Foro de elhacker.net

buenas mi nombre es sergio tengo el siguiente problema he instalado el fwsnort en debian 8 jessie:

apt-get install fwsnort

he descargado las emerging-all.rules (http://rules.emergingthreats.net/open/snort-2.9.0/emerging-all.rules) con fwsnort  --update-rules

root@debian-2:/etc/fwsnort# fwsnort

• Testing /sbin/iptables for supported capabilities...

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
    Snort Rules File          Success   Fail      Total    

• ddos-sergio.rules         0         1         1        
• emerging-all.rules        11543     6737      18280    

                             =============================
                              11543     6738      18281    

• Generated iptables rules for 11543 out of 18281 signatures: 63.14%
• Logfile: /var/log/fwsnort/fwsnort.log
• iptables script (individual commands): /var/lib/fwsnort/fwsnort_iptcmds.sh

    Main fwsnort iptables-save file: /var/lib/fwsnort/fwsnort.save

    You can instantiate the fwsnort policy with the following command:

    /sbin/iptables-restore < /var/lib/fwsnort/fwsnort.save

    Or just execute: /var/lib/fwsnort/fwsnort.sh


#####################################################################

y me saca en /var/log/fwsnort/fwsnort.log algo asi al final:

-] SID: 2100586  Unsupported option(s): 'byte_jump' at line: 45115, skipping.
[-] SID: 2101279  Unsupported option(s): 'byte_jump' at line: 45117, skipping.
[-] SID: 2100587  Unsupported option(s): 'byte_jump' at line: 45119, skipping.
[-] SID: 2100588  Unsupported option(s): 'byte_jump' at line: 45121, skipping.
[-] SID: 2100589  Unsupported option(s): 'byte_jump' at line: 45123, skipping.
[-] SID: 2100590  Unsupported option(s): 'byte_jump' at line: 45125, skipping.
[-] SID: 2101277  Unsupported option(s): 'byte_jump' at line: 45127, skipping.
[-] SID: 2102257  Unsupported option(s): 'byte_test', 'byte_jump' at line: 45131, skipping.
[-] SID: 2101388  Unsupported option(s): 'isdataat' at line: 45169, skipping.
[-] SID: 2100223, unsupported complex pcre: ^a\x3D[^\n]{1000,}
[-] SID: 2101907  Unsupported option(s): 'byte_test', 'byte_jump' at line: 45275, skipping.
[-] SID: 2101963  Unsupported option(s): 'byte_test', 'byte_jump' at line: 45279, skipping.
[-] SID: 2101915  Unsupported option(s): 'byte_test', 'byte_jump' at line: 45281, skipping.
[-] SID: 2101913  Unsupported option(s): 'byte_test', 'byte_jump' at line: 45283, skipping.
[-] SID: 2102185  Unsupported option(s): 'byte_test', 'byte_jump' at line: 45291, skipping.
[-] SID: 2102256  Unsupported option(s): 'byte_jump' at line: 45309, skipping.
[-] SID: 2101964  Unsupported option(s): 'byte_test', 'byte_jump' at line: 45311, skipping.
[-] SID: 2102025  Unsupported option(s): 'byte_test', 'byte_jump' at line: 45319, skipping.
[-] SID: 2101941  Unsupported option(s): 'isdataat' at line: 45351, skipping.

• Archiving /var/lib/fwsnort/fwsnort_iptcmds.sh
• Archiving /var/lib/fwsnort/fwsnort.save
• Archiving /var/lib/fwsnort/fwsnort.sh

estoy desesperado ya que me gustaria saber porque aparece en fail al lanzar fwsnort y no en success para que me cargue todas las rules. He probado haber si me detecta algo con kali linux pero parece como sino estubiera esa rules, ademas que rules puedo utilizar para detectar todo*.

Que debo hacer???? no me detecta ni mis propias reglas ya que estan en fail y no en success????????


Gracias