[Snort-users] Win32 snort crashing when -A not used

Rich Adamson radamson at ...2127...
Wed Jul 10 06:05:06 EDT 2002


> Perhaps this is old news:
> 
> I have experienced a reproducible crash of Snort 1.8.7 on Win2K when -A
> option is not used on the command line. It happens with both Build 121 from
> Silicon Defense as well as my own compilation of Build 128. Further digging found
> that Snort performs fclose on an illegal FILE handle in
> FastAlertCleanExitFunc or FullAlertCleanExitFunc (depending on the config file). The debugger 
sees
> two(!) of these fclose calls. The first one looks legitimate; it is the
> second one that causes the crash.
> 
> Anybody knows a remedy?

I'm seeing the same thing on Win2k using version 1.8.7beta5-ODBC-Win32 (build 128)
barebones_release with the just-downloaded-and-installed WinPcap v2.3. Two 
different "crashes"; one rebooted the PC automatically, the other hung the
machine requiring a power recycle.

I also installed IDScenter 1.09 beta2, and it too has a couple of bugs including:
  a. no way to "see" how to set the -A flag,
  b. IDScenter complains about a missing classification file (but then it is
     fine after stopping/restarting IDScenter)
  c. IDScenter does not "start" snort when the button is selected; can only be
     started from the system tray icon (right-click, Start Snort)
  d. Pop-up window that says "Must generate Script", but nothing to indicate
     how/where to do that. (Found out the hard way that clicking the Apply
     button apparently does that when no errors have been found)

Rich





More information about the Snort-users mailing list