[Snort-users] Compile problems with SNOT

Eric Hines loki at ...1142...
Fri Jul 18 21:03:04 EDT 2003


We are having trouble compiling the latest version of SNOT. Has anyone
seen this before or know what we can do to fix the issue? Is their
another tool that some of you prefer over SNOT? STICK seems out of date
and unsupported. I believe the latest file we saw was updated in 1997.
SNOT seems to be the most recent tool for something remotely close to an
IDS benchmarking tool available.


[root at ...9688... snot-0.92a]# uname -a

Redhat 8.0
Linux testbed.appliedwatch.com 2.4.18-14 #1 Wed Sep 4 12:13:11 EDT 2002
i686 athlon i386 GNU/Linux

[root at ...9689... snot-0.92a]# make
cc `sh /usr/bin/libnet-config --defines` -c -o snot_parse_rules.o
snot_parse_rules.c
snot_parse_rules.c: In function `parse_rules':
snot_parse_rules.c:894: `LIBNET_PACKET' undeclared (first use in this
function)
snot_parse_rules.c:894: (Each undeclared identifier is reported only
once
snot_parse_rules.c:894: for each function it appears in.)
snot_parse_rules.c:1510:21: warning: no newline at end of file
make: *** [snot_parse_rules.o] Error 1

[root at ...9689... snot-0.92a]#


Regards,

Eric Hines
CEO, Chairman

===============================================

Eric Hines
CEO, Chairman
Applied Watch Technologies, Inc.
eric.hines at ...8860...
-----------------------------------------------
Corporate Headquarters
1650 Carlemont Dr. 
Suite D 
Crystal Lake, IL. 60014 
-----------------------------------------------
Direct Toll Free: (877) 262-7593 (x327)
Fax: (815) 425-2173 
-----------------------------------------------
Main Switchboard: (877) 262-7593 (9am-5pm CST)
Commercial Sales: (877) 262-7593 (opt1)
Government Sales: (877) 262-7593 (opt2)

===============================================


-----Original Message-----
From: Brian [mailto:bmc at ...950...] 
Sent: Friday, July 18, 2003 12:50 PM
To: Compton, Rich
Cc: 'snort-sigs at lists.sourceforge.net';
Snort-users at lists.sourceforge.net
Subject: [Snort-sigs] Re: [Snort-users] Suggested Sig for Cisco DOS
Vulnerability


FYI, we've released "official" sigs for the cisco DOS.  I've been
informed that Sourceforge's anoncvs server is 24 hours behind the cvs
server we (the developers) commit to.

alert ip any any -> any any (msg:"BAD-TRAFFIC IP Proto 53 (SWIPE)";
ip_proto:53; reference:bugtraq,8211; reference:cve,CAN-2003-0567;
classtype:non-standard-protocol; sid:2186; rev:1;) alert ip any any ->
any any (msg:"BAD-TRAFFIC IP Proto 55 (IP Mobility)"; ip_proto:55;
reference:bugtraq,8211; reference:cve,CAN-2003-0567;
classtype:non-standard-protocol; sid:2187; rev:1;) alert ip any any ->
any any (msg:"BAD-TRAFFIC IP Proto 77 (Sun ND)"; ip_proto:77;
reference:bugtraq,8211; reference:cve,CAN-2003-0567;
classtype:non-standard-protocol; sid:2188; rev:1;) alert ip any any ->
any any (msg:"BAD-TRAFFIC IP Proto 103 (PIM)"; ip_proto:103;
reference:bugtraq,8211; reference:cve,CAN-2003-0567;
classtype:non-standard-protocol; sid:2189; rev:1;)

-brian


-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
_______________________________________________
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs






More information about the Snort-users mailing list