Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Fwd: segfault in Snort 2.9.1 on reload

From: Dave Corsello <dcorsello () wintertreemedia com>
Date: Tue, 04 Oct 2011 23:40:41 -0400
System architecture: 32-bit guest running under VMware ESXi 4.1

1GB RAM.

OS: Ubuntu 10.04.3, 2.6.32-33-generic-pae kernel

Snort version: 2.9.1

Preprocessors loaded:

normalize_ip4
normalize_tcp: ips ecn stream
normalize_icmp4
normalize_ip6
normalize_icmp6
frag3_global
frag3_engine
stream5_global
stream5_tcp
http_inspect
http_inspect_server
rpc_decode
bo
ftp_telnet
ftp_telnet_protocol
smtp
ssh
dcerpc2
dcerpc2_server
dns
ssl
sensitive_data
sip
imap
pop

Dynamic Preprocessors loaded:

libsf_dce2_preproc.so
libsf_ssl_preproc.so
libsf_ssh_preproc.so
lib_sfdynamic_preprocessor_example.so
libsf_smtp_preproc.so
libsf_sdf_preproc.so
libsf_pop_preproc.so
libsf_imap_preproc.so
libsf_sip_preproc.so
libsf_ftptelnet_preproc.so
libsf_reputation_preproc.so
libsf_dns_preproc.so

Enabled rules: ips_policy=security (not using any so rules)

Output plugin: unified2
Command line switches: /usr/local/bin/snort --daq nfq -c /etc/snort/snort.conf -Q -D 

There are no Snort messages.  It's taking around 20 sec for Snort to reload.

Rules and config files are attached.

Error Message:
Oct 3 HH:MM:SS snort kernel: [247428.121545] snort[2580]: segfault at 10c00 ip 080d1dbe sp bffe5bd0 error 4 in snort[8048000+115000]

Attachment: local.rules
Description:

Attachment: snort.rules
Description:

Attachment: threshold.conf
Description:

Attachment: snort.conf
Description: 

------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: