Snort mailing list archives

Re: Snort rules touble.

From: Ryan Russell <ryan () securityfocus com>
Date: Fri, 21 Jun 2002 10:54:43 -0600 (MDT)

On Fri, 21 Jun 2002, Jason Gauthier wrote:

Starts up and the errors out:
ERROR /opt/snort/rules/bad-traffic.rules(19) => Bad protocol name ">134"

Eh, Not too bad. So i read some more, and then edit the rule.
I decide to comment it out, so I can fix it later, for now, I would like to
get snort running.

Immediately follows:
ERROR: /opt/snort/rules/exploit.rules(7) => Unknown keyword "flow" in rule!


You're trying to use the 1.9 ruleset with 1.8.x.  The rules you want are:
http://www.snort.org/dl/signatures/snortrules.tar.gz

"Current" in this instance means the current development version, which
will be released as 1.9 at some point.  If you're new to Snort, you're
probably better off continuing with the 1.8.x you have, and using the
ruleset I mentioned.

                                        Ryan



-------------------------------------------------------
Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort rules touble. Jason Gauthier (Jun 21)
- Re: Snort rules touble. Ryan Russell (Jun 21)
- Re: Snort rules touble. Matt Kettler (Jun 21)
- <Possible follow-ups>
- RE: Snort rules touble. Slighter, Tim (Jun 21)
- RE: Snort rules touble. Jason Gauthier (Jun 21)
  - RE: Snort rules touble. Erek Adams (Jun 21)
- RE: Snort rules touble. Jason Gauthier (Jun 21)
  - RE: Snort rules touble. Matt Kettler (Jun 21)
- RE: Snort rules touble. Slighter, Tim (Jun 21)
- RE: Snort rules touble. Slighter, Tim (Jun 21)
  - RE: Snort rules touble. Erek Adams (Jun 21)
    - RE: Snort rules touble. Andreas Östling (Jun 21)

(Thread continues...)