[Snort-users] FYI: Empty IP used either as source IP or as destination IP in a rule. IP list: [].

Joel Esler jesler at ...1935...
Tue Apr 28 09:15:42 EDT 2009


On Tue, Apr 28, 2009 at 8:54 AM, James Lay <jlay at ...13475...> wrote:

> Ruleset gets updated at midnight:
>
>
> Apr 28 06:29:52 gateway snort[12383]: FATAL ERROR: >
> /chroot/snort/etc/snort/rules/emerging-drop.rules(49) => Empty IP used
> either as source IP or as destination IP in a rule. IP list: [].
>

This is an emerging threats rule, so they'll see this email.  However, I'd
still love to see these IP lists developed into Firewall rules for different
Firewalls, or even routers.  People could then utilize the proper device to
drop the traffic to and from these IPs instead of trying to use an IPS as a
firewall.  This has needed to be done for a long time coming now.

-- 
joel esler | Sourcefire | gtalk: jesler at ...1935... | 302-223-5974 |
http://twitter.com/joelesler
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20090428/19846d67/attachment.html>


More information about the Snort-users mailing list