[Snort-users] problem with acivate/dynamic rule: WARNING: an activation rule with no dynamic rules matched!

Nicolas Dresse nibicus at ...11677...
Tue Apr 20 00:51:13 EDT 2004


hi, 

I have a problem with activate/dynamic rules. I whish to detect a
special sequence of packets : ICMP echo packet followed by a
mal-formated UDP packet.

My config file : 
----------------------------------------------------------------
activate icmp any any -> any any (msg:"Groupe 1> icmp echo taille
> 56"; dsize:>56; activates: 1;)

dynamic udp any any -> any 53 (activated_by: 1; classtype:bad-unknown;
count: 3;)
-----------------------------------------------------------------

I try it with: 

Snort Version 2.1.0 (Build 9)
Snort Version 1.9.0 (Build 209)

And each time I receive : 
WARNING: an activation rule with no dynamic rules matched!


Could someone help me ? I'll be greatfull.


---------------------------------------------

Protect your mails from viruses thanks to Perso Premium services http://www.perso.be




More information about the Snort-users mailing list