Snort mailing list archives

Re: SNORT

From: Phil Wood <cpw () lanl gov>
Date: Wed, 15 Aug 2001 08:44:15 -0600

Check out:

  http://snort.sourcefire.com/
  http://snort.sourcefire.com/downloads.html

On Tue, Aug 14, 2001 at 09:27:15AM -0700, Mel Chandler PMI wrote:

I'm new to Linux and SNORT and was wondering if I could get some tips
and/or help.  I have installed SNORT v1.8 rpm on Red Hat 7.1, when it


When asking for help, include information which would help us diagnose
problems.  What I do is cut and paste all information from install to
failure.  Also, include the content of your configuration file.  Most
people anonymize the information to keep their home network out of the
lime light.  A good anonymous choice for your home network would be:

  192.168.1.0/24.

complained about missing a file, which I believe was the rules file, I


There are many rules files.  Which allows you to be more or less specific
about what kinds of things you are interested in.  And, as you become more
confident, making your own rules is a plus.

just supplied it with a blank file.  I'm not sure if there are some sort


I't possible you told snort to do nothing (blank == nothing).

You should probably get the source, rather than do a canned install.  In the
source tarball you will find various README's, a FAQ, and INSTALL file which
you should become familiar with.  Not only that, but this one works.

  http://snort.sourcefire.com/releases/snort-1.8.1-RELEASE.tar.gz

Contents:

