Home page logo
/

snort logo Snort mailing list archives

Re: [Emerging-Sigs] FATALs with snort-2.9.0.3
From: "Lay, James" <james.lay () wincofoods com>
Date: Wed, 22 Dec 2010 08:05:23 -0700

Thanks Joel.  Does anyone have an ETA on when ET rules will be fixed?
Tested this morning with the 8:31 tarball and still got the same thing.
My upgrade is now waiting on this to be fixed before I can go any
further.  Thanks.

 

James

 

From: Joel Esler [mailto:jesler () sourcefire com] 
Sent: Wednesday, December 22, 2010 8:03 AM
To: Matthew Jonkman
Cc: Lay, James; emerging-sigs () emergingthreats net Signatures;
snort-users () lists sourceforge net; snort-sigs () lists sourceforge net
Subject: Re: [Emerging-Sigs] FATALs with snort-2.9.0.3

 

As promised, here's that blog post I was talking about:

 

http://blog.snort.org/2010/12/wheres-content.html

 

 

Thanks all!

 

Joel

 

On Dec 21, 2010, at 10:55 AM, Matthew Jonkman wrote:





Hi James, looks like we have a lot of style issues to fix up. We're on
it!!

 

Matt

 

On Dec 21, 2010, at 10:39 AM, Lay, James wrote:





Yep...latest et rules:

 

Dec 21 08:32:14 10.21.88.2 snort[30722]: FATAL ERROR:
/usr/local/etc/snort/rules/emerging-p2p.rules(110) depth can't be used
with itself, distance, or within

Dec 21 08:32:50 10.21.88.2 snort[30725]: FATAL ERROR:
/usr/local/etc/snort/rules/emerging-p2p.rules(114) depth can't be used
with itself, distance, or within

Dec 21 08:33:04 10.21.88.2 snort[30728]: FATAL ERROR:
/usr/local/etc/snort/rules/emerging-p2p.rules(118) depth can't be used
with itself, distance, or within

Dec 21 08:33:27 10.21.88.2 snort[30731]: FATAL ERROR:
/usr/local/etc/snort/rules/emerging-p2p.rules(230) within can't be used
with itself, offset, or depth

Dec 21 08:33:47 10.21.88.2 snort[30734]: FATAL ERROR:
/usr/local/etc/snort/rules/emerging-p2p.rules(390) depth can't be used
with itself, distance, or within

Dec 21 08:34:10 10.21.88.2 snort[30737]: FATAL ERROR:
/usr/local/etc/snort/rules/emerging-p2p.rules(394) depth can't be used
with itself, distance, or within

Dec 21 08:34:44 10.21.88.2 snort[30740]: FATAL ERROR:
/usr/local/etc/snort/rules/emerging-p2p.rules(398) depth can't be used
with itself, distance, or within

Dec 21 08:34:57 10.21.88.2 snort[30743]: FATAL ERROR:
/usr/local/etc/snort/rules/emerging-p2p.rules(402) depth can't be used
with itself, distance, or within

 

Got tired of commenting things out, so I'll wait until this is fixed...

 

 

   ,,_     -*> Snort! <*-

  o"  )~   Version 2.9.0.3 (Build 98)

   ''''    By Martin Roesch & The Snort Team:
http://www.snort.org/snort/snort-team

           Copyright (C) 1998-2010 Sourcefire, Inc., et al.

           Using libpcap version 1.0.0

           Using PCRE version: 7.6 2008-01-28

           Using ZLIB version: 1.2.3

 

These are the nogpl badboys.

 

2010-12-17 19:30 emerging-attack_response.rules

2010-12-17 19:30 emerging-p2p.rules

 

James Lay

IT Security Analyst

WinCo Foods

208-672-2014 Office

208-559-1855 Cell

650 N Armstrong Pl.

Boise, Idaho 83704

 

_______________________________________________
Emerging-sigs mailing list
Emerging-sigs () emergingthreats net
http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs

Support Emerging Threats! Subscribe to Emerging Threats Pro
http://www.emergingthreatspro.com <http://www.emergingthreatspro.com/> 
The ONLY place to get complete premium rulesets for Snort 2.4.0 through
Current!

 


----------------------------------------------------
Matthew Jonkman

Emergingthreats.net <http://Emergingthreats.net/> 
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 765-807-8630
Fax 312-264-0205
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc



 

_______________________________________________
Emerging-sigs mailing list
Emerging-sigs () emergingthreats net
http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs

Support Emerging Threats! Subscribe to Emerging Threats Pro
http://www.emergingthreatspro.com
The ONLY place to get complete premium rulesets for Snort 2.4.0 through
Current!

 

------------------------------------------------------------------------------
Forrester recently released a report on the Return on Investment (ROI) of
Google Apps. They found a 300% ROI, 38%-56% cost savings, and break-even
within 7 months.  Over 3 million businesses have gone Google with Google Apps:
an online email calendar, and document program that's accessible from your 
browser. Read the Forrester report: http://p.sf.net/sfu/googleapps-sfnew
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault