[Snort-users] FYI: Empty IP used either as source IP or as destination IP in a rule. IP list: [].

Shirk Dog shirkdog_list at ...125...
Tue Apr 28 10:16:16 EDT 2009


Get with it finchy. 

http://www.emergingthreats.net/fwrules/

Shirkdog
' or 1=1-- 

http://www.shirkdog.us



Date: Tue, 28 Apr 2009 09:15:42 -0400
From: jesler at ...1935...
To: jlay at ...13475...
CC: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] FYI: Empty IP used either as source IP or as	destination IP in a rule. IP list: [].

On Tue, Apr 28, 2009 at 8:54 AM, James Lay <jlay at ...13475...> wrote:

Ruleset gets updated at midnight:





Apr 28 06:29:52 gateway snort[12383]: FATAL ERROR: >

/chroot/snort/etc/snort/rules/emerging-drop.rules(49) => Empty IP used

either as source IP or as destination IP in a rule. IP list: [].

This is an emerging threats rule, so they'll see this email.  However, I'd still love to see these IP lists developed into Firewall rules for different Firewalls, or even routers.  People could then utilize the proper device to drop the traffic to and from these IPs instead of trying to use an IPS as a firewall.  This has needed to be done for a long time coming now.

-- 
joel esler | Sourcefire | gtalk: jesler at ...1935... | 302-223-5974 | http://twitter.com/joelesler


_________________________________________________________________
Windows Live™ SkyDrive™: Get 25 GB of free online storage.  
http://windowslive.com/online/skydrive?ocid=TXT_TAGLM_WL_skydrive_042009
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20090428/1df75734/attachment.html>


More information about the Snort-users mailing list