  1469 2001-08-11 22:28:54 snort-1.8.1-RELEASE/MIBS/SnortCommonMIB.txt
 13784 2001-08-11 22:28:54 snort-1.8.1-RELEASE/MIBS/SnortIDAlertMIB.txt
 81196 2001-07-09 16:57:10 snort-1.8.1-RELEASE/contrib/ACID-0.9.6b11.tar.gz
  9326 2001-08-11 01:49:13 snort-1.8.1-RELEASE/contrib/create_oracle.sql
 67710 2000-11-02 14:23:57 snort-1.8.1-RELEASE/contrib/Spade-092200.1.tar.gz
  4357 2000-08-06 20:42:47 snort-1.8.1-RELEASE/contrib/Guardian.tar.gz
 10916 2000-08-06 20:42:56 snort-1.8.1-RELEASE/contrib/Net-SnortLog-0.1.tar.gz
  2664 2000-11-02 14:23:57 snort-1.8.1-RELEASE/contrib/README
  8928 2001-08-07 07:15:11 snort-1.8.1-RELEASE/contrib/create_mssql
   932 2000-08-06 20:42:53 snort-1.8.1-RELEASE/contrib/address_config.sh
  8027 2001-08-03 12:51:38 snort-1.8.1-RELEASE/contrib/create_mysql
  6938 2001-06-15 15:00:26 snort-1.8.1-RELEASE/contrib/create_postgresql
 10826 2000-08-06 20:42:53 snort-1.8.1-RELEASE/contrib/mysql.php3
  2621 2000-08-06 20:42:53 snort-1.8.1-RELEASE/contrib/passiveOS.tar.gz
 10948 2000-08-06 20:42:53 snort-1.8.1-RELEASE/contrib/pgsql.php3
  7857 2001-06-15 15:00:27 snort-1.8.1-RELEASE/contrib/snml.dtd
  3963 2000-08-06 20:42:52 snort-1.8.1-RELEASE/contrib/snort-sort.pl
  7980 2001-01-05 12:27:33 snort-1.8.1-RELEASE/contrib/snort2html.pl
 16542 2000-11-16 22:28:20 snort-1.8.1-RELEASE/contrib/snort_stat.pl
396086 2000-08-17 16:31:10 snort-1.8.1-RELEASE/contrib/snortdb-extra.gz
  1682 2000-08-06 20:42:47 snort-1.8.1-RELEASE/contrib/snortlog
 11240 2000-08-06 20:42:47 snort-1.8.1-RELEASE/contrib/snortnet.tar.gz
  7511 2000-08-06 20:42:58 snort-1.8.1-RELEASE/contrib/snortwatch-0.7.tar.gz
 24288 2001-07-25 08:48:24 snort-1.8.1-RELEASE/contrib/idmef-xml-plugin_0.2.2.tar.gz
122982 2001-08-01 14:11:25 snort-1.8.1-RELEASE/contrib/SnortSnarf-080101.1.tar.gz
  5672 2000-08-06 20:42:59 snort-1.8.1-RELEASE/templates/sp_template.c
   803 2000-08-06 20:42:59 snort-1.8.1-RELEASE/templates/sp_template.h
   797 2000-11-12 23:01:25 snort-1.8.1-RELEASE/templates/spp_template.h
  3434 2000-11-12 23:01:25 snort-1.8.1-RELEASE/templates/spp_template.c
 16304 2001-08-14 23:54:35 snort-1.8.1-RELEASE/README
     0 2001-08-15 00:00:43 snort-1.8.1-RELEASE/stamp-h.in
    58 2001-07-09 20:47:16 snort-1.8.1-RELEASE/AUTHORS
 17989 2000-08-06 20:41:21 snort-1.8.1-RELEASE/COPYING
 36026 2001-08-14 23:54:35 snort-1.8.1-RELEASE/ChangeLog
 12831 2001-08-14 10:04:26 snort-1.8.1-RELEASE/INSTALL
  3969 2001-08-12 13:11:48 snort-1.8.1-RELEASE/Makefile.am
 15943 2001-08-15 00:00:43 snort-1.8.1-RELEASE/Makefile.in
 22626 2001-08-14 12:22:48 snort-1.8.1-RELEASE/NEWS
  1056 2001-03-26 12:42:51 snort-1.8.1-RELEASE/acconfig.h
  6990 2001-08-15 00:00:42 snort-1.8.1-RELEASE/aclocal.m4
 20370 2000-08-06 20:41:31 snort-1.8.1-RELEASE/config.guess
