[Snort-users] Blacklist Rule Error 22

Rameez Qureshi rameez_q at ...16117...
Fri Apr 11 18:35:30 EDT 2014


Here it the problem 

Reputation config: 
WARNING: Can't find any whitelist/blacklist entries. Reputation Preprocessor disabled.

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
ERROR: /usr/src/rules/blacklist.rules(22) Unknown ClassType: trojan-activity
Fatal Error, Quitting.

The actual rule inside the blacklist.rule file is as follows:

alert udp $HOME_NET any -> any 53 (msg:"BLACKLIST DNS request for known malware domain datajunction.org - Gauss "; flow:to_server; byte_test:1,!&,0xF8,2; content:"|0C|datajunction|03|org|00|"; fast_pattern:only; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service dns; reference:url,gauss.crysys.hu/; reference:url,www.securelist.com/en/blog/208193767/Gauss_Nation_state_cyber_surveillance_meets_banking_Trojan; classtype:trojan-activity; sid:23802; rev:2;)

Any help greatly appreciated!

Thanks
Rameez

 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140411/957a0fb7/attachment.html>


More information about the Snort-users mailing list