Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort-Wireless on Linksys WRT54G

From: Steffen Pfendtner <steffen () wh-netz de>
Date: Sun, 23 May 2004 20:00:28 +0200 (CEST)
Hi,

I've succesfully compiled Snort 2.1.1 with the wireless patch
for Linksys WRT54G Access Point. For those who don't know this device,
it's common and cheap AP which runs Linux.

It seems like i'm runnign in some memory problems. The the device has 16
MB main memory at all. Currently I have roghly 5 MB left.

Anyone with an idea how to reduce the memory consumption?

This error is what appears on snort startup:
Allocating memory for WifistateTable...
ERROR: WSTDoTable failed to map requested length into memory: Cannot
allocate memory
Fatal Error, Quitting..

Thanks for your help!
Steffen Pfendtner




bellow follows the whole output:

Running in IDS mode with inferred config file: ./snort.conf
Log directory = /var/log/snort

Initializing Network Interface eth2
OpenPcap() device eth2 network lookup:
        eth2: no IPv4 address assigned

        --== Initializing Snort ==--
Initializing Output Plugins!
Decoding Ethernet on interface eth2
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file ./snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
,-----------[Flow Config]----------------------
| Stats Interval:  0
| Hash Method:     2
| Memcap:          10485760
| Rows  :          4099
| Overhead Bytes:  16400(%0.16)
`----------------------------------------------
No arguments to frag2 directive, setting defaults to:
    Fragment timeout: 60 seconds
    Fragment memory cap: 4194304 bytes
    Fragment min_ttl:   0
    Fragment ttl_limit: 5
    Fragment Problems: 0
    Self preservation threshold: 500
    Self preservation period: 90
    Suspend threshold: 1000
    Suspend period: 30
Stream4 config:
    Stateful inspection: ACTIVE
    Session statistics: INACTIVE
    Session timeout: 30 seconds
    Session memory cap: 8388608 bytes
    State alerts: INACTIVE
    Evasion alerts: INACTIVE
    Scan alerts: INACTIVE
    Log Flushed Streams: INACTIVE
    MinTTL: 1
    TTL Limit: 5
    Async Link: 0
    State Protection: 0
    Self preservation threshold: 50
    Self preservation period: 90
    Suspend threshold: 200
    Suspend period: 30
Stream4_reassemble config:
    Server reassembly: INACTIVE
    Client reassembly: ACTIVE
    Reassembler alerts: ACTIVE
    Zero out flushed packets: INACTIVE
    flush_data_diff_size: 500
    Ports: 21 23 25 53 80 110 111 143 513 1433
    Emergency Ports: 21 23 25 53 80 110 111 143 513 1433
deauth_flood arguments:
    deauth-threshold: 20
    expire_timeout: 60
    target_limit: 100
    prune_period: 30
auth_flood arguments:
    auth-threshold: 100
    expire_timeout: 60
    target_limit: 10
    prune_period: 30
macspoof arguments:
    masked_MAC_addr: none
    tolerate_gap: 5
    threshold: 10
    expire_timeout: 120
    spoofed_addr_limit: 100
    prune_period: 30
45 Snort rules read...
45 Option Chains linked into 1 Chain Headers
0 Dynamic rules
+++++++++++++++++++++++++++++++++++++++++++++++++++


+-----------------------[thresholding-config]----------------------------------
| memory-cap : 1048576 bytes
+-----------------------[thresholding-global]----------------------------------
| none
+-----------------------[thresholding-local]-----------------------------------
| none
+-----------------------[suppression]------------------------------------------
| none
-------------------------------------------------------------------------------
Rule application order: ->activation->dynamic->alert->pass->log

+++++++++++++++++++++++++++++++++++++++++++++++++++
Allocating memory for WifistateTable...
ERROR: WSTDoTable failed to map requested length into memory: Cannot allocate memory
Fatal Error, Quitting..


--
Steffen Pfendtner <steffen () wh-netz de>
GPG Key fingerprint = DF91 11BB 498F 573B 8002  6E0B 3AE3 FF88 EADD B3BC


-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: