Package: snort Version: 2.3.2-3 Severity: normal
Snort reports error on the following rule: alert ip 89.42.248.159/32 any -> 64.125.211.185/32 any ( tos: 0; ttl: 123; ip_proto: 17; content: "|00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00|"; offset: 60; depth: 484; rawbytes; msg: "Filter-2249"; ) #snort -v -c local.rules Running in IDS mode Initializing Network Interface eth0 --== Initializing Snort ==-- Initializing Output Plugins! Decoding Ethernet on interface eth0 Initializing Preprocessors! Initializing Plug-ins! Parsing Rules file local.rules +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... ERROR: Unterminated rule in file local.rules, line 7 (Snort rules must be contained on a single line or on multiple lines with a '\' continuation character at the end of the line, make sure there are no carriage returns before the end of this line) Fatal Error, Quitting.. I tried reducing content value to 10 `00's and Snort parsed the file just fine. -- System Information: Debian Release: testing/unstable APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.4.27-2-k7 Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R) Versions of packages snort depends on: ii adduser 3.64 Add and remove users and groups ii debconf 1.4.51 Debian configuration management sy ii libc6 2.3.2.ds1-22sarge3 GNU C Library: Shared libraries an ii libpcap0.8 0.8.3-5 System interface for user-level pa ii libpcre3 5.0-1.1 Perl 5 Compatible Regular Expressi ii logrotate 3.7-5 Log rotation utility ii snort-common 2.3.2-3 Flexible Network Intrusion Detecti ii snort-rules-default 2.3.2-3 Flexible Network Intrusion Detecti ii sysklogd [system-log- 1.4.1-17 System Logging Daemon Versions of packages snort recommends: pn snort-doc <none> (no description available) -- debconf information: snort/startup: boot snort/please_restart_manually: snort/stats_treshold: 1 * snort/address_range: 10.0.1.0/24 snort/options: * snort/interface: eth0 * snort/stats_rcpt: root snort/config_parameters: snort/config_error: snort/reverse_order: false snort/disable_promiscuous: false -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]