Home page logo
/

snort logo Snort mailing list archives

Re: Syntax error in NSM
From: waldo kitty <wkitty42 () windstream net>
Date: Wed, 15 May 2013 21:58:40 -0400

On 5/10/2013 07:30, elmo second wrote:
I understand there is an issue importing Snort rules into McAfee NSM.

I am trying to import a rule to alert for FTP anonymous:

alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"POLICY-OTHER FTP anonymous
login attempt"; flow:to_server,established; content:"USER"; fast_pattern:only;
pcre:"/^USER\s+(anonymous|ftp)[^\w]*[\r\n]/smi"; metadata:ruleset community,
service ftp; classtype:misc-activity; sid:553; rev:13; )

I am receiving a syntax error.
Any assistance appreciated.

what is the supposed "syntax" error? without that, all anyone can do is make 
WAGs... at best they might be eWAGs...

WAG == Wild Arsed Guess

eWAG == educated WAG


-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]