[Snort-users] Snort-users Digest, Vol 88, Issue 50

Aditya Prakash adipra90 at ...11827...
Wed Sep 25 08:32:03 EDT 2013


can i have SIP attack related snort signature pdf,or some gud link..


aditya prakash


On Wed, Sep 25, 2013 at 5:48 PM,
<snort-users-request at lists.sourceforge.net>wrote:

> Send Snort-users mailing list submissions to
>         snort-users at lists.sourceforge.net
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://lists.sourceforge.net/lists/listinfo/snort-users
> or, via email, send a message with subject or body 'help' to
>         snort-users-request at lists.sourceforge.net
>
> You can reach the person managing the list at
>         snort-users-owner at lists.sourceforge.net
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Snort-users digest..."
>
>
> When responding, please don't respond with the entire Digest.  Please trim
> your response.
>
> Today's Topics:
>
>    1. Error on pulledpork (Anshuman Anil Deshmukh)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 25 Sep 2013 12:17:24 +0000
> From: Anshuman Anil Deshmukh <anshuman at ...16510...>
> Subject: [Snort-users] Error on pulledpork
> To: "snort-users at lists.sourceforge.net"
>         <snort-users at lists.sourceforge.net>
> Message-ID:
>         <
> B6C975E672AF804EA892285F67BB885B64D84997 at ...16511...>
> Content-Type: text/plain; charset="us-ascii"
>
> Hi,
>
>
>
> I am getting this error on pulled pork. Saying permission problem. What
> could be the issue?
>
>
>
> Snort version details:
>
>
>
>    ,,_     -*> Snort! <*-
>
>   o"  )~   Version 2.9.5 GRE (Build 103)
>
>    ''''    By Martin Roesch & The Snort Team:
> http://www.snort.org/snort/snort-team
>
>            Copyright (C) 1998-2013 Sourcefire, Inc., et al.
>
>            Using libpcap version 1.0.0
>
>            Using PCRE version: 7.8 2008-09-05
>
>            Using ZLIB version: 1.2.3
>
>
>
> Here is the command line
>
>
>
> sudo perl pulledpork.pl -c /etc/pulledpork070
> /pulledpork-0.7.0/etc/pulledpork.conf -m /etc/snort/sid-msg.map
>
>
>
>     http://code.google.com/p/pulledpork/
>
>       _____ ____
>
>      `----,\    )
>
>       `--==\\  /    PulledPork v0.7.0 - Swine Flu!
>
>        `--==\\/
>
>      .-~~~~-.Y|\\_  Copyright (C) 2009-2013 JJ Cummings
>
>   @_/        /  66\_  cummingsj at ...11827...<mailto:cummingsj at ...11827...>
>
>     |    \   \   _(")
>
>      \   /-| ||'--'  Rules give me wings!
>
>       \_\  \_\\
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>
>
> Checking latest MD5 for snortrules-snapshot-2950.tar.gz....
>
>         No Match
>
>         Done
>
> Rules tarball download of snortrules-snapshot-2950.tar.gz....
>
>         They Match
>
>         Done!
>
> Prepping rules from snortrules-snapshot-2950.tar.gz for work....
>
>         Done!
>
> Reading rules...
>
> Generating Stub Rules....
>
>         An error occurred: WARNING: ip4 normalizations disabled because
> not inline.
>
>
>
>         An error occurred: WARNING: tcp normalizations disabled because
> not inline.
>
>
>
>         An error occurred: WARNING: icmp4 normalizations disabled because
> not inline.
>
>
>
>         An error occurred: WARNING: ip6 normalizations disabled because
> not inline.
>
>
>
>         An error occurred: WARNING: icmp6 normalizations disabled because
> not inline.
>
>
>
>         Done
>
> Reading rules...
>
> Setting Flowbit State....
>
>         Enabled 37 flowbits
>
>         Done
>
> Writing /etc/snort/rules....
>
> Unable to write /etc/snort/rules - Is a directory
>
> at pulledpork.pl line 1134
>
>         main::rule_write('HASH(0x300c4b8)', '/etc/snort/rules', undef)
> called at pulledpork.pl line 2011
>
>
>
> -----------
>
>
>
> Also attached is my pulledpork.pl, pulledpork.conf and permissions for
> sid-msg.map, snort folder and rules file.
>
>
>
>
>
> Regards,
>
> Anshuman
>
>
>
>
>
> "Legal Disclaimer: This electronic message and all contents contain
> information from Cybage Software Private Limited which may be privileged,
> confidential, or otherwise protected from disclosure. The information is
> intended to be for the addressee(s) only. If you are not an addressee, any
> disclosure, copy, distribution, or use of the contents of this message is
> strictly prohibited. If you have received this electronic message in error
> please notify the sender by reply e-mail to and destroy the original
> message and all copies. Cybage has taken every reasonable precaution to
> minimize the risk of malicious content in the mail, but is not liable for
> any damage you may sustain as a result of any malicious content in this
> e-mail. You should carry out your own malicious content checks before
> opening the e-mail or attachment."
> www.cybage.com
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: pulledporkpl
> Type: application/octet-stream
> Size: 73723 bytes
> Desc: pulledporkpl
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: pulledpork.conf
> Type: application/octet-stream
> Size: 11029 bytes
> Desc: pulledpork.conf
> -------------- next part --------------
> An embedded and charset-unspecified text was scrubbed...
> Name: permissions.txt
>
> ------------------------------
>
>
> ------------------------------------------------------------------------------
> October Webinars: Code for Performance
> Free Intel webinars can help you accelerate application performance.
> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most
> from
> the latest Intel processors and coprocessors. See abstracts and register >
> http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk
>
> ------------------------------
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-users
>
>
> End of Snort-users Digest, Vol 88, Issue 50
> *******************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130925/64f045db/attachment.html>


More information about the Snort-users mailing list