[Snort-users] Snort 1.8.6 crashes after Ping of Death

Chris Green cmg at ...1935...
Thu Jul 11 10:25:02 EDT 2002


Rich Adamson  <radamson at ...2127...> writes:

> Chris,
>
> Think there might be some common things going on with v1.8.7 (and possibly
> earlier versions) that are masking the root-cause of issues. The following
> is a guess based on what I've been seeing the last few days:
>
> 1. The Win32 Barebones v1.8.7 release locks up a Win2kPro machine requiring
>    a power-cycle to correct. The lockup seems to occur on the "second"
>    alert when using a command line startup of:
>    snort -c "e:\snort\snort.conf" -l "e:\snort\log" -A full -i 3 -s 127.0.0.1
>    By removing the -l option, the systems seems to be okay.
>    (Note: smells something like the user's comment below, but only occurs when
>    logging to a local disk file, not to mysql. You might not be seeing this
>    issue if you're logging to some other non-flat-file location.

> 2. Check the contents of the current v1.8.7 downloadable file. At least from
>    a Windows perspective, several source files appear to be missing. I can't
>    tell if that's because the "project" list for Visual Studio might have
>    old files still included (but the actual source files are removed) or 
>    what. Since the files are not within a section of code devoted to Win32
>    it appears as though they were simply missed in the tarball. Missing
>    files include: avi_tree.c, spp_minfrag.c, spp_tcp_stream.c, spp_stream3.c.
>    (Example: the Visual Studio Projects can't find spp_tcp_stream.c, but the
>    tarball includes spp_tcp_stream2.c.  Issue?)

Yes, there is an issue with the build scripts for 1.8.7 tarball.  We
will resolve them in the 1.9 set where a lot more windows specific
fixes have been going in thanks to the work of Chris Reid.

We'll work on resolving a lot of these issues for the 1.9 release.

Sorry for the difficulties. I don't have many spare cycles at the
moment.  It will probably be the weekend before I have any time to
look at it.
-- 
Chris Green <cmg at ...1935...>
 "Not everyone holds these truths to be self-evident, so we've worked
                  up a proof of them as Appendix A." --  Paul Prescod




More information about the Snort-users mailing list