Snort mailing list archives

Problems with new pulledpork 0.6.0 version

From: carlopmart <carlopmart () gmail com>
Date: Tue, 29 Mar 2011 10:44:35 +0200

Hi all,

  I am testing new pulledpork 0.6.0 version (I didn't have used 
previously), and I have found some problems.

  First Test: I have configured an empty disabled.conf and result is:

Rule Stats....
        New:-------0
        Deleted:---0
        Enabled Rules:----17759
        Dropped Rules:----0
        Disabled Rules:---13820
        Total Rules:------31579
        Done
Please review /tmp/sid_changes_prod.log for additional details
Fly Piggy Fly!

  Why pulledpork disables 13820 rules?? I have commented out ips_policy


Second Test: In disablesid.conf I have disable some categories: 
ET-emerging-mobile_malware,ET-emerging-scada,ET-emerging-voip,ET-
emerging-web_client,ET-emerging-web_server,ET-emerging-web_specific_apps,VRT-deleted,VRT-experimental,VRT-local,VRT-nntp,VRT-scada,VRT-web-activex,VRT-web-attacks,VRT-web-cgi,VRT-web-client,VRT-web-coldfusion,VRT-web-frontpage,VRT-web-iis,VRT-web-misc,VRT-web-php
 
...

  And the result is:

Rule Stats....
        New:-------0
        Deleted:---0
        Enabled Rules:----0
        Dropped Rules:----0
        Disabled Rules:---31579
        Total Rules:------31579
        Done
Please review /tmp/sid_changes_prod.log for additional details
Fly Piggy Fly!

  ALL rules are disabled!!!. Why??


And a lot of errors are produced:

Argument "web-activex" isn't numeric in numeric eq (==) at 
/usr/local/bin/pulledpork.pl line 844.
Argument "exploit" isn't numeric in numeric eq (==) at 
/usr/local/bin/pulledpork.pl line 844.
Argument "exploit" isn't numeric in numeric eq (==) at 
/usr/local/bin/pulledpork.pl line 844.
Argument "web-client" isn't numeric in numeric eq (==) at 
/usr/local/bin/pulledpork.pl line 844.
Argument "web-activex" isn't numeric in numeric eq (==) at 
/usr/local/bin/pulledpork.pl line 844.
Argument "web-client" isn't numeric in numeric eq (==) at 
/usr/local/bin/pulledpork.pl line 844.
Argument "web-activex" isn't numeric in numeric eq (==) at 
/usr/local/bin/pulledpork.pl line 844.
Argument "web-activex" isn't numeric in numeric eq (==) at 
/usr/local/bin/pulledpork.pl line 844.
Argument "netbios" isn't numeric in numeric eq (==) at 
/usr/local/bin/pulledpork.pl line 844.
Argument "netbios" isn't numeric in numeric eq (==) at 
/usr/local/bin/pulledpork.pl line 844.
Argument "preprocessor" isn't numeric in numeric eq (==) at 
/usr/local/bin/pulledpork.pl line 844.
Argument "preprocessor" isn't numeric in numeric eq (==) at 
/usr/local/bin/pulledpork.pl line 844.
Argument "sensitive-data" isn't numeric in numeric eq (==) at 
/usr/local/bin/pulledpork.pl line 844.
Argument "sensitive-data" isn't numeric in numeric eq (==) at 
/usr/local/bin/pulledpork.pl line 844.
Argument "sensitive-data" isn't numeric in numeric eq (==) at 
/usr/local/bin/pulledpork.pl line 844.
Argument "sensitive-data" isn't numeric in numeric eq (==) at 
/usr/local/bin/pulledpork.pl line 844.
Argument "sensitive-data" isn't numeric in numeric eq (==) at 
/usr/local/bin/pulledpork.pl line 844.
Argument "preprocessor" isn't numeric in numeric eq (==) at 
/usr/local/bin/pulledpork.pl line 844.
Argument "preprocessor" isn't numeric in numeric eq (==) at 
/usr/local/bin/pulledpork.pl line 844.
Argument "preprocessor" isn't numeric in numeric eq (==) at 
/usr/local/bin/pulledpork.pl line 844.
Argument "preprocessor" isn't numeric in numeric eq (==) at 
/usr/local/bin/pulledpork.pl line 844.
Argument "preprocessor" isn't numeric in numeric eq (==) at 
/usr/local/bin/pulledpork.pl line 844.
Argument "preprocessor" isn't numeric in numeric eq (==) at 
/usr/local/bin/pulledpork.pl line 844.
Argument "preprocessor" isn't numeric in numeric eq (==) at 
/usr/local/bin/pulledpork.pl line 844.

  What am I doing wrong??

  Thanks.
-- 
CL Martinez
carlopmart {at} gmail {d0t} com

------------------------------------------------------------------------------
Enable your software for Intel(R) Active Management Technology to meet the
growing manageability and security demands of your customers. Businesses
are taking advantage of Intel(R) vPro (TM) technology - will your software 
be a part of the solution? Download the Intel(R) Manageability Checker 
today! http://p.sf.net/sfu/intel-dev2devmar
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Problems with new pulledpork 0.6.0 version carlopmart (Mar 29)
- Re: Problems with new pulledpork 0.6.0 version Kevin Ross (Mar 29)
  - Re: Problems with new pulledpork 0.6.0 version carlopmart (Mar 29)
    - Re: [Emerging-Sigs] Problems with new pulledpork 0.6.0 version Kevin Ross (Mar 29)
    - Re: [Emerging-Sigs] Problems with new pulledpork 0.6.0 version carlopmart (Mar 29)
    - Re: [Emerging-Sigs] Problems with new pulledpork 0.6.0 version Joel Esler (Mar 29)
    - Re: [Emerging-Sigs] Problems with new pulledpork 0.6.0 version JJC (Mar 29)
    - Re: [Emerging-Sigs] Problems with new pulledpork 0.6.0 version JJC (Mar 29)
    - Re: [Emerging-Sigs] Problems with new pulledpork 0.6.0 version JJC (Mar 29)