[Snort-openappid] [Snort-users] AppID warnings and Snort Segmentation fault

Joel Esler (jesler) jesler at ...5...
Wed Jul 30 11:07:51 EDT 2014


CC’ing the OpenAppId list.


> On Jul 30, 2014, at 10:54 AM, Kiryukhin Andrey <andrei_1980 at ...31...> wrote:
> 
> Hello.
> I installed   snort-2.9.7.0_beta and  snort-openappid.2014-05-30.205-0 
> like describe this post:
> http://blog.snort.org/2014/03/firing-up-openappid.html
> 
> when i execute
> snort -T -c /etc/snort/etc/snort.conf
> 
> result:
> 
> Snort successfully validated the configuration!
> Snort exiting
> 
> 
> But in log i have warnings:
> 
> Invalid direct service AppId, 569, for 0x7f523f4de690 (nil)
> Invalid direct service AppId, 609, for 0x7f523f4d8740 (nil)
> Invalid direct service AppId, 603, for 0x7f523f4e5130 (nil)
> Invalid direct service AppId, 617, for 0x7f523f4dbeb0 (nil)
> Invalid direct service AppId, 547, for 0x7f523f4d8da0 (nil)
> Invalid direct service AppId, 165, for 0x7f523f4e0900 (nil)
> Invalid direct service AppId, 687, for 0x7f523f4deef0 (nil)
> Invalid direct service AppId, 376, for 0x7f523f4e25d0 (nil)
> Invalid direct service AppId, 747, for 0x7f523f4d7df0 (nil)
> Invalid direct service AppId, 754, for 0x7f523f4d9a70 (nil)
> Invalid direct service AppId, 753, for 0x7f523f4d9d60 (nil)
> Invalid direct service AppId, 755, for 0x7f523f4da520 (nil)
> Invalid direct service AppId, 603, for 0x7f523f4da520 (nil)
> Invalid direct service AppId, 763, for 0x7f523f4e4040 (nil)
> Invalid direct service AppId, 767, for 0x7f523f4d8c00 (nil)
> Invalid direct service AppId, 801, for 0x7f523f4d8280 (nil)
> Invalid direct service AppId, 800, for 0x7f523f4d8280 (nil)
> Invalid direct service AppId, 627, for 0x7f523f4dc3b0 (nil)
> Invalid direct service AppId, 894, for 0x7f523f4dcb10 (nil)
> Invalid direct service AppId, 895, for 0x7f523f4dcb10 (nil)
> Invalid direct service AppId, 398, for 0x7f523f4e2350 (nil)
> Invalid direct service AppId, 452, for 0x7f523f4ddbe0 (nil)
> Invalid direct service AppId, 823, for 0x7f523f4d90d0 (nil)
> Invalid direct service AppId, 1097, for 0x7f523f4e20e0 (nil)
> Invalid direct service AppId, 836, for 0x7f523f4de120 (nil)
> Invalid direct service AppId, 837, for 0x7f523f4dad50 (nil)
> Invalid direct service AppId, 846, for 0x7f523f4df540 (nil)
> Invalid direct service AppId, 847, for 0x7f523f4e6160 (nil)
> Invalid direct service AppId, 861, for 0x7f523f4d8530 (nil)
> Invalid direct service AppId, 862, for 0x7f523f4dffd0 (nil)
> Invalid direct service AppId, 426, for 0x7f523f4ed4c0 (nil)
> Invalid direct service AppId, 813, for 0x7f523f4ed4c0 (nil)
> Invalid direct service AppId, 118, for 0x7f523f4dea60 (nil)
> Invalid direct service AppId, 49, for 0x7f523f4db890 (nil)
> Invalid direct service AppId, 1755, for 0x7f523f4e4e30 (nil)
> Invalid direct service AppId, 872, for 0x7f523f4e6b50 (nil)
> Invalid direct service AppId, 61, for 0x7f523f4e68a0 (nil)
> Invalid direct service AppId, 774, for 0x7f523f4e6de0 (nil)
> Invalid direct service AppId, 683, for 0x7f523f4ea000 (nil)
> Invalid direct service AppId, 788, for 0x7f523f4ec950 (nil)
> Invalid direct service AppId, 701, for 0x7f523f4eb270 (nil)
> Invalid direct client application AppId, 788, for 0x7f523f4ecb80 (nil)
> Invalid direct client application AppId, 683, for 0x7f523f4ea200 (nil)
> Invalid direct client application AppId, 894, for 0x7f523f4d4be0 (nil)
> Invalid direct client application AppId, 895, for 0x7f523f4d4be0 (nil)
> Invalid direct client application AppId, 773, for 0x7f523f4d45b0 (nil)
> Invalid direct client application AppId, 872, for 0x7f523f4d4230 (nil)
> Invalid direct client application AppId, 619, for 0x7f523f4d3780 (nil)
> Invalid direct client application AppId, 846, for 0x7f523f4d3780 (nil)
> Invalid direct client application AppId, 723, for 0x7f523f4d3780 (nil)
> Invalid direct client application AppId, 794, for 0x7f523f4d3780 (nil)
> Invalid direct client application AppId, 771, for 0x7f523f4d3780 (nil)
> Invalid direct client application AppId, 61, for 0x7f523f4d2c10 (nil)
> Invalid direct client application AppId, 426, for 0x7f523f4ed6a0 (nil)
> Invalid direct client application AppId, 524, for 0x7f523f4d0e20 (nil)
