[Snort-users] broke snort. file_data_ports
michael.scheidell at ...8144...
Thu Dec 8 04:46:02 EST 2011
didn't we decide YEARS AGO, not to arbitrarily add $VAR' to VRT rules?
thank you for breaking this and waking me up at 4am
Dec 8 03:06:13 scanner2 snort: FATAL ERROR:
/etc/snort/rules/web-client.rules(142) ***PortVar Lookup failed on
oh, and its NOT in the distributed snort.conf file.
scanner2.hackertrap.net# grep FILE_DATA_PORTS *
no, i did NOT enable, as you see, these are in web-client.rules
yes, your block says to add this. p|ortvar FILE_DATA_PORTS
but, you should have left the mucked up rules in file-identify.rules,
NOT put them into otherwise active rules.
or, find some way to have a default, in the .rules, like first line
portvar FILE_DATA_PORTS? ||[$HTTP_PORTS,110,143]
Michael Scheidell, CTO
>*| *SECNAP Network Security Corporation
* Best Mobile Solutions Product of 2011
* Best Intrusion Prevention Product
* Hot Company Finalist 2011
* Best Email Security Product
* Certified SNORT Integrator
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.spammertrap.com/
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users