_NET, $SMTP, $EXTERNAL_NET correctly? I
just checked the latest ruleset again, and none of the exploit.rules are
missing a port number. In the initial release of the new rules, there
was a few broken rules that snuck through the cracks. (Sorry about
that) I thought we caught most of them and fixed them. I checked them
again, and couldn't find any without a DEST port.
Try downloading the full breakout again. If you find a flawed rule,
look at the line number of that file and e-mail it to me.
The MITRE Corporation
More information about the Snort-users