[Snort-users] problem with classification.config

Patrik Polakovic ppolakovic1 at ...11827...
Sun Oct 7 12:36:13 EDT 2012


Hi, i have a problem with rules ClassTypes. I always get this while running
snort:

*+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
ERROR: C:\Snort\rules/bad-traffic.rules(31) Unknown ClassType:
attempted-admin
Fatal Error, Quitting..*

Snort.config:
# metadata reference data.  do not modify these lines
include classification.config

classification.config:
config classification: not-suspicious,Not Suspicious Traffic,3
config classification: unknown,Unknown Traffic,3
config classification: bad-unknown,Potentially Bad Traffic, 2
config classification: attempted-recon,Attempted Information Leak,2
config classification: successful-recon-limited,Information Leak,2
config classification: successful-recon-largescale,Large Scale Information
Leak,2
config classification: attempted-dos,Attempted Denial of Service,2
config classification: successful-dos,Denial of Service,2
config classification: attempted-user,Attempted User Privilege Gain,1
config classification: unsuccessful-user,Unsuccessful User Privilege Gain,1
config classification: successful-user,Successful User Privilege Gain,1
config classification: attempted-admin,Attempted Administrator Privilege
Gain,1
config classification: successful-admin,Successful Administrator Privilege
Gain,1


# NEW CLASSIFICATIONS
config classification: rpc-portmap-decode,Decode of an RPC Query,2
config classification: shellcode-detect,Executable code was detected,1
config classification: string-detect,A suspicious string was detected,3
config classification: suspicious-filename-detect,A suspicious filename was
detected,2
config classification: suspicious-login,An attempted login using a
suspicious username was detected,2
config classification: system-call-detect,A system call was detected,2
config classification: tcp-connection,A TCP connection was detected,4
config classification: trojan-activity,A Network Trojan was detected, 1
config classification: unusual-client-port-connection,A client was using an
unusual port,2
config classification: network-scan,Detection of a Network Scan,3
config classification: denial-of-service,Detection of a Denial of Service
Attack,2
config classification: non-standard-protocol,Detection of a non-standard
protocol or event,2
config classification: protocol-command-decode,Generic Protocol Command
Decode,3
config classification: web-application-activity,access to a potentially
vulnerable web application,2
config classification: web-application-attack,Web Application Attack,1
config classification: misc-activity,Misc activity,3
config classification: misc-attack,Misc Attack,2
config classification: icmp-event,Generic ICMP event,3
config classification: inappropriate-content,Inappropriate Content was
Detected,1
config classification: policy-violation,Potential Corporate Privacy
Violation,1
config classification: default-login-attempt,Attempt to login by a default
username and password,2
config classification: sdf,Senstive Data,2
config classification: file-format,Known malicious file or file based
exploit,1
config classification: malware-cnc,Known malware command and control
traffic,1
config classification: client-side-exploit,Known client side exploit
attempt,1


Thanks for help

~sulin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121007/6da83920/attachment.html>


More information about the Snort-users mailing list