Home page logo

snort logo Snort mailing list archives

Re: Syntax error in NSM
From: waldo kitty <wkitty42 () windstream net>
Date: Wed, 15 May 2013 21:58:40 -0400

On 5/10/2013 07:30, elmo second wrote:
I understand there is an issue importing Snort rules into McAfee NSM.

I am trying to import a rule to alert for FTP anonymous:

alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"POLICY-OTHER FTP anonymous
login attempt"; flow:to_server,established; content:"USER"; fast_pattern:only;
pcre:"/^USER\s+(anonymous|ftp)[^\w]*[\r\n]/smi"; metadata:ruleset community,
service ftp; classtype:misc-activity; sid:553; rev:13; )

I am receiving a syntax error.
Any assistance appreciated.

what is the supposed "syntax" error? without that, all anyone can do is make 
WAGs... at best they might be eWAGs...

WAG == Wild Arsed Guess

eWAG == educated WAG

NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org to stay current on all the latest Snort news!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]