Snort mailing list archives
problem with acivate/dynamic rule: WARNING: an activation rule with no dynamic rules matched!
From: Nicolas Dresse <nibicus () perso be>
Date: Tue, 20 Apr 2004 09:50:29 +0200
hi, I have a problem with activate/dynamic rules. I whish to detect a special sequence of packets : ICMP echo packet followed by a mal-formated UDP packet. My config file : ---------------------------------------------------------------- activate icmp any any -> any any (msg:"Groupe 1> icmp echo taille
56"; dsize:>56; activates: 1;)
dynamic udp any any -> any 53 (activated_by: 1; classtype:bad-unknown; count: 3;) ----------------------------------------------------------------- I try it with: Snort Version 2.1.0 (Build 9) Snort Version 1.9.0 (Build 209) And each time I receive : WARNING: an activation rule with no dynamic rules matched! Could someone help me ? I'll be greatfull. --------------------------------------------- Protect your mails from viruses thanks to Perso Premium services http://www.perso.be ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- problem with acivate/dynamic rule: WARNING: an activation rule with no dynamic rules matched! Nicolas Dresse (Apr 20)