[Snort-devel] My snort-1.8.1-RELEASE dumped core!!

Michael Boman michael at ...613...
Sat Aug 18 09:45:57 EDT 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I was watching the /var/log/messages for another reason while suddenly snort 
dumped core:

Syslog message:
Aug 18 21:15:17 xxxxx /kernel: pid 48172 (snort), uid 0: exited on signal 11 
(core dumped)

Version Number:
$ snort -V
- -*> Snort! <*-
Version 1.8.1-RELEASE (Build 74)
By Martin Roesch (roesch at ...402..., www.snort.org)

The system information:
FreeBSD xxxxx.xxxxxx.xxx 4.4-PRERELEASE FreeBSD 4.4-PRERELEASE #0: Thu Aug 16 
14:04:13 SGT 2001     xxxxxxx at ...614...:/usr/obj/usr/src/sys/CUSTOM  i386

Core info:
- -rw-------  1 root  bin  10149888 Aug 18 21:15 
/usr/local/snort/snort.core

core-file is availble if needed (as you can see it's a bit big)

My snort.conf:

var HOME_NET $xl0_ADDRESS
var INTERNAL $HOME_NET
var EXTERNAL_NET any
var EXTERNAL $EXTERNAL_NET
var SMTP $xl0_ADDRESS
var HTTP_SERVERS $xl0_ADDRESS
var SQL_SERVERS $xl0_ADDRESS
var DNS_SERVERS [xxx.xxx.xxx.xxx/xx,xxx.xxx.xxx.xxx/xx]
preprocessor defrag
preprocessor frag2
preprocessor stream4
preprocessor stream4_reassemble
preprocessor http_decode: 80 -unicode -cginull
preprocessor rpc_decode: 111
preprocessor bo: -nobrute
preprocessor telnet_decode
preprocessor portscan: $HOME_NET 4 3 portscan.log
preprocessor portscan-ignorehosts: $DNS_SERVERS
output alert_syslog: LOG_AUTH LOG_ALERT
output log_tcpdump: snort.log
output database: alert, mysql, user=xxxxxx dbname=snort18 host=localhost \
sensor_name=xxxxx.xxxxxx.xxx password=xxxxxxxxxxx
output alert_unified: snort.alert
output log_unified: snort.log
include classification.config
include backdoor.rules
include ddos.rules
include dns.rules
include dos.rules
include exploit.rules
include finger.rules
include ftp.rules
include icmp.rules
include local.rules
include misc.rules
include netbios.rules
include rpc.rules
include rservices.rules
include scan.rules
include smtp.rules
include sql.rules
include telnet.rules
include web-cgi.rules
include web-coldfusion.rules
include web-frontpage.rules
include web-iis.rules
include web-misc.rules
include x11.rules
include vision18.rules

PS
 my database output is on a single line w/o '\', but is broken b/c of MUA.
DS

- -- 
There is no such thing as a system that is secure out of the box.
Tim [Timothy M. Mullen, CIO of AnchorIS.Com] claimed earlier this
morning that he had found one at Val-Mart the other day that was
secure out of the box, but as it turns out that was a Nintendo.

- -- Jesper M Johansson, Ph.D. Assistant Professor of Information
   Systems at Boston University - during a SANS audio broadcast
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7fnGbds5fQJiraJwRAiJYAJwOnfFTXUKmNuPZ7UTA1eWJiEZFZACgua+A
2viSnAFtzDQ3HTs6Wl5rtbg=
=WRx8
-----END PGP SIGNATURE-----




More information about the Snort-devel mailing list