[Snort-users] Snort++ Problem with Rules
jim at w4bqp.net
Wed Aug 9 11:51:52 EDT 2017
The current Subscription Rules cause Snort to error out. The specific
 alert udp ![$SMTP_SERVERS,$DNS_SERVERS] any -> $DNS_SERVERS 53 (
msg:"ET DNS DNS Lookup for localhost.DOMAIN.TLD";...
 alert tcp !$SMTP_SERVERS any -> !$HOME_NET 25 ( msg:"ET POLICY
Outbound Multiple Non-SMTP Server Emails";...
 alert tcp !$HOME_NET any -> $HOME_NET 25 ( msg:"ET POLICY Inbound
Frequent Emails - Possible Spambot Inbound";...
This is the error Snort is outputting:
ERROR: snort3.rules:3690 !any is not allowed: ![$SMTP_SERVERS,$DNS_SERVERS].
ERROR: snort3.rules:5648 !any is not allowed: !$SMTP_SERVERS.
ERROR: snort3.rules:5648 !any is not allowed: !$HOME_NET.
ERROR: snort3.rules:5659 !any is not allowed: !$HOME_NET.
I'm commenting these rules (#alert...) until the problem is fixed.
"We are not human beings having a spiritual experience;
we are spiritual beings having a human experience."
---Pierre Teilhard de Chardin
More information about the Snort-users