Re: Win32 snort crashing when -A not used

[Rich Adamson <radamson () routers com>]

> Perhaps this is old news:
>
> I have experienced a reproducible crash of Snort 1.8.7 on Win2K when -A
> option is not used on the command line. It happens with both Build 121 from
> Silicon Defense as well as my own compilation of Build 128. Further digging found
> that Snort performs fclose on an illegal FILE handle in
> FastAlertCleanExitFunc or FullAlertCleanExitFunc (depending on the config file). The debugger 
sees
> two(!) of these fclose calls. The first one looks legitimate; it is the
> second one that causes the crash.
>
> Anybody knows a remedy?

I'm seeing the same thing on Win2k using version 1.8.7beta5-ODBC-Win32 (build 128)
barebones_release with the just-downloaded-and-installed WinPcap v2.3. Two 
different "crashes"; one rebooted the PC automatically, the other hung the
machine requiring a power recycle.

I also installed IDScenter 1.09 beta2, and it too has a couple of bugs including:
  a. no way to "see" how to set the -A flag,
  b. IDScenter complains about a missing classification file (but then it is
     fine after stopping/restarting IDScenter)
  c. IDScenter does not "start" snort when the button is selected; can only be
     started from the system tray icon (right-click, Start Snort)
  d. Pop-up window that says "Must generate Script", but nothing to indicate
     how/where to do that. (Found out the hard way that clicking the Apply
     button apparently does that when no errors have been found)

Rich



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Two, two, TWO treats in one.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users