  3241 2001-08-14 07:39:19 snort-1.8.1-RELEASE/config.h.in
 19236 2000-08-06 20:41:31 snort-1.8.1-RELEASE/config.sub
131546 2001-08-15 00:00:08 snort-1.8.1-RELEASE/configure
 21933 2001-08-14 23:59:55 snort-1.8.1-RELEASE/configure.in
  5584 2000-08-06 20:41:44 snort-1.8.1-RELEASE/install-sh
  6274 2000-08-06 20:41:49 snort-1.8.1-RELEASE/missing
   733 2000-08-06 20:41:49 snort-1.8.1-RELEASE/mkinstalldirs
 91300 2001-08-10 14:39:52 snort-1.8.1-RELEASE/snort.c
 15121 2001-08-14 23:54:35 snort-1.8.1-RELEASE/snort.h
 71203 2001-08-14 07:39:19 snort-1.8.1-RELEASE/log.c
  4026 2001-08-07 05:46:10 snort-1.8.1-RELEASE/log.h
 58942 2001-08-08 18:16:16 snort-1.8.1-RELEASE/decode.c
 26635 2001-08-13 09:21:25 snort-1.8.1-RELEASE/decode.h
  1486 2001-01-02 01:06:00 snort-1.8.1-RELEASE/mstring.h
 19909 2001-08-14 23:54:35 snort-1.8.1-RELEASE/mstring.c
126913 2001-08-14 23:54:35 snort-1.8.1-RELEASE/rules.c
 11770 2001-07-22 14:21:38 snort-1.8.1-RELEASE/rules.h
 33978 2001-08-11 22:31:01 snort-1.8.1-RELEASE/plugbase.c
  6507 2001-08-11 22:31:01 snort-1.8.1-RELEASE/plugbase.h
 27509 2001-08-10 14:39:52 snort-1.8.1-RELEASE/sp_pattern_match.c
  2368 2001-04-07 00:43:50 snort-1.8.1-RELEASE/sp_pattern_match.h
  6783 2001-01-02 01:06:01 snort-1.8.1-RELEASE/sp_tcp_flag_check.c
  1385 2001-01-02 01:06:01 snort-1.8.1-RELEASE/sp_tcp_flag_check.h
  5307 2001-01-02 01:06:01 snort-1.8.1-RELEASE/sp_icmp_type_check.c
  1318 2001-01-02 01:06:01 snort-1.8.1-RELEASE/sp_icmp_type_check.h
  5312 2001-01-02 01:06:00 snort-1.8.1-RELEASE/sp_icmp_code_check.c
  1317 2001-01-02 01:06:00 snort-1.8.1-RELEASE/sp_icmp_code_check.h
  9784 2001-08-07 05:46:11 snort-1.8.1-RELEASE/sp_ttl_check.c
  1430 2001-05-06 13:48:40 snort-1.8.1-RELEASE/sp_ttl_check.h
  4782 2001-08-07 05:46:11 snort-1.8.1-RELEASE/sp_ip_id_check.c
  1239 2001-01-02 01:06:01 snort-1.8.1-RELEASE/sp_ip_id_check.h
 18362 2001-08-13 09:21:26 snort-1.8.1-RELEASE/tag.c
  4830 2001-01-26 22:09:08 snort-1.8.1-RELEASE/sp_tcp_ack_check.c
  1273 2001-01-02 01:06:01 snort-1.8.1-RELEASE/sp_tcp_ack_check.h
  4859 2001-01-26 22:09:08 snort-1.8.1-RELEASE/sp_tcp_seq_check.c
  1274 2001-01-02 01:06:01 snort-1.8.1-RELEASE/sp_tcp_seq_check.h
  7032 2001-01-02 01:06:00 snort-1.8.1-RELEASE/sp_dsize_check.c
  1474 2001-01-02 01:06:00 snort-1.8.1-RELEASE/sp_dsize_check.h
  1356 2001-03-10 08:29:37 snort-1.8.1-RELEASE/spp_http_decode.h
 20935 2001-08-13 10:21:24 snort-1.8.1-RELEASE/spp_http_decode.c
 58645 2001-08-07 05:46:11 snort-1.8.1-RELEASE/spp_portscan.c
  1648 2001-08-07 05:46:11 snort-1.8.1-RELEASE/spp_portscan.h
  1302 2001-01-02 01:06:01 snort-1.8.1-RELEASE/sp_ipoption_check.h
  6753 2001-08-07 05:46:11 snort-1.8.1-RELEASE/sp_ipoption_check.c
  1490 2001-01-02 03:40:57 snort-1.8.1-RELEASE/sp_rpc_check.h
