Snort mailing list archives
Re: Snort silently dying...
From: Y M <snort () outlook com>
Date: Wed, 11 Mar 2015 21:06:44 +0000
Date: Wed, 11 Mar 2015 17:55:32 -0300 From: tron () acm org To: snort () outlook com CC: snort-users () lists sourceforge net Subject: Re: [Snort-users] Snort silently dying... Nope, as I said, it silently died. The only sign of it leaving was "adapter xxx left promiscuous mode". What surprised me is that it had been working for ages (well, months) and without any change it started dying. It sounds like some "new" attack was sending it belly up. Too late now, I have already upgraded :)
Good that you have gone through the upgrade. Just a total wild guess here, you may need to compile Snort with --enable-non-ether-decoders. If I recall properly on the list, this have solved some Snort "dying" issues. Not sure what you experienced is related to this or not.
-Carlos Y M @ 11/03/2015 17:40 -0300 dixit:Besides from upgrading to a newer Snort version, do you see any messages in syslog that may indicate what errors caused it o terminate? > Date: Mon, 9 Mar 2015 17:34:50 -0300 > From: tron () acm org > To: snort-users () lists sourceforge net > Subject: [Snort-users] Snort silently dying... > > Hi, > Version 2.9.6.0 GRE (Build 47), running on Ubuntu 14.04. > W/o any change, it started to die. I'm usually running 2 copies (one per > interface of interest, so to say). > I do report to dshield and became suspicious because I had not reported > anything in a day. Checked and there was only one of them running. > > Most alarms I get come from SIP attacks. There is no "unusual activity" > that I'm aware of, but something is killing it. > > Is there anything easy to track this down, short of starting a packet > trace and correlating the time of death (indicated by the interface > leaving promiscuous mode only) ? > > I should update too, I guess, but that will be like sweeping under the > rug, wouln't it ? > > TIA, > -- > Carlos G Mendioroz <tron () acm org> > > ------------------------------------------------------------------------------ > Dive into the World of Parallel Programming The Go Parallel Website, sponsored > by Intel and developed in partnership with Slashdot Media, is your hub for all > things parallel software development, from weekly thought leadership blogs to > news, videos, case studies, tutorials and more. Take a look and join the > conversation now. http://goparallel.sourceforge.net/ > _______________________________________________ > Snort-users mailing list > Snort-users () lists sourceforge net > Go to this URL to change user options or unsubscribe: > https://lists.sourceforge.net/lists/listinfo/snort-users > Snort-users list archive: > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users > > Please visit http://blog.snort.org to stay current on all the latest Snort news!-- Carlos G Mendioroz <tron () acm org>
------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort silently dying... Carlos G Mendioroz (Mar 09)
- Re: Snort silently dying... Joel Esler (jesler) (Mar 09)
- Re: Snort silently dying... Carlos G Mendioroz (Mar 10)
- Re: Snort silently dying... Y M (Mar 11)
- Re: Snort silently dying... Carlos G Mendioroz (Mar 11)
- Re: Snort silently dying... Y M (Mar 11)
- Re: Snort silently dying... Carlos G Mendioroz (Mar 11)
- Re: Snort silently dying... Carlos G Mendioroz (Mar 11)
- Re: Snort silently dying... Joel Esler (jesler) (Mar 09)