Snort mailing list archives
Snort++ Problem with Rules
From: Jim Campbell <jim () w4bqp net>
Date: Wed, 9 Aug 2017 11:51:52 -0400
The current Subscription Rules cause Snort to error out. The specific rules are:
[3690] alert udp ![$SMTP_SERVERS,$DNS_SERVERS] any -> $DNS_SERVERS 53 ( msg:"ET DNS DNS Lookup for localhost.DOMAIN.TLD";... [5648] alert tcp !$SMTP_SERVERS any -> !$HOME_NET 25 ( msg:"ET POLICY Outbound Multiple Non-SMTP Server Emails";... [5659] alert tcp !$HOME_NET any -> $HOME_NET 25 ( msg:"ET POLICY Inbound Frequent Emails - Possible Spambot Inbound";...
This is the error Snort is outputting: ... Loading snort3.rules: ERROR: snort3.rules:3690 !any is not allowed: ![$SMTP_SERVERS,$DNS_SERVERS]. ERROR: snort3.rules:5648 !any is not allowed: !$SMTP_SERVERS. ERROR: snort3.rules:5648 !any is not allowed: !$HOME_NET. ERROR: snort3.rules:5659 !any is not allowed: !$HOME_NET. Finished snort3.rules. ... I'm commenting these rules (#alert...) until the problem is fixed. -- "We are not human beings having a spiritual experience; we are spiritual beings having a human experience." ---Pierre Teilhard de Chardin _______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort++ Problem with Rules Jim Campbell (Aug 09)
- Re: Snort++ Problem with Rules Joel Esler (jesler) via Snort-users (Aug 09)
- Re: Snort++ Problem with Rules wkitty42 (Aug 09)