Snort mailing list archives

RE: Snort rules touble.

From: Jason Gauthier <jgauthier () lastar com>
Date: Fri, 21 Jun 2002 15:34:37 -0400

I added necassary variables to use the latest rules to my snort.conf,
merging any necassary differences.
I'm up to speed now and all is running.

Now I need to simulate some probes/attacks to make sure it's actually
working.

Thanks to all,

Jason

-----Original Message-----
From: Matt Kettler [mailto:mkettler () evi-inc com]
Sent: Friday, June 21, 2002 3:33 PM
To: Jason Gauthier; snort-users () lists sourceforge net
Subject: RE: [Snort-users] Snort rules touble.


Yes, it's also why snortrules.tar.gz contains a snort.conf,  
so that you 
can look at it for new things you need to include :)

I'd first get things up and running using the supplied rules.

If you then want to try using snortrules.tar.gz, try it, but 
be aware of 
the pitfalls involved in assuming you can just use new .rules 
files with an 
older.conf file ;)


At 02:41 PM 6/21/2002 -0400, Jason Gauthier wrote:

I understand now.

The rules supplied separately have variables supplied for the ports.
The rules supplied with the distribution have them staticly entered.

Thanks a lot!

-----Original Message-----
From: Slighter, Tim [mailto:tslighter () itc nrcs usda gov]
Sent: Friday, June 21, 2002 2:36 PM
To: 'Jason Gauthier'; snort-users () lists sourceforge net
Subject: RE: [Snort-users] Snort rules touble.


Just like Matt Kettler said,  and pretty sure he is right.

You need to

stick with the rules that come with the 1.86 build and NOT use the
snortrules.tar.gz



-------------------------------------------------------
Sponsored by:
ThinkGeek at http://www.ThinkGeek.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

RE: Snort rules touble., (continued)
- - RE: Snort rules touble. Erek Adams (Jun 21)
- RE: Snort rules touble. Jason Gauthier (Jun 21)
  - RE: Snort rules touble. Matt Kettler (Jun 21)
- RE: Snort rules touble. Slighter, Tim (Jun 21)
- RE: Snort rules touble. Slighter, Tim (Jun 21)
  - RE: Snort rules touble. Erek Adams (Jun 21)
    - RE: Snort rules touble. Andreas Östling (Jun 21)
    - RE: Snort rules touble. Erek Adams (Jun 21)
- RE: Snort rules touble. Slighter, Tim (Jun 21)
  - RE: Snort rules touble. Erek Adams (Jun 21)
- RE: Snort rules touble. Jason Gauthier (Jun 21)