[Snort-users] All shellcode rules invalid

Andreas Östling andreaso at ...236...
Sat Apr 13 01:22:04 EDT 2002


On 13 Apr 2002, Rob Hughes wrote:

> It looks like someone had a great idea to speed up the shellcode rules,
> but forgot to set to var for $SHELLCODE_PORTS. This causes snort to barf
> on the rules. Adding "var SHELLCODE_PORTS 21 23 25 53 80 143 110 111 513
> 8880" gets it running, though I haven't determined yet if this is a
> proper list of shellcode ports or not. Probably 22 and a few others
> should be added. Gonna have to go rule surfin'....
>
> Rob

It looks like someone forgot to check the new snort.conf.

$ grep "var SHELLCODE_PORTS" *
snort.conf:var SHELLCODE_PORTS !80

/Andreas





More information about the Snort-users mailing list