[Snort-devel] Re: Segmentation fault - SORTED MY END - BUT STILL BUG?

Thoplaop T.M.Hesketh-roberts at ...1826...
Mon Mar 3 06:03:04 EST 2003


Agh,

I deserve I real telling off here.  Can't
believe I was so silly as to not notice I
missed off the -c option.  Including this
prevented the segmentation fault (as detailed
in copy of email below).

However, the previous (below email) may still
be warranted as a bug, since should it throw
up a segmentation fault if you don't specify
a config file??

NB: Hadn't changed any configuration of snort
     after installation (obviously just ran
     ./configure before making).

Cheers,
Thop

On Sat, 1 Mar 2003, Thoplaop wrote:

> System Architecture (Sparc, x86, etc)
>  x86 - AMD 500MHz
> Operating System and version (Linux 2.0.22, IRIX 5.3, etc)
>  Linux Kernel 2.4.19
>  (It's Mandrake 9.0, which means it has GCC 3.2)
> Version of Snort
>  Snort Version 1.8.3
> What preprocessors you loaded
>  Just as in your own snort.conf file downloaded from
>  your website (see next answer for URL).  I did not
>  edit the snort.conf at all, the preprocessor statements
>  were thus as follows:
>   preprocessor frag2
>   preprocessor stream4: detect_scans, disable_evasion_alerts
>   preprocessor stream4_reassemble
>   preprocessor http_decode: 80 unicode iis_alt_unicode double_encode
> iis_flip_slash full_whitespace
>   preprocessor rpc_decode: 111 32771
>   preprocessor bo: -nobrute
>   preprocessor telnet_decode
>   preprocessor conversation: allowed_ip_protocols all, timeout 60,
> max_conversations 32000
>   preprocessor portscan2: scanners_max 3200, targets_max 5000,
> target_limit 5, port_limit 20, timeout 60
> What rules (if any) you were using
>  As downloaded from your own website at
>  http://www.snort.org/dl/signatures/snortrules.tar.gz
>  and simply referred to the snort.conf file included
>  in snortrules.tar.gz in order to use rules.  The
>  snort.conf file was simply referred to on command-line
>  as shown below.
> What output plug-ins you loaded
>  None unless any loaded in snort.conf
> What command line switches you were using
>  snort -devr /home/thop/mit_training_week1/monday/tcpdump -h
> 192.168.1.0/24 -l /home/thop/snort/mitlog1_asc/
>  (NB: "mit_training_week1/" dir. is extracted directly from
>   http://www.ll.mit.edu/IST/ideval/data/1998/training/week1/monday.tar)
> Any Snort error messages
>  Output copied and pasted as follows:
>
> Initializing Output Plugins!
> Log directory = /home/thop/snort/mitlog1_asc/
> TCPDUMP file reading mode.
> Reading network traffic from
> "/home/thop/mit_training_week1/monday/tcpdump" file.
> snaplen = 66000
>
>         --== Initializing Snort ==--
>
>         --== Initialization Complete ==--
>
> -*> Snort! <*-
> Version 1.9.0 (Build 209)
> By Martin Roesch (roesch at ...402..., www.snort.org)
> Segmentation fault
> [root at ...1825... snort]#
>
> Any more information
>  Please reply and I should get back to you quickly
> --
> Spare time?  Make good use of it...
> http://thop.co.uk/go - just click to donate free to good causes
> (sponsered by adverts)
>
> Michael Eisner, MD for Disney = $9,783/hour
>    Haitian worker for Disney  = 28 cents/hour
>
>

-- 
Spare time?  Make good use of it...
http://thop.co.uk/go - just click to donate free to good causes
(sponsered by adverts)

Michael Eisner, MD for Disney = $9,783/hour
   Haitian worker for Disney  = 28 cents/hour






More information about the Snort-devel mailing list