Addendum: Segfault on SMB Alert

["Whyte, Jesse" <Jesse.Whyte () us gambro com>]

It appears that in addition to segfaulting, the snort process is not logging
anything.  It creates a fresh binary log file for each instance, but it
remains at zero size despite plenty of traffic that it should be alerting
upon.  TIA for your help...  Jesse

>  -----Original Message-----
> From:         Whyte, Jesse  
> Sent: Thursday, April 18, 2002 11:20 AM
> To:   Snort-Users (E-mail)
> Subject:      Segfault on SMB Alert
>
> I'm trying to test SMB alerting on a test box.  Here's the specs:
>
> Red Hat 7.2
> samba-client-2.2.1a-4.i386.rpm
> samba-common-2.2.1a-4.i386.rpm
> snort 1.8.6 (built with --enable-flexresp --enable-smbclient)
>
> Here is the command-line:  "/usr/local/bin/snort -abdDeA full -M
/etc/snort.smb.alert -c /etc/snort.conf"
> a rule in local.rules:  "alert tcp $EXTERNAL_NET any -> $HOME_NET 23
(flags: S;)"
> one line in /etc/snort.smb.alert:  machine_to_log_to (without prepended
\\)
> When this rule is activated via an inbound telnet, snort receives a
SIG_SEGV and dies, leaving no core file.  What am I doing wrong?  No
messages in any log file speak to this failure.  If I strace the running
snort process as it receives the S packet to port 23, it makes 5 recvfrom()
calls, then receives the SEGV signal.
> Has anyone seen this before?  What am I doing wrong?
>
> Thanks, Jesse

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users