Re: Snort 1.8.7 & new rules

[Michael Boman <michael.boman () securecirt com>]

On Tue, Nov 19, 2002 at 12:32:33PM +0100, Cassani Alexio wrote:
> Hi all,
> I've installed Snort 1.8.7 on a win2000 server (I've followed the docs
> at Silicon Defense), everything is fine, it's all functioning but if I
> update the rules with the last ones I got errors when snort is starting.
> It seems to be runtime error, the first I get is: bad-traffic.rules(20)
> => Bad protocol name ">134"
> I've replaced the new bad-traffic.rules with the old one and I get
> another error in the exploit.rules...
>
> The question  is: can I hope to have a Snort 1.8.7
> up&running&...updated?

yes, yes and no (or, if you spend the time doing it). Basicly there is
no updated rules for snort 1.8.x, and will probibly never be (except for
the few that drops in on snort-sigs once in a while). My reccomendation
is to go with 1.9 series, unless you have the time to back-port each
and every new and updated rule from 1.9.

From your error message I would say that you are missing some var's in
your snort.conf (like $HTTP_SERVERS, $HOME and so on).

Best regards
 Michael Boman

-- 
Michael Boman
Security Architect, SecureCiRT (A SBU of Z-Vance Pte Ltd)
http://www.securecirt.com

Attachment: _bin
Description: