Snort mailing list archives
RE: Snort rules touble.
From: Erek Adams <erek () theadamsfamily net>
Date: Fri, 21 Jun 2002 12:28:00 -0700 (PDT)
On Fri, 21 Jun 2002, Slighter, Tim wrote:
If Jason is going to go with his intended build of 1.86 and would ultimately have to comment out anything using "flow", if he needs to stay with that build, then he might want to consider downloading the latest signatures from activeworx as well as the policy manager and integrating those into the rules to ensure that he is using some of the latest signatures. Otherwise, it could be advantageous to move ahead to the daily snapshot and use the latest rules from current.
Actually, if you grab the latest rules from snort.org, you don't have the "flow:" keyword in them at all.
From http://www.snort.org/dl/signatures/snortrules.tar.gz:
ghosts:tmp {114} tar -zxvf ~erek/snortrules.tar.gz ghosts:tmp {115} cd rules ghosts:rules {116} grep 'flow:' *.rules ghosts:rules {117} If you see "flow:" in any of your rulesets, then you grabbed the 'wrong' rules for 1.8.6. You've somehow ended up with the 1.9 rulesets. Snort.org should be the definitive site for all your snort rule needs. :) Hrmmmm.... "The Best Damn Snort Show Ever"... I wonder if ESPN would like that very much? ;-) Hope that helps! ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net ------------------------------------------------------- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Snort rules touble., (continued)
- RE: Snort rules touble. Jason Gauthier (Jun 21)
- RE: Snort rules touble. Erek Adams (Jun 21)
- RE: Snort rules touble. Jason Gauthier (Jun 21)
- RE: Snort rules touble. Matt Kettler (Jun 21)
- RE: Snort rules touble. Slighter, Tim (Jun 21)
- RE: Snort rules touble. Slighter, Tim (Jun 21)
- RE: Snort rules touble. Erek Adams (Jun 21)
- RE: Snort rules touble. Andreas Östling (Jun 21)
- RE: Snort rules touble. Erek Adams (Jun 21)
- RE: Snort rules touble. Erek Adams (Jun 21)
- RE: Snort rules touble. Jason Gauthier (Jun 21)
- RE: Snort rules touble. Slighter, Tim (Jun 21)
- RE: Snort rules touble. Erek Adams (Jun 21)
- RE: Snort rules touble. Jason Gauthier (Jun 21)