Snort mailing list archives

[snort-user] invalid rules to parse

From: Mayur Patil <ram.nath241089 () gmail com>
Date: Fri, 6 Sep 2013 16:45:20 +0530

Hi,

    When I parsed this rule it gives me from rule generator

    alert tcp [172.20.54.212,172.20.54.213] any -> $HOME_NET 514 (msg:"DOS
flood denial of service attempt";flow:to_server; detection_filter:track
by_dst, count 50, seconds 1; metadata:service syslog;
classtype:attempted-dos; sid:25101; rev:1;)


it gives me error of invalid rules to parse

  but when I try by cutting

  "detection_filter:track by_dst, count 50, seconds 1;"

  rest of the rule has generated the code.

   I am following syntax from manual then why is it givng me error ?

  Seeking for guidance,

  Please help !

  Thanks !

*--
*
*Cheers,
*
*Mayur
*

------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

[snort-user] invalid rules to parse Mayur Patil (Sep 06)