[Snort-users] More problems with pulledpork 0.6.0

JJC cummingsj at ...11827...
Fri Apr 1 10:28:00 EDT 2011


I'll test and let ya know shortly.. these look like ET open rules?

On Fri, Apr 1, 2011 at 8:22 AM, carlopmart <carlopmart at ...11827...> wrote:

> Hi all,
>
>  I am trying to configure a suricata sensor as an IPS with ET rules. To
> do this I have configured pulledpork to enable drop on some rules and
> discard others ... but doesn't works.
>
>  My disablesid.conf:
>
>
>  ET-drop,ET-emerging-activex,ET-emerging-attack_response,ET-emerging-chat,ET-emerging-current_events,ET-emerging-deleted,ET-emerging-dns,ET-emerging-dos,ET-emerging-exploit,ET-emerging-ftp,ET-emerging-games,ET-emerging-icmp_info,ET-emerging-icmp,ET-emerging-imap,ET-emerging-inappropriate,ET-emerging-misc,ET-emerging-mobile_malware,ET-emerging-netbios,ET-emerging-p2p,ET-emerging-policy,ET-emerging-pop3,ET-emerging-rpc,ET-emerging-scada,ET-emerging-scan,ET-emerging-shellcode,ET-emerging-smtp,ET-emerging-snmp,ET-emerging-sql,ET-emerging-telnet,ET-emerging-tftp,ET-emerging-user_agents,ET-emerging-voip,ET-emerging-web_client,ET-emerging-web_server,ET-emerging-web_specific_apps,ET-tor
>
>  And my dropsid.conf:
>
>
>  ET-botcc,ET-ciarmy,ET-compromised,ET-dshield,ET-emerging-malware,ET-emerging-trojan,ET-emerging-virus,ET-emerging-worm,ET-rbn
>
>  And result is:
>
>  Rule Stats....
>     New:-------12911
>     Deleted:---0
>     Enabled Rules:----10435
>     Dropped Rules:----0
>     Disabled Rules:---2476
>     Total Rules:------12911
>     Done
> Please review /tmp/sid_changes_inet.log for additional details
> Fly Piggy Fly!
>
>  Impossible!! ...Where is the problem?? What am I doing worng??
>
>  Thanks.
>
> --
> CL Martinez
> carlopmart {at} gmail {d0t} com
>
>
>
> ------------------------------------------------------------------------------
> Create and publish websites with WebMatrix
> Use the most popular FREE web apps or write code yourself;
> WebMatrix provides all the features you need to develop and
> publish your website. http://p.sf.net/sfu/ms-webmatrix-sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20110401/0b4b3760/attachment.html>


More information about the Snort-users mailing list