[Snort-users] Hi All,

This is a discussion on [Snort-users] Hi All, within the Snort forums, part of the System Security and Security Related category; --===============0194884492== Content-Type: multipart/alternative; boundary="=__Part9BB2D6E5.0__=" --=__Part9BB2D6E5.0__= Content-Type: text/plain; charset="us-ascii&...


Go Back   Usenet Forums > System Security and Security Related > Snort

Reload this Page [Snort-users] Hi All,

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 04-18-2008
Laurence Moughan
 
Posts: n/a
Default [Snort-users] Hi All,
--===============0194884492==
Content-Type: multipart/alternative; boundary="=__Part9BB2D6E5.0__="

--=__Part9BB2D6E5.0__=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hi All,
=20
=20
Solaris 8 - Snort 2.8=20


Apr 17 16:39:31 obeids01 snort[19974]: [ID 379120 daemon.error] FATAL ERROR=
: /usr/local/etc/snort/./rules/bad-traffic.rules(28: Cannot check flow conn=
ection for non-TCP traffic=20


I Manged to get past that by commenting the udp lines, but then the next ru=
leset is same,=20
and the next=20
and the next
=20
I can't just copmment nearly every rule !!

is theer a fix for this ?=20

Apr 17 17:01:54 obeids01 snort[21890]: [ID 379120 daemon.error] FATAL ERROR=
: /usr/local/etc/snort/./rules/rpc.rules(33): Cannot check flow connection =
for non-TCP traffic
=20
Any ideas ?=20

I'm using the latest 2.8 rule set ( registered users )=20

,,_ -*> Snort! <*-=20
o" )~ Version 2.8.0 (Build 67)=20
'''' By Martin Roesch & The Snort Team: http://www.snort.org/team.html=20
(C) Copyright 1998-2007 Sourcefire Inc., et al.=20
Using PCRE version: 4.5 01-December-2003=20



...For low fares and great deals on hotels, car hire and travel insurance vi=
sit http://www.aerlingus.com
************************************************** *************************=
****
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. Any review, dissemination or other use of, or taking
of any action in reliance upon, this information by persons or entities
other than the intended recipient is prohibited.If you have received
this email in error please notify the sender immediately and delete
the material.=20
************************************************** *************************=
****
Aer Lingus Limited
Registered in Ireland
Company Number 9215
Registered Office at Dublin Airport, Dublin,Ireland.
************************************************** *************************=
****


--=__Part9BB2D6E5.0__=
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Description: HTML

<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.2963" name=3DGENERATOR></HEAD>
<BODY style=3D"MARGIN: 4px 4px 1px; FONT: 10pt Tahoma">
<DIV>Hi All,</DIV>
<DIV>&nbsp;</DIV>
<DIV>&nbsp;</DIV>
<DIV>&nbsp;Solaris 8 - Snort 2.8 <BR><BR><BR>Apr 17 16:39:31 obeids01 snort=
[19974]: [ID 379120 daemon.error] FATAL ERROR: /usr/local/etc/snort/./rules=
/bad-traffic.rules(28: Cannot check flow connection for non-TCP traffic <BR=
><BR></DIV>
<DIV>I Manged to get past that by commenting the udp lines, but then the ne=
xt ruleset is same, </DIV>
<DIV>and the next </DIV>
<DIV>and the next</DIV>
<DIV>&nbsp;</DIV>
<DIV>I can't just copmment nearly every rule !!<BR><BR>is theer a fix for t=
his ? <BR><BR>Apr 17 17:01:54 obeids01 snort[21890]: [ID 379120 daemon.erro=
r] FATAL ERROR: /usr/local/etc/snort/./rules/rpc.rules(33): Cannot check fl=
ow connection for non-TCP traffic</DIV>
<DIV>&nbsp;</DIV>
<DIV>Any ideas ? <BR><BR>I'm using the latest 2.8 rule set ( registered use=
rs ) <BR><BR>,,_ -*&gt; Snort! &lt;*- <BR>o" )~ Version 2.8.0 (Build 67) <B=
R>'''' By Martin Roesch &amp; The Snort Team: http://www.snort.org/team.htm=
l <BR>(C) Copyright 1998-2007 Sourcefire Inc., et al. <BR>Using PCRE versio=
n: 4.5 01-December-2003 </DIV>
<p><span style=3D"font-family:'Arial';font-size:10pt;">&nbsp;</span></p>
<p><span style=3D"font-family:'Arial';font-size:8pt;">..For low fares and g=
reat deals on hotels, car hire and travel insurance visit http://www.aerlin=
gus.com</span></p>
<p><span style=3D"font-family:'Arial';font-size:8pt;">*********************=
************************************************** ********</span></p>
<p><span style=3D"font-family:'Arial';font-size:8pt;">This email and any fi=
les transmitted with it are confidential and</span></p>
<p><span style=3D"font-family:'Arial';font-size:8pt;">intended solely for t=
he use of the individual or entity to whom they</span></p>
<p><span style=3D"font-family:'Arial';font-size:8pt;">are addressed. Any r=
eview, dissemination or other use of, or taking</span></p>
<p><span style=3D"font-family:'Arial';font-size:8pt;">of any action in reli=
ance upon, this information by persons or entities</span></p>
<p><span style=3D"font-family:'Arial';font-size:8pt;">other than the intend=
ed recipient is prohibited.If you have received</span></p>
<p><span style=3D"font-family:'Arial';font-size:8pt;">this email in error p=
lease notify the sender immediately and delete</span></p>
<p><span style=3D"font-family:'Arial';font-size:8pt;">the material. </span>=
</p>
<p><span style=3D"font-family:'Arial';font-size:8pt;">*********************=
************************************************** ********</span></p>
<p><span style=3D"font-family:'Arial';font-size:8pt;">Aer Lingus Limited</s=
pan></p>
<p><span style=3D"font-family:'Arial';font-size:8pt;">Registered in Ireland=
</span></p>
<p><span style=3D"font-family:'Arial';font-size:8pt;">Company Number 9215</=
span></p>
<p><span style=3D"font-family:'Arial';font-size:8pt;">Registered Office at =
Dublin Airport, Dublin,Ireland.</span></p>
<p><span style=3D"font-family:'Arial';font-size:8pt;">*********************=
************************************************** ********</span></p>
<p><span style=3D"font-family:'Arial';font-size:8pt;">&nbsp;</span></p></BO=
DY></HTML>

--=__Part9BB2D6E5.0__=--


--===============0194884492==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757...un.com/javaone
--===============0194884492==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users
--===============0194884492==--

Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 01:26 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0