Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Segfault with snort 2.0

From: Jeff Kell <jeff-kell () utc edu>
Date: Sat, 31 Jan 2004 00:36:25 -0500
I was trying to activate conversation/portscan2 but end up getting a blatant segfault: 


rpc_decode arguments:
    Ports to decode RPC on: 111 32771
    alert_fragments: INACTIVE
    alert_large_fragments: ACTIVE
    alert_incomplete: ACTIVE
    alert_multiple_requests: ACTIVE
telnet_decode arguments:
    Ports to decode telnet on: 21 23 25 119
Using LOCAL time
Segmentation fault
The relevant part of /etc/snort/snort.config that "screws up" is shown below (lines prefixed with ~ make it fault if active, or if commented out let it run just fine): 


~preprocessor conversation: allowed_ip_protocols 1 6 17, timeout 60, max_conversations 3000



~preprocessor portscan2: scanners_max 256, targets_max 1024, target_limit 5, port_limit 20, timeout 60
Granted it's probably something silly, I haven't enabled these preprocessors before. This is using: 


-*> Snort! <*-
Version 2.1.0 (Build 9)
By Martin Roesch (roesch () sourcefire com, www.snort.org)


Jeff Kell <jeff-kell at utc dot edu>



-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: