[Snort-users] Error handling in Snort

Justin Heath justin.heath at ...11827...
Wed Jul 25 10:18:51 EDT 2007


Frank is correct, to follow up on what he said ...

What happens here is 32 and 981 get converted to a dotted quad. So 32
== 0.0.0.32 and 981 ==  0.0.3.213.


Cheers,
Justin

On 7/24/07, Frank Knobbe <frank at ...9761...> wrote:
> On Sun, 2007-07-01 at 06:14 -0700, bahamin takhtaei wrote:
> > Hi,
> > I add some incorrect rules such as:
> >
> > "alert icmp HOME_NET any -> any any"
> > "alert tcp 32 any -> 981 any"
> >
> > to local.rules file. why I don't encounter any error or warning about
> > these,
> > when I run snort?
>
>
> Why should that create an error?
>
> You're not talking about the IP addresses in integer format, are you? If
> so, you might be surprised to know that other applications (like PHP)
> don't produce errors either. :)  (Try gethostbyname("32"); and see what
> you get :)
>
> Cheers,
> Frank
>
>
> --
> It is said that the Internet is a public utility. As such, it is best
> compared to a sewer. A big, fat pipe with a bunch of crap sloshing
> against your ports.
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems?  Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >>  http://get.splunk.com/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>




More information about the Snort-users mailing list