[Snort-users] shellcode error

Matt Kettler mkettler at ...4108...
Fri May 31 09:06:03 EDT 2002


Why? The updated snort.conf is *INCLUDED* with the rules. Everything needed 
to update the ruleset is included, and if you download a ruleset, it has a 
snort.conf, you should look at it and use it. It is merely a false 
assumption to believe that the snort.conf included in the rules tarball is 
superfluous that causes this problem. No more.

The way things are set up the snort.conf is an integral part of the 
ruleset. It is not merely a config file, and it makes no sense for snort to 
have a configuartion file which is not an integral part of the rules set.



At 10:46 AM 5/31/2002 -0400, john wrote:
>Shouldn't additions to snort.conf like this be limited to the -CURRENT
>branch?
>
>
>On  0, matt <mkettler at ...4108...> wrote:
> > Yeah, and the latest snort rules tarball should also include a snort.conf
> > containing a SHELLCODE_PORTS variable.. put that in your snort.conf and it
> > should work fine.
> >
> > Don't assume that the baseline snort.conf is unchanged when updating your
> > rule sets, it is VERY common for it to have new variables used by the new
> > ruleset.
> >
> >
> > At 04:25 PM 5/30/2002 -0400, Hugo Ferr wrote:
> > >Downloaded latest stable rules for Snort 1.8.6, when I stort snort I 
> get the
> > >following;
> > >
> > >[!] ERROR ./snortrules/shellcode.rules(14) => Bad port number:
> > >"(msg:"SHELLCODE"
> > >Fatal Error, Quitting..
> > >
> > >The only thing I've found on the web suggests:
> > >"Probably your variable SHELLCODE_PORTS is not defined or misconfigured in
> > >snort.conf file."
> > >I don't have this variable in snort.conf
> > >(When I disable shellcode rules snort starts fine, but....what the 
> hell..it
> > >should work with those rules as well :-)
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >_______________________________________________________________
> > >
> > >Don't miss the 2002 Sprint PCS Application Developer's Conference
> > >August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm
> > >
> > >_______________________________________________
> > >Snort-users mailing list
> > >Snort-users at lists.sourceforge.net
> > >Go to this URL to change user options or unsubscribe:
> > >https://lists.sourceforge.net/lists/listinfo/snort-users
> > >Snort-users list archive:
> > >http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> >
> > _______________________________________________________________
> >
> > Don't miss the 2002 Sprint PCS Application Developer's Conference
> > August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>--
>john at ...5978...
>publickey: http://www.bad-current.net/~john/key.html
>fingerprint: 7A96 24BE F9B1 1092 B4F6  B53D 1DB4 139B F217 DE50





More information about the Snort-users mailing list