[Snort-devel] Re: Segmentation fault - SORTED MY END - BUT STILL BUG?

Martin Roesch roesch at ...402...
Sun Mar 2 09:50:16 EST 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yup, sounds like a bug.  I'll take a look at it.  Thanks!

      -Marty


On Saturday, March 1, 2003, at 07:41  PM, Thoplaop wrote:

> Agh,
>
> I deserve I real telling off here.  Can't
> believe I was so silly as to not notice I
> missed off the -c option.  Including this
> prevented the segmentation fault (as detailed
> in copy of email below).
>
> However, the previous (below email) may still
> be warranted as a bug, since should it throw
> up a segmentation fault if you don't specify
> a config file??
>
> NB: Hadn't changed any configuration of snort
>      after installation (obviously just ran
>      ./configure before making).
>
> Cheers,
> Thop
>
> On Sat, 1 Mar 2003, Thoplaop wrote:
>
>> System Architecture (Sparc, x86, etc)
>>  x86 - AMD 500MHz
>> Operating System and version (Linux 2.0.22, IRIX 5.3, etc)
>>  Linux Kernel 2.4.19
>>  (It's Mandrake 9.0, which means it has GCC 3.2)
>> Version of Snort
>>  Snort Version 1.8.3
>> What preprocessors you loaded
>>  Just as in your own snort.conf file downloaded from
>>  your website (see next answer for URL).  I did not
>>  edit the snort.conf at all, the preprocessor statements
>>  were thus as follows:
>>   preprocessor frag2
>>   preprocessor stream4: detect_scans, disable_evasion_alerts
>>   preprocessor stream4_reassemble
>>   preprocessor http_decode: 80 unicode iis_alt_unicode double_encode
>> iis_flip_slash full_whitespace
>>   preprocessor rpc_decode: 111 32771
>>   preprocessor bo: -nobrute
>>   preprocessor telnet_decode
>>   preprocessor conversation: allowed_ip_protocols all, timeout 60,
>> max_conversations 32000
>>   preprocessor portscan2: scanners_max 3200, targets_max 5000,
>> target_limit 5, port_limit 20, timeout 60
>> What rules (if any) you were using
>>  As downloaded from your own website at
>>  http://www.snort.org/dl/signatures/snortrules.tar.gz
>>  and simply referred to the snort.conf file included
>>  in snortrules.tar.gz in order to use rules.  The
>>  snort.conf file was simply referred to on command-line
>>  as shown below.
>> What output plug-ins you loaded
>>  None unless any loaded in snort.conf
>> What command line switches you were using
>>  snort -devr /home/thop/mit_training_week1/monday/tcpdump -h
>> 192.168.1.0/24 -l /home/thop/snort/mitlog1_asc/
>>  (NB: "mit_training_week1/" dir. is extracted directly from
>>   
>> http://www.ll.mit.edu/IST/ideval/data/1998/training/week1/monday.tar)
>> Any Snort error messages
>>  Output copied and pasted as follows:
>>
>> Initializing Output Plugins!
>> Log directory = /home/thop/snort/mitlog1_asc/
>> TCPDUMP file reading mode.
>> Reading network traffic from
>> "/home/thop/mit_training_week1/monday/tcpdump" file.
>> snaplen = 66000
>>
>>         --== Initializing Snort ==--
>>
>>         --== Initialization Complete ==--
>>
>> -*> Snort! <*-
>> Version 1.9.0 (Build 209)
>> By Martin Roesch (roesch at ...402..., www.snort.org)
>> Segmentation fault
>> [root at ...1825... snort]#
>>
>> Any more information
>>  Please reply and I should get back to you quickly
>> --
>> Spare time?  Make good use of it...
>> http://thop.co.uk/go - just click to donate free to good causes
>> (sponsered by adverts)
>>
>> Michael Eisner, MD for Disney = $9,783/hour
>>    Haitian worker for Disney  = 28 cents/hour
>>
>>
>
> -- 
> Spare time?  Make good use of it...
> http://thop.co.uk/go - just click to donate free to good causes
> (sponsered by adverts)
>
> Michael Eisner, MD for Disney = $9,783/hour
>    Haitian worker for Disney  = 28 cents/hour
>
>
>
- -- 
Martin Roesch - Founder/CTO Sourcefire Inc. - (410) 290-1616
Sourcefire: Enterprise-class Intrusion detection built on Snort
roesch at ...402... - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (Darwin)

iD8DBQE+Yg38qj0FAQQ3KOARAgZcAJsGia3ev5sv62+PsUrjtYQOLnEnJQCfdw2V
uNfecDZwMQ6eFw4bWVjaE9I=
=Nf5X
-----END PGP SIGNATURE-----





More information about the Snort-devel mailing list