[prev in list] [next in list] [prev in thread] [next in thread]
List: emerging-sigs
Subject: [Emerging-Sigs] Empty source IP in 2500075
From: jonkman () jonkmans ! com (Matt Jonkman)
Date: 2008-10-07 14:50:40
Message-ID: 48EB7740.6080100 () jonkmans ! com
[Download RAW message or body]
Got it, script issue. Fixed (correctly this time I hope)
Should be good if you pull again.
Matt
Chris Libby wrote:
> FYI - snort threw an empty IP on 2500075 this morning. I've included the
> error and the rule I have. Thanks - Chris
>
> --Error--
> Oct 7 07:50:25 snorthost snort[21781]: FATAL ERROR:
> /etc/snort/rules/emerging-compromised.rules(79) => Empty IP used either as
> source IP or as destination IP in a rule. IP list: [].
> --Rule--
> alert ip [] any -> $HOME_NET any (msg:"ET COMPROMISED Known Compromised or
> Hostile Host Traffic (76)"; threshold: type limit, track by_src, seconds 60,
> count 1; classtype:misc-attack; sid:2500075; rev:1292;
> reference:url,doc.emergingthreats.net/bin/view/Main/CompromisedHosts;)
>
>
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at emergingthreats.net
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
--
--------------------------------------------
Matthew Jonkman
Emerging Threats
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
--------------------------------------------
PGP: http://www.jonkmans.com/mattjonkman.asc
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic