Snort mailing list archives
Re: Two missing for scan
From: DFIRob via Snort-sigs <snort-sigs () lists snort org>
Date: Mon, 18 Jun 2018 23:43:12 +0200
Well, look for the (commented out) rules that set the ms_sql_seen_dns flowbit and uncomment them, and look for rules that check the other one and uncomment them as well. Or do the opposite. http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node33.html#SECTION004610000000000000000 Anyway, this error is non blocking and unless those rules are essential to you you could as well let them slide. -Rob' On Fri, Jun 15, 2018 at 10:04 PM Dorian ROSSE <dorianbrice () hotmail fr> wrote:
Dear IT Snort Community, This is my error when I try to launch a scan : WARNING: flowbits key 'ms_sql_seen_dns' is checked but not ever set. WARNING: flowbits key 'smb.tree.create.llsrpc' is set but not ever checked. How to repair this two problems for do a scan ? I was follow this link : http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node6.html Thank you in advance to repair my two errors, Regards. Dorian ROSSE. _______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Two missing for scan Dorian ROSSE (Jun 15)
- Re: Two missing for scan DFIRob via Snort-sigs (Jun 18)