[Snort-users] new ruleset gives a fatal error

twig les twigles at ...131...
Mon Aug 19 13:31:03 EDT 2002


Hey all, I just dl'd the current ruleset today (Monday
8/19/02) and now Snort won't start.  Running my config
with -T gives me:

[!] ERROR .//exploit.rules(22) => Bad port number:
"(msg:"EXPLOIT"
Fatal Error, Quitting..

I will paste the entire output at the end, but that's
the ticket right there.  I've been looking thru
exploit.rules and tried commenting out a few rules
that looked suspicious, but no luck.  Does anyone know
which rule this is?  Note that I have Snort 1.8.6 and
this config has been running fine for months with
these exact startup options.  This includes weekly
rules updates.

===================================================
snortbox# /usr/local/bin/snort -c
/usr/local/snort/snort.conf -i ti0 -T
Log directory = /var/log/snort

Initializing Network Interface ti0

        --== Initializing Snort ==--
Decoding Ethernet on interface ti0
Initializing Preprocessors!
Initializing Plug-ins!
Initializating Output Plugins!
Parsing Rules file /usr/local/snort/snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
No arguments to frag2 directive, setting defaults to:
    Fragment timeout: 60 seconds
    Fragment memory cap: 4194304 bytes
Stream4 config:
    Stateful inspection: ACTIVE
    Session statistics: INACTIVE
    Session timeout: 30 seconds
    Session memory cap: 8388608 bytes
    State alerts: INACTIVE
    Scan alerts: ACTIVE
    Log Flushed Streams: INACTIVE
No arguments to stream4_reassemble, setting defaults:
     Reassemble client: ACTIVE
     Reassemble server: INACTIVE
     Reassemble ports: 21 23 25 53 80 143 110 111 513
     Reassembly alerts: ACTIVE
     Reassembly method: FAVOR_OLD
[!] ERROR .//exploit.rules(22) => Bad port number:
"(msg:"EXPLOIT"
Fatal Error, Quitting..
================================================


=====
-----------------------------------------------------------
All warfare is based on deception.
-----------------------------------------------------------

__________________________________________________
Do You Yahoo!?
HotJobs - Search Thousands of New Jobs
http://www.hotjobs.com




More information about the Snort-users mailing list