[Snort-users] snort 1.7 segmentation fault

James Hoagland hoagland at ...47...
Mon Jan 15 15:34:18 EST 2001


At 1:55 PM -0600 1/14/01, Hammerle, Tye F wrote:
>Here's what I got from gdb snort snort.core  This is on an OpenBSD 2.8 x386.
>
>Guessing from the anonmsensor parts it's spade that that is killing 
>me, I'll try commenitng that out and see what happens. Someone else 
>mentioned that they needed to recomile libpcap. It looks like a 
>bunch of the errors are related to that. Maybe I should try to 
>recompile libpcap? I wonder what changed between snort 1.7b9 and 1.7 
>that would cause this? 'course that's the $64k question I suppose.
>
>I'm running pretty stock with http_decode, minfrag and portscan 
>preprocessors. The only thing I added was spade. I've commented out 
>spade and so far snort is still running, only 5 minutes but it 
>wouldn't run 1 before.  Next I think I'll try recompiling libpcap.

I'm working with some one else on tracking down this brain-puzzling 
problem that some people are having with Spade's adapt and adapt3 
modes.  For now, you can use adapt2 or use a static anomaly 
threshold, or not run Spade.  With luck, I can get it figured out 
this week and release a new version.

But first I need to get a journal submission of the SPICE paper off 
since that is due today (a follow up to the ACM CCS IDS workshop in 
Athens).  And get a new SnortSnarf version out (no more warnings for 
ICMP packets and snort 1.7).

Regards,

   Jim
-- 
|*   Jim Hoagland, Associate Researcher, Silicon Defense    *|
|*               hoagland at ...47...                *|
|*              http://www.silicondefense.com/              *|
|*  Voice: (530) 756-7317              Fax: (707) 445-4222  *|




More information about the Snort-users mailing list