In the file upon there is an error, in the line 166 before the sid tag misses a semicolon. This locks snort, specially on endian firewall with automatic updates enabled.
Here the rule: #by Kevin Ross alert udp $EXTERNAL_NET any -> $HOME_NET 5060 (msg:"ET SCAN Smap VOIP Device Scan"; content:"<sip\:smap@"; offset:80; depth:40; flow:to_server; classtype:attempted-recon; reference:url,www.go2linux.org/smap-find-voip-enabled-devices sid:2008526; rev:2;) -- # Luca Giovenzana # GPG/PGP Public Key # ID: 3B741128 # FP: C491 381E 5C73 D669 4AB3 BB14 EC95 BB88 3B74 1128
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user