Snort mailing list archives

Previous By Date Next
Previous By Thread Next

frag2(?) Core Dump: 1.8beta10-build40

From: Sash Biskut <sashwhan () yahoo com>
Date: Mon, 9 Jul 2001 20:17:58 -0700 (PDT)
Hi,

Snort seems to be dumping it's core on what I guess to
be some fragmented ESP packets.  There is some
information below.  I saw an email recently from Marty
calling for bugs before 1.8 goes release, I can only
think this may help in someway.  Please, let me know
if there is any more information required.

----------------------------------------------------
SunOS xxxx 5.8 Generic_108528-06 sun4u sparc
SUNW,UltraAX-i2

-*> Snort! <*-
Version 1.8-beta10 (Build 40)


snort.conf
~~~~~~~~~~

###################################################
#  Configure preprocessors
 
#preprocessor defrag
#preprocessor stream2: timeout 10, ports 21 23 80 110
143, maxbytes 16384
 
preprocessor frag2: 16777216, 30
preprocessor stream4: keepstats, noalerts
preprocessor stream4_reassemble: noalerts
 
# preprocessor http_decode: 80 -unicode -cginull
preprocessor unidecode: 80 -unicode -cginull
preprocessor rpc_decode: 111 
preprocessor bo: -nobrute
preprocessor telnet_decode
preprocessor portscan: $HOME_NET 4 3 
preprocessor portscan-ignorehosts: $DNS_SERVERS 
 
preprocessor spade: -1 $SPADEDIR/spade.rcv
$SPADEDIR/log.txt 3 50000
preprocessor spade-homenet: $HOME_NET
preprocessor spade-adapt: 20 2 0.5
preprocessor spade-adapt2: 0.01 15 4 24 7
preprocessor spade-threshlearn: 200 24
preprocessor spade-survey:  $SPADEDIR/survey.txt 60
preprocessor spade-stats: entropy uncondprob condprob

Sniff
~~~~~

07/10-12:56:05.044027 xx.xx.xx.xx -> yy.yy.yy.yy
ESP TTL:55 TOS:0x0 ID:44390 IpLen:20 DgmLen:1500 MF
Frag Offset: 0x0   Frag Size: 0x5C8
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
 
Bus Error - core dumped
SNORT Daemon started....

__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: