In the file upon there is an error, in the line 166 
before the sid tag misses a semicolon.
This locks snort, specially on endian firewall with automatic updates
enabled.

Here the rule:

#by Kevin Ross
alert udp $EXTERNAL_NET any -> $HOME_NET 5060 (msg:"ET SCAN Smap VOIP
Device Scan"; content:"<sip\:smap@"; offset:80; depth:40;
flow:to_server; classtype:attempted-recon;
reference:url,www.go2linux.org/smap-find-voip-enabled-devices
sid:2008526; rev:2;)


-- 
# Luca Giovenzana
# GPG/PGP Public Key
# ID: 3B741128
# FP: C491 381E 5C73 D669 4AB3 BB14 EC95 BB88 3B74 1128

Attachment: signature.asc
Description: This is a digitally signed message part

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Efw-user mailing list
Efw-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/efw-user

Reply via email to