[Snort-users] snort 1.71 beta 6 exits with bus error signal 10 Freebsd 4.3 beta

Mark Rowlands mark.rowlands at ...752...
Tue Mar 27 16:45:15 EST 2001


On Tuesday 27 March 2001 20:53, Fyodor wrote:
> On Tue, Mar 27, 2001 at 05:18:27PM +0200, Mark Rowlands wrote:
> > hhm spoke too soon
> > bus errors and segmentation faults now....anything I can do to
> > help isolate the cause?
>
> Would you mind to cvsup and test it again? :) (and send us bt of coredump
> compiled with --enable-debug if it fails :))
>

cvsupped at 23.00 gmt+1 ...thrown some nmap at  it and got a few wingate 
scans (bless em) so all seems well, but I have said that twice prematurely. 
;+) 


FYI

I  was using the default ruleset  

var HOME_NET 62.5.7.15/32
var EXTERNAL_NET !$HOME_NET
var SMTP $HOME_NET
var HTTP_SERVERS $HOME_NET
var DNS_SERVERS [62.5.0.67/32]
preprocessor defrag
preprocessor stream: timeout 30, ports 111 23 80, maxbytes 16384
preprocessor http_decode: 80 8080
preprocessor portscan: $HOME_NET 4 3 /spare/snort/logs/portscan.log
preprocessor portscan-ignorehosts:  62.5.0.67/32
output database: log, mysql, dbname=snort user=snort host=localhost 
password=XXXXXX
#=========================================
include /spare/snort/rules/local.rules
include /spare/snort/rules/exploit.rules
include /spare/snort/rules/scan.rules
include /spare/snort/rules/finger.rules
include /spare/snort/rules/ftp.rules
include /spare/snort/rules/telnet.rules
include /spare/snort/rules/smtp.rules
include /spare/snort/rules/rpc.rules
include /spare/snort/rules/rservices.rules
include /spare/snort/rules/backdoor.rules
include /spare/snort/rules/dos.rules
include /spare/snort/rules/ddos.rules
include /spare/snort/rules/dns.rules
include /spare/snort/rules/netbios.rules
include /spare/snort/rules/web-cgi.rules
include /spare/snort/rules/web-coldfusion.rules
include /spare/snort/rules/web-frontpage.rules
include /spare/snort/rules/web-misc.rules
include /spare/snort/rules/web-iis.rules
include /spare/snort/rules/icmp.rules
include /spare/snort/rules/misc.rules
# include policy.rules
# include info.rules

cmdline is 

#!/bin/sh
/usr/local/bin/snort -D  -c /spare/snort/rules/snort.rules -d -a -e -X  -i 
xl0  -l /spare/snort/logs  -g nogroup -u nobody

os is freebsd 4.3 beta (v recent cvsup) mysql is 3.2.35

this was the backtrace

#0  0x2824e591 in memcpy () from /usr/lib/libc.so.4
#1  0x8562300 in ?? ()
#2  0x8063163 in TcpStreamPacket (p=0xbfbff5fc) at spp_tcp_stream.c:428
#3  0x8054e2c in Preprocess (p=0xbfbff5fc) at rules.c:3234
#4  0x804b2f9 in ProcessPacket (user=0x0, pkthdr=0x80a1000, pkt=0x80a1012 "") 
at snort.c:479
#5  0x280b4849 in pcap_read () from /usr/lib/libpcap.so.2
#6  0x280b4537 in pcap_loop () from /usr/lib/libpcap.so.2
#7  0x804c5a6 in InterfaceThread (arg=0x0) at snort.c:1359
#8  0x804b1e4 in main (argc=15, argv=0xbfbffb94) at snort.c:413
æ

{@ |*Ð~*€Ó-







More information about the Snort-users mailing list