[Snort-users] New revs? of old sigs causing Snort to die

M. Shirk shirkdog_list at ...125...
Sun Oct 21 18:10:59 EDT 2007

Short Answer, stop using snortrules_current, since their are port-lists in Snort 2.8, as well as flow tracking for UDP in Stream5 (which I guess is default now).

There is now a ruleset for Snort 2.7.x

' or 1=1-- 


> Date: Sun, 21 Oct 2007 17:31:24 -0400
> From: pmelson at ...11827...
> To: snort-users at lists.sourceforge.net; snort-sigs at lists.sourceforge.net
> Subject: [Snort-users] New revs? of old sigs causing Snort to die
> Starting Friday I noticed the following problems with the following signatures.
> The following rules start with 'alert udp' and contain flow: statements.
> 634,635,636,637,2004
> I'm using Snort on RHEL4 and it's complaining and refusing to
> run until these rules are commented out.
> Also, the following rules are using a comma-delimited list of ports,
> which is causing Snort to barf:
> 12635,12642
> What's up?
> PaulM
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems?  Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >> http://get.splunk.com/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

Windows Live Hotmail and Microsoft Office Outlook – together at last.  Get it now.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20071021/ea051d6c/attachment.html>

More information about the Snort-users mailing list