[Snort-users] SnortCenter and the Snort2.0 fixes

Daniel A. Melo daniel at ...9462...
Tue Jun 17 15:55:16 EDT 2003


I'm using Snort 2 and Snortcenter 1RC1 and i'm having lots of problems.

The rules with the option byte_test are with some kind of error - i
think it's the empty byte_test :

alert ip $HOME_NET any -> $EXTERNAL_NET any( sid: 1882; rev: 9; msg:
"ATTACK-RESPONSES id check returned userid"; content: " gid="; distance:
0; within: 15; byte_test: ; byte_test: 5,<,65537,0,relative,string;
content: "uid="; byte_test: 5,<,65537,0,relative,string; classtype:
bad-unknown;)



.. and when i try to edit the rule, the form only allow to edit these
options:

Category,SID,REV,Rule Name,Action,Proto,Source IP,Source
Port,Destination IP and Destination Port...

So, how will i edit existing rules?

someone else with the same problem? or similar?

--
Daniel A. Melo
Consultor em Segurança da Tecnologia da Informação
MCSO - Modulo Certified Security Officer




Em Seg, 2003-06-16 às 04:43, Joerg Weber escreveu:
> Hello,
>
> did someone download SnortCenter recently and figured out wether the
> fixes for it provided by Roy S. Rapoport were included?
> I'm not feeling like installing and configuring it again just to see
> they are not; SnortCenter's homepage doesn't mention anything new about
> it.
>
> Thanks,
>
> Joerg






More information about the Snort-users mailing list