This is strange but the problem reappeared. I removed all instances of
"any" in the variables. Now I am getting the following:
ERROR: Warning: /etc/snort/snort.eth1.conf(1077) => Unknown keyword '
(msg' in rule!
Fatal Error, Quitting..
I fixed the rule (seems like it was a bad rule from bleeding snort).
THat went away but now I get:
ERROR: /etc/snort/snort.eth1.conf(1148) => getservbyname() failed on "any"
Fatal Error, Quitting..
That line is:
alert tcp $HOME_NET !$HTTP_PORTS -> $EXTERNAL_NET 1639 ( sid: 2001430;
rev: 8; msg: "BLEEDING-EDGE WORM Bofra Victim Accessing Reactor
Page"; flow: from_client,established; content: "GET "; nocase;
content: "reactor"; nocase; reference:
url,us.mcafee.com/virusInfo/default.asp?id=description&virus_k=129631;
reference:
url,securityresponse.symantec.com/avcenter/venc/data/w32.bofra.e@mm.html;
classtype: trojan-activity; priority: 1;)
I am thinking that it could be due to my older snort version. Which is
Version 2.1.1 (Build 24).
Could it be bleeding snort rules would not work on that one?
Any help on this would be much appreciated.
-------------------------------------------------------
All the advantages of Linux Managed Hosting--Without the Cost and Risk!
Fully trained technicians. The highest number of Red Hat certifications in
the hosting industry. Fanatical Support. Click to learn more
http://sel.as-us.falkag.net/sel?cmd_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list