> Invalid direct client application AppId, 936, for 0x7f523f4d0e20 (nil)
> Invalid direct client application AppId, 1107, for 0x7f523f4d1490 (nil)
> Invalid direct client application AppId, 547, for 0x7f523f4d1490 (nil)
> Invalid direct client application AppId, 732, for 0x7f523f4d1150 (nil)
> Invalid direct client application AppId, 743, for 0x7f523f4d1150 (nil)
> Invalid direct client application AppId, 308, for 0x7f523f4d1150 (nil)
> Invalid direct client application AppId, 307, for 0x7f523f4d1150 (nil)
> Invalid direct client application AppId, 866, for 0x7f523f4d19c0 (nil)
> Invalid direct client application AppId, 776, for 0x7f523f4d19c0 (nil)
> Invalid direct client application AppId, 700, for 0x7f523f4d19c0 (nil)
> Invalid direct client application AppId, 625, for 0x7f523f4d19c0 (nil)
> Invalid direct client application AppId, 626, for 0x7f523f4d19c0 (nil)
> Invalid direct client application AppId, 1108, for 0x7f523f4d19c0 (nil)
> Invalid direct client application AppId, 624, for 0x7f523f4d19c0 (nil)
> Invalid direct client application AppId, 720, for 0x7f523f4d19c0 (nil)
> Invalid direct client application AppId, 550, for 0x7f523f4d19c0 (nil)
> Invalid direct client application AppId, 546, for 0x7f523f4d19c0 (nil)
> Invalid direct client application AppId, 746, for 0x7f523f4d19c0 (nil)
> Invalid direct client application AppId, 836, for 0x7f523f4d19c0 (nil)
> Invalid direct client application AppId, 777, for 0x7f523f4d19c0 (nil)
> Invalid direct client application AppId, 701, for 0x7f523f4eb450 (nil)
> Invalid direct client application AppId, 813, for 0x7f523f4d3390 (nil)
> Invalid direct client application AppId, 571, for 0x7f523f4d2f50 (nil)
> Invalid direct client application AppId, 426, for 0x7f523f4ed610 (nil)
> 
> 
> Then, when i start snort in listen mode:
> 
> snort  -c /etc/snort/etc/snort.conf  -i eth2
> 
> i have segmentation fault:
> 
> 
>        --== Initialization Complete ==--
> 
>   ,,_     -*> Snort! <*-
>  o"  )~   Version 2.9.7.0_beta GRE (Build 109)
>   ''''    By Martin Roesch & The Snort Team:
> http://www.snort.org/snort/snort-team
>           Copyright (C) 2014 Cisco and/or its affiliates. All rights
> reserved.
>           Copyright (C) 1998-2013 Sourcefire, Inc., et al.
>           Using libpcap version 1.1.1
>           Using PCRE version: 7.8 2008-09-05
>           Using ZLIB version: 1.2.3
> 
>           Rules Engine: SF_SNORT_DETECTION_ENGINE  Version 2.2  <Build 1>
>           Preprocessor Object: SF_FTPTELNET  Version 1.2  <Build 13>
>           Preprocessor Object: SF_SSLPP  Version 1.1  <Build 4>
>           Preprocessor Object: SF_IMAP  Version 1.0  <Build 1>
>           Preprocessor Object: SF_DCERPC2  Version 1.0  <Build 3>
>           Preprocessor Object: APPID  Version 1.1  <Build 4>
>           Preprocessor Object: SF_SSH  Version 1.1  <Build 3>
>           Preprocessor Object: SF_GTP  Version 1.1  <Build 1>
>           Preprocessor Object: SF_SDF  Version 1.1  <Build 1>
>           Preprocessor Object: SF_SIP  Version 1.1  <Build 1>
>           Preprocessor Object: SF_SMTP  Version 1.1  <Build 9>
>           Preprocessor Object: SF_POP  Version 1.0  <Build 1>
>           Preprocessor Object: SF_REPUTATION  Version 1.1  <Build 1>
>           Preprocessor Object: SF_DNS  Version 1.1  <Build 4>
>           Preprocessor Object: SF_MODBUS  Version 1.1  <Build 1>
>           Preprocessor Object: SF_DNP3  Version 1.1  <Build 1>
> Commencing packet processing (pid=12527)
> Segmentation fault
> 
> 
> 
> 
> What can i do, to solve this problem?
> 
> P.s. If no traffic on listen interface, then snort does not crash.
> 
> Thanks.
> 
> 
> 
> ------------------------------------------------------------------------------
> Infragistics Professional
> Build stunning WinForms apps today!
> Reboot your WinForms applications with our WinForms controls. 
> Build a bridge from your legacy apps to the future.
> http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4817 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-openappid/attachments/20140730/7757333b/attachment.bin>


More information about the Snort-openappid mailing list