[Snort-users] Snort Crashing

Igor Gashinsky igor at ...362...
Tue Aug 22 19:52:52 EDT 2000


Dr,

	I patched the sp_tcp_seq_check.c with the one from the CVS version, and
that did not help. when I pulled down the entire CVS source tree, the
spp_portscan.c does not compile in 1.7-beta0 ;(

------------------------------------------------------------
spp_portscan.c: In function `NewConnection':
spp_portscan.c:203: incompatible types in assignment
spp_portscan.c: In function `NewSource':
spp_portscan.c:294: incompatible types in assignment
spp_portscan.c:295: incompatible types in assignment
spp_portscan.c: In function `NewScan':
spp_portscan.c:622: incompatible types in assignment
spp_portscan.c: In function `PortscanPreprocFunction':
spp_portscan.c:826: incompatible types in assignment
make: *** [spp_portscan.o] Error 1
------------------------------------------------------------
-Igor

Dragos Ruiu wrote:
> 
> Did you try running the CVS version? It has some patches applied by Marty,
> and it looks like the below was one of the items fixed.  I suppose someone
> could go and drag up some patches.  Maybe we ought to post a patch to
> 1.6.3 or start to build a release 1.6.4?  --dr
> 
> On Tue, 22 Aug 2000, Igor Gashinsky wrote:
> > I am running snort 1.6.3-2 on Redhat 6.2 w/ 2.2.14-5.0 kernel. Defrag
> > pre-processor is disabled, and the only pre-processors enabled are
> > minfrag, http_decode, and portscan. It seems that Snort is loading,
> > works for a few hours, and then seg-faults. Any help would be
> > appreciated. gdb sniplet bellow:
> >
> > ------------------------------------------------------------------------
> > Core was generated by `snort -i eth1 -c /snort/rules/snort-lib'.
> > Program terminated with signal 11, Segmentation fault.
> > Reading symbols from /usr/lib/libpq.so.2.0...done.
> > Reading symbols from /lib/libnsl.so.1...done.
> > Reading symbols from /lib/libc.so.6...done.
> > Reading symbols from /lib/libcrypt.so.1...done.
> > Reading symbols from /lib/ld-linux.so.2...done.
> > Reading symbols from /lib/libnss_files.so.2...done.
> > #0  0x80530a0 in CheckTcpSeqEq (p=0xbffff54c, otn=0x80b1328,
> > fp_list=0x80b1ca0)
> >     at sp_tcp_seq_check.c:136
> > 136       if (((TcpSeqCheckData
> > *)otn->ds_list[PLUGIN_TCP_ACK_CHECK])->tcp_seq ==
> > ntohl(p->tcph->th_seq))
> > (gdb)
> > -------------------------------------------------------------------------
> >
> > This is what I see on the screen:
> >
> > -------------------------------------------------------------------------
> > [root at ...363... rules]# snort -i eth1 -c /snort/rules/snort-lib
> >
> > Initializing Network Interface...
> > Kernel filter, protocol ALL, raw packet socket
> >    => Decoding Ethernet on interface eth1
> > Initializing Preprocessors!
> > Initializing Plug-ins!
> > Initializating Output Plugins!
> >
> > +++++++++++++++++++++++++++++++++++++++++++++++++++
> > Initializing rule chains...
> > Args: snort.log<>
> > 958 Snort rules read...
> > 958 Option Chains linked into 217 Chain Headers
> > +++++++++++++++++++++++++++++++++++++++++++++++++++
> >
> >
> > -*> Snort! <*-
> > Version 1.6.3
> > By Martin Roesch (roesch at ...66..., www.snort.org)
> > Segmentation fault (core dumped)
> > -----------------------------------------------------------------------------
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > http://lists.sourceforge.net/mailman/listinfo/snort-users
> --
> dursec.com ltd. / kyx.net - we're from the future
> pgp fingerprint: 18C7 E37C 2F94 E251 F18E  B7DC 2B71 A73E D2E8 A56D
> pgp key: http://www.dursec.com/drkey.asc




More information about the Snort-users mailing list