Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: 1.8b5 build22 crash

From: Martin Roesch <roesch () sourcefire com>
Date: Sat, 12 May 2001 14:44:54 -0400
Interesting, I've seen a couple reports of this crash but have been
unable to recreate it.  Hmm, might be an interaction between the syslog
plugin and spp_portscan...

     -Marty

H D Moore wrote:


        --== Initializing Snort ==--
Checking PID path...
PATH_VARRUN is set to /var/run/ on this operating system

Initializing Network Interface eth0
Decoding Ethernet on interface eth0
Initializing Preprocessors!
Initializing Plug-ins!
Initializating Output Plugins!
Parsing Rules file /home/snort/rules/snort.conf
+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
Using LOCAL time
database: compiled support for ( mysql )
database: configured to use mysql
database:          user = snort
database: database name = snort
database:          host = localhost
database: password is set
database:   sensor name = w.x.y.z
database:     sensor id = 2
database: schema version = 100
database: using the "log" facility
533 Snort rules read...
533 Option Chains linked into 199 Chain Headers
0 Dynamic rules
+++++++++++++++++++++++++++++++++++++++++++++++++++

Rule application order: ->activation->dynamic->alert->pass->log

        --== Initialization Complete ==--

-*> Snort! <*-
Version 1.8-beta5 (Build 22)
By Martin Roesch (roesch () clark net, www.snort.org)

Program received signal SIGSEGV, Segmentation fault.
0x805d936 in AlertSyslog (p=0x0,
    msg=0xbfffecb4 "spp_portscan: PORTSCAN DETECTED from w.x.y.z (THRESHOLD 5 connections exceeded in 1 seconds)", 
arg=0x813ffc0)
    at spo_alert_syslog.c:345
345         ds_ptr = (PriorityData *) otn_tmp->ds_list[PLUGIN_PRIORITY_NUMBER];
(gdb) bt
#0  0x805d936 in AlertSyslog (p=0x0,
    msg=0xbfffecb4 "spp_portscan: PORTSCAN DETECTED from w.x.y.z (THRESHOLD 5 connections exceeded in 1 seconds)", 
arg=0x813ffc0)
    at spo_alert_syslog.c:345
#1  0x8055e0d in CallAlertPlugins (p=0x0,
    message=0xbfffecb4 "spp_portscan: PORTSCAN DETECTED from w.x.y.z (THRESHOLD 5 connections exceeded in 1 
seconds)") at rules.c:3445
#2  0x8055daa in CallAlertFuncs (p=0x0,
    message=0xbfffecb4 "spp_portscan: PORTSCAN DETECTED from w.x.y.z (THRESHOLD 5 connections exceeded in 1 
seconds)", head=0x0) at rules.c:3419
#3  0x805b506 in PortscanPreprocFunction (p=0xbfffedc0) at spp_portscan.c:953
#4  0x8055ca6 in Preprocess (p=0xbfffedc0) at rules.c:3358
#5  0x804ac91 in ProcessPacket (user=0x0, pkthdr=0xbffff268, pkt=0x812848a "")
    at snort.c:501
#6  0x8077dcc in pcap_read ()
#7  0x80783ec in pcap_loop ()
#8  0x804c16f in InterfaceThread (arg=0x0) at snort.c:1377
#9  0x804ab74 in main (argc=7, argv=0xbffff3f4) at snort.c:434

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


--
Martin Roesch
roesch () sourcefire com
http://www.sourcefire.com - http://www.snort.org

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: