Snort mailing list archives
Segfault with snort 2.0
From: Jeff Kell <jeff-kell () utc edu>
Date: Sat, 31 Jan 2004 00:36:25 -0500
I was trying to activate conversation/portscan2 but end up getting a blatant segfault:
rpc_decode arguments: Ports to decode RPC on: 111 32771 alert_fragments: INACTIVE alert_large_fragments: ACTIVE alert_incomplete: ACTIVE alert_multiple_requests: ACTIVE telnet_decode arguments: Ports to decode telnet on: 21 23 25 119 Using LOCAL time Segmentation fault
The relevant part of /etc/snort/snort.config that "screws up" is shown below (lines prefixed with ~ make it fault if active, or if commented out let it run just fine):
~preprocessor conversation: allowed_ip_protocols 1 6 17, timeout 60, max_conversations 3000
~preprocessor portscan2: scanners_max 256, targets_max 1024, target_limit 5, port_limit 20, timeout 60
Granted it's probably something silly, I haven't enabled these preprocessors before. This is using:
-*> Snort! <*- Version 2.1.0 (Build 9) By Martin Roesch (roesch () sourcefire com, www.snort.org)
Jeff Kell <jeff-kell at utc dot edu> ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Segfault with snort 2.0 Jeff Kell (Jan 30)
- Re: Segfault with snort 2.0 James Edwards (Jan 31)
- Re: Segfault with snort 2.0 Erek Adams (Jan 31)