[Snort-users] Snort Error (Newbie Alert)

Brian Caswell bmc at ...312...
Tue Mar 6 12:52:54 EST 2001


Bob Staaf wrote:
>      Have successfully got snort 1.7 running on my Red Hat 6.2 server and am
> now trying to get the latest rules running.  I am getting the following
> error when my server starts up snortd.  Any ideas?
> 
> Mar  6 11:44:45 swshost snort: [!] ERROR /etc/snort/rules/exploit.rules(21)
> => Bad port number: "(msg:"EXPLOIT"

Are you sure you setup $HOME_NET, $SMTP, $EXTERNAL_NET correctly?  I
just checked the latest ruleset again, and none of the exploit.rules are
missing a port number.  In the initial release of the new rules, there
was a few broken rules that snuck through the cracks.  (Sorry about
that)  I thought we caught most of them and fixed them.  I checked them
again, and couldn't find any without a DEST port.

Try downloading the full breakout again.  If you find a flawed rule,
look at the line number of that file and e-mail it to me.

-- 
Brian Caswell
The MITRE Corporation




More information about the Snort-users mailing list