Snort mailing list archives
Re: FYI: Empty IP used either as source IP or as destination IP in a rule. IP list: [].
From: Jason Brvenik <jasonb () sourcefire com>
Date: Tue, 28 Apr 2009 13:39:01 -0400
I say use the tools you have to do the job you need when it needs to be done, just don't complain that the screws don't hold as well when you hammer them in. On Tue, Apr 28, 2009 at 1:21 PM, Joel Esler <jesler () sourcefire com> wrote:
Nice. Then I'd rather see these rules used there instead of in Snort. Snort is not a firewall. J On Tue, Apr 28, 2009 at 10:16 AM, Shirk Dog <shirkdog_list () hotmail com> wrote:Get with it finchy. http://www.emergingthreats.net/fwrules/ Shirkdog ' or 1=1-- http://www.shirkdog.us ________________________________ Date: Tue, 28 Apr 2009 09:15:42 -0400 From: jesler () sourcefire com To: jlay () slave-tothe-box net CC: snort-users () lists sourceforge net Subject: Re: [Snort-users] FYI: Empty IP used either as source IP or as destination IP in a rule. IP list: []. On Tue, Apr 28, 2009 at 8:54 AM, James Lay <jlay () slave-tothe-box net> wrote: Ruleset gets updated at midnight: Apr 28 06:29:52 gateway snort[12383]: FATAL ERROR: > /chroot/snort/etc/snort/rules/emerging-drop.rules(49) => Empty IP used either as source IP or as destination IP in a rule. IP list: []. This is an emerging threats rule, so they'll see this email. However, I'd still love to see these IP lists developed into Firewall rules for different Firewalls, or even routers. People could then utilize the proper device to drop the traffic to and from these IPs instead of trying to use an IPS as a firewall. This has needed to be done for a long time coming now. -- joel esler | Sourcefire | gtalk: jesler () sourcefire com | 302-223-5974 | http://twitter.com/joelesler ________________________________ Windows Live™ SkyDrive™: Get 25 GB of free online storage. Check it out. ------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users-- joel esler | Sourcefire | gtalk: jesler () sourcefire com | 302-223-5974 | http://twitter.com/joelesler ------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- FYI: Empty IP used either as source IP or as destination IP in a rule. IP list: []. James Lay (Apr 28)
- Re: FYI: Empty IP used either as source IP or as destination IP in a rule. IP list: []. Joel Esler (Apr 28)
- Re: FYI: Empty IP used either as source IP or as destination IP in a rule. IP list: []. Shirk Dog (Apr 28)
- Re: FYI: Empty IP used either as source IP or as destination IP in a rule. IP list: []. Joel Esler (Apr 28)
- Re: FYI: Empty IP used either as source IP or as destination IP in a rule. IP list: []. Jason Brvenik (Apr 28)
- Re: FYI: Empty IP used either as source IP or as destination IP in a rule. IP list: []. Matt Jonkman (Apr 28)
- Re: FYI: Empty IP used either as source IP or as destination IP in a rule. IP list: []. Matt Jonkman (Apr 28)
- Re: FYI: Empty IP used either as source IP or as destination IP in a rule. IP list: []. Shirk Dog (Apr 28)
- Re: FYI: Empty IP used either as source IP or as destination IP in a rule. IP list: []. Joel Esler (Apr 28)