[Snort-openappid] [Snort-users] AppID warnings and Snort Segmentation fault

Costas Kleopa (ckleopa) ckleopa at ...5...
Wed Jul 30 11:14:37 EDT 2014


Would it be possible to share the configuration line of where appid is
configured?
Also can you confirm where you have installed the
snort-openappid.2014-05-30.205-0 package?

Thanks
Costas


On 7/30/14, 11:07 AM, "Joel Esler (jesler)" <jesler at ...5...> wrote:

>CC¹ing the OpenAppId list.
>
>
>> On Jul 30, 2014, at 10:54 AM, Kiryukhin Andrey <andrei_1980 at ...31...>
>>wrote:
>> 
>> Hello.
>> I installed   snort-2.9.7.0_beta and  snort-openappid.2014-05-30.205-0
>> like describe this post:
>> http://blog.snort.org/2014/03/firing-up-openappid.html
>> 
>> when i execute
>> snort -T -c /etc/snort/etc/snort.conf
>> 
>> result:
>> 
>> Snort successfully validated the configuration!
>> Snort exiting
>> 
>> 
>> But in log i have warnings:
>> 
>> Invalid direct service AppId, 569, for 0x7f523f4de690 (nil)
>> Invalid direct service AppId, 609, for 0x7f523f4d8740 (nil)
>> Invalid direct service AppId, 603, for 0x7f523f4e5130 (nil)
>> Invalid direct service AppId, 617, for 0x7f523f4dbeb0 (nil)
>> Invalid direct service AppId, 547, for 0x7f523f4d8da0 (nil)
>> Invalid direct service AppId, 165, for 0x7f523f4e0900 (nil)
>> Invalid direct service AppId, 687, for 0x7f523f4deef0 (nil)
>> Invalid direct service AppId, 376, for 0x7f523f4e25d0 (nil)
>> Invalid direct service AppId, 747, for 0x7f523f4d7df0 (nil)
>> Invalid direct service AppId, 754, for 0x7f523f4d9a70 (nil)
>> Invalid direct service AppId, 753, for 0x7f523f4d9d60 (nil)
>> Invalid direct service AppId, 755, for 0x7f523f4da520 (nil)
>> Invalid direct service AppId, 603, for 0x7f523f4da520 (nil)
>> Invalid direct service AppId, 763, for 0x7f523f4e4040 (nil)
>> Invalid direct service AppId, 767, for 0x7f523f4d8c00 (nil)
>> Invalid direct service AppId, 801, for 0x7f523f4d8280 (nil)
>> Invalid direct service AppId, 800, for 0x7f523f4d8280 (nil)
>> Invalid direct service AppId, 627, for 0x7f523f4dc3b0 (nil)
>> Invalid direct service AppId, 894, for 0x7f523f4dcb10 (nil)
>> Invalid direct service AppId, 895, for 0x7f523f4dcb10 (nil)
>> Invalid direct service AppId, 398, for 0x7f523f4e2350 (nil)
>> Invalid direct service AppId, 452, for 0x7f523f4ddbe0 (nil)
>> Invalid direct service AppId, 823, for 0x7f523f4d90d0 (nil)
>> Invalid direct service AppId, 1097, for 0x7f523f4e20e0 (nil)
>> Invalid direct service AppId, 836, for 0x7f523f4de120 (nil)
>> Invalid direct service AppId, 837, for 0x7f523f4dad50 (nil)
>> Invalid direct service AppId, 846, for 0x7f523f4df540 (nil)
>> Invalid direct service AppId, 847, for 0x7f523f4e6160 (nil)
>> Invalid direct service AppId, 861, for 0x7f523f4d8530 (nil)
>> Invalid direct service AppId, 862, for 0x7f523f4dffd0 (nil)
>> Invalid direct service AppId, 426, for 0x7f523f4ed4c0 (nil)
>> Invalid direct service AppId, 813, for 0x7f523f4ed4c0 (nil)
>> Invalid direct service AppId, 118, for 0x7f523f4dea60 (nil)
>> Invalid direct service AppId, 49, for 0x7f523f4db890 (nil)
>> Invalid direct service AppId, 1755, for 0x7f523f4e4e30 (nil)
>> Invalid direct service AppId, 872, for 0x7f523f4e6b50 (nil)
>> Invalid direct service AppId, 61, for 0x7f523f4e68a0 (nil)
>> Invalid direct service AppId, 774, for 0x7f523f4e6de0 (nil)
>> Invalid direct service AppId, 683, for 0x7f523f4ea000 (nil)
>> Invalid direct service AppId, 788, for 0x7f523f4ec950 (nil)
>> Invalid direct service AppId, 701, for 0x7f523f4eb270 (nil)
>> Invalid direct client application AppId, 788, for 0x7f523f4ecb80 (nil)
>> Invalid direct client application AppId, 683, for 0x7f523f4ea200 (nil)
>> Invalid direct client application AppId, 894, for 0x7f523f4d4be0 (nil)
>> Invalid direct client application AppId, 895, for 0x7f523f4d4be0 (nil)
>> Invalid direct client application AppId, 773, for 0x7f523f4d45b0 (nil)
>> Invalid direct client application AppId, 872, for 0x7f523f4d4230 (nil)
>> Invalid direct client application AppId, 619, for 0x7f523f4d3780 (nil)
>> Invalid direct client application AppId, 846, for 0x7f523f4d3780 (nil)
>> Invalid direct client application AppId, 723, for 0x7f523f4d3780 (nil)
>> Invalid direct client application AppId, 794, for 0x7f523f4d3780 (nil)
>> Invalid direct client application AppId, 771, for 0x7f523f4d3780 (nil)
>> Invalid direct client application AppId, 61, for 0x7f523f4d2c10 (nil)
