[Snort-users] Is this a valid rule?

McCammon, Keith Keith.McCammon at ...3497...
Thu Oct 24 12:18:19 EDT 2002


No semi-colon after the msg definition?

> -----Original Message-----
> From: Lefevre, Steven [mailto:SLefevre at ...7076...]
> Sent: Thursday, October 24, 2002 2:52 PM
> To: Snort-List
> Subject: [Snort-users] Is this a valid rule?
> 
> 
> I have this rule in my local rule file:
> 
> alert tcp $EXTERNAL_NET any -> $HOME_NET 6008:6009 (msg:"IRC 
> Activity")
> 
> (It's to detect IRC traffic ;)
> 
> Why does snort always choke on it? I've looked it over 100 
> times and it
> seems to follow the syntax.
> 
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by: Influence the future 
> of Java(TM) technology. Join the Java Community 
> Process(SM) (JCP(SM)) program now. 
> http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0003en
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 




More information about the Snort-users mailing list