[Snort-users] Win32 snort crashing when -A not used
radamson at ...2127...
Wed Jul 10 06:05:06 EDT 2002
> Perhaps this is old news:
> I have experienced a reproducible crash of Snort 1.8.7 on Win2K when -A
> option is not used on the command line. It happens with both Build 121 from
> Silicon Defense as well as my own compilation of Build 128. Further digging found
> that Snort performs fclose on an illegal FILE handle in
> FastAlertCleanExitFunc or FullAlertCleanExitFunc (depending on the config file). The debugger
> two(!) of these fclose calls. The first one looks legitimate; it is the
> second one that causes the crash.
> Anybody knows a remedy?
I'm seeing the same thing on Win2k using version 1.8.7beta5-ODBC-Win32 (build 128)
barebones_release with the just-downloaded-and-installed WinPcap v2.3. Two
different "crashes"; one rebooted the PC automatically, the other hung the
machine requiring a power recycle.
I also installed IDScenter 1.09 beta2, and it too has a couple of bugs including:
a. no way to "see" how to set the -A flag,
b. IDScenter complains about a missing classification file (but then it is
fine after stopping/restarting IDScenter)
c. IDScenter does not "start" snort when the button is selected; can only be
started from the system tray icon (right-click, Start Snort)
d. Pop-up window that says "Must generate Script", but nothing to indicate
how/where to do that. (Found out the hard way that clicking the Apply
button apparently does that when no errors have been found)
More information about the Snort-users