[Snort-users] snort inline && current rules.
josh.berry at ...10221...
Tue Nov 25 19:19:02 EST 2003
The best location to get Snort-Inline is http://snort-inline.sourceforge.net.
This site has the most up-to-date copy.
> I need an inline snort to help control some of the attacks against our
> windows servers. They aren't high-speed access, so the sluggishness
> shouldn't be noticed.
> When I run the compiled inline version with -T I see a bunch of:
> Unknown keyword 'byte_jump' in rule!
> along with byte_test and rawbytes
> There are way to many of these that will be ignored for me to not try to
> resolve this.
> I've adding the sp_byte_jump and sp_byte_test source files from the 2.0rc3
> to the inline detection plugins section, but I'm keep having to drag more
> and more files from th 2.0 into the inline src to get through compile
> problems, and then some of the inline files don't like the new source
> files... the problem grows bigger and bigger.
> So now I'm wondering, is there a newer version of the inline? Or is there
> an easier way to do this (maybe pull just a few of the inline files into
> 2.0 src?).
> The inline source I'm using is the snort-inline.tgz on this page:
> Thanks for any help/comments.
> This SF.net email is sponsored by: SF.net Giveback Program.
> Does SourceForge.net help you be more productive? Does it
> help you create better code? SHARE THE LOVE, and help us help
> YOU! Click Here: http://sourceforge.net/donate/
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
Josh Berry, CTO
josh.berry at ...10268...
More information about the Snort-users