[Snort-users] snort install info hyperlink
peter.bates at ...15381...
Tue Oct 16 04:03:50 EDT 2012
-----BEGIN PGP SIGNED MESSAGE-----
On 16/10/2012 07:50, kevin zhang wrote:
> hello all
> OS:CENTOS 6.3 X64
> SNORT 126.96.36.199
> I run snort in IDS mode ,,there have a little WARNING
> WARNING: flowbits key 'file.autodesk_max' is set but not ever checked.
> WARNING: flowbits key 'file.crx' is set but not ever checked.
This is mostly just a WARNING that can be safely ignored - the rule
will still trigger (unless it has been set to noalert in the rule itself).
> WARNING: flowbits key 'backdoor.y3krat_15.client.response' is checked
> but not ever set.
> WARNING: flowbits key 'dce.spoolss.4.call' is checked but not ever set.
These are slightly different - these rules will never fire because they're
looking for flowbits that, as the message says, are never set.
I'd recommend you use PulledPork to manage your rules as this handles the
flowbit resolution for you - however you do still see the first type
(set but not ever checked) but you shouldn't see the second when using PP.
Senior Information Security Officer Phone: +44(0)2076792049
Information Services Division Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
-----END PGP SIGNATURE-----
More information about the Snort-users