Snort mailing list archives
Re: Broken snort rule
From: Matt Jonkman <jonkman () jonkmans com>
Date: Tue, 07 Oct 2008 17:16:42 -0400
How about unescaped colons and semicolons, etc? Thanks for the info Matt. I hadn't seen that option. Time to upgrade. Matt Matt Olney wrote:
Actually, in snort 2.8.3.3 <http://2.8.3.3>, the -x control: -x Exit if Snort configuration problems occur will fail out on many common rule problems. For example, duplicate sids. Matt On Tue, Oct 7, 2008 at 2:30 PM, Paul Schmehl <pauls () utdallas edu <mailto:pauls () utdallas edu>> wrote: --On Tuesday, October 07, 2008 11:48:45 -0500 Matt Jonkman <jonkman () jonkmans com <mailto:jonkman () jonkmans com>> wrote: Cool, I had stopped testing of the autogenerated rules because it didn't seem to be of much use. Will turn that back on. Is there an easy way to parse the other rules though for more subtle errors? Or force verbosity to get it to tell us about rules ignored? does # snort -Tvvvvvv not do the trick? -- Paul Schmehl (pauls () utdallas edu <mailto:pauls () utdallas edu>) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/
-- -------------------------------------------- Matthew Jonkman Emerging Threats Phone 765-429-0398 Fax 312-264-0205 http://www.emergingthreats.net -------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Broken snort rule James Lay (Oct 07)
- Re: Broken snort rule Matt Jonkman (Oct 07)
- Re: Broken snort rule Brian Caswell (Oct 07)
- Re: Broken snort rule Matt Jonkman (Oct 07)
- Re: Broken snort rule Matt Olney (Oct 07)
- Re: Broken snort rule Matt Jonkman (Oct 07)
- Message not available
- Re: Broken snort rule Matt Olney (Oct 07)
- Re: Broken snort rule Matt Olney (Oct 07)
- Re: Broken snort rule Matt Jonkman (Oct 07)
- Message not available
- Re: Broken snort rule Matt Jonkman (Oct 07)
- Re: Broken snort rule Brian Caswell (Oct 07)
- Re: Broken snort rule Markus Lude (Oct 07)
- Re: Broken snort rule Matt Jonkman (Oct 07)