[Snort-users] Solaris 8 stability problems

Rude Yak rudeyak at ...131...
Fri Nov 19 10:42:44 EST 2004


  Is anyone else having trouble running snort 2.2 on Solaris 8 without
experiencing frequent crashes?  I'm running snort, compiled with CFLAGS="-m32
-O3 -mcpu=ultrasparc", using libpcap 0.8.3, libnet 1.1.2.1, and gcc 3.3.2 on
Solaris 8.  Snort starts up and runs ok, but it eventually crashes, usually
within 10-15 minutes of running on an active network (yes, I give it an
occasional push by running nessus :-).  Here's the last thing snort sees before
it dies:

9648:     \003BA109EE2\004DC7F ^03\b\0 E\0\0 H UA2 @\0FD11BE01\n14 F B\n15
9648:     0F969B\f\0A1\0 4BC g 082\0 (0201\004\t c o m c o m c o mA1180201
9648:     010201\00201\0 0\r 082\0\t0605 +0601020105\0\0\0\0\0\0 r\0\0\0 r
9648:     \0\0\090\0\0\0\0 A9D1F _\005 i f\004DC7F ^03\003BA109EE2\b\0 E\0
9648:     \0 d d J @\0FF01AD M\n150F96\n14 F B0303 g C\0\0\0\0 E\0\0 H UA2
9648:      @\0FD11BE01\n14 F B\n150F969B\f\0A1\0 4BC g 082\0 (0201\004\t c
9648:      o m c o m c o mA1180201010201\00201\0 0\r 082\0\t0605 +06010201
9648:     05\0\0\0\0\0\0\0
9648:           flags:  0x0000
9648:   getmsg(3, 0x000BA584, 0xFFBEFB48, 0xFFBEFB34)   = 0
9648:           ctl:  maxlen=8192 len=-1   buf=0x000F7EB0
9648:           dat:  maxlen=65536 len=2880 buf=0x001D720A: "\0\0\0 H\0\0\0
H"..
9648:     \0\0\0 H\0\0\0 H\0\0\0 `\0\0\0\0 A9D1F _\005DE8A\003BA109EE2\004
9648:     DC7F ^03\b\0 E\0\0 : UA3 @\0FD11BE0E\n14 F B\n150F969B ' "B8\0 &
9648:     8680 \ p l a y e r s \ r u l e s \ s t a t u s \ p a c k e t s \
9648:     \0\0\0 d\0\0\0 d\0\0\080\0\0\0\0 A9D1F _\005DED6\004DC7F ^03\003
9648:     BA109EE2\b\0 E\0\0 V d K @\0FF01AD Z\n150F96\n14 F B0303 g 5\0\0
9648:     \0\0 E\0\0 : UA3 @\0FD11BE0E\n14 F B\n150F969B ' "B8\0 &8680 \ p
9648:      l a y e r s \ r u l e s \ s t a t u s \ p a c k e t s \\0\0\0\0
9648:     \0\0\0 H\0\0\0 H\0\0\0 `\0\0\0\0 A9D1F _\005E2 T\003BA109EE2\004
9648:     DC7F ^03\b\0 E\0\0 : UA4 @\0FD11BE\r\n14 F B\n150F969B ) /AB\0 &
9648:      y8B \ p l a y e r s \ r u l e s \ s t a t u s \ p a c k e t s \
9648:     \0\0\0 3\0\0\0 3\0\0\0 P\0\0\0\0 A9D1F _\005F4 ~FFFFFFFFFFFF\0\0
9648:     AA j19\0\0 %E0E003FFFF\0 "\004\0021015FFFFFFFFFFFF04 R\0021015\0
9648:     \0AA j19\0 NB0\00302 x\0\0\013\0\0\0\0 <\0\0\0 <\0\0\0 X\0\0\0\0
9648:      A9D1F _\006 %03FFFFFFFFFFFF\006 [B1E0 {\b06\001\b\00604\001\006
9648:      [B1E0 {\n15\n1C\0\0\0\0\0\0\n150FFE\0\0\0\0\0\0\0\0\0\0\0\0\0\0
9648:     \0\0\0\0\0\0\0\0\0\0\0 9\0\0\0 9\0\0\0 X\0\0\0\0 A9D1F _\006 6A6
9648:     FFFFFFFFFFFF\001E68EBD y\0 +E0E003FFFF\0 (\001\0\0\0\0FFFFFFFFFF
9648:     FF04 S\0021015\001E68EBD y04 S\001E7\b   1FFFFFFFF\0\0\0\0\0\0\0
9648:     \0\0\0 9\0\0\0 9\0\0\0 X\0\0\0\0 A9D1F _\006 8E7FFFFFFFFFFFF\001
9648:     E68EBD y\0 +E0E003FFFF\0 (\001\0\0\0\0FFFFFFFFFFFF04 S\0021015\0
9648:     01E68EBD y04 S\001E7\b   1FFFFFFFF\0  \0 _\0\0\0\0\0\0 U\0\0\0 U
9648:     \0\0\0 p\0\0\0\0 A9D1F _\00717CC\003BA109EE2\004DC7F ^03\b\0 E\0
9648:     \0 G UA5 @\0FD11BDFF\n14 F B\n150F969B0E\0A1\0 3 ` & 082\0 '0201
9648:     \004\b i n t e r n a lA1180201010201\00201\0 0\r 082\0\t0605 +06
9648:     01020105\0\0\0\0\0\0\0 Z\0\0\0 Z\0\0\0 x\0\0\0\0 A9D1F _\007 >
9648:     \003BA109EE2\004DC7F ^03\b\0 E\0\0 L UA6 @\0FD11BDF9\n14 F B\n15
9648:     0F969B !\0 {\0 81294DB\004FA\001\0\0\001\0\0\0\0\0\0\0\0\0\0\0\0
9648:     \0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0BE x /1D19BA\0\0\0  \0 _\0\0
9648:     \0\0\0 U\0\0\0 U\0\0\0 p\0\0\0\0 A9D1F _\0\bC4 G\003BA109EE2\004
9648:     DC7F ^03\b\0 E\0\0 G UA7 @\0FD11BDFD\n14 F B\n150F969B0E\0A1\0 3
9648:      ` & 082\0 '0201\004\b i n t e r n a lA1180201010201\00201\0 0\r
9648:      082\0\t0605 +0601020105\0\0\0\0\0\0\0 q\0\0\0 q\0\0\090\0\0\0\0
9648:      A9D1F _\0\bC494\004DC7F ^03\003BA109EE2\b\0 E\0\0 c d L @\0FF01
9648:     AD L\n150F96\n14 F B0303 g B\0\0\0\0 E\0\0 G UA7 @\0FD11BDFD\n14
9648:      F B\n150F969B0E\0A1\0 3 ` & 082\0 '0201\004\b i n t e r n a lA1
9648:     180201010201\00201\0 0\r 082\0\t0605 +0601020105\0\0\0\0\0\0\0\0
9648:     \0\0\0 H\0\0\0 H\0\0\0 `\0\0\0\0 A9D1F _\0\t12 .\003BA109EE2\004
9648:     DC7F ^03\b\0 E\0\0 : UA8 @\0FD11BE\t\n14 F B\n150F969B ) /AB\0 &
9648:      y8B \ p l a y e r s \ r u l e s \ s t a t u s \ p a c k e t s \
9648:     \0\0\0 d\0\0\0 d\0\0\080\0\0\0\0 A9D1F _\0\t12 w\004DC7F ^03\003
9648:     BA109EE2\b\0 E\0\0 V d M @\0FF01AD X\n150F96\n14 F B0303 g 5\0\0
9648:     \0\0 E\0\0 : UA8 @\0FD11BE\t\n14 F B\n150F969B ) /AB\0 & y8B \ p
9648:      l a y e r s \ r u l e s \ s t a t u s \ p a c k e t s \\0\0\0\0
9648:     \0\0\0 H\0\0\0 H\0\0\0 `\0\0\0\0 A9D1F _\0\t15B8\003BA109EE2\004
9648:     DC7F ^03\b\0 E\0\0 : UA9 @\0FD11BE\b\n14 F B\n150F969B + /AC\0 &
9648:      y88 \ p l a y e r s \ r u l e s \ s t a t u s \ p a c k e t s \
9648:     \0\0\0 3\0\0\0 3\0\0\0 P\0\0\0\0 A9D1F _\0\tDD01FFFFFFFFFFFF\0\0
9648:     AA e pCF\0 %E0E003FFFF\0 "\004\0021015FFFFFFFFFFFF04 R\0021015\0
9648:     \0AA e pCF @ m\00102 x\0\0\0\0\0\0\0\0 >\0\0\0 >\0\0\0 X\0\0\0\0
9648:      A9D1F _\0\n\r <\003BA109EE2\004DC7F ^03\b\0 E\0\0 0 UAA @\0 >06
9648:      }1D\n14 F B\n150F96CC91\016B1 k W96\0\0\0\0 p0283 ,C0 H\0\00101
9648:     0402020405B4\0\0\0\0\0 6\0\0\0 6\0\0\0 P\0\0\0\0 A9D1F _\0\n\r v
9648:     \004DC7F ^03\003BA109EE2\b\0 E\0\0 ( d N @\0 @06 l81\n150F96\n14
9648:      F B\016CC91\0\0\0\0B1 k W97 P14\0\0 p %\0\0\0\0\0\0\0 >\0\0\0 >
9648:     \0\0\0 X\0\0\0\0 A9D1F _\0\n14 >\003BA109EE2\004DC7F ^03\b\0 E\0
9648:     \0 0 UAB @\0 >06 }1C\n14 F B\n150F96CC92\017A7D5 DCD\0\0\0\0 p02
9648:     83 ,DCA5\0\001010402020405B4\0\0\0\0\0 6\0\0\0 6\0\0\0 P\0\0\0\0
9648:      A9D1F _\0\n14 x\004DC7F ^03\003BA109EE2\b\0 E\0\0 ( d O @\0 @06
9648:      l80\n150F96\n14 F B\017CC92\0\0\0\0A7D5 DCE P14\0\08C82\0\0\n\0
9648:     \0\0\0 q\0\0\0 q\0\0\090\0\0\0\0 A9D1F _\0\n <F4FFFFFFFFFFFF\001