>> Invalid direct client application AppId, 426, for 0x7f523f4ed6a0 (nil)
>> Invalid direct client application AppId, 524, for 0x7f523f4d0e20 (nil)
>> Invalid direct client application AppId, 936, for 0x7f523f4d0e20 (nil)
>> Invalid direct client application AppId, 1107, for 0x7f523f4d1490 (nil)
>> Invalid direct client application AppId, 547, for 0x7f523f4d1490 (nil)
>> Invalid direct client application AppId, 732, for 0x7f523f4d1150 (nil)
>> Invalid direct client application AppId, 743, for 0x7f523f4d1150 (nil)
>> Invalid direct client application AppId, 308, for 0x7f523f4d1150 (nil)
>> Invalid direct client application AppId, 307, for 0x7f523f4d1150 (nil)
>> Invalid direct client application AppId, 866, for 0x7f523f4d19c0 (nil)
>> Invalid direct client application AppId, 776, for 0x7f523f4d19c0 (nil)
>> Invalid direct client application AppId, 700, for 0x7f523f4d19c0 (nil)
>> Invalid direct client application AppId, 625, for 0x7f523f4d19c0 (nil)
>> Invalid direct client application AppId, 626, for 0x7f523f4d19c0 (nil)
>> Invalid direct client application AppId, 1108, for 0x7f523f4d19c0 (nil)
>> Invalid direct client application AppId, 624, for 0x7f523f4d19c0 (nil)
>> Invalid direct client application AppId, 720, for 0x7f523f4d19c0 (nil)
>> Invalid direct client application AppId, 550, for 0x7f523f4d19c0 (nil)
>> Invalid direct client application AppId, 546, for 0x7f523f4d19c0 (nil)
>> Invalid direct client application AppId, 746, for 0x7f523f4d19c0 (nil)
>> Invalid direct client application AppId, 836, for 0x7f523f4d19c0 (nil)
>> Invalid direct client application AppId, 777, for 0x7f523f4d19c0 (nil)
>> Invalid direct client application AppId, 701, for 0x7f523f4eb450 (nil)
>> Invalid direct client application AppId, 813, for 0x7f523f4d3390 (nil)
>> Invalid direct client application AppId, 571, for 0x7f523f4d2f50 (nil)
>> Invalid direct client application AppId, 426, for 0x7f523f4ed610 (nil)
>> 
>> 
>> Then, when i start snort in listen mode:
>> 
>> snort  -c /etc/snort/etc/snort.conf  -i eth2
>> 
>> i have segmentation fault:
>> 
>> 
>>        --== Initialization Complete ==--
>> 
>>   ,,_     -*> Snort! <*-
>>  o"  )~   Version 2.9.7.0_beta GRE (Build 109)
>>   ''''    By Martin Roesch & The Snort Team:
>> http://www.snort.org/snort/snort-team
>>           Copyright (C) 2014 Cisco and/or its affiliates. All rights
>> reserved.
>>           Copyright (C) 1998-2013 Sourcefire, Inc., et al.
>>           Using libpcap version 1.1.1
>>           Using PCRE version: 7.8 2008-09-05
>>           Using ZLIB version: 1.2.3
>> 
>>           Rules Engine: SF_SNORT_DETECTION_ENGINE  Version 2.2  <Build
>>1>
>>           Preprocessor Object: SF_FTPTELNET  Version 1.2  <Build 13>
>>           Preprocessor Object: SF_SSLPP  Version 1.1  <Build 4>
>>           Preprocessor Object: SF_IMAP  Version 1.0  <Build 1>
>>           Preprocessor Object: SF_DCERPC2  Version 1.0  <Build 3>
>>           Preprocessor Object: APPID  Version 1.1  <Build 4>
>>           Preprocessor Object: SF_SSH  Version 1.1  <Build 3>
>>           Preprocessor Object: SF_GTP  Version 1.1  <Build 1>
>>           Preprocessor Object: SF_SDF  Version 1.1  <Build 1>
>>           Preprocessor Object: SF_SIP  Version 1.1  <Build 1>
>>           Preprocessor Object: SF_SMTP  Version 1.1  <Build 9>
>>           Preprocessor Object: SF_POP  Version 1.0  <Build 1>
>>           Preprocessor Object: SF_REPUTATION  Version 1.1  <Build 1>
>>           Preprocessor Object: SF_DNS  Version 1.1  <Build 4>
>>           Preprocessor Object: SF_MODBUS  Version 1.1  <Build 1>
>>           Preprocessor Object: SF_DNP3  Version 1.1  <Build 1>
>> Commencing packet processing (pid=12527)
>> Segmentation fault
>> 
>> 
>> 
>> 
>> What can i do, to solve this problem?
>> 
>> P.s. If no traffic on listen interface, then snort does not crash.
>> 
>> Thanks.
>> 
>> 
>> 
>> 
>>-------------------------------------------------------------------------
>>-----
>> Infragistics Professional
>> Build stunning WinForms apps today!
>> Reboot your WinForms applications with our WinForms controls.
>> Build a bridge from your legacy apps to the future.
>> 
>>http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clk
>>trk
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>> 
>> Please visit http://blog.snort.org to stay current on all the latest
>>Snort news!
>





More information about the Snort-openappid mailing list