[Snort-users] broke snort. file_data_ports
nhoughton at ...1935...
Thu Dec 8 08:48:01 EST 2011
On Dec 8, 2011, at 4:46 AM, Michael Scheidell wrote:
> didn't we decide YEARS AGO, not to arbitrarily add $VAR' to VRT rules?
> thank you for breaking this and waking me up at 4am
> Dec 8 03:06:13 scanner2 snort: FATAL ERROR: /etc/snort/rules/web-client.rules(142) ***PortVar Lookup failed on '$FILE_DATA_PORTS'.
> oh, and its NOT in the distributed snort.conf file.
> scanner2.hackertrap.net# grep FILE_DATA_PORTS *
> no, i did NOT enable, as you see, these are in web-client.rules
> yes, your block says to add this. portvar FILE_DATA_PORTS [$HTTP_PORTS,110,143]
> but, you should have left the mucked up rules in file-identify.rules, NOT put them into otherwise active rules.
> or, find some way to have a default, in the .rules, like first line would be:
> portvar FILE_DATA_PORTS? [$HTTP_PORTS,110,143]
> Michael Scheidell, CTO
> o: 561-999-5000
> d: 561-948-2259
> > | SECNAP Network Security Corporation
> • Best Mobile Solutions Product of 2011
> • Best Intrusion Prevention Product
> • Hot Company Finalist 2011
> • Best Email Security Product
> • Certified SNORT Integrator
> This email has been scanned and certified safe by SpammerTrap®.
> For Information please see http://www.spammertrap.com/
> Cloud Services Checklist: Pricing and Packaging Optimization
> This white paper is intended to serve as a reference, checklist and point of
> discussion for anyone considering optimizing the pricing and packaging model
> of a cloud services business. Read Now!
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
SF VRT Department of Intelligence Excellence
http://vrt-blog.snort.org/ && http://labs.snort.org/
More information about the Snort-users