[Snort-users] More problems with pulledpork 0.6.0

carlopmart carlopmart at ...11827...
Fri Apr 1 10:22:12 EDT 2011


Hi all,

  I am trying to configure a suricata sensor as an IPS with ET rules. To 
do this I have configured pulledpork to enable drop on some rules and 
discard others ... but doesn't works.

  My disablesid.conf:

  ET-drop,ET-emerging-activex,ET-emerging-attack_response,ET-emerging-chat,ET-emerging-current_events,ET-emerging-deleted,ET-emerging-dns,ET-emerging-dos,ET-emerging-exploit,ET-emerging-ftp,ET-emerging-games,ET-emerging-icmp_info,ET-emerging-icmp,ET-emerging-imap,ET-emerging-inappropriate,ET-emerging-misc,ET-emerging-mobile_malware,ET-emerging-netbios,ET-emerging-p2p,ET-emerging-policy,ET-emerging-pop3,ET-emerging-rpc,ET-emerging-scada,ET-emerging-scan,ET-emerging-shellcode,ET-emerging-smtp,ET-emerging-snmp,ET-emerging-sql,ET-emerging-telnet,ET-emerging-tftp,ET-emerging-user_agents,ET-emerging-voip,ET-emerging-web_client,ET-emerging-web_server,ET-emerging-web_specific_apps,ET-tor

  And my dropsid.conf:

  ET-botcc,ET-ciarmy,ET-compromised,ET-dshield,ET-emerging-malware,ET-emerging-trojan,ET-emerging-virus,ET-emerging-worm,ET-rbn

  And result is:

  Rule Stats....
     New:-------12911
     Deleted:---0
     Enabled Rules:----10435
     Dropped Rules:----0
     Disabled Rules:---2476
     Total Rules:------12911
     Done
Please review /tmp/sid_changes_inet.log for additional details
Fly Piggy Fly!

  Impossible!! ...Where is the problem?? What am I doing worng??

  Thanks.

-- 
CL Martinez
carlopmart {at} gmail {d0t} com





More information about the Snort-users mailing list