[Oisf-users] Problem to Start Suricata
David Sussens
dsussens at gmail.com
Fri Jul 14 07:26:33 UTC 2017
Your rule should be:
alert tcp $HOME_NET any -> any [25,587,465] (msg:"*** WARNING!!! WARNING!!!
SUSPECT SPAMMER!!! ***"; dsize:>0; content:"sexiest"; sid:6677666667
<%28667%29%20766-6667>; rev:1;)
Rule format is:
action proto source_ip source_port -> dest_ip dest_port (options).
You have swapped the dest_ip and dest_port around.
David Sussens.
On Fri, Jul 14, 2017 at 1:40 AM, Mesra.net CEO <admin at mesra.my> wrote:
> Dear All,
>
> I have problem on Suricata as below:
>
> 14/7/2017 -- 07:32:44 - <Error> - [ERRCODE: SC_ERR_ADDRESS_ENGINE_GENERIC(89)]
> - failed to parse address "25"
> 14/7/2017 -- 07:32:44 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)]
> - error parsing signature "alert tcp $HOME_NET any -> [25,587,465] any
> (msg:"*** WARNING!!! WARNING!!! SUSPECT SPAMMER!!! ***"; dsize:>0;
> content:"sexiest"; sid:6677666667; rev:1;)" from file
> /etc/suricata/rules/custom.rules at line 46
>
> Is thres any problem with my rule:
>
> alert tcp $HOME_NET any -> [25,587,465] any (msg:"*** WARNING!!!
> WARNING!!! SUSPECT SPAMMER!!! ***"; dsize:>0; content:"sexiest"; sid:
> 6677666667 <(667)%20766-6667>; rev:1;)" from file
> /etc/suricata/rules/custom.rules at line 46
>
> Please advice. TQ so much
>
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170714/a06921a7/attachment-0002.html>
More information about the Oisf-users
mailing list