[Snort-users] Another empty IP list

Matt Jonkman jonkman at ...4024...
Fri Oct 24 11:03:10 EDT 2008


Good. I will get these issues worked out, a bad compare in the script
prevented this one from being caught. I'd like to say it won't happen
again, but that'd jinx it and make sure it would.

Matt

James Lay wrote:
> Looks good on this end, thanks Matt.
> 
> James
> 
> 
> On 10/24/08 7:10 AM, "Matt Jonkman" <jonkman at ...4024...> wrote:
> 
>> Fixed up. Can you recheck?
>>
>> matt
>>
>> James Lay wrote:
>>> FWIW.  These are becoming more and more frequent.  This machine updates
>>> snort weekday mornings at 6 AM MST.  Is there a better time to avoid these
>>> kids of errors?  Just downloaded the latest from emerging threats and it's
>>> still there ;)
>>>
>>> alert tcp [] any -> $HOME_NET any (msg:"ET DROP Spamhaus DROP Listed Traffic
>>> Inbound"; flow:established; reference:url,www.spamhaus.org/drop/drop.lasso;
>>> threshold: type limit, track by_src, seconds 3600, count 1;
>>> classtype:misc-attack; sid:2400008; rev:1336;)
>>>
>>> Commented out, but eh....still kinda weird.
>>>
>>> James
>>>> Subject: Oct 24 06:04:20 gateway snort[2568]: FATAL ERROR:
>>>> /chroot/snort/etc/snort/rules/emerging-drop.rules(49) => Empty IP used
>>>> either
>>>> as source IP or as destination IP in a rule. IP list: [].
>>>>
>>>>
>>>> Sent on: Fri, 24 Oct 2008 06:04:22 -0600
>>>> On System: Linux 2.6.20.20 i686
>>>>
>>>>
>>> ------ End of Forwarded Message
>>>
>>>
>>>
>>> -------------------------------------------------------------------------
>>> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
>>> Build the coolest Linux based applications with Moblin SDK & win great prizes
>>> Grand prize is a trip for two to an Open Source event anywhere in the world
>>> http://moblin-contest.org/redirect.php?banner_id=100&url=/
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 
> 
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
> Build the coolest Linux based applications with Moblin SDK & win great prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

-- 
--------------------------------------------
Matthew Jonkman
Emerging Threats
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
--------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc






More information about the Snort-users mailing list