Re: [Snort-users] FYI: Empty IP used either as source IP or
This is a discussion on Re: [Snort-users] FYI: Empty IP used either as source IP or within the Snort forums, part of the System Security and Security Related category; --===============4898560581305591353== Content-Type: multipart/alternative; boundary="_eac78639-e94c-48c5-82f2-eb9ea0ddcf7a_" --_eac78639-e94c-48c5-82f2-eb9ea0ddcf7a_ Content-Type: ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-28-2009
|
|||
|
|||
Re: [Snort-users] FYI: Empty IP used either as source IP or
--===============4898560581305591353==
Content-Type: multipart/alternative; boundary="_eac78639-e94c-48c5-82f2-eb9ea0ddcf7a_" --_eac78639-e94c-48c5-82f2-eb9ea0ddcf7a_ Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable Get with it finchy.=20 http://www.emergingthreats.net/fwrules/ Shirkdog ' or 1=3D1--=20 http://www.shirkdog.us Date: Tue=2C 28 Apr 2009 09:15:42 -0400 From: jesler@sourcefire.com To: jlay@slave-tothe-box.net CC: snort-users@lists.sourceforge.net Subject: Re: [Snort-users] FYI: Empty IP used either as source IP or as des= tination IP in a rule. IP list: []. On Tue=2C Apr 28=2C 2009 at 8:54 AM=2C James Lay <jlay@slave-tothe-box.net>= wrote: Ruleset gets updated at midnight: Apr 28 06:29:52 gateway snort[12383]: FATAL ERROR: > /chroot/snort/etc/snort/rules/emerging-drop.rules(49) =3D> Empty IP used either as source IP or as destination IP in a rule. IP list: []. This is an emerging threats rule=2C so they'll see this email. However=2C = I'd still love to see these IP lists developed into Firewall rules for diff= erent Firewalls=2C or even routers. People could then utilize the proper d= evice to drop the traffic to and from these IPs instead of trying to use an= IPS as a firewall. This has needed to be done for a long time coming now. --=20 joel esler | Sourcefire | gtalk: jesler@sourcefire.com | 302-223-5974 | htt= p://twitter.com/joelesler __________________________________________________ _______________ Windows Live=99 SkyDrive=99: Get 25 GB of free online storage. =20 http://windowslive.com/online/skydri...ydrive_042009= --_eac78639-e94c-48c5-82f2-eb9ea0ddcf7a_ Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable <html> <head> <style> ..hmmessage P { margin:0px=3B padding:0px } body.hmmessage { font-size: 10pt=3B font-family:Verdana } </style> </head> <body class=3D'hmmessage'> Get with it finchy. <br><br>http://www.emergingthreats.net/fwrules/<br><br>= Shirkdog<br>' or 1=3D1--=20 <br>http://www.shirkdog.us<br><br><br><br><hr id=3D"stopSpelling">Date: Tue= =2C 28 Apr 2009 09:15:42 -0400<br>From: jesler@sourcefire.com<br>To: jlay@s= lave-tothe-box.net<br>CC: snort-users@lists.sourceforge.net<br>Subject: Re:= [Snort-users] FYI: Empty IP used either as source IP or as destination IP = in a rule. IP list: [].<br><br><div class=3D"EC_gmail_quote">On Tue=2C Apr = 28=2C 2009 at 8:54 AM=2C James Lay <span dir=3D"ltr"><=3B<a>jlay@slave-to= the-box.net</a>>=3B</span> wrote:<br><blockquote class=3D"EC_gmail_quote"= style=3D"border-left: 1px solid rgb(204=2C 204=2C 204)=3B padding-left: 1e= x=3B"> Ruleset gets updated at midnight:<br> <br> <br> Apr 28 06:29:52 gateway snort[12383]: FATAL ERROR: >=3B<br> /chroot/snort/etc/snort/rules/emerging-drop.rules(49) =3D>=3B Empty IP us= ed<br> either as source IP or as destination IP in a rule. IP list: [].<br></block= quote></div><div><br></div>This is an emerging threats rule=2C so they'll s= ee this email.  =3BHowever=2C I'd still love to see these IP lists deve= loped into Firewall rules for different Firewalls=2C or even routers.  = =3BPeople could then utilize the proper device to drop the traffic to and f= rom these IPs instead of trying to use an IPS as a firewall.  =3BThis h= as needed to be done for a long time coming now.<div> <br clear=3D"all"><br>-- <br>joel esler | Sourcefire | gtalk: <a>jesler@sou= rcefire.com</a> | 302-223-5974 | <a>http://twitter.com/joelesler</a><br> </div><br /><hr />Windows Live=99 SkyDrive=99: Get 25 GB of free online sto= rage. <a href=3D'http://windowslive.com/online/skydrive?ocid=3DTXT_TAGLM_= WL_skydrive_042009' target=3D'_new'>Check it out.</a></body> </html>= --_eac78639-e94c-48c5-82f2-eb9ea0ddcf7a_-- --===============4898560581305591353== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline ------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf --===============4898560581305591353== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users --===============4898560581305591353==-- 
|
Linear Mode
