[Snort-users] AW: (Snort-users) Snort (rpm) die with big ping. (was: e-mai

sandro.poppi at ...3316... sandro.poppi at ...3316...
Wed Sep 19 02:49:02 EDT 2001


If I remember right this has been posted on the list some days before (can't
find it in the archive, strange).

I think this is nothing special with my RPM but with snort itself, maybe a
buffer overflow (I'm not very familiar with debugging in linux).

Marty, you might have a look on it.

Regards,
Sandro

> -----Ursprüngliche Nachricht-----
> Von: "Bruno Gimenes Pereti" <pereti at ...3411...> at Internet
> Gesendet: Dienstag, 18. September 2001 11:09
> An: <snort-users at lists.sourceforge.net> at Internet
> Betreff: [Snort-users] Snort (rpm) die with big ping. (was: e-mail al
>
>
> Hi Sandro,
>
> First of all, thank you Sandro for your contrib with your site.
>
> I installed the snort you packed in rpm and got a strange
> result. Well,
> first let me show the sistem: RedHat 7.1, kernel 2.4.2-2,
> mysql-3.23.36-1,
> libpcap-0.4-39 (all rpm).
> I configured snort to log in a remote mysql server where I
> have another
> snort logging. It started perfectly but there were no new
> sensor id added in
> the table snort.sensor.
> For testing I did: "ping 192.168.1.100 -s 65507" the snort
> died. Here is the
> output of "gdb snort core":
>
> (gdb) backtrace
> #0  0x81807f7e in ?? ()
> #1  0x0804b8b1 in strcpy () at ../sysdeps/generic/strcpy.c:31
> #2  0x0807ba4c in strcpy () at ../sysdeps/generic/strcpy.c:31
> #3  0x0807b4ec in strcpy () at ../sysdeps/generic/strcpy.c:31
> #4  0x080577a6 in strcpy () at ../sysdeps/generic/strcpy.c:31
> #5  0x0804b8b1 in strcpy () at ../sysdeps/generic/strcpy.c:31
> #6  0x0807c736 in strcpy () at ../sysdeps/generic/strcpy.c:31
> #7  0x0807ca5f in strcpy () at ../sysdeps/generic/strcpy.c:31
> #8  0x0807d70f in strcpy () at ../sysdeps/generic/strcpy.c:31
> #9  0x0804ce3f in strcpy () at ../sysdeps/generic/strcpy.c:31
> #10 0x0804b767 in strcpy () at ../sysdeps/generic/strcpy.c:31
> #11 0x401a0177 in __libc_start_main (main=0x804b0b0
> <strcpy+276>, argc=2,
> ubp_av=0xbffffb2c,
>     init=0x804a4f4 <_init>, fini=0x8087100 <_fini>,
> rtld_fini=0x4000e184
> <_dl_fini>, stack_end=0xbffffb1c)
>     at ../sysdeps/generic/libc-start.c:129
>
>
> The strange thing is that the other machine where I have
> snort and libpcap
> compiled locally the snort don't die.
>
> Could anyone help me?
>
> thank's
>
> Bruno Gimenes Pereti.
>
> ----- Original Message -----
> From: <sandro.poppi at ...3316...>
> To: <erek at ...577...>; <snortlst at ...125...>
> Cc: <snort-users at lists.sourceforge.net>
> Sent: Tuesday, September 18, 2001 2:10 AM
> Subject: [Snort-users] AW: (Snort-users) e-mail alerts
>
>
> >
> > You might want to have a look on my Snort-Statistics-HOWTO at
> >
> http://www.lug-burghausen.org/projects/Snort-Statistics/t1.htm
l where I
used
> swatch to send emails and winpopups.
>
> HTH
>
> Ciao,
> Sandro


_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list