Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort 1.8.6 crashes after Ping of Death

From: Chris Green <cmg () sourcefire com>
Date: Thu, 11 Jul 2002 13:22:20 -0400
Rich Adamson  <radamson () routers com> writes:


Chris,

Think there might be some common things going on with v1.8.7 (and possibly
earlier versions) that are masking the root-cause of issues. The following
is a guess based on what I've been seeing the last few days:

1. The Win32 Barebones v1.8.7 release locks up a Win2kPro machine requiring
   a power-cycle to correct. The lockup seems to occur on the "second"
   alert when using a command line startup of:
   snort -c "e:\snort\snort.conf" -l "e:\snort\log" -A full -i 3 -s 127.0.0.1
   By removing the -l option, the systems seems to be okay.
   (Note: smells something like the user's comment below, but only occurs when
   logging to a local disk file, not to mysql. You might not be seeing this
   issue if you're logging to some other non-flat-file location.



2. Check the contents of the current v1.8.7 downloadable file. At least from
   a Windows perspective, several source files appear to be missing. I can't
   tell if that's because the "project" list for Visual Studio might have
   old files still included (but the actual source files are removed) or 
   what. Since the files are not within a section of code devoted to Win32
   it appears as though they were simply missed in the tarball. Missing
   files include: avi_tree.c, spp_minfrag.c, spp_tcp_stream.c, spp_stream3.c.
   (Example: the Visual Studio Projects can't find spp_tcp_stream.c, but the
   tarball includes spp_tcp_stream2.c.  Issue?)


Yes, there is an issue with the build scripts for 1.8.7 tarball.  We
will resolve them in the 1.9 set where a lot more windows specific
fixes have been going in thanks to the work of Chris Reid.

We'll work on resolving a lot of these issues for the 1.9 release.

Sorry for the difficulties. I don't have many spare cycles at the
moment.  It will probably be the weekend before I have any time to
look at it.
-- 
Chris Green <cmg () sourcefire com>
 "Not everyone holds these truths to be self-evident, so we've worked
                  up a proof of them as Appendix A." --  Paul Prescod


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
PC Mods, Computing goodies, cases & more
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: