Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Snort-users] Content-list rule option
195 views
Skip to first unread message
Jose Ortiz
Aug 7, 2012, 11:57:18 AM8/7/12
to
I have this rule on 2.9.3 :
alert tcp any any -> any any (content-list:"porn";msg:"test";rev:1;sid:99990000001001;)
I get the following error:
ERROR: /etc/snort/rules/local.rules(6) Unknown rule option: 'content-list'.
Fatal Error, Quitting..
What is the alternative to "content-list"?
alert tcp any any -> any any (content-list:"porn";msg:"test";rev:1;sid:99990000001001;)
I get the following error:
ERROR: /etc/snort/rules/local.rules(6) Unknown rule option: 'content-list'.
Fatal Error, Quitting..
What is the alternative to "content-list"?
Jeremy Hoel
Aug 7, 2012, 12:05:12 PM8/7/12
to
Are you looking to make it a classification? Or look for the word
'porn' in the content?
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-users mailing list
> Snort...@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort
> news!
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort...@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
'porn' in the content?
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-users mailing list
> Snort...@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort
> news!
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort...@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
Joel Esler
Aug 7, 2012, 4:38:45 PM8/7/12
to
On Aug 7, 2012, at 11:57 AM, Jose Ortiz <ciss...@gmail.com> wrote:
> I have this rule on 2.9.3 :
> alert tcp any any -> any any (content-list:"porn";msg:"test";rev:1;sid:99990000001001;)
>
> I get the following error:
>
> ERROR: /etc/snort/rules/local.rules(6) Unknown rule option: 'content-list'.
> Fatal Error, Quitting..
>
> What is the alternative to "content-list"?
There is no such rule option. Are you just looking for "content"?
> I have this rule on 2.9.3 :
> alert tcp any any -> any any (content-list:"porn";msg:"test";rev:1;sid:99990000001001;)
>
> I get the following error:
>
> ERROR: /etc/snort/rules/local.rules(6) Unknown rule option: 'content-list'.
> Fatal Error, Quitting..
>
> What is the alternative to "content-list"?
--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire
Jose Ortiz
Aug 8, 2012, 8:36:56 AM8/8/12
to
What happened to that option? It was available in earlier versions of snort.
0 new messages