[Snort-users] beta5

Andreas Östling nitzer at ...65...
Wed Jul 19 04:08:20 EDT 2000


I have had it up and running on a Linux box for about 24 hours and it
works just fine. However, while doing some testing at home with isic 
(http://expert.cc.purdue.edu/~frantzen/) I was able to crash it serveral
times using 07122kany.rules.

On 192.168.0.2:
./isic -s 192.168.0.2 -d 192.168.0.1 

On 192.168.0.1:
-*> Snort! <*-
Version 1.6.3-beta5
By Martin Roesch (roesch at ...66..., www.clark.net/~roesch)
Segmentation fault (core dumped)

GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for
details.
This GDB was configured as "i386-redhat-linux"...
Core was generated by `./snort -d -l /var/log/snort-logs -c 07122kany.rules'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/lib/libpq.so.2.0...done.
Reading symbols from /lib/libnsl.so.1...done.
Reading symbols from /lib/libc.so.6...done.
Reading symbols from /lib/libcrypt.so.1...done.
Reading symbols from /lib/ld-linux.so.2...done.
Reading symbols from /lib/libnss_files.so.2...done.
#0  0x8052970 in IcmpTypeCheck (p=0xbffff724, otn=0x80a1668,
fp_list=0x80a1ff8) at sp_icmp_type_check.c:149
149         if (((IcmpTypeCheckData *)
otn->ds_list[PLUGIN_ICMP_TYPE])->icmp_type == p->icmph->type)
(gdb) where
#0  0x8052970 in IcmpTypeCheck (p=0xbffff724, otn=0x80a1668,
fp_list=0x80a1ff8) at sp_icmp_type_check.c:149
#1  0x80514f5 in EvalOpts (List=0x80a1668, p=0xbffff724) at rules.c:2895
#2  0x8051508 in EvalOpts (List=0x809ece0, p=0xbffff724) at rules.c:2897
#3  0x8051508 in EvalOpts (List=0x809dd68, p=0xbffff724) at rules.c:2897
#4  0x8051508 in EvalOpts (List=0x809bda0, p=0xbffff724) at rules.c:2897
#5  0x8051508 in EvalOpts (List=0x8099eb0, p=0xbffff724) at rules.c:2897
#6  0x8051508 in EvalOpts (List=0x80962d0, p=0xbffff724) at rules.c:2897
#7  0x8051508 in EvalOpts (List=0x8095330, p=0xbffff724) at rules.c:2897
#8  0x8051358 in EvalHeader (rtn_idx=0x8076378, p=0xbffff724) at
rules.c:2661
#9  0x805132e in EvalPacket (List=0x806a4f8, mode=2, p=0xbffff724) at
rules.c:2610
#10 0x8051271 in Detect (p=0xbffff724) at rules.c:2482
#11 0x80511e4 in Preprocess (p=0xbffff724) at rules.c:2373
#12 0x804a506 in ProcessPacket (user=0x0, pkthdr=0xbffffb80, pkt=0x806bccc
"") at snort.c:380
#13 0x8056eaa in pcap_read ()
#14 0x8057443 in pcap_loop ()
#15 0x804a38e in main (argc=8, argv=0xbffffcb4) at snort.c:304
(gdb) 

Using Linux 2.2.15, x86.


/Andreas


> How's beta5 working for people??
> 
> -- 
> Martin Roesch                      <roesch at ...2...>
> Core R&D                         http://www.hiverworld.com
> Hiverworld, Inc.       Continuous Adaptive Risk Management





More information about the Snort-users mailing list