[Snort-users] Another empty IP list

James Lay jlay at ...13475...
Fri Oct 24 08:51:23 EDT 2008


FWIW.  These are becoming more and more frequent.  This machine updates
snort weekday mornings at 6 AM MST.  Is there a better time to avoid these
kids of errors?  Just downloaded the latest from emerging threats and it's
still there ;)

alert tcp [] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic
Inbound"; flow:established; reference:url,www.spamhaus.org/drop/drop.lasso;
threshold: type limit, track by_src, seconds 3600, count 1;
classtype:misc-attack; sid:2400008; rev:1336;)

Commented out, but eh....still kinda weird.

James
>
> Subject: Oct 24 06:04:20 gateway snort[2568]: FATAL ERROR:
> /chroot/snort/etc/snort/rules/emerging-drop.rules(49) => Empty IP used either
> as source IP or as destination IP in a rule. IP list: [].
> 
> 
> Sent on: Fri, 24 Oct 2008 06:04:22 -0600
> On System: Linux 2.6.20.20 i686
> 
> 

------ End of Forwarded Message






More information about the Snort-users mailing list