[Snort-users] New revs? of old sigs causing Snort to die

M. Shirk shirkdog_list at ...125...
Sun Oct 21 18:10:59 EDT 2007


Short Answer, stop using snortrules_current, since their are port-lists in Snort 2.8, as well as flow tracking for UDP in Stream5 (which I guess is default now).

There is now a ruleset for Snort 2.7.x

Shirkdog
' or 1=1-- 

http://www.shirkdog.us

> Date: Sun, 21 Oct 2007 17:31:24 -0400
> From: pmelson at ...11827...
> To: snort-users at lists.sourceforge.net; snort-sigs at lists.sourceforge.net
> Subject: [Snort-users] New revs? of old sigs causing Snort to die
> 
> Starting Friday I noticed the following problems with the following signatures.
> 
> The following rules start with 'alert udp' and contain flow: statements.
> 
> 634,635,636,637,2004
> 
> I'm using Snort 2.7.0.1 on RHEL4 and it's complaining and refusing to
> run until these rules are commented out.
> 
> Also, the following rules are using a comma-delimited list of ports,
> which is causing Snort to barf:
> 
> 12635,12642
> 
> What's up?
> 
> PaulM
> 
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems?  Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >> http://get.splunk.com/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

_________________________________________________________________
Windows Live Hotmail and Microsoft Office Outlook – together at last.  Get it now.
http://office.microsoft.com/en-us/outlook/HA102225181033.aspx?pid=CL100626971033
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20071021/ea051d6c/attachment.html>


More information about the Snort-users mailing list