[Snort-users] FYI: Empty IP used either as source IP or as destination IP in a rule. IP list: [].

Matt Jonkman jonkman at ...4024...
Tue Apr 28 12:37:36 EDT 2009


Ought to be IMHO :)

The error is fixed up, thanks all for the notification!

Matt

Joel Esler wrote:
> Nice.  Then I'd rather see these rules used there instead of in Snort.
>  Snort is not a firewall.
> 
> J
> 
> On Tue, Apr 28, 2009 at 10:16 AM, Shirk Dog <shirkdog_list at ...125...
> <mailto:shirkdog_list at ...125...>> wrote:
> 
>     Get with it finchy.
> 
>     http://www.emergingthreats.net/fwrules/
> 
>     Shirkdog
>     ' or 1=1--
>     http://www.shirkdog.us
> 
> 
> 
>     ------------------------------------------------------------------------
>     Date: Tue, 28 Apr 2009 09:15:42 -0400
>     From: jesler at ...1935... <mailto:jesler at ...1935...>
>     To: jlay at ...13475... <mailto:jlay at ...13475...>
>     CC: snort-users at lists.sourceforge.net
>     <mailto:snort-users at lists.sourceforge.net>
>     Subject: Re: [Snort-users] FYI: Empty IP used either as source IP or
>     as destination IP in a rule. IP list: [].
> 
> 
>     On Tue, Apr 28, 2009 at 8:54 AM, James Lay
>     <jlay at ...13475...> wrote:
> 
>         Ruleset gets updated at midnight:
> 
> 
>         Apr 28 06:29:52 gateway snort[12383]: FATAL ERROR: >
>         /chroot/snort/etc/snort/rules/emerging-drop.rules(49) => Empty
>         IP used
>         either as source IP or as destination IP in a rule. IP list: [].
> 
> 
>     This is an emerging threats rule, so they'll see this email.
>      However, I'd still love to see these IP lists developed into
>     Firewall rules for different Firewalls, or even routers.  People
>     could then utilize the proper device to drop the traffic to and from
>     these IPs instead of trying to use an IPS as a firewall.  This has
>     needed to be done for a long time coming now.
> 
> 
>     -- 
>     joel esler | Sourcefire | gtalk: jesler at ...1935... |
>     302-223-5974 | http://twitter.com/joelesler
> 
>     ------------------------------------------------------------------------
>     Windows Live™ SkyDrive™: Get 25 GB of free online storage. Check it
>     out.
>     <http://windowslive.com/online/skydrive?ocid=TXT_TAGLM_WL_skydrive_042009>
> 
>     ------------------------------------------------------------------------------
>     Register Now & Save for Velocity, the Web Performance & Operations
>     Conference from O'Reilly Media. Velocity features a full day of
>     expert-led, hands-on workshops and two days of sessions from industry
>     leaders in dedicated Performance & Operations tracks. Use code vel09scf
>     and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
>     _______________________________________________
>     Snort-users mailing list
>     Snort-users at lists.sourceforge.net
>     <mailto:Snort-users at lists.sourceforge.net>
>     Go to this URL to change user options or unsubscribe:
>     https://lists.sourceforge.net/lists/listinfo/snort-users
>     Snort-users
>     <https://lists.sourceforge.net/lists/listinfo/snort-users
>     Snort-users> list archive:
>     http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 
> 
> 
> -- 
> joel esler | Sourcefire | gtalk: jesler at ...1935...
> <mailto:jesler at ...1935...> | 302-223-5974 | http://twitter.com/joelesler
> 
> 
> ------------------------------------------------------------------------
> 
> ------------------------------------------------------------------------------
> Register Now & Save for Velocity, the Web Performance & Operations 
> Conference from O'Reilly Media. Velocity features a full day of 
> expert-led, hands-on workshops and two days of sessions from industry 
> leaders in dedicated Performance & Operations tracks. Use code vel09scf 
> and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

-- 
--------------------------------------------
Matthew Jonkman
Emerging Threats
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
--------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc






More information about the Snort-users mailing list