On 5/10/2013 07:30, elmo second wrote:
> I understand there is an issue importing Snort rules into McAfee NSM.
>
> I am trying to import a rule to alert for FTP anonymous:
>
> alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"POLICY-OTHER FTP anonymous
> login attempt"; flow:to_server,established; content:"USER"; fast_pattern:only;
> pcre:"/^USER\s+(anonymous|ftp)[^\w]*[\r\n]/smi"; metadata:ruleset community,
> service ftp; classtype:misc-activity; sid:553; rev:13; )
>
> I am receiving a syntax error.
> Any assistance appreciated.
what is the supposed "syntax" error? without that, all anyone can do is make
WAGs... at best they might be eWAGs...
WAG == Wild Arsed Guess
eWAG == educated WAG
--
NOTE: No off-list assistance is given without prior approval.
Please keep mailing list traffic on the list unless
private contact is specifically requested and granted.
------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
_______________________________________________
Snort-users mailing list
Snort...@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit
http://blog.snort.org to stay current on all the latest Snort news!