Snort mailing list archives
snort2lua errors
From: koppfabi <FabianMalte.Kopp () b-tu de>
Date: Sun, 29 Jan 2017 15:18:08 +0100
Hello, I encountered an error while converting the snapshot rules to snort3 rules. from deleted.rules --[[ FAILED RULES CONVERSIONS: These rules has invalid rule options Failed to convert rule: alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"DELETED SPYWARE-PUT Hijacker comet systems runtime detection - update requests"; flow:to_server,established; content:"Host|3A| update.cc.cometsystems.com"; nocase; http_header; pcre:"/\x2F[^\s]*\.(dat|xml)\?[^\s]*v=[^\s]*t=[^\s]*c=/UiH"; reference:url,www.spywareguide.com/product_show.php?id=428; reference:url,www3.ca.com/securityadvisor/pest/pest.aspx?id=453088065; classtype:misc-activity; sid:5831; rev:8;) ^^^^ unknown_option=Two sticky buffers set for this regular expression! --]] from ftp.rules --[[ FAILED RULES CONVERSIONS: These rules has invalid rule options Failed to convert rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"PROTOCOL-FTP PORT bounce attempt"; flow:to_server,established; content:"PORT"; nocase; ftpbounce; pcre:"/^PORT/smi"; metadata:policy max-detect-ips drop, ruleset community, service ftp; reference:bugtraq,126; reference:cve,1999-0017; reference:nessus,10081; classtype:misc-attack; sid:3441; rev:13;) ^^^^ unknown_option=ftpbounce --]] also while loading rules into snort via -R snort encountered some errors (http://pastebin.com/5XY7skrr) all this was run with snort build 223 ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- snort2lua errors koppfabi (Jan 29)