Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort 1.8 Problems

From: "Lodin, Steven {GZ-Q~Mannheim}" <STEVEN.LODIN () Roche COM>
Date: Wed, 11 Jul 2001 16:59:41 +0200
I have 1.7 working fine.  I'm having SIGSEGV problems with Version 1.8-RELEASE (Build 43).

I'm running on RH 6.x with 2.2.12-20 kernel and the latest libpcap.

Here is the last part of the strace output:

recvfrom(3, "\0\1\2\4\331\254\0\20KI\327\202\10\0E\0\3B\264\304@\0@"..., 1514, 0
x20, {sa_family=17, sa_data="\10\0\2\0\0\0\1\0\4\6\0\20KI"}, [20]) = 848^M
ioctl(3, SIOCGSTAMP, 0xbffffa84)        = 0^M
--- SIGSEGV (Segmentation fault) ---^M
+++ killed by SIGSEGV +++^M

There are about 82 recvfrom/ioctl lines after the write that spits out Marty's name.

When I run with -T I get:

[root@lodins log]# snort -l /usr/local/snort/log -c /usr/local/snort/snort.conf
 -M /usr/local/snort/WORKSTATIONS -T
Log directory = /usr/local/snort/log

        --== Initializing Snort ==--
Checking PID path...
PATH_VARRUN is set to /var/run/ on this operating system

Initializing Network Interface eth0
Kernel filter, protocol ALL, raw packet socket
Decoding Ethernet on interface eth0
Initializing Preprocessors!
Initializing Plug-ins!
Initializating Output Plugins!
Parsing Rules file /usr/local/snort/snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
No arguments to frag2 directive, setting defaults to:
    Fragment timeout: 60 seconds
    Fragment memory cap: 4194304 bytes
No arguments to stream4 directive, setting defaults to:
    Session timeout: 30 seconds
    Session memory cap: 8388608 bytes
    Stateful Inspection: ACTIVE
    Stream Reassembly: INACTIVE
    Stream Stats: INACTIVE
    State Alerts: ACTIVE
No arguments to stream4_reassemble, setting defaults:
     Reassemble client: ACTIVE
     Reassemble server: INACTIVE
     Reassemble ports: 21 23 25 53 80 143 110 111 513
     Reassembly alerts: ACTIVE
Back Orifice detection brute force: DISABLED
Using LOCAL time
1047 Snort rules read...
1047 Option Chains linked into 165 Chain Headers
0 Dynamic rules
+++++++++++++++++++++++++++++++++++++++++++++++++++

Rule application order: ->activation->dynamic->alert->pass->log

        --== Initialization Complete ==--

-*> Snort! <*-
Version 1.8-RELEASE (Build 43)
By Martin Roesch (roesch () sourcefire com, www.snort.org)

Snort sucessfully loaded all rules and checked all rule chains!


Any thoughts or direction?  Where can I begin to look?

Thanks!

Steve Lodin
Head of Global IT Security and Risk Management
Roche Diagnostics GmbH
(W) +49-621-759-5276
(M) +49-173-348-4974

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: