[Snort-devel] Snort 1.9 core dump

Daniel Harrison danielh at ...1776...
Thu Jan 16 12:54:04 EST 2003


Machine information:

Platform: Sparc
OS:       2.7
Version:  Version 1.9.0 (Build 227)

Command line:
   
    /cust/src/snort-stable/src/snort -c 
/cust/src/snort-stable/etc/xx-snort.conf -i ge0 -dvD -l 
/export-1/log/snort/xx host xx.xx.2.131 or host      xx.xx.2.132 or host 
xx.xx.2.133 or host xx.xx.2.134 or host xx.xx.2.135 or host xx.xx.2.136 
or host xx.x.2.137 or host xx.xx.2.138 or   host xx.xx.2.139 or host 
xx.xx.2.140 or host xx.xx.2.141 or host xx.xx.2.142

The reason for the massive host list is that pcap puked on a /28 cidr 
block with the following error:

ERROR: OpenPcap() FSM compilation failed:
        non-network bits set in "xx.xx.2.131/28"
PCAP command: net xx.xx.2.131/28
Fatal Error, Quitting..


loaded preprocessors:

    preprocessor frag2
    preprocessor stream4: detect_scans, disable_evasion_alerts
    preprocessor stream4_reassemble: serveronly, ports [default]
    preprocessor http_decode: 80 unicode iis_alt_unicode double_encode 
iis_flip_slash full_whitespace
    preprocessor rpc_decode: 111 32771
    preprocessor bo: -nobrute
    preprocessor telnet_decode


Output Options:

    output alert_syslog: LOG_AUTH LOG_ALERT


Ruleset:

    The default ruleset included with snort.



This GDB was configured as "sparc-sun-solaris2.7"...
Core was generated by `/cust/src/snort-stable/src/snort -c 
/cust/src/snort-stable/etc/66-snort.conf -i'.
Program terminated with signal 10, Bus error.
Reading symbols from /usr/lib/libm.so.1...done.
Loaded symbols for /usr/lib/libm.so.1
Reading symbols from /usr/lib/libsocket.so.1...done.
Loaded symbols for /usr/lib/libsocket.so.1
Reading symbols from /usr/lib/libnsl.so.1...done.
Loaded symbols for /usr/lib/libnsl.so.1
Reading symbols from /usr/lib/libc.so.1...done.
Loaded symbols for /usr/lib/libc.so.1
Reading symbols from /usr/lib/libdl.so.1...done.
Loaded symbols for /usr/lib/libdl.so.1
Reading symbols from /usr/lib/libmp.so.2...done.
Loaded symbols for /usr/lib/libmp.so.2
Reading symbols from /usr/platform/SUNW,Ultra-80/lib/libc_psr.so.1...done.
Loaded symbols for /usr/platform/SUNW,Ultra-80/lib/libc_psr.so.1
Reading symbols from /usr/lib/nss_files.so.1...done.
Loaded symbols for /usr/lib/nss_files.so.1
#0  0x000429f0 in ConvertRPC (data=0x159b4c "", size=278) at 
spp_rpc_decode.c:294
294                 for (i=0; i < length; i++,rpc++,index++,hdrptr++)
(gdb) bt
#0  0x000429f0 in ConvertRPC (data=0x159b4c "", size=278) at 
spp_rpc_decode.c:294
#1  0x0002cdc8 in Preprocess (p=0xffbef468) at detect.c:84
#2  0x00027290 in ProcessPacket (user=0x0, pkthdr=0x0, pkt=0xffbef468 
"ÿ¾ùh") at snort.c:585
#3  0x0004a25c in pcap_read ()
#4  0x0004af34 in pcap_loop ()
#5  0x000289d4 in InterfaceThread (arg=0x8ec00) at snort.c:1642
#6  0x0002716c in SnortMain (argc=43, argv=0xffbefb94) at snort.c:519



-- 
Daniel Harrison    EDS
page-danielh at ...1776...
"Please don't stand on the toilets"






More information about the Snort-devel mailing list