Snort mailing list archives
Re: Windows Server 2008 Standard x86 and sensitive-data.rules crashing
From: "Michael Steele" <michaels () winsnort com>
Date: Mon, 9 May 2011 07:21:23 -0400
Steven, Thank you. While you are looking into this problem; would it be possible to think about including 64bit support for the Windows platform (XP, Vista, Windows 7, 2003, and 2008). Kindest regards, Michael... WINSNORT.com Management Team Member -----Original Message----- From: Steven Sturges [mailto:ssturges () sourcefire com] Sent: Sunday, May 08, 2011 11:13 PM To: Michael Steele Cc: snort-devel () lists sourceforge net Subject: Re: [Snort-devel] Windows Server 2008 Standard x86 and sensitive-data.rules crashing Hi Michael-- We're looking into the issue. The supported platforms for the Windows installer for Snort 2.9.0 includes Windows Vista, Windows 7, and Windows XP SP3. Windows Server 2008 falls outside of that range... Looking at the area identified in the crash report, its in ntdll.dll, and that may or may not be from data or a function call by Snort. -steve On 5/8/11 10:36 PM, Michael Steele wrote:
This problem was reported with Snort v2.9.0.4 a few weeks ago. We have now started a new development using Snort 2.9.0.5 and the problem is still there. Snort v2.9.0.5 MD5: B911DC8FD8DE75D18D6FCAA6D8DE229A Using the latest " Registered User Release" of the rules: snortrules-snapshot-2905.tar.gz MD5: F48EA8A77E64DFECFBFDC51957D91F28 Running Snort in -T mode gets, just before the crash: SSLPP config: Encrypted packets: not inspected Ports: 443 465 563 636 989 992 993 994 995 7801 7802 7900 7901 7902 7903 7904 7905 7906 7907 7908 7909 7910 7911 7912 7913 7914 7915 7916 7917 7918 7919 7920 Server side data is trusted Sensitive Data preprocessor config: Global Alert Threshold: 25 Masked Output: DISABLED ++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... Snort hangs at this point and then a requestor pops up stating "Snort has stopped working" and wants to close. The "Problem Details" with Snort 2.9.0.5 is: Problem signature: Problem Event Name: APPCRASH Application Name: snort.exe Application Version: 0.0.0.0 Application Timestamp: 4d8d01b7 Fault Module Name: ntdll.dll Fault Module Version: 6.0.6002.18327 Fault Module Timestamp: 4cb73436 Exception Code: c0000005 Exception Offset: 000673dd OS Version: 6.0.6002.2.2.0.272.7 Locale ID: 1033 Additional Information 1: e0db Additional Information 2: e7f302e56a308d08c2241ce00f9533a4 Additional Information 3: 3dd9 Additional Information 4: a0f527adeba3a6f13ebaffadbca38a67 Read our privacy statement: http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409 The below "Problem Details" with Snort 2.9.0.4 were: Problem signature: Problem Event Name: APPCRASH Application Name: snort.exe Application Version: 0.0.0.0 Application Timestamp: 4d6bee97 Fault Module Name: ntdll.dll Fault Module Version: 6.0.6002.18327 Fault Module Timestamp: 4cb73436 Exception Code: c0000005 Exception Offset: 000673dd OS Version: 6.0.6002.2.2.0.272.7 Locale ID: 1033 Additional Information 1: e0db Additional Information 2: e7f302e56a308d08c2241ce00f9533a4 Additional Information 3: 76e5 Additional Information 4: 433447cb6324885dd898e259eeaa4d08 To correct the error I must comment out: # include $PREPROC_RULE_PATH/sensitive-data.rules This seems to only happen on Server 2008 x86, and is not happening with Server 2003, or XP using the same configuration. Any help will be greatly appreciated, possibly a bug? Kindest regards, Michael... WINSNORT.com Management Team Member ---------------------------------------------------------------------- -------- WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
Current thread:
- Windows Server 2008 Standard x86 and sensitive-data.rules crashing Michael Steele (Apr 24)
- Re: Windows Server 2008 Standard x86 and sensitive-data.rules crashing Steven Sturges (Apr 24)
- Re: Windows Server 2008 Standard x86 and sensitive-data.rules crashing Michael Steele (Apr 24)
- <Possible follow-ups>
- Windows Server 2008 Standard x86 and sensitive-data.rules crashing Michael Steele (May 08)
- Re: Windows Server 2008 Standard x86 and sensitive-data.rules crashing Steven Sturges (May 08)
- Re: Windows Server 2008 Standard x86 and sensitive-data.rules crashing Michael Steele (May 09)
- Re: Windows Server 2008 Standard x86 and sensitive-data.rules crashing Steven Sturges (May 08)
- Re: Windows Server 2008 Standard x86 and sensitive-data.rules crashing Steven Sturges (Apr 24)