  7915 2001-04-15 20:13:14 snort-1.8.1-RELEASE/sp_rpc_check.c
  5851 2001-01-02 01:06:00 snort-1.8.1-RELEASE/sp_icmp_id_check.c
  1287 2001-01-02 01:06:00 snort-1.8.1-RELEASE/sp_icmp_id_check.h
  1308 2001-01-02 01:06:01 snort-1.8.1-RELEASE/sp_icmp_seq_check.h
  5866 2001-01-02 01:06:01 snort-1.8.1-RELEASE/sp_icmp_seq_check.c
  8275 2001-05-02 10:53:16 snort-1.8.1-RELEASE/sp_respond.c
  1726 2001-01-02 01:06:01 snort-1.8.1-RELEASE/sp_respond.h
 11473 2001-08-07 05:46:11 snort-1.8.1-RELEASE/spo_alert_syslog.c
  1601 2001-06-10 23:49:28 snort-1.8.1-RELEASE/spo_alert_syslog.h
  7925 2001-06-28 20:38:54 snort-1.8.1-RELEASE/spo_log_tcpdump.c
  1682 2001-06-10 23:49:28 snort-1.8.1-RELEASE/spo_log_tcpdump.h
  3029 2001-03-26 12:42:51 snort-1.8.1-RELEASE/prototypes.h
 58395 2001-08-11 22:32:04 snort-1.8.1-RELEASE/spo_database.c
  3619 2001-08-11 22:32:04 snort-1.8.1-RELEASE/spo_database.h
  1466 2001-04-07 16:55:50 snort-1.8.1-RELEASE/sp_session.h
  9517 2001-08-09 20:25:41 snort-1.8.1-RELEASE/sp_session.c
 36595 2001-08-07 05:46:11 snort-1.8.1-RELEASE/spp_defrag.c
  2410 2001-01-02 01:06:01 snort-1.8.1-RELEASE/spp_defrag.h
 24364 2001-08-07 05:46:10 snort-1.8.1-RELEASE/parser.c
  1499 2001-05-06 18:55:23 snort-1.8.1-RELEASE/parser.h
  4394 2001-06-10 23:49:28 snort-1.8.1-RELEASE/spo_alert_fast.c
  1651 2001-06-10 23:49:28 snort-1.8.1-RELEASE/spo_alert_fast.h
  4415 2001-06-10 23:49:28 snort-1.8.1-RELEASE/spo_alert_full.c
  1648 2001-06-10 23:49:28 snort-1.8.1-RELEASE/spo_alert_full.h
  8742 2001-06-19 11:22:35 snort-1.8.1-RELEASE/spo_alert_smb.c
  1581 2001-06-10 23:49:28 snort-1.8.1-RELEASE/spo_alert_smb.h
  5152 2001-06-10 23:49:28 snort-1.8.1-RELEASE/spo_alert_unixsock.c
  1643 2001-06-10 23:49:28 snort-1.8.1-RELEASE/spo_alert_unixsock.h
 15486 2001-04-15 20:13:14 snort-1.8.1-RELEASE/sp_react.c
  1673 2001-01-02 01:06:01 snort-1.8.1-RELEASE/sp_react.h
 54450 2001-08-07 05:46:11 snort-1.8.1-RELEASE/spo_xml.c
  6350 2001-06-15 15:00:26 snort-1.8.1-RELEASE/spo_xml.h
  5264 2001-08-07 05:46:11 snort-1.8.1-RELEASE/sp_ip_tos_check.c
  1277 2001-01-12 13:33:16 snort-1.8.1-RELEASE/sp_ip_tos_check.h
 13396 2001-02-07 05:37:12 snort-1.8.1-RELEASE/snprintf.c
  1073 2001-08-07 05:46:11 snort-1.8.1-RELEASE/snprintf.h
  2224 2001-08-02 14:45:10 snort-1.8.1-RELEASE/checksum.c
 41015 2001-08-07 05:46:12 snort-1.8.1-RELEASE/spp_tcp_stream2.c
  3230 2001-05-08 13:10:04 snort-1.8.1-RELEASE/spp_tcp_stream2.h
  1243 2001-01-02 01:06:00 snort-1.8.1-RELEASE/checksum.h
  8638 2001-04-12 21:07:24 snort-1.8.1-RELEASE/sp_reference.c
  1727 2001-04-25 21:34:07 snort-1.8.1-RELEASE/sp_reference.h
  8902 2001-01-02 01:06:01 snort-1.8.1-RELEASE/sp_ip_fragbits.c
  1492 2001-01-02 01:06:01 snort-1.8.1-RELEASE/sp_ip_fragbits.h
 17100 2001-08-07 05:46:11 snort-1.8.1-RELEASE/spp_anomsensor.h
116575 2001-08-07 05:46:11 snort-1.8.1-RELEASE/spp_anomsensor.c
  1254 2001-07-22 14:21:38 snort-1.8.1-RELEASE/tag.h
 14419 2001-07-12 10:23:28 snort-1.8.1-RELEASE/spp_unidecode.c
  1453 2001-02-23 00:08:13 snort-1.8.1-RELEASE/spp_unidecode.h
 32099 2001-08-02 14:45:10 snort-1.8.1-RELEASE/codes.c
   956 2001-03-11 08:41:39 snort-1.8.1-RELEASE/codes.h
  1192 2001-03-16 22:49:03 snort-1.8.1-RELEASE/fatal.h
  1846 2001-03-23 06:09:34 snort-1.8.1-RELEASE/smalloc.h
  2508 2001-03-13 09:17:20 snort-1.8.1-RELEASE/strlcpyu.c
   959 2001-03-13 09:17:20 snort-1.8.1-RELEASE/strlcpyu.h
  2590 2001-03-13 09:17:20 snort-1.8.1-RELEASE/strlcatu.c
   959 2001-03-13 09:17:20 snort-1.8.1-RELEASE/strlcatu.h
  1651 2001-04-07 16:55:50 snort-1.8.1-RELEASE/debug.c
  2120 2001-08-07 05:46:10 snort-1.8.1-RELEASE/debug.h
  5456 2001-08-07 05:46:11 snort-1.8.1-RELEASE/sp_tcp_win_check.c
  1289 2001-03-15 22:27:33 snort-1.8.1-RELEASE/sp_tcp_win_check.h
  7806 2001-08-07 05:46:11 snort-1.8.1-RELEASE/spp_rpc_decode.c
  1204 2001-06-23 20:47:19 snort-1.8.1-RELEASE/spp_rpc_decode.h
  8320 2001-07-03 12:26:36 snort-1.8.1-RELEASE/spp_bo.c
  1247 2001-03-25 19:00:31 snort-1.8.1-RELEASE/spp_bo.h
  5872 2001-05-07 09:51:27 snort-1.8.1-RELEASE/spp_telnet_negotiation.c
  1381 2001-05-07 09:51:27 snort-1.8.1-RELEASE/spp_telnet_negotiation.h
 11287 2001-07-01 22:16:48 snort-1.8.1-RELEASE/spo_csv.c
  2042 2001-06-10 23:49:28 snort-1.8.1-RELEASE/spo_csv.h
 23379 2001-08-14 23:50:26 snort-1.8.1-RELEASE/spp_frag2.c
  5039 2001-03-25 19:00:31 snort-1.8.1-RELEASE/sp_ip_same_check.c
  1309 2001-03-25 19:00:31 snort-1.8.1-RELEASE/sp_ip_same_check.h
  8444 2001-06-10 23:49:28 snort-1.8.1-RELEASE/sp_priority.c
  1344 2001-06-10 23:49:28 snort-1.8.1-RELEASE/sp_priority.h
  4990 2001-08-07 05:46:11 snort-1.8.1-RELEASE/sp_ip_proto.c
   495 2001-04-15 20:13:14 snort-1.8.1-RELEASE/sp_ip_proto.h
 48279 2001-07-25 21:59:45 snort-1.8.1-RELEASE/ubi_BinTree.c
 41239 2001-06-25 20:14:23 snort-1.8.1-RELEASE/ubi_BinTree.h
 21790 2001-06-25 20:14:23 snort-1.8.1-RELEASE/ubi_SplayTree.c
 14384 2001-06-28 20:38:54 snort-1.8.1-RELEASE/spo_unified.c
  3302 2001-06-23 20:47:19 snort-1.8.1-RELEASE/spo_unified.h
  3251 2001-08-08 18:16:16 snort-1.8.1-RELEASE/generators.h
  1220 2001-07-07 23:01:57 snort-1.8.1-RELEASE/spp_stream4.h
 92965 2001-08-14 23:50:11 snort-1.8.1-RELEASE/spp_stream4.c
 17848 2001-06-25 20:14:23 snort-1.8.1-RELEASE/ubi_SplayTree.h
  3911 2001-06-25 20:19:48 snort-1.8.1-RELEASE/sys_include.h
   989 2001-08-07 05:46:11 snort-1.8.1-RELEASE/spp_frag2.h
 12114 2001-08-07 05:46:11 snort-1.8.1-RELEASE/spp_arpspoof.c
  1861 2001-07-24 23:26:47 snort-1.8.1-RELEASE/spp_arpspoof.h
  5840 2001-07-25 08:48:24 snort-1.8.1-RELEASE/spo_idmef.h
 46012 2001-07-25 08:48:24 snort-1.8.1-RELEASE/spo_idmef.c
