[Snort-devel] Snort 2.0.5 hang/infinte loop

Jim Cervantes jcervant at ...2278...
Tue Dec 9 12:39:01 EST 2003


I have a number of recently upgraded sensors (v2.0.0 upgraded to v2.0.5)
that have ended up in an apparent infinite loop as well.  They have stopped
logging alerts and are consuming all the CPU they can get.  Can someone lend
some advice regarding a workaround, or should I roll back snort to a
previous version?

In particular:

  - Are there certain rules/traffic patterns which I should avoid?
  - If I rollback snort, what would be a good choice of version?

The sensors are currently in this state, so if anyone has any
diagnostic-related suggestions, I'm all ears.

Thanks for any advice,

Jim

-----Original Message-----
From: snort-devel-admin at lists.sourceforge.net
[mailto:snort-devel-admin at lists.sourceforge.net]On Behalf Of Jeremy
Hewlett
Sent: Monday, November 24, 2003 11:11 AM
To: snort-devel at lists.sourceforge.net
Subject: Re: [Snort-devel] Snort 2.0.5 hang/infinte loop


On Mon, Nov 24, Lawrence Reed wrote:
> I upgraded my 2.0.2 sensors ( 4 ) to 2.0.5.  Almost immediately all
> four sensors went into an infinite loop. I can recreate this if
> further information is needed.

Could you send me a pcap? We've fixed the problem area, but I'd like
to get a pcap of what's causing this to test out the fix.

Thanks


-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?  SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-devel mailing list
Snort-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel





More information about the Snort-devel mailing list