|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Brian Caswell (bmc
mitre.org)Date: Tue Mar 06 2001 - 11:52:54 CST
Bob Staaf wrote:
> Have successfully got snort 1.7 running on my Red Hat 6.2 server and am
> now trying to get the latest rules running. I am getting the following
> error when my server starts up snortd. Any ideas?
>
> Mar 6 11:44:45 swshost snort: [!] ERROR /etc/snort/rules/exploit.rules(21)
> => Bad port number: "(msg:"EXPLOIT"
Are you sure you setup $HOME_NET, $SMTP, $EXTERNAL_NET correctly? I
just checked the latest ruleset again, and none of the exploit.rules are
missing a port number. In the initial release of the new rules, there
was a few broken rules that snuck through the cracks. (Sorry about
that) I thought we caught most of them and fixed them. I checked them
again, and couldn't find any without a DEST port.
Try downloading the full breakout again. If you find a flawed rule,
look at the line number of that file and e-mail it to me.
-- Brian Caswell The MITRE Corporation_______________________________________________ Snort-users mailing list Snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]