[Dshield] OpenBSD 3.2 pf.pl parser

millerbn millerbn at chiba.dhs.org
Mon Mar 10 21:06:40 GMT 2003


The default file when run will not process these two types of lines. I'm sure it is due to 
the extra "white space" prior to UDP and the "." for a flag. I edited the regex expressions 
a couple different ways but must have missed something since it still wouldn't parse the line. 
Any ideas?


------------------------------Processing line 383------------------------------
PARSING: Mar 10 12:52:22.628017 rule 59/0(match): block in on we0: 68.62.111.200.44124 > 66.93.187.127.80: . [tcp sum ok] ack 1131429386 win 4096 (ttl 28, id 15628)
SKIPPING: Can't parse this line. 
--
------------------------------Processing line 391------------------------------
PARSING: Mar 10 13:28:54.244467 rule 58/0(match): block in on we0: 65.214.186.194.1097 > 66.93.187.127.1434:  udp 376 (ttl 117, id 40464)
SKIPPING: Can't parse this line. 



More information about the list mailing list