Too be honest, I don't know anything about snort. :) I just was looking
at another users snort.conf cause of the strange error he posted and saw
the coding problem via the source(AKA force).
--- James Sinnamon <[EMAIL PROTECTED]> wrote:
> Mike,
>
> Thanks for the information and the useful regexp.
>
> I can't quite work out what was happening yesterday. I think I removed
> any /^#.*\\$/ lines which were intermingled between one line with a
> continuation character and its continuation line.
>
> As I wrote on the snort-users list:
>
> I have been able to reach first base by adding the following rule:
>
> alert tcp any any -> any any (msg:"ANY PROBE any attempt";)
>
> .... to /etc/snort/rules/experimental.rules, which is included in
> /etc/snort/snort.conf.
>
> Of course this causes a flood of messages
> and warnings, but at least I can see that Snort is responding to
> attempted and actual connections made to my firewall computer
> ports.
>
> Conversely, removing the above rule causes the flood of warnings
> to diminish to practically nothing.
>
> I am still not sure why the nmap probes referred to earlier
> did not trigger any messages, but at least I now have some
> ability to test cause and effect.
>
>
>
> If, from now on, the presence of any /^#.*\\$/ lines causes a problem,
> which I can reproduce I will open a bug report as you suggested.
>
> Thanks for your help.
>
> Best regards,
>
> James
>
>
>
> On Wed, 16 Jun 2004 04:36 am, Mike Mestnik wrote:
> > If you read the archives of June 14-15(just 2 days agoe) you will see
> that
> > we suspect any line in the form of /^#.*\\$/ to cause bad behaviour.
> > These comments are getting meesed up by the cuntinue operator '\'.
> >
> > What's worse is that these comment lines most likely contain valid
> code.
> > Thus the error is in a line much greater than the comment that caused
> the
> > error.
> >
> > This could be something that just sliped into the latesed release.
> Try
> > running an older version and see if the problem persits, also get in
> touch
> > with the other person who had simular problems. See if there is a
> Debian
> > bug repot, if not work with the other person too open one.
> >
> > --- James Sinnamon <[EMAIL PROTECTED]> wrote:
> > > Dear Debian firewallers,
> > >
> > > I am not getting anything written to my log files.
>
> <snip/>
>
>
> --
> James Sinnamon
> jps at westnet com auStralia
> ph +61 412 319669, +61 2 95692123, +61 2 95726357
>
__________________________________
Do you Yahoo!?
Yahoo! Mail - You care about security. So do we.
http://promotions.yahoo.com/new_mail
-------------------------------------------------------
This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference
Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer
Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA
REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND
--
_______________________________________________
Dri-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/dri-devel