 29164 2001-08-11 22:28:54 snort-1.8.1-RELEASE/spo_SnmpTrap.c
   445 2001-07-29 23:43:51 snort-1.8.1-RELEASE/spo_SnmpTrap.h
  1504 2001-03-14 14:32:16 snort-1.8.1-RELEASE/BUGS
 20097 2000-12-30 11:41:06 snort-1.8.1-RELEASE/RULES.SAMPLE
  8318 2001-08-14 23:54:35 snort-1.8.1-RELEASE/CREDITS
 17649 2001-08-11 22:31:01 snort-1.8.1-RELEASE/snort.conf
 11377 2001-03-07 14:12:32 snort-1.8.1-RELEASE/USAGE
 19894 2001-07-24 15:21:12 snort-1.8.1-RELEASE/backdoor.rules
  2074 2001-07-16 08:19:50 snort-1.8.1-RELEASE/info.rules
  3989 2001-07-29 10:36:35 snort-1.8.1-RELEASE/smtp.rules
  5726 2001-07-02 17:23:28 snort-1.8.1-RELEASE/ddos.rules
    58 2001-08-13 10:23:17 snort-1.8.1-RELEASE/local.rules
  2629 2001-07-24 21:28:07 snort-1.8.1-RELEASE/telnet.rules
  3325 2001-06-11 09:29:29 snort-1.8.1-RELEASE/dns.rules
  4804 2001-07-29 10:36:35 snort-1.8.1-RELEASE/misc.rules
 19484 2001-07-29 10:36:35 snort-1.8.1-RELEASE/web-cgi.rules
  3032 2001-08-08 18:16:16 snort-1.8.1-RELEASE/dos.rules
  2406 2001-07-29 10:36:35 snort-1.8.1-RELEASE/netbios.rules
  7637 2001-07-26 12:43:51 snort-1.8.1-RELEASE/web-coldfusion.rules
  8628 2001-07-29 10:36:35 snort-1.8.1-RELEASE/exploit.rules
  5282 2001-07-16 08:19:50 snort-1.8.1-RELEASE/policy.rules
  7193 2001-07-29 10:36:35 snort-1.8.1-RELEASE/web-frontpage.rules
  2560 2001-07-29 10:36:35 snort-1.8.1-RELEASE/finger.rules
  6589 2001-07-29 10:36:35 snort-1.8.1-RELEASE/rpc.rules
 16677 2001-08-06 20:18:44 snort-1.8.1-RELEASE/web-iis.rules
  5965 2001-07-29 10:36:35 snort-1.8.1-RELEASE/ftp.rules
  2344 2001-06-11 09:29:30 snort-1.8.1-RELEASE/rservices.rules
 38228 2001-08-14 07:41:11 snort-1.8.1-RELEASE/web-misc.rules
  9006 2001-06-11 09:29:30 snort-1.8.1-RELEASE/sql.rules
   593 2001-06-11 09:29:30 snort-1.8.1-RELEASE/x11.rules
  3250 2001-06-28 10:43:26 snort-1.8.1-RELEASE/shellcode.rules
  4559 2001-08-13 09:21:25 snort-1.8.1-RELEASE/icmp.rules
  4392 2001-06-11 09:51:23 snort-1.8.1-RELEASE/scan.rules
 21947 2001-07-09 13:05:55 snort-1.8.1-RELEASE/snort.8
  3214 2000-08-06 20:41:28 snort-1.8.1-RELEASE/README.PLUGINS
  1641 2000-08-06 20:41:28 snort-1.8.1-RELEASE/README.FLEXRESP
 12313 2001-08-11 22:32:04 snort-1.8.1-RELEASE/README.database
  4367 2000-10-02 16:14:58 snort-1.8.1-RELEASE/README.tcpstream
  8754 2001-06-15 15:00:26 snort-1.8.1-RELEASE/README.xml
  7547 2000-12-13 01:14:41 snort-1.8.1-RELEASE/README.Spade
 13783 2000-12-13 01:14:41 snort-1.8.1-RELEASE/README.Spade.Usage
 17989 2001-01-02 01:06:00 snort-1.8.1-RELEASE/LICENSE
  1899 2001-04-20 06:11:17 snort-1.8.1-RELEASE/classification.config
  3615 2000-10-29 00:35:12 snort-1.8.1-RELEASE/cdefs.h
118164 2001-08-13 08:20:29 snort-1.8.1-RELEASE/SnortUsersManual.pdf
  2834 2001-07-26 15:09:09 snort-1.8.1-RELEASE/README-SNMP

