Home page logo
/

snort logo Snort mailing list archives

Re: Syntax error in NSM
From: Joel Esler <jesler () sourcefire com>
Date: Wed, 15 May 2013 21:12:07 -0400

On May 10, 2013, at 7:30 AM, elmo second <elmosecond () hotmail com> wrote:

I understand there is an issue importing Snort rules into McAfee NSM.
 
I am trying to import a rule to alert for FTP anonymous:
 
alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"POLICY-OTHER FTP anonymous login attempt"; 
flow:to_server,established; content:"USER"; fast_pattern:only; pcre:"/^USER\s+(anonymous|ftp)[^\w]*[\r\n]/smi"; 
metadata:ruleset community, service ftp; classtype:misc-activity; sid:553; rev:13; )
 
I am receiving a syntax error.
Any assistance appreciated.


Elmo,

I suggest you contact Mcafee support for help with a Mcafee product.  The Snort user group is not the place to ask for 
help with that.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire
------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]