Today I have tried to update my Snort and rules and when testing I got this error message because IPV6 was not enabled on my computer.
The fix is very simple, just delete sf_sdf.dll file from C:\Snort\lib\snort_dynamicpreprocessor directory and start snort again.
Update of snort is very simple and it can be described in few simple steps which can be used for fresh install as well:
- download Snort 2.8.6 from the www.snort.org site
- download WinPcap 4.1.1 from the www.winpcap.org
- install both of them on the target machine
- download the latest community rules from www.snort.org (you need to register and log in to be able to download them)
- extract rules to C:\Snort overwriting existing files and open Snort.conf file in the etc map
- find line nr. 155 and replace it to this dynamicpreprocessor directory C:\Snort\lib\snort_dynamicpreprocessor
- then replace line 158 to this dynamicengine C:\Snort\lib\snort_dynamicengine\sf_engine.dll
- and then comment out line 161 if you don’t have dynamic rules #dynamicdetection directory /usr/local/lib/snort_dynamicrules
- now when you are done if you are not using IPV6 delete sf_sdf.dll file from C:\Snort\lib\snort_dynamicpreprocessor to avoid this error
- start Snort to test it
- start Snort as service if test is OK
izasao si mi na guglu negdje dvadeseti na searchu “test ipv6 website”…ebesh ti njihov page rank
To ti je zato sto je stranica pouzdana