No subject


Thu Nov 23 16:31:58 EST 2017


OS is FreeBSD 4.4-STABLE from cvsup of 10/11/01.

System is Intel PII/300, SM P6DLH MB, 128MB, 4 x ST410800WD
on DPT SmartRAID IV, ADIC VLS DLT 300 and NEC CD on Adaptec
2940UW, 2x Intel Pro100+.

Compiled from FreeBSD ports on 10/13/01; tried running version
with full debug options but that ran for days without a problem.

Rules from 1.8.1 RELEASE distribution.

Snort started with:

/usr/local/bin/snort -c /usr/local/etc/snort.conf -i fxp0 -D

Terminated with:

Oct 13 23:18:28 ct980320-b /kernel: pid 3687 (snort), uid 0: exited on singal 11 (core dumped).

gdb output:

This GDB was configured as "i386-unknown-freebsd"...
(no debugging symbols found)...
Core was generated by `snort'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/lib/libpcap.so.2...(no debugging symbols found)...
done.
Reading symbols from /usr/lib/libm.so.2...(no debugging symbols found)...done.
Reading symbols from /usr/lib/libssl.so.2...(no debugging symbols found)...
done.
Reading symbols from /usr/lib/libcrypto.so.2...(no debugging symbols found)...
done.
Reading symbols from /usr/lib/libc.so.4...(no debugging symbols found)...done.
Reading symbols from /usr/libexec/ld-elf.so.1...(no debugging symbols found)...
done.
#0  0x8074932 in strlcat ()
(gdb) bt
#0  0x8074932 in strlcat ()
#1  0x8074979 in strlcat ()
#2  0x8074d17 in strlcat ()
#3  0x8078567 in strlcat ()
#4  0x8076e8c in strlcat ()
#5  0x805656f in sigprocmask ()
#6  0x804b21f in sigprocmask ()
#7  0x280b76b9 in pcap_read () from /usr/lib/libpcap.so.2
#8  0x280b732f in pcap_loop () from /usr/lib/libpcap.so.2
#9  0x804c750 in sigprocmask ()
#10 0x804b0e0 in sigprocmask ()
#11 0x804a9a9 in sigprocmask ()

snort.conf:

var HOME_NET 65.8.207.32/32
var EXTERNAL_NET any
var SMTP $HOME_NET
var HTTP_SERVERS $HOME_NET
var SQL_SERVERS $HOME_NET
var DNS_SERVERS [24.12.70.15/32,24.12.70.17/32,129.79.1./32,129.79.5.100/32]
preprocessor frag2
preprocessor stream4: detect_scans
preprocessor stream4_reassemble
preprocessor http_decode: 80 -unicode -cginull
preprocessor rpc_decode: 111 
preprocessor bo: -nobrute
preprocessor telnet_decode
preprocessor portscan: $HOME_NET 4 3 portscan.log
include /usr/local/share/snort/exploit.rules
include /usr/local/share/snort/scan.rules
include /usr/local/share/snort/finger.rules
include /usr/local/share/snort/ftp.rules
include /usr/local/share/snort/telnet.rules
include /usr/local/share/snort/smtp.rules
include /usr/local/share/snort/rpc.rules
include /usr/local/share/snort/rservices.rules
include /usr/local/share/snort/backdoor.rules
include /usr/local/share/snort/dos.rules
include /usr/local/share/snort/ddos.rules
include /usr/local/share/snort/dns.rules
include /usr/local/share/snort/netbios.rules
include /usr/local/share/snort/web-cgi.rules
include /usr/local/share/snort/web-frontpage.rules
include /usr/local/share/snort/web-iis.rules
include /usr/local/share/snort/web-misc.rules
include /usr/local/share/snort/sql.rules
include /usr/local/share/snort/x11.rules
include /usr/local/share/snort/icmp.rules
include /usr/local/share/snort/shellcode.rules
include /usr/local/share/snort/policy.rules
include /usr/local/share/snort/info.rules




More information about the Snort-devel mailing list