[Snort-users] snort inline && current rules.

/dev/null dev.null at ...9081...
Tue Nov 25 11:07:06 EST 2003


I need an inline snort to help control some of the attacks against our
windows servers.  They aren't high-speed access, so the sluggishness
shouldn't be noticed.

When I run the compiled inline version with -T I see a bunch of:

 Unknown keyword 'byte_jump' in rule!

along with byte_test and rawbytes

There are way to many of these that will be ignored for me to not try to
resolve this.

I've adding the sp_byte_jump and sp_byte_test source files from the 2.0rc3
to the inline detection plugins section, but I'm keep having to drag more
and more files from th 2.0 into the inline src to get through compile
problems, and then some of the inline files don't like the new source
files... the problem grows bigger and bigger.


So now I'm wondering, is there a newer version of the inline?  Or is there
an easier way to do this (maybe pull just a few of the inline files into the
2.0 src?).

The inline source I'm using is the snort-inline.tgz on this page:
http://www.snort.org/dl/contrib/patches/inline/.

Thanks for any help/comments.





More information about the Snort-users mailing list