Menu
▾
▴
Re: [Snort-inline-users] problem with replacement string length and content string length..
|
From: Rob M. <ro...@ho...> - 2004-03-27 15:00:37
|
Do the rules you are getting errors contain more than one content/replace
pair? If so, the problem is the version of snort_inline you are using.
Until recently (2.0.6a), there was an error handling more than one
content/replace pair.
**********
* 2.0.6a *
**********
2004-01-24 Rob McMillen <ro...@ho...>
* Started separate snort_inline ChangeLog
* Fixed bug with handling multiple content/replace pairs within the
same rule (sp_patternmatch.c).
* Added icmp checksum for icmp payload replacement
(sp_patternmatch.c).
Rob
> Hello Everybody,
> Does anybody seen this kind of error before ?
> (see below).
> It didn't complain on each line, only some,
> when I commented it out (just for testing), it goes
> further and stop after many lines.
>
> I've check the length of the content vs the
> replacement (number of octets are exactly the same).
> I don't see any pattern on those lines with error.
>
> Any hints or comments ?
>
> I'm using snort_inline 2.0.5; the rule files were
> convertion from snortrules-snapshot-2_0.tar.gz
> by snortconfig-1.9
> [
> snortconfig -file RulesFiles.config -config
> examples/HONEYNET.config -verbose -directory
> /etc/snort_inline/rules -honeynet -inline
> ]
>
> thanks,
>
> wismin
> .........
> Mar 27 00:39:38 gateway-1 snort_inline: FATAL ERROR:
> ERROR /etc/snort_inline/rules/exploit.rules Line 11 =>
> The length of the replacement string must be the same
> length as the content string.
> ....
> Mar 27 00:51:02 gateway-1 snort_inline: FATAL ERROR:
> ERROR /etc/snort_inline/rules/exploit.rules Line 31 =>
> The length of the replacement string must be the same
> length as the content string.
> ....
> Mar 27 00:51:50 gateway-1 snort_inline: FATAL ERROR:
> ERROR /etc/snort_inline/rules/exploit.rules Line 44 =>
> The length of the replacement string must be the same
> length as the content string.
> .....
> Mar 27 00:51:52 gateway-1 snort_inline: FATAL ERROR:
> ERROR /etc/snort_inline/rules/exploit.rules Line 44 =>
> The length of the replacement string must be the same
> length as the content string.
> .....
>
> =====
> .
> ^..^ --(:)OINK!
> __||__(oo)___||___
> ---||---"--"-----||---
> _ _||_( __ )___||___
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Finance Tax Center - File online. File on time.
> http://taxes.yahoo.com/filing.html
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: IBM Linux Tutorials
> Free Linux tutorial presented by Daniel Robbins, President and CEO of
> GenToo technologies. Learn everything from fundamentals to system
> administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
> _______________________________________________
> Snort-inline-users mailing list
> Sno...@li...
> https://lists.sourceforge.net/lists/listinfo/snort-inline-users
>
|
