Snort mailing list archives
Re: Questions after 1.9.1 install
From: Erek Adams <erek () snort org>
Date: Sat, 15 Mar 2003 14:46:37 -0500 (EST)
On Sat, 15 Mar 2003, John Sage wrote:
Hey Erek, thanks for the sendmail help. Now that that's at least kinda working, it's on to more important stuff :-)
:)
heh.. Basically, 1.8.7 worked so well that I've just been lurking. Been so busy with other stuff that I haven't been a real participant..
Ahhh... Ok, then you're going to see some differences. There's been quite a few changes since then. Changelog should give you the really important ones.
hrm.. Don't recall seeing this until I got fancy and put on 1.9.1, on top of a complete rebuild: KRUD Linux 7.3, which is basically Red Hat, fully patched, with a lot of extras Red Hat doesn't distribute.. Teach me to get fancy and try to maintain my systems :-/
Then it may have changed in 1.8.9, but it has been that way since the 1.8.something versions. Awww, Sounds like you had just a 'little' fun with it. ;-)
Not at all: I should have mentioned that. The specific port rule is first, followed by port ranges after..
Ok, so much for that one.
Is there any mandatory rule syntax for 1.9.1 that I'm not aware of?
Nothing really special.
Or do both rules look syntactically correct for 1.9.1?
With as basic of a rule as you have, it's fine.
By some chance does -o re-order (reverse-order) rules *within* the class "alert", as well as re-oder the classes of rules themselves?
Hrm... Not to my knowledge. I'd have to read thru the code to say for sure.
Suspected as much. Dynamic IP address: can portscan2-ignorehosts reference $HOME_NET or ppp0_ADDRESS?
Yep. $ppp0_ADDRESS is just a variable. You can put it anywhere you would a regular variable. Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson ------------------------------------------------------- This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Questions after 1.9.1 install John Sage (Mar 14)
- Re: Questions after 1.9.1 install Alberto Gonzalez (Mar 14)
- Re: Questions after 1.9.1 install John Sage (Mar 15)
- Re: Questions after 1.9.1 install Alberto Gonzalez (Mar 15)
- Re: Questions after 1.9.1 install John Sage (Mar 15)
- Re: Questions after 1.9.1 install Erek Adams (Mar 15)
- Re: Questions after 1.9.1 install John Sage (Mar 15)
- Re: Questions after 1.9.1 install Erek Adams (Mar 15)
- Re: Questions after 1.9.1 install John Sage (Mar 15)
- Re: Questions after 1.9.1 install Chris Green (Mar 21)
- Re: Questions after 1.9.1 install Alberto Gonzalez (Mar 14)