[Snort-devel] Re: Can't run snort 1.8-beta5 (Build 22)

Martin Roesch roesch at ...402...
Sat May 12 16:23:11 EDT 2001


Ok, I've tracked down the bug.  Stupidity on my part (as usual), I
wasn't checking the validity of a pointer I was depending on in for the
new priority/classification code.  Patched and committed.

     -Marty

"Michel A. S. Pereira - KIDMumU[InTrance]" wrote:
> 
> System Architecture: x86
> OS: Conectiva Linux 6.0 - Kernel 2.4.3
> Rules: all
> Command line:
>     snort -c /etc/snort/snort.conf -s -d -l /var/log/snort
> 
> Core Dump file:
> 
> #0  SyslogAlert (p=0x0,
>     msg=0xbffff1e0 "spp_portscan: PORTSCAN DETECTED from 200.210.66.10
> (THRESHOLD 4 connections exceeded in 0 seconds)", arg=0x0) at log.c:893
> #1  0x8055aac in CallAlertPlugins (p=0x0,
>     message=0xbffff1e0 "spp_portscan: PORTSCAN DETECTED from
> 200.210.66.10 (THRESHOLD 4 connections exceeded in 0 seconds)") at
> rules.c:3445
> #2  0x8055a4a in CallAlertFuncs (p=0x0,
>     message=0xbffff1e0 "spp_portscan: PORTSCAN DETECTED from
> 200.210.66.10 (THRESHOLD 4 connections exceeded in 0 seconds)",
> head=0x0) at rules.c:3419
> #3  0x805ac95 in PortscanPreprocFunction (p=0xbffff2ec) at
> spp_portscan.c:953
> #4  0x8055946 in Preprocess (p=0xbffff2ec) at rules.c:3358
> #5  0x804b511 in ProcessPacket (user=0x0, pkthdr=0xbffff790,
> pkt=0x80abbba "")
>     at snort.c:501
> #6  0x80759e2 in pcap_read ()
> #7  0x807620c in pcap_loop ()
> #8  0x804c7fe in InterfaceThread (arg=0x0) at snort.c:1377
> #9  0x804b3f4 in main (argc=7, argv=0xbffff94c) at snort.c:434
> #10 0x40194a4a in __libc_start_main () from /lib/libc.so.6
> 
> --
> ____________________________________________________________
> PIII 500MHz - 96MB RAM - HD 8.2GB - Diamond Stealth III s540
>        USR Sportster 56K Int Voice - SoundBlaster AWE 64
>         CL 6.0 - Kernel 2.4.3 - LIDS 1.0.3  - Snort 1.7
>     www.techs.com.br - ICQ 4553082 - Linux Counter - 83522
>           Are you safe? Why not a Security Officer?

--
Martin Roesch
roesch at ...402...
http://www.sourcefire.com - http://www.snort.org




More information about the Snort-devel mailing list