[Snort-users] 1.8b5 build22 crash

H D Moore hdm at ...1714...
Sat May 12 07:57:26 EDT 2001 

        --== Initializing Snort ==--
Checking PID path...
PATH_VARRUN is set to /var/run/ on this operating system
 
Initializing Network Interface eth0
Decoding Ethernet on interface eth0
Initializing Preprocessors!
Initializing Plug-ins!
Initializating Output Plugins!
Parsing Rules file /home/snort/rules/snort.conf
+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
Using LOCAL time
database: compiled support for ( mysql )
database: configured to use mysql
database:          user = snort
database: database name = snort
database:          host = localhost
database: password is set
database:   sensor name = w.x.y.z
database:     sensor id = 2
database: schema version = 100
database: using the "log" facility
533 Snort rules read...
533 Option Chains linked into 199 Chain Headers
0 Dynamic rules
+++++++++++++++++++++++++++++++++++++++++++++++++++
 
Rule application order: ->activation->dynamic->alert->pass->log
 
        --== Initialization Complete ==--
 
-*> Snort! <*-
Version 1.8-beta5 (Build 22)
By Martin Roesch (roesch at ...66..., www.snort.org)
 
Program received signal SIGSEGV, Segmentation fault.
0x805d936 in AlertSyslog (p=0x0,
    msg=0xbfffecb4 "spp_portscan: PORTSCAN DETECTED from w.x.y.z (THRESHOLD 5 connections exceeded in 1 seconds)", arg=0x813ffc0)
    at spo_alert_syslog.c:345
345         ds_ptr = (PriorityData *) otn_tmp->ds_list[PLUGIN_PRIORITY_NUMBER];
(gdb) bt
#0  0x805d936 in AlertSyslog (p=0x0,
    msg=0xbfffecb4 "spp_portscan: PORTSCAN DETECTED from w.x.y.z (THRESHOLD 5 connections exceeded in 1 seconds)", arg=0x813ffc0)
    at spo_alert_syslog.c:345
#1  0x8055e0d in CallAlertPlugins (p=0x0,
    message=0xbfffecb4 "spp_portscan: PORTSCAN DETECTED from w.x.y.z (THRESHOLD 5 connections exceeded in 1 seconds)") at rules.c:3445
#2  0x8055daa in CallAlertFuncs (p=0x0,
    message=0xbfffecb4 "spp_portscan: PORTSCAN DETECTED from w.x.y.z (THRESHOLD 5 connections exceeded in 1 seconds)", head=0x0) at rules.c:3419
#3  0x805b506 in PortscanPreprocFunction (p=0xbfffedc0) at spp_portscan.c:953
#4  0x8055ca6 in Preprocess (p=0xbfffedc0) at rules.c:3358
#5  0x804ac91 in ProcessPacket (user=0x0, pkthdr=0xbffff268, pkt=0x812848a "")
    at snort.c:501
#6  0x8077dcc in pcap_read ()
#7  0x80783ec in pcap_loop ()
#8  0x804c16f in InterfaceThread (arg=0x0) at snort.c:1377
#9  0x804ab74 in main (argc=7, argv=0xbffff3f4) at snort.c:434

More information about the Snort-users mailing list