Snort mailing list archives
Re: Snort 1.8.6 crashes after Ping of Death
From: Rich Adamson <radamson () routers com>
Date: Thu, 11 Jul 2002 09:32:26 -0600
Chris, Think there might be some common things going on with v1.8.7 (and possibly earlier versions) that are masking the root-cause of issues. The following is a guess based on what I've been seeing the last few days: 1. The Win32 Barebones v1.8.7 release locks up a Win2kPro machine requiring a power-cycle to correct. The lockup seems to occur on the "second" alert when using a command line startup of: snort -c "e:\snort\snort.conf" -l "e:\snort\log" -A full -i 3 -s 127.0.0.1 By removing the -l option, the systems seems to be okay. (Note: smells something like the user's comment below, but only occurs when logging to a local disk file, not to mysql. You might not be seeing this issue if you're logging to some other non-flat-file location. 2. Check the contents of the current v1.8.7 downloadable file. At least from a Windows perspective, several source files appear to be missing. I can't tell if that's because the "project" list for Visual Studio might have old files still included (but the actual source files are removed) or what. Since the files are not within a section of code devoted to Win32 it appears as though they were simply missed in the tarball. Missing files include: avi_tree.c, spp_minfrag.c, spp_tcp_stream.c, spp_stream3.c. (Example: the Visual Studio Projects can't find spp_tcp_stream.c, but the tarball includes spp_tcp_stream2.c. Issue?) 3. Also, it may not make a lot of difference to most people, but the tarball includes unistd.h, which is a zero-length file, that is required to avoid a fatal compile error. The Windows WinZip facility does not appear to have a way to create a zero-length file, therefore some comments probably need to be included in a readme somewhere regarding "What" Win32 users need to do to compile the source. Rich Adamson radamson () routers com ------------------------
theeaglesociety () netscape net (Night-Stalker) writes:My Snort (version 1.8.6) (under Linux Mandrake 8.2) crashes after one or two attacks with the DoS-Attack "Ping of Death", produced with the "IDS Informer" from BLADE Software. This Software is an IDS testing tool. Does anybody else have this problem?Please try against 1.8.7. I've gotten complaints of this on 1.8.6 before and have been unable to reproduce. If you can get it to work on 1.8.7, please run a parallel tcpdump -i eth0 -s 1514 -w largeicmp.cap and mail it to me. -- Chris Green <cmg () sourcefire com> To err is human, to moo bovine. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek PC Mods, Computing goodies, cases & more http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
---------------End of Original Message----------------- ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek PC Mods, Computing goodies, cases & more http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort 1.8.6 crashes after Ping of Death Night-Stalker (Jul 11)
- Re: Snort 1.8.6 crashes after Ping of Death Chris Green (Jul 11)
- Re: Snort 1.8.6 crashes after Ping of Death Rich Adamson (Jul 11)
- Re: Snort 1.8.6 crashes after Ping of Death Chris Green (Jul 11)
- Re: Snort 1.8.6 crashes after Ping of Death Rich Adamson (Jul 11)
- Re: Snort 1.8.6 crashes after Ping of Death Rich Adamson (Jul 11)
- <Possible follow-ups>
- RE: Snort 1.8.6 crashes after Ping of Death McCammon, Keith (Jul 11)
- Re: Snort 1.8.6 crashes after Ping of Death Chris Green (Jul 11)