Snort mailing list archives
'asn1' in rules stops snort start up?
From: Ian Masters <ian () acces co jp>
Date: Thu, 22 Jul 2004 16:15:40 +0900
This morning on a test machine, snort failed to start up after a rules update at about 1 a.m. Japan time. That machine is running snort v2.1.2 (Build 25) The system log had this to say: Jul 22 03:15:04 ids-m1 /usr/local/bin/snort: FATAL ERROR: Warning: /etc/snort/rules/exploit.rules(79) => Unknown keyword ' asn1' in rule! Jul 22 15:07:25 ids-m1 /usr/local/bin/snort: FATAL ERROR: Warning: /etc/snort/rules/exploit.rules(80) => Unknown keyword ' asn1' in rule! Jul 22 15:08:38 ids-m1 /usr/local/bin/snort: FATAL ERROR: Warning: /etc/snort/rules/netbios.rules(115) => Unknown keyword ' asn1' in rule! To: asn1 It seems those 2 rules were added today or yesterday Oinkmaster is set up to use : http://www.snort.org/dl/rules/snortrules-snapshot-2_1.tar.gz After commenting out those 4 lines in the 2 rules above (2 in exploit.rules and 2 in netbios.rules), snort was happy to start up. I wonder if anyone else is seeing this? I understand asn1 is a v2.2 feature. Regards Ian Masters -------------------------------------------- Acces (OSD Dept) <address> 3-5-11 Doshoumachi Chuo-ku Osaka 541-0045 Japan <tel> 06-6208-1600 (switchboard) <fax> 06-6208-1610 (switchboard) <e-mail> ian () acces co jp -------------------------------------------- ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- 'asn1' in rules stops snort start up? Ian Masters (Jul 22)
- Re: 'asn1' in rules stops snort start up? Miika Räisänen (Jul 22)
- Re: 'asn1' in rules stops snort start up? John Nagro (Jul 22)
- Re: 'asn1' in rules stops snort start up? Miika Räisänen (Jul 22)