[Snort-users] Snort Crashing

Dragos Ruiu dr at ...50...
Tue Aug 22 18:51:26 EDT 2000


Did you try running the CVS version? It has some patches applied by Marty,
and it looks like the below was one of the items fixed.  I suppose someone
could go and drag up some patches.  Maybe we ought to post a patch to
1.6.3 or start to build a release 1.6.4?  --dr

On Tue, 22 Aug 2000, Igor Gashinsky wrote:
> I am running snort 1.6.3-2 on Redhat 6.2 w/ 2.2.14-5.0 kernel. Defrag
> pre-processor is disabled, and the only pre-processors enabled are
> minfrag, http_decode, and portscan. It seems that Snort is loading,
> works for a few hours, and then seg-faults. Any help would be
> appreciated. gdb sniplet bellow:
> 
> ------------------------------------------------------------------------
> Core was generated by `snort -i eth1 -c /snort/rules/snort-lib'.
> Program terminated with signal 11, Segmentation fault.
> Reading symbols from /usr/lib/libpq.so.2.0...done.
> Reading symbols from /lib/libnsl.so.1...done.
> Reading symbols from /lib/libc.so.6...done.
> Reading symbols from /lib/libcrypt.so.1...done.
> Reading symbols from /lib/ld-linux.so.2...done.
> Reading symbols from /lib/libnss_files.so.2...done.
> #0  0x80530a0 in CheckTcpSeqEq (p=0xbffff54c, otn=0x80b1328,
> fp_list=0x80b1ca0)
>     at sp_tcp_seq_check.c:136
> 136	    if (((TcpSeqCheckData
> *)otn->ds_list[PLUGIN_TCP_ACK_CHECK])->tcp_seq ==
> ntohl(p->tcph->th_seq))
> (gdb) 
> -------------------------------------------------------------------------
> 
> This is what I see on the screen:
> 
> -------------------------------------------------------------------------
> [root at ...363... rules]# snort -i eth1 -c /snort/rules/snort-lib
> 
> Initializing Network Interface...
> Kernel filter, protocol ALL, raw packet socket
>    => Decoding Ethernet on interface eth1
> Initializing Preprocessors!
> Initializing Plug-ins!
> Initializating Output Plugins!
> 
> +++++++++++++++++++++++++++++++++++++++++++++++++++
> Initializing rule chains...
> Args: snort.log<>
> 958 Snort rules read...
> 958 Option Chains linked into 217 Chain Headers
> +++++++++++++++++++++++++++++++++++++++++++++++++++
> 
> 
> -*> Snort! <*-
> Version 1.6.3
> By Martin Roesch (roesch at ...66..., www.snort.org)
> Segmentation fault (core dumped)
> -----------------------------------------------------------------------------
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users
-- 
dursec.com ltd. / kyx.net - we're from the future
pgp fingerprint: 18C7 E37C 2F94 E251 F18E  B7DC 2B71 A73E D2E8 A56D 
pgp key: http://www.dursec.com/drkey.asc




More information about the Snort-users mailing list