Home page logo
/

snort logo Snort mailing list archives

Re: Duplicate downloaded rules
From: Jason Brvenik <jasonb () sourcefire com>
Date: Tue, 19 Oct 2010 10:12:49 -0400

I think that is from Emerging duplicating the early rules. I thought
they had resolved it, look for a -nogpl version of the emerging
ruleset.

On Tue, Oct 19, 2010 at 10:04 AM, Lay, James <james.lay () wincofoods com> wrote:
I sent this to snort-sigs a few days ago, but it got moderated into
oblivion.  Here’s a pruned down one in hopes it will make it:



I am seeing the below with grabbing these rulesets:



Downloading file from
http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapshot-2900.tar.gz

Downloading file from
http://rules.emergingthreats.net/open/snort-2.8.6/emerging.rules.tar.gz



WARNING: duplicate SID in downloaded archive, SID=498, only keeping rule
with highest 'rev'

WARNING: duplicate SID in downloaded archive, SID=494, only keeping rule
with highest 'rev'

WARNING: duplicate SID in downloaded archive, SID=495, only keeping rule
with highest 'rev'

WARNING: duplicate SID in downloaded archive, SID=497, only keeping rule
with highest 'rev'

<snip> many more of these

WARNING: duplicate SID in downloaded archive, SID=1666, only keeping rule
with highest 'rev'

WARNING: duplicate SID in downloaded archive, SID=1988, only keeping rule
with highest 'rev'

WARNING: duplicate SID in downloaded archive, SID=1989, only keeping rule
with highest 'rev'



A grand total of 409 dup messages are seen even as of this morning.  Maybe
this one will make it through…



James



------------------------------------------------------------------------------
Download new Adobe(R) Flash(R) Builder(TM) 4
The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly
Flex(R) Builder(TM)) enable the development of rich applications that run
across multiple browsers and platforms. Download your free trials today!
http://p.sf.net/sfu/adobe-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




-- 
Regards,

Jason.

------------------------------------------------------------------------------
Download new Adobe(R) Flash(R) Builder(TM) 4
The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly 
Flex(R) Builder(TM)) enable the development of rich applications that run
across multiple browsers and platforms. Download your free trials today!
http://p.sf.net/sfu/adobe-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault