[Snort-users] ERROR: ERROR /etc/snort/rules/snort.eth0.conf (97): Bad arguments to byte_test:

Andre Cameron andrec at ...9609...
Sat Jul 5 10:58:18 EDT 2003


Hello,

>>Yep.  Ditch Snortcenter.  It's b0rken.  But don't take my word for it,
>>make your own conclusion [0].

Hmm which GUI do you recommend?

>>Note:  There are some serious inherent dangers with firewalls and
>>autoblocking.  Again, make your own conclusion [1]

I dont use auto blocking because to many false positives can block 
internal IPs which can have bed results.  I just wanted to look into it. 
 I was more interested with a firewall that had a centralized block list 
so that when I update one it updates all versus manually going through 
and adjusting all the firewalls.

Thanks for the help:)

aNc


Erek Adams wrote:

>On Sat, 5 Jul 2003, Andre Cameron wrote:
>
>  
>
>>I need a little help.  I have Snort 2.0 and SnortCenter 1.0 w/ snort
>>agent. I setup using the enterprise install guide on the snortcenter
>>website.  Problem is after importing the rules from the net and pushing
>>them to the agent when I reload I get:
>>
>>ERROR: ERROR /etc/snort/rules/snort.eth0.conf (97): Bad arguments to
>>byte_test:
>>    
>>
>
>[...snip...]
>
>  
>
>>Anyone know how to fix this?
>>    
>>
>
>Yep.  Ditch Snortcenter.  It's b0rken.  But don't take my word for it,
>make your own conclusion [0].
>
>  
>
>>Also I have a question, does anyone know of a good firewall for *Nix &
>>windows that can use a central database across multiple servers?  Maybie
>>even one that plugs in with Snort for auto blocking?
>>    
>>
>
>Note:  There are some serious inherent dangers with firewalls and
>autoblocking.  Again, make your own conclusion [1].
>
>If you really, really have to have an autoblock feature, go check out
>SnortSam [2].  It works smartly and safely to send rule updates to
>firewalls.  Supports quite a few of them.
>
>Cheers!
>
>-----
>Erek Adams
>
>   "When things get weird, the weird turn pro."   H.S. Thompson
>
>[0] http://marc.theaimsgroup.com/?l=snort-users&w=2&r=1&s=snortcenter+byte&q=b
>[1] http://marc.theaimsgroup.com/?l=snort-users&w=2&r=1&s=autoblock&q=b
>[2] http://www.snortsam.net/
>  
>






More information about the Snort-users mailing list