Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-users] Snort 2.6.1 Beta 2 Question (snort_dynamicrule/)

from [Justin Heath] Network Security [Permanent Link]
Subject: Re: [Snort-users] Snort 2.6.1 Beta 2 Question (snort_dynamicrule/)
Date: Mon, 30 Oct 2006 15:16:48 -0500 
In case anyone is interested you can grab the current so rules from
the current VRT rulepack.

so_rules/bad-traffic.c
so_rules/dos.c
so_rules/exploit.c
so_rules/p2p.c

Cheers,
Justin

On 10/30/06, Justin Heath <justin.heath@gmail.com> wrote:

No problem.

Nope, it's just an example.

Also, if you don't have any dynamic rules enabled you don't need the dynamic
engine turned on.


Cheers,
Justin


On 10/30/06, Eric Hines <eric.hines@appliedwatch.com> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ahh thanks. So its commented out by default and at some point the
comment was removed from my file.

So Sourcefire isn't going to create and distribute this example .SO file?

Best Regards,

Eric Hines, GCIA, CISSP
CEO, President
Applied Watch Technologies, LLC
1095 Pingree Road
Suite 221
Crystal Lake, IL 60014
Toll Free: (877) 262-7593
Fax: (847) 854-5106
Cell: (847) 456-6785
Web: www.appliedwatch.com



Justin Heath wrote:

It looks like you are trying to load an example dynamic rule. This is
purely an example for those who want to create an example rule it is not
meant to be loaded.

On 10/30/06, * Eric Hines* <eric.hines@appliedwatch.com
<mailto:eric.hines@appliedwatch.com >> wrote:

All,

Has anyone here moved from Snort 2.6.0.x to Snort 2.6.1 yet? By default,
the following dynamic directories are created in /usr/local/lib:

/usr/local/lib/snort_dynamicengine
/usr/local/lib/snort_dynamicpreprocessor

However, when enabling all of the options in the new DNS Preprocessor it
causes Snort to fail with the error:

Rule application order:


->activation->dynamic->pass->drop->sdrop->reject->alert->log

Log directory =


/usr/local/appliedwatch/agent/data/agent.RyupiI/var/snort/log

Loading dynamic engine
/usr/local/lib/snort_dynamicengine/libsf_engine.so...

done

Loading all dynamic detection libs from
/usr/local/lib/snort_dynamicrule/...
Warning: Directory /usr/local/lib/snort_dynamicrule/

does not exist!

  Finished Loading all dynamic detection libs from
/usr/local/lib/snort_dynamicrule/
Loading dynamic detection library


/usr/local/lib/snort_dynamicrule/libdynamicexamplerule.so...
ERROR:

Failed to load


/usr/local/lib/snort_dynamicrule/libdynamicexamplerule.so:



/usr/local/lib/snort_dynamicrule/libdynamicexamplerule.so:
cannot open

shared object file: No such file or directory
Fatal Error, Quitting..



The odd thing is that the

/usr/local/lib/snort_dynamicrule directory is

not created during the Snort installation. Fine if the directory must be
created manually, but where do I get the libdynamicexamplerule.so
file from?






-

-------------------------------------------------------------------------


Using Tomcat but need to do more? Need to support web services,
security?
Get stuff done quickly with pre-integrated technology to make your
job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache
Geronimo


http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642



<http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642


_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
<mailto: Snort-users@lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org



iD8DBQFFRkS71va6QYTV0EMRAltQAJwI19sp0kt/NhE8xthjEYRNC85BiACgmMbk

pExInptoRbWzgFnLdFWW4iM=
=oBNL
-----END PGP SIGNATURE-----






-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Snort-users] Snort 2.6.1 Beta 2 Question (snort_dynamicrule/), Justin Heath
Next by Date:  [Snort-users] Incorrect SID 108, Ian Masters
Previous by Thread:  Re: [Snort-users] Snort 2.6.1 Beta 2 Question (snort_dynamicrule/), Justin Heath
Next by Thread:  [Snort-users] Snort-2.6.0.2 on FC6 fail to log Nmap TCP portscans., Daniel
Indexes:  [Date] [Thread] [Top] [All Lists]