[Snort-users] FYI: Empty IP used either as source IP or as destination IP in a rule. IP list: [].

Joel Esler jesler at ...1935...
Tue Apr 28 13:21:32 EDT 2009


Nice.  Then I'd rather see these rules used there instead of in Snort.
 Snort is not a firewall.
J

On Tue, Apr 28, 2009 at 10:16 AM, Shirk Dog <shirkdog_list at ...125...>wrote:

>  Get with it finchy.
>
> http://www.emergingthreats.net/fwrules/
>
> Shirkdog
> ' or 1=1--
> http://www.shirkdog.us
>
>
>
> ------------------------------
> Date: Tue, 28 Apr 2009 09:15:42 -0400
> From: jesler at ...1935...
> To: jlay at ...13475...
> CC: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] FYI: Empty IP used either as source IP or as
> destination IP in a rule. IP list: [].
>
>
> On Tue, Apr 28, 2009 at 8:54 AM, James Lay <jlay at ...13475...>wrote:
>
> Ruleset gets updated at midnight:
>
>
> Apr 28 06:29:52 gateway snort[12383]: FATAL ERROR: >
> /chroot/snort/etc/snort/rules/emerging-drop.rules(49) => Empty IP used
> either as source IP or as destination IP in a rule. IP list: [].
>
>
> This is an emerging threats rule, so they'll see this email.  However, I'd
> still love to see these IP lists developed into Firewall rules for different
> Firewalls, or even routers.  People could then utilize the proper device to
> drop the traffic to and from these IPs instead of trying to use an IPS as a
> firewall.  This has needed to be done for a long time coming now.
>
> --
> joel esler | Sourcefire | gtalk: jesler at ...1935... | 302-223-5974 |
> http://twitter.com/joelesler
>
> ------------------------------
> Windows Live™ SkyDrive™: Get 25 GB of free online storage. Check it out.<http://windowslive.com/online/skydrive?ocid=TXT_TAGLM_WL_skydrive_042009>
>
>
> ------------------------------------------------------------------------------
> Register Now & Save for Velocity, the Web Performance & Operations
> Conference from O'Reilly Media. Velocity features a full day of
> expert-led, hands-on workshops and two days of sessions from industry
> leaders in dedicated Performance & Operations tracks. Use code vel09scf
> and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>



-- 
joel esler | Sourcefire | gtalk: jesler at ...1935... | 302-223-5974 |
http://twitter.com/joelesler
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20090428/23105792/attachment.html>


More information about the Snort-users mailing list