9648:     E6901A l\0 cE0E003FFFF\0 `\0\0\0021015FFFFFFFFFFFF04 R\0021015\0
9648:     01E6901A l04 R\00203\f 0 0 0 1 E 6 9 0 1 A 6 C 0 0 D A L S 1 0 0
9648:      3 E O - P S R V\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0021015\0
9648:     01E6901A l @\f\001\0\0\0\0\0\0\0\0\0\0 Q\0\0\0 Q\0\0\0 p\0\0\0\0
9648:      A9D1F _\0\n OA7\003BA109EE2\004DC7F ^03\b\0 E\0\0 C UAC @\0FD11
9648:     BDFC\n14 F B\n150F969B10\0A1\0 / A\n 082\0 #0201\00404 b l u eA1
9648:     180201010201\00201\0 0\r 082\0\t0605 +0601020105\0\0\0\0\0\0\0\0
9648:     \0\0\0 m\0\0\0 m\0\0\088\0\0\0\0 A9D1F _\0\n OFF\004DC7F ^03\003
9648:     BA109EE2\b\0 E\0\0 _ d P @\0FF01AD L\n150F96\n14 F B0303 g >\0\0
9648:     \0\0 E\0\0 C UAC @\0FD11BDFC\n14 F B\n150F969B10\0A1\0 / A\n 082
9648:     \0 #0201\00404 b l u eA1180201010201\00201\0 0\r 082\0\t0605 +06
9648:     01020105\0\0\0\0\0\0\0 >\0\0\0 >\0\0\0 X\0\0\0\0 A9D1F _\0\v }D1
9648:     \003BA109EE2\004DC7F ^03\b\0 E\0\0 0 UAD @\0 >06 }1A\n14 F B\n15
9648:     0F96CC95\t aBFB2 p9A\0\0\0\0 p0283 ,8FAE\0\001010402020405B4\0\0
9648:     \0\0\0 6\0\0\0 6\0\0\0 P\0\0\0\0 A9D1F _\0\v ~\v\004DC7F ^03\003
9648:     BA109EE2\b\0 E\0\0 ( d Q @\0 @06 l ~\n150F96\n14 F B\t aCC95\0\0
9648:     \0\0BFB2 p9B P14\0\0 ?8B\0\0\0\0\0\0\0 S\0\0\0 S\0\0\0 p\0\0\0\0
9648:      A9D1F _\0\vF897\003BA109EE2\004DC7F ^03\b\0 E\0\0 E UAE @\0FD11
9648:     BDF8\n14 F B\n150F969B12\0A1\0 1C784 082\0 %0201\00406 y e l l o
9648:      wA1180201010201\00201\0 0\r 082\0\t0605 +0601020105\0\0\0\013\0
9648:     \0\0\0 o\0\0\0 o\0\0\088\0\0\0\0 A9D1F _\0\vF8E1\004DC7F ^03\003
9648:     BA109EE2\b\0 E\0\0 a d R @\0FF01AD H\n150F96\n14 F B0303 g @\0\0
9648:     \0\0 E\0\0 E UAE @\0FD11BDF8\n14 F B\n150F969B12\0A1\0 1C784 082
9648:     \0 %0201\00406 y e l l o wA1180201010201\00201\0 0\r 082\0\t0605
9648:      +0601020105\0\0\0\0\0 H\0\0\0 H\0\0\0 `\0\0\0\0 A9D1F _\0\f F b
9648:     \003BA109EE2\004DC7F ^03\b\0 E\0\0 : UAF @\0FD11BE02\n14 F B\n15
9648:     0F969B + /AC\0 & y88 \ p l a y e r s \ r u l e s \ s t a t u s \
9648:      p a c k e t s \\0\0\0 <\0\0\0 <\0\0\0 X\0\0\0\0 A9D1F _\0\f ZA0
9648:     FFFFFFFFFFFF\0\vDBA5EDB1\b06\001\b\00604\001\0\vDBA5EDB1\n150F e
9648:     \0\0\0\0\0\0\n150FFE\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\017
9648:           flags:  0x0000
9648:   brk(0x02FFCD30)                                 = 0
9648:   brk(0x02FFED30)                                 = 0
9648:       Incurred fault #5, FLTACCESS  %pc = 0x00061664
9648:         siginfo: SIGBUS BUS_ADRALN addr=0x00255752
9648:       Received signal #10, SIGBUS [default]
9648:         siginfo: SIGBUS BUS_ADRALN addr=0x00255752
9648:           *** process killed ***

  Any ideas as to what I might need to do to keep snort stable on our Solaris
boxen?

  Thanks in advance.

  RudeYak at ...131...





More information about the Snort-users mailing list