Snort mailing list archives
Re: FYI: Empty IP used either as source IP or as destination IP in a rule. IP list: [].
From: Matt Jonkman <jonkman () jonkmans com>
Date: Tue, 28 Apr 2009 12:37:36 -0400
Ought to be IMHO :) The error is fixed up, thanks all for the notification! Matt Joel Esler wrote:
Nice. Then I'd rather see these rules used there instead of in Snort. Snort is not a firewall. J On Tue, Apr 28, 2009 at 10:16 AM, Shirk Dog <shirkdog_list () hotmail com <mailto:shirkdog_list () hotmail com>> wrote: Get with it finchy. http://www.emergingthreats.net/fwrules/ Shirkdog ' or 1=1-- http://www.shirkdog.us ------------------------------------------------------------------------ Date: Tue, 28 Apr 2009 09:15:42 -0400 From: jesler () sourcefire com <mailto:jesler () sourcefire com> To: jlay () slave-tothe-box net <mailto:jlay () slave-tothe-box net> CC: snort-users () lists sourceforge net <mailto:snort-users () lists sourceforge net> Subject: Re: [Snort-users] FYI: Empty IP used either as source IP or as destination IP in a rule. IP list: []. On Tue, Apr 28, 2009 at 8:54 AM, James Lay <jlay () slave-tothe-box net> wrote: Ruleset gets updated at midnight: Apr 28 06:29:52 gateway snort[12383]: FATAL ERROR: > /chroot/snort/etc/snort/rules/emerging-drop.rules(49) => Empty IP used either as source IP or as destination IP in a rule. IP list: []. This is an emerging threats rule, so they'll see this email. However, I'd still love to see these IP lists developed into Firewall rules for different Firewalls, or even routers. People could then utilize the proper device to drop the traffic to and from these IPs instead of trying to use an IPS as a firewall. This has needed to be done for a long time coming now. -- joel esler | Sourcefire | gtalk: jesler () sourcefire com | 302-223-5974 | http://twitter.com/joelesler ------------------------------------------------------------------------ Windows Live™ SkyDrive™: Get 25 GB of free online storage. Check it out. <http://windowslive.com/online/skydrive?ocid=TXT_TAGLM_WL_skydrive_042009> ------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net <mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users <https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users> list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users -- joel esler | Sourcefire | gtalk: jesler () sourcefire com <mailto:jesler () sourcefire com> | 302-223-5974 | http://twitter.com/joelesler ------------------------------------------------------------------------ ------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf ------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- -------------------------------------------- Matthew Jonkman Emerging Threats Phone 765-429-0398 Fax 312-264-0205 http://www.emergingthreats.net -------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc ------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- FYI: Empty IP used either as source IP or as destination IP in a rule. IP list: []. James Lay (Apr 28)
- Re: FYI: Empty IP used either as source IP or as destination IP in a rule. IP list: []. Joel Esler (Apr 28)
- Re: FYI: Empty IP used either as source IP or as destination IP in a rule. IP list: []. Shirk Dog (Apr 28)
- Re: FYI: Empty IP used either as source IP or as destination IP in a rule. IP list: []. Joel Esler (Apr 28)
- Re: FYI: Empty IP used either as source IP or as destination IP in a rule. IP list: []. Jason Brvenik (Apr 28)
- Re: FYI: Empty IP used either as source IP or as destination IP in a rule. IP list: []. Matt Jonkman (Apr 28)
- Re: FYI: Empty IP used either as source IP or as destination IP in a rule. IP list: []. Matt Jonkman (Apr 28)
- Re: FYI: Empty IP used either as source IP or as destination IP in a rule. IP list: []. Shirk Dog (Apr 28)
- Re: FYI: Empty IP used either as source IP or as destination IP in a rule. IP list: []. Joel Esler (Apr 28)