[Snort-users] Strange effect after installing 1.8.2 (1.8.1 did work)
Chr. v. Stuckrad
stucki at ...3882...
Mon Nov 5 04:59:02 EST 2001
I just compiled and run snort 1.8.2 and had two suprises:
1) 'Something' does output Packet-Contents (but only contents, no header)
on the 'terminal' snort ist started on! The old 1.8.1 did not show
this behaviour. Is there an 'official change' in snort or a module
which does define its output in a new way?
2) in the ddos-rules snort-1.8.2 complained about every rule,
which had a 'msg'-field including a ':' in the quoted string like:
redalert udp $EXTERNAL_NET any -> $HOME_NET 31335 (msg:"DDOS Trin00:DaemontoMaster(messagedetected)"; content:"l44";reference:arachnids,186; classtype:attempted-dos; sid:231; rev:1;)
In the same file there is a *working* rule with '\:' instead of ':',
so I changed ALL the rules that way, and it seems to work...
If somebody has Ideas how to change (1), please mail me....
Christoph von Stuckrad * * | nickname | <stucki at ...3882...> \
Freie Universitaet Berlin |/_* | 'stucki' | Tel(days):+49 30 838-75 459 |
Fachbereich Mathematik, EDV |\ * | if online | Tel(else):+49 30 77 39 6600 |
Arnimallee 2-6/14195 Berlin * * | on IRCnet | Fax(alle):+49 30 838-75454 /
More information about the Snort-users