Snort mailing list archives
Compile problems with SNOT
From: "Eric Hines" <loki () fatelabs com>
Date: Fri, 18 Jul 2003 23:02:30 -0500
We are having trouble compiling the latest version of SNOT. Has anyone seen this before or know what we can do to fix the issue? Is their another tool that some of you prefer over SNOT? STICK seems out of date and unsupported. I believe the latest file we saw was updated in 1997. SNOT seems to be the most recent tool for something remotely close to an IDS benchmarking tool available. [root@cvs snot-0.92a]# uname -a Redhat 8.0 Linux testbed.appliedwatch.com 2.4.18-14 #1 Wed Sep 4 12:13:11 EDT 2002 i686 athlon i386 GNU/Linux [root@testbed snot-0.92a]# make cc `sh /usr/bin/libnet-config --defines` -c -o snot_parse_rules.o snot_parse_rules.c snot_parse_rules.c: In function `parse_rules': snot_parse_rules.c:894: `LIBNET_PACKET' undeclared (first use in this function) snot_parse_rules.c:894: (Each undeclared identifier is reported only once snot_parse_rules.c:894: for each function it appears in.) snot_parse_rules.c:1510:21: warning: no newline at end of file make: *** [snot_parse_rules.o] Error 1 [root@testbed snot-0.92a]# Regards, Eric Hines CEO, Chairman =============================================== Eric Hines CEO, Chairman Applied Watch Technologies, Inc. eric.hines () appliedwatch com ----------------------------------------------- Corporate Headquarters 1650 Carlemont Dr. Suite D Crystal Lake, IL. 60014 ----------------------------------------------- Direct Toll Free: (877) 262-7593 (x327) Fax: (815) 425-2173 ----------------------------------------------- Main Switchboard: (877) 262-7593 (9am-5pm CST) Commercial Sales: (877) 262-7593 (opt1) Government Sales: (877) 262-7593 (opt2) =============================================== -----Original Message----- From: Brian [mailto:bmc () snort org] Sent: Friday, July 18, 2003 12:50 PM To: Compton, Rich Cc: 'snort-sigs () lists sourceforge net'; Snort-users () lists sourceforge net Subject: [Snort-sigs] Re: [Snort-users] Suggested Sig for Cisco DOS Vulnerability FYI, we've released "official" sigs for the cisco DOS. I've been informed that Sourceforge's anoncvs server is 24 hours behind the cvs server we (the developers) commit to. alert ip any any -> any any (msg:"BAD-TRAFFIC IP Proto 53 (SWIPE)"; ip_proto:53; reference:bugtraq,8211; reference:cve,CAN-2003-0567; classtype:non-standard-protocol; sid:2186; rev:1;) alert ip any any -> any any (msg:"BAD-TRAFFIC IP Proto 55 (IP Mobility)"; ip_proto:55; reference:bugtraq,8211; reference:cve,CAN-2003-0567; classtype:non-standard-protocol; sid:2187; rev:1;) alert ip any any -> any any (msg:"BAD-TRAFFIC IP Proto 77 (Sun ND)"; ip_proto:77; reference:bugtraq,8211; reference:cve,CAN-2003-0567; classtype:non-standard-protocol; sid:2188; rev:1;) alert ip any any -> any any (msg:"BAD-TRAFFIC IP Proto 103 (PIM)"; ip_proto:103; reference:bugtraq,8211; reference:cve,CAN-2003-0567; classtype:non-standard-protocol; sid:2189; rev:1;) -brian ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Suggested Sig for Cisco DOS Vulnerability Compton, Rich (Jul 18)
- Re: Suggested Sig for Cisco DOS Vulnerability Muenz, Michael (Jul 18)
- Re: [Snort-sigs] Suggested Sig for Cisco DOS Vulnerability Michael Scheidell (Jul 18)
- RE: [Snort-sigs] Suggested Sig for Cisco DOS Vulnerability Eric Hines (Jul 18)
- Re: Suggested Sig for Cisco DOS Vulnerability Brian (Jul 18)
- Compile problems with SNOT Eric Hines (Jul 18)