Snort mailing list archives
Re: Problems with new pulledpork 0.6.0 version
From: Kevin Ross <kevross33 () googlemail com>
Date: Tue, 29 Mar 2011 11:09:04 +0100
I am getting the same. It seems to be linked to if you put text in your list of sids for disable/enable etc. i.e ET-scada.rules or whatever. If you remove it and leave only sid listings it runs fine. On 29 March 2011 09:44, carlopmart <carlopmart () gmail com> wrote:
Hi all, I am testing new pulledpork 0.6.0 version (I didn't have used previously), and I have found some problems. First Test: I have configured an empty disabled.conf and result is: Rule Stats.... New:-------0 Deleted:---0 Enabled Rules:----17759 Dropped Rules:----0 Disabled Rules:---13820 Total Rules:------31579 Done Please review /tmp/sid_changes_prod.log for additional details Fly Piggy Fly! Why pulledpork disables 13820 rules?? I have commented out ips_policy Second Test: In disablesid.conf I have disable some categories: ET-emerging-mobile_malware,ET-emerging-scada,ET-emerging-voip,ET- emerging-web_client,ET-emerging-web_server,ET-emerging-web_specific_apps,VRT-deleted,VRT-experimental,VRT-local,VRT-nntp,VRT-scada,VRT-web-activex,VRT-web-attacks,VRT-web-cgi,VRT-web-client,VRT-web-coldfusion,VRT-web-frontpage,VRT-web-iis,VRT-web-misc,VRT-web-php ... And the result is: Rule Stats.... New:-------0 Deleted:---0 Enabled Rules:----0 Dropped Rules:----0 Disabled Rules:---31579 Total Rules:------31579 Done Please review /tmp/sid_changes_prod.log for additional details Fly Piggy Fly! ALL rules are disabled!!!. Why?? And a lot of errors are produced: Argument "web-activex" isn't numeric in numeric eq (==) at /usr/local/bin/pulledpork.pl line 844. Argument "exploit" isn't numeric in numeric eq (==) at /usr/local/bin/pulledpork.pl line 844. Argument "exploit" isn't numeric in numeric eq (==) at /usr/local/bin/pulledpork.pl line 844. Argument "web-client" isn't numeric in numeric eq (==) at /usr/local/bin/pulledpork.pl line 844. Argument "web-activex" isn't numeric in numeric eq (==) at /usr/local/bin/pulledpork.pl line 844. Argument "web-client" isn't numeric in numeric eq (==) at /usr/local/bin/pulledpork.pl line 844. Argument "web-activex" isn't numeric in numeric eq (==) at /usr/local/bin/pulledpork.pl line 844. Argument "web-activex" isn't numeric in numeric eq (==) at /usr/local/bin/pulledpork.pl line 844. Argument "netbios" isn't numeric in numeric eq (==) at /usr/local/bin/pulledpork.pl line 844. Argument "netbios" isn't numeric in numeric eq (==) at /usr/local/bin/pulledpork.pl line 844. Argument "preprocessor" isn't numeric in numeric eq (==) at /usr/local/bin/pulledpork.pl line 844. Argument "preprocessor" isn't numeric in numeric eq (==) at /usr/local/bin/pulledpork.pl line 844. Argument "sensitive-data" isn't numeric in numeric eq (==) at /usr/local/bin/pulledpork.pl line 844. Argument "sensitive-data" isn't numeric in numeric eq (==) at /usr/local/bin/pulledpork.pl line 844. Argument "sensitive-data" isn't numeric in numeric eq (==) at /usr/local/bin/pulledpork.pl line 844. Argument "sensitive-data" isn't numeric in numeric eq (==) at /usr/local/bin/pulledpork.pl line 844. Argument "sensitive-data" isn't numeric in numeric eq (==) at /usr/local/bin/pulledpork.pl line 844. Argument "preprocessor" isn't numeric in numeric eq (==) at /usr/local/bin/pulledpork.pl line 844. Argument "preprocessor" isn't numeric in numeric eq (==) at /usr/local/bin/pulledpork.pl line 844. Argument "preprocessor" isn't numeric in numeric eq (==) at /usr/local/bin/pulledpork.pl line 844. Argument "preprocessor" isn't numeric in numeric eq (==) at /usr/local/bin/pulledpork.pl line 844. Argument "preprocessor" isn't numeric in numeric eq (==) at /usr/local/bin/pulledpork.pl line 844. Argument "preprocessor" isn't numeric in numeric eq (==) at /usr/local/bin/pulledpork.pl line 844. Argument "preprocessor" isn't numeric in numeric eq (==) at /usr/local/bin/pulledpork.pl line 844. What am I doing wrong?? Thanks. -- CL Martinez carlopmart {at} gmail {d0t} com ------------------------------------------------------------------------------ Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Problems with new pulledpork 0.6.0 version carlopmart (Mar 29)
- Re: Problems with new pulledpork 0.6.0 version Kevin Ross (Mar 29)
- Re: Problems with new pulledpork 0.6.0 version carlopmart (Mar 29)
- Re: [Emerging-Sigs] Problems with new pulledpork 0.6.0 version Kevin Ross (Mar 29)
- Re: [Emerging-Sigs] Problems with new pulledpork 0.6.0 version carlopmart (Mar 29)
- Re: [Emerging-Sigs] Problems with new pulledpork 0.6.0 version Joel Esler (Mar 29)
- Re: [Emerging-Sigs] Problems with new pulledpork 0.6.0 version JJC (Mar 29)
- Re: [Emerging-Sigs] Problems with new pulledpork 0.6.0 version JJC (Mar 29)
- Re: [Emerging-Sigs] Problems with new pulledpork 0.6.0 version JJC (Mar 29)
- Re: Problems with new pulledpork 0.6.0 version carlopmart (Mar 29)
- Re: Problems with new pulledpork 0.6.0 version Kevin Ross (Mar 29)