[Snort-devel] UnixSock Bug

Daniel J Camero camero at ...1215...
Sun Mar 24 18:00:03 EST 2002


Arch: x86
OS: OpenBSD 2.9
No rules
Switches: -A unsock

Ran a simple portscan which set off Preprocessor rules.

Seg fault w/ Core Dump  (see backtrace below)

Thanks for the help.

-Danny
 camero at ...1215...

Backtrace from GDB:

#0  0x233c5 in SetupAlertUnixSock () at spo_alert_unixsock.c:53
53          RegisterOutputPlugin("alert_unixsock", NT_OUTPUT_ALERT,
AlertUnixSockInit);
(gdb) bt
#0  0x233c5 in SetupAlertUnixSock () at spo_alert_unixsock.c:53
#1  0x12151 in CallAlertPlugins (p=0x0,
    message=0xdfbfd188 "spp_portscan: PORTSCAN DETECTED from 63.175.92.115
(THRESHOLD 4 connections exceeded in 1 seconds)", args=0x0,
event=0xdfbfd170)
    at rules.c:3551
#2  0x120e7 in CallAlertFuncs (p=0x0,
    message=0xdfbfd188 "spp_portscan: PORTSCAN DETECTED from 63.175.92.115
(THRESHOLD 4 connections exceeded in 1 seconds)", head=0x0,
event=0xdfbfd170)
    at rules.c:3523
#3  0x18f25 in PortscanPreprocFunction (p=0xdfbfd298) at
spp_portscan.c:950
#4  0x11f8b in Preprocess (p=0xdfbfd298) at rules.c:3426
#5  0x21e5 in ProcessPacket (user=0x0, pkthdr=0xd1390, pkt=0xd13a2 "")
    at snort.c:534
#6  0x40067151 in pcap_read ()
#7  0x40077daf in pcap_loop ()
#8  0x4c0e in InterfaceThread (arg=0x0) at snort.c:1561
#9  0x20d8 in main (argc=3, argv=0xdfbfd830) at snort.c:467






More information about the Snort-devel mailing list