[Snort-users] snort 1.7 segmentation fault
hoagland at ...47...
Mon Jan 15 15:34:18 EST 2001
At 1:55 PM -0600 1/14/01, Hammerle, Tye F wrote:
>Here's what I got from gdb snort snort.core This is on an OpenBSD 2.8 x386.
>Guessing from the anonmsensor parts it's spade that that is killing
>me, I'll try commenitng that out and see what happens. Someone else
>mentioned that they needed to recomile libpcap. It looks like a
>bunch of the errors are related to that. Maybe I should try to
>recompile libpcap? I wonder what changed between snort 1.7b9 and 1.7
>that would cause this? 'course that's the $64k question I suppose.
>I'm running pretty stock with http_decode, minfrag and portscan
>preprocessors. The only thing I added was spade. I've commented out
>spade and so far snort is still running, only 5 minutes but it
>wouldn't run 1 before. Next I think I'll try recompiling libpcap.
I'm working with some one else on tracking down this brain-puzzling
problem that some people are having with Spade's adapt and adapt3
modes. For now, you can use adapt2 or use a static anomaly
threshold, or not run Spade. With luck, I can get it figured out
this week and release a new version.
But first I need to get a journal submission of the SPICE paper off
since that is due today (a follow up to the ACM CCS IDS workshop in
Athens). And get a new SnortSnarf version out (no more warnings for
ICMP packets and snort 1.7).
|* Jim Hoagland, Associate Researcher, Silicon Defense *|
|* hoagland at ...47... *|
|* http://www.silicondefense.com/ *|
|* Voice: (530) 756-7317 Fax: (707) 445-4222 *|
More information about the Snort-users