[Snort-users] Continuing Pulledpork Problem

Jim Campbell jim at w4bqp.net
Tue Nov 28 20:58:26 EST 2017


My apologies if I am addressing the wrong list. If this isn't the 
correct list would some kind soul point me the way?

I'm running Snort 2.9.9.0 in IPS mode and just upgraded Pulledpork to 
the latest master. (It says the version is 0.7.3 which doesn't seem like 
a new version.) I am running on Ubuntu 16-04.

After updating pulledpork I ran the simple command line: |sudo| 
|/usr/local/bin/pulledpork||.pl -c ||/etc/snort/pulledpork||.conf -l
|

|and got the following warnings:
|

Generating Stub Rules....
         An error occurred: WARNING: /etc/snort/snort.conf(190) Adapter 
is in Passive Mode. Hence switching policy mode to tap.

         An error occurred: WARNING: ip4 normalizations disabled because 
not inline.

         An error occurred: WARNING: tcp normalizations disabled because 
not inline.

         An error occurred: WARNING: icmp4 normalizations disabled 
because not inline.

         An error occurred: WARNING: ip6 normalizations disabled because 
not inline.

         An error occurred: WARNING: icmp6 normalizations disabled 
because not inline.

Yet line 190 of /etc/snort/snort.conf says: config policy_mode:inline

I have been getting these warnings ever since I started running Snort in 
IPS mode but finally decided to attempt to find the problem.

Thanks in advance,

Jim

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20171128/2a0cdef8/attachment.html>


More information about the Snort-users mailing list