[Snort-users] Stable Snort Rules fails?

Erek Adams erek at ...577...
Fri May 31 14:18:03 EDT 2002


On Fri, 31 May 2002, Juan Pablo Villaverde wrote:

>
> I have installed Snort 1.8.6 build 151, when I download the stable
> rules from snort:
> (http://www.snort.org/dl/signatures/snortrules.tar.gz)
>
> I get the following error:
>
> ERROR .//bad-traffic.rules(19) => Bad protocol name ">134"
> Fatal Error, Quitting..
>
> This rule must be OK... but fails!! Why?

Errr...  I just grabbed the same file.  That rule is #19, and it's commented
out along with #20.

-- 

# alert ip $EXTERNAL_NET any -> $HOME_NET any (msg:"BAD TRAFFIC
Unassigned/Reser ved IP protocol"; ip_proto:>134;
classtype:non-standard-protocol; sid:1627;  rev: 1;)

--

Usually if a rule is commented out in the rules distro, it was done for a
reason. :)

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net





More information about the Snort-users mailing list