Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Segment Fault Error in snort-2.9.4.5

From: waldo kitty <wkitty42 () windstream net>
Date: Fri, 19 Apr 2013 13:41:34 -0400
On 4/19/2013 12:46, waldo kitty wrote:

On 4/19/2013 09:21, Ashraf Ali wrote:

*
Opened spool file '/var/log/snort/snort.u2.136637438'
04/19-18:07:13.315134  [**] [1:1384:15] DOS UPnP malformed advertisement [**]
Segmentation fault*

Does it mean that rule (sid 1384 ) is not in proper format or not correct ?


no, it means that the data in the packet was malformed and detected as such...


this doesn't read as i intended it... the rule detects the malformed upnp 
advertisement and alerts on that... the data in the pcap is what snort caught 
and recorded... it may or may not have something to do with barnyard2's 
segfaulting...


why barnyard2 segfaulted is something the barnyard2 folks need to look at
concerning this packet and barnyard's processing of the snort data...


this was written as i intended... the barnyard folks may need to look at this in 
case there's a bug in their processing due to this particular packet... unless, 
of course, the barnyard log contains other information about it...

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: