[Snort-users] snort 1.8.1 dies

Philipp Snizek mailinglists at ...1153...
Fri Oct 26 11:04:08 EDT 2001


Hi all,

I've installed snort 1.8.1 on a p133 with 48mb ram, linux kernel 2.4.4.
The only log entries I've got are

Oct 25 12:36:39 mx kernel: device eth1 left promiscuous mode
Oct 26 18:12:44 mx kernel: device eth1 left promiscuous mode

and then snort dies.


Config is the following:

var HOME_NET ip.address.of.host/32

var EXTERNAL_NET network.address/subnetmask

var SMTP ip.address.of.host/32

var HTTP_SERVERS $HOME_NET

var DNS_SERVERS ip.address.of.host/32

include bad-traffic.rules
include exploit.rules
include scan.rules
#include finger.rules
#include ftp.rules
#include telnet.rules
include smtp.rules
include rpc.rules
include rservices.rules
include dos.rules
include ddos.rules
include dns.rules
#include tftp.rules
include web-cgi.rules
include web-coldfusion.rules
include web-frontpage.rules
include web-iis.rules
include web-misc.rules
#include sql.rules
#include x11.rules
include icmp.rules
#include netbios.rules
include misc.rules
include attack-responses.rules
# include backdoor.rules
# include shellcode.rules
# include policy.rules
# include info.rules
# include icmp-info.rules
# include virus.rules
include local.rules

I've never experienced this problem before with previous snort version on other systems although I
had a similar amount of rules running.

I'm grateful for every tip to solve this problem.

Philipp






More information about the Snort-users mailing list