[Snort-users] Another empty IP list
jlay at ...13475...
Fri Oct 24 08:51:23 EDT 2008
FWIW. These are becoming more and more frequent. This machine updates
snort weekday mornings at 6 AM MST. Is there a better time to avoid these
kids of errors? Just downloaded the latest from emerging threats and it's
still there ;)
alert tcp  any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic
Inbound"; flow:established; reference:url,www.spamhaus.org/drop/drop.lasso;
threshold: type limit, track by_src, seconds 3600, count 1;
classtype:misc-attack; sid:2400008; rev:1336;)
Commented out, but eh....still kinda weird.
> Subject: Oct 24 06:04:20 gateway snort: FATAL ERROR:
> /chroot/snort/etc/snort/rules/emerging-drop.rules(49) => Empty IP used either
> as source IP or as destination IP in a rule. IP list: .
> Sent on: Fri, 24 Oct 2008 06:04:22 -0600
> On System: Linux 220.127.116.11 i686
------ End of Forwarded Message
More information about the Snort-users