[Snort-users] Snort 1.8.6 crashes after Ping of Death
cmg at ...1935...
Thu Jul 11 10:25:02 EDT 2002
Rich Adamson <radamson at ...2127...> writes:
> Think there might be some common things going on with v1.8.7 (and possibly
> earlier versions) that are masking the root-cause of issues. The following
> is a guess based on what I've been seeing the last few days:
> 1. The Win32 Barebones v1.8.7 release locks up a Win2kPro machine requiring
> a power-cycle to correct. The lockup seems to occur on the "second"
> alert when using a command line startup of:
> snort -c "e:\snort\snort.conf" -l "e:\snort\log" -A full -i 3 -s 127.0.0.1
> By removing the -l option, the systems seems to be okay.
> (Note: smells something like the user's comment below, but only occurs when
> logging to a local disk file, not to mysql. You might not be seeing this
> issue if you're logging to some other non-flat-file location.
> 2. Check the contents of the current v1.8.7 downloadable file. At least from
> a Windows perspective, several source files appear to be missing. I can't
> tell if that's because the "project" list for Visual Studio might have
> old files still included (but the actual source files are removed) or
> what. Since the files are not within a section of code devoted to Win32
> it appears as though they were simply missed in the tarball. Missing
> files include: avi_tree.c, spp_minfrag.c, spp_tcp_stream.c, spp_stream3.c.
> (Example: the Visual Studio Projects can't find spp_tcp_stream.c, but the
> tarball includes spp_tcp_stream2.c. Issue?)
Yes, there is an issue with the build scripts for 1.8.7 tarball. We
will resolve them in the 1.9 set where a lot more windows specific
fixes have been going in thanks to the work of Chris Reid.
We'll work on resolving a lot of these issues for the 1.9 release.
Sorry for the difficulties. I don't have many spare cycles at the
moment. It will probably be the weekend before I have any time to
look at it.
Chris Green <cmg at ...1935...>
"Not everyone holds these truths to be self-evident, so we've worked
up a proof of them as Appendix A." -- Paul Prescod
More information about the Snort-users