[Snort-users] Strange effect after installing 1.8.2 (1.8.1 did work)

Chr. v. Stuckrad stucki at ...3882...
Mon Nov 5 04:59:02 EST 2001


Hi!

I just compiled and run snort 1.8.2 and had two suprises:

1) 'Something' does output Packet-Contents (but only contents, no header)
   on the 'terminal' snort ist started on!  The old 1.8.1 did not show
   this behaviour.  Is there an 'official change' in snort or a module
   which does define its output in a new way?

2) in the ddos-rules snort-1.8.2 complained about every rule,
   which had a 'msg'-field including a ':' in the quoted string like:

redalert udp $EXTERNAL_NET any -> $HOME_NET 31335 (msg:"DDOS Trin00:DaemontoMaster(messagedetected)"; content:"l44";reference:arachnids,186; classtype:attempted-dos; sid:231; rev:1;)

In the same file there is a *working* rule with '\:' instead of ':',
so I changed ALL the rules that way, and it seems to work... 

If somebody has Ideas how to change (1), please mail me....

Thanks,   'Stucki'

-- 
Christoph von Stuckrad       * *  | nickname  | <stucki at ...3882...> \
Freie Universitaet Berlin    |/_* | 'stucki'  | Tel(days):+49 30 838-75 459 |
Fachbereich Mathematik, EDV  |\ * | if online | Tel(else):+49 30 77 39 6600 |
Arnimallee 2-6/14195 Berlin  * *  | on IRCnet | Fax(alle):+49 30 838-75454 /




More information about the Snort-users mailing list