Snort mailing list archives
Re: Snort 1.8.7 & new rules
From: Michael Boman <michael.boman () securecirt com>
Date: Tue, 19 Nov 2002 19:54:40 +0800
On Tue, Nov 19, 2002 at 12:32:33PM +0100, Cassani Alexio wrote:
Hi all, I've installed Snort 1.8.7 on a win2000 server (I've followed the docs at Silicon Defense), everything is fine, it's all functioning but if I update the rules with the last ones I got errors when snort is starting. It seems to be runtime error, the first I get is: bad-traffic.rules(20) => Bad protocol name ">134" I've replaced the new bad-traffic.rules with the old one and I get another error in the exploit.rules... The question is: can I hope to have a Snort 1.8.7 up&running&...updated?
yes, yes and no (or, if you spend the time doing it). Basicly there is no updated rules for snort 1.8.x, and will probibly never be (except for the few that drops in on snort-sigs once in a while). My reccomendation is to go with 1.9 series, unless you have the time to back-port each and every new and updated rule from 1.9. From your error message I would say that you are missing some var's in your snort.conf (like $HTTP_SERVERS, $HOME and so on). Best regards Michael Boman -- Michael Boman Security Architect, SecureCiRT (A SBU of Z-Vance Pte Ltd) http://www.securecirt.com
Attachment:
_bin
Description:
Current thread:
- Snort 1.8.7 & new rules Cassani Alexio (Nov 19)
- Re: Snort 1.8.7 & new rules Michael Boman (Nov 19)
- <Possible follow-ups>
- RE: Snort 1.8.7 & new rules Cassani Alexio (Nov 19)