[Dshield] the dshield snort programs

Ruigrok van der Werven, Jeroen Jeroen.Ruigrok at ben.nl
Thu Aug 22 09:55:58 GMT 2002


I am curious,

I'm using snort with a bunch of the supplied rules, but when
using the test wrapper I get:

-------------------------------Processing line
2-------------------------------
PARSING: Aug 15 00:33:07 nexus snort[3673]: [1:1256:3] WEB-IIS CodeRed v2
root.exe access [Classification: Web Application Attack] [Priority: 1]:
{TCP} 213.84.89.211:2117 -> 213.84.207.11:80
SKIPPING: Failed non-ICMP parse

Am I missing a prerequisite not documented somewhere (or documented
and not noticed)?

Thanks for any pointers and help.

De groeten van Ben/Best regards from Ben,

-- 
Jeroen Ruigrok van der Werven <jeroen.ruigrok at ben.nl>
Technical System Support, Ben Nederland b.v.
Tel:	+31 - (0)6 - 2409 6844


N.B.: op (de inhoud van) deze e-mail is een DISCLAIMER met belangrijke
VOORBEHOUDEN van toepassing: zie http://www.ben.nl/disclaimer 

This e-mail and its contents are subject to a DISCLAIMER with important
RESERVATIONS: see http://www.ben.nl/disclaimer 





More information about the list mailing list