Home page logo

snort logo Snort mailing list archives

Assistance with Blacklist
From: "Hannibal S. Jackson" <hannibaljackson () yahoo com>
Date: Tue, 9 Apr 2013 07:30:00 -0700 (PDT)

Was asked to enable the reputation preprocessor and configure a black_list.rules file.I'm running it on Windows 7 in a 
virtual environment. This is how I start snort.

snort -i 1 -c c:\snort\etc\snort.conf -A console 

This is the error I get: <snort-users () lists sourceforge net >;

I'm getting ERROR: c:\snort\rules\black_list.rules (4) Invalid configuration 

The only thing I have in my black_list.rules file is this: 

# This is my black_list.rules file for www.facebook.com 

It doesn't matter which / I use (CIDR), I get the same 
error, I tried a /8 a /16, nothing mattered.  
The goal is to get it to trigger an alert when someone tries to access that site. We already did this with our basic 
rules, now we are trying to do it with the preprocessor. Not sure why it's complaining about my configuration of the 
black_list.rules file. There isn't very many lines, other than the comment and one of the IP's I've found for Facebook 
as a test when pinging the domain. 

Any ideas?
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org to stay current on all the latest Snort news!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]