[Snort-devel] Snort 2.0 on OpenBSD 3.3 Errors Out Post-Init (bug?)

James Webb jtwebb at ...1932...
Sun Apr 20 07:45:05 EDT 2003


Snort Developers,

I haven't been able to locate a mailinglist posting or other info on
the web regarding certain errors(below)..so I am submitting problem for
evaluating as potential bug.

I have posted query to misc at ...76... to see if anyone else has been
able to use snort v2 on openbsd 3.3 without seeing these issues, and no
response as of yet.  Please disregard and accept my apologies for the
spam if this is known config issue.

Thanks,
-JTW 

Details
==================
System Architecture: (x86)
Operation System: (OpenBSD3.3 stable branch)
Version of Snort: Version 2.0.0 (Build 72)
Preprocessors: frag2,
                         stream4:detect_scans, disable_evasion_alerts,
                         stream4_reassemble
                         http_decode: 80 unicode iis_alt_unicode
double_encode iis_flip_slash full_whitespace
                         rpc_decode: 111 32771
                         telnet_decode
                        

Snort cmd-line: /usr/local/bin/snort -y -e -d -z -A full -b -u snort -g
nobody  -c /home/snort/conf/snort.conf -i xl0 -l /home/snort/LOGS/$DATE
-L packet.log

The following rules in snort.conf generate these errors:

exploit.rules    -yields-   ERROR: No memory in
mwmPrephashedPatternGroups()Fatal Error, Quitting...
scan.rules       -yields-   ERROR: No memory in
mwmPrephashedPatternGroups()Fatal Error, Quitting...
rpc.rules         -yields-   Memory Fault
dos.rules         -yields-   ERROR: No memory in
mwmPrephashedPatternGroups()Fatal Error, Quitting...
ddos.rules       -yields-   ERROR: No memory in
mwmPrephashedPatternGroups()Fatal Error, Quitting...
web-cgi-rules   -yields-   No memory - file:fpcreate.c pmx-uricontent
!
web-iis.rules    -yields-   ERROR: No memory in
mwmPrephashedPatternGroups()Fatal Error, Quitting...
web-misc.rules  -yields- Memory Fault

If these rules are commented out Snort v2.0.0 (Build 72) runs with no
problems;
also these rules generate no issues with Snort v1.9.1




More information about the Snort-devel mailing list