[Snort-users] getservbyname() failed on "any" when pushing snort conf

martin martin3 at ...11827...
Thu May 25 04:56:40 EDT 2006


This is strange but the problem reappeared. I removed all instances of
"any" in the variables. Now I am getting the following:

ERROR: Warning: /etc/snort/snort.eth1.conf(1077) => Unknown keyword '
(msg' in rule!
Fatal Error, Quitting..

I fixed the rule (seems like it was a bad rule from bleeding snort).
THat went away but now I get:

ERROR: /etc/snort/snort.eth1.conf(1148) => getservbyname() failed on "any"
Fatal Error, Quitting..

That line is:
alert tcp $HOME_NET !$HTTP_PORTS -> $EXTERNAL_NET 1639 ( sid: 2001430;
rev: 8; msg:  "BLEEDING-EDGE WORM Bofra Victim Accessing Reactor
Page"; flow:  from_client,established; content: "GET "; nocase;
content: "reactor"; nocase; reference:
url,us.mcafee.com/virusInfo/default.asp?id=description&virus_k=129631;
reference: url,securityresponse.symantec.com/avcenter/venc/data/w32.bofra.e at ...3071...;
classtype:  trojan-activity; priority: 1;)

I am thinking that it could be due to my older snort version. Which is
Version 2.1.1 (Build 24).
Could it be bleeding snort rules would not work on that one?

Any help on this would be much appreciated.




More information about the Snort-users mailing list