Snort mailing list archives
Addendum: Segfault on SMB Alert
From: "Whyte, Jesse" <Jesse.Whyte () us gambro com>
Date: Thu, 18 Apr 2002 11:36:22 -0600
It appears that in addition to segfaulting, the snort process is not logging anything. It creates a fresh binary log file for each instance, but it remains at zero size despite plenty of traffic that it should be alerting upon. TIA for your help... Jesse
-----Original Message----- From: Whyte, Jesse Sent: Thursday, April 18, 2002 11:20 AM To: Snort-Users (E-mail) Subject: Segfault on SMB Alert I'm trying to test SMB alerting on a test box. Here's the specs: Red Hat 7.2 samba-client-2.2.1a-4.i386.rpm samba-common-2.2.1a-4.i386.rpm snort 1.8.6 (built with --enable-flexresp --enable-smbclient) Here is the command-line: "/usr/local/bin/snort -abdDeA full -M
/etc/snort.smb.alert -c /etc/snort.conf"
a rule in local.rules: "alert tcp $EXTERNAL_NET any -> $HOME_NET 23
(flags: S;)"
one line in /etc/snort.smb.alert: machine_to_log_to (without prepended
\\)
When this rule is activated via an inbound telnet, snort receives a
SIG_SEGV and dies, leaving no core file. What am I doing wrong? No messages in any log file speak to this failure. If I strace the running snort process as it receives the S packet to port 23, it makes 5 recvfrom() calls, then receives the SEGV signal.
Has anyone seen this before? What am I doing wrong? Thanks, Jesse
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Addendum: Segfault on SMB Alert Whyte, Jesse (Apr 18)
- Re: Addendum: Segfault on SMB Alert Erek Adams (Apr 18)