of rules I need to download or if it updates them itself.  I've been
seeing a lot of activity (80-90% ARP Broadcasts), but so far SNORT reports
no activity.  Is there a way to test it and ensure it is working ok.


Please get the tar file and read INSTALL.

Also, is there some where I show get updated rules from?  I kept clicking
on links on the website for rules, but came to the download page and
couldn't find anything.  Any help would be great.


I find this hard to believe.

  http://snort.sourcefire.com/downloads/snortrules.tar.gz

Opps, looks like the tar file is incomplete:

tar -ztvf snortrules.tar.gz
drwxr-xr-x bmc/bmc           0 2001-08-15 08:22:08 rules
-rw-r--r-- bmc/bmc       19894 2001-08-15 08:22:08 rules/backdoor.rules
-rw-r--r-- bmc/bmc        1899 2001-08-15 08:22:08 rules/classification.config
-rw-r--r-- bmc/bmc         593 2001-08-15 08:22:08 rules/x11.rules
-rw-r--r-- bmc/bmc       38228 2001-08-15 08:22:08 rules/web-misc.rules
-rw-r--r-- bmc/bmc       16677 2001-08-15 08:22:08 rules/web-iis.rules
-rw-r--r-- bmc/bmc        7193 2001-08-15 08:22:08 rules/web-frontpage.rules
-rw-r--r-- bmc/bmc        7637 2001-08-15 08:22:08 rules/web-coldfusion.rules

gzip: stdin: unexpected end of file
-rw-r--r-- bmc/bmc       19484 2001-08-15 08:22:08 rules/web-cgi.rules
tar: Unexpected EOF in archive
tar: Error is not recoverable: exiting now

As you can see, you have touched on an area undergoing constant change.
Be happy, your where it's at.


Mel L. Chandler, A+, Network+, MCNE, MCDBA, MCSE+I, CCNA
MChandler () PMI Delta org
Network Analyst
Information Services
PMI Delta Dental
(562) 467-6627

=========================
= not many animals were harmed in =
= ..... the making of this email ........ =
=========================




-- 
Phil Wood, cpw () lanl gov


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

SNORT Mel Chandler PMI (Aug 14)
- Re: SNORT Erek Adams (Aug 14)
- Re: SNORT Phil Wood (Aug 15)
  - Re: SNORT Brian Caswell (Aug 15)
- <Possible follow-ups>
- RE: SNORT Dan Fiorito (Aug 14)
- RE: SNORT Dr SuSE (Aug 14)
- Snort frank . bussink (Sep 25)
- Re: Snort roman (Sep 25)
  - Win32 Snort Dies jmad (Sep 25)