[Snort-users] snort inline && current rules.

Matt Kettler mkettler at ...4108...
Tue Nov 25 12:37:09 EST 2003


"If you are using 2.0.X, please use STABLE rules.

If you are using 2.1.X, please use CURRENT rules. "

Don't use "current" rules with 2.0.x.

At 02:07 PM 11/25/2003, /dev/null wrote:
>I need an inline snort to help control some of the attacks against our
>windows servers.  They aren't high-speed access, so the sluggishness
>shouldn't be noticed.
>When I run the compiled inline version with -T I see a bunch of:
>  Unknown keyword 'byte_jump' in rule!
>along with byte_test and rawbytes
>There are way to many of these that will be ignored for me to not try to
>resolve this.
>I've adding the sp_byte_jump and sp_byte_test source files from the 2.0rc3
>to the inline detection plugins section, but I'm keep having to drag more
>and more files from th 2.0 into the inline src to get through compile
>problems, and then some of the inline files don't like the new source
>files... the problem grows bigger and bigger.
>So now I'm wondering, is there a newer version of the inline?  Or is there
>an easier way to do this (maybe pull just a few of the inline files into the
>2.0 src?).
>The inline source I'm using is the snort-inline.tgz on this page:
>Thanks for any help/comments.
>This SF.net email is sponsored by: SF.net Giveback Program.
>Does SourceForge.net help you be more productive?  Does it
>help you create better code?  SHARE THE LOVE, and help us help
>YOU!  Click Here: http://sourceforge.net/donate/
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>Snort-users list archive:

More information about the Snort-users mailing list