[Snort-users] Snort v2.7.0 Now Available

Colin Grady colin.grady at ...11827...
Fri Jul 20 15:41:04 EDT 2007


I do not have a backtrace or pcap to provide, sorry.

I used a compiled version using the following options:

./configure --prefix=/opt/snort --enable-pthread
--enable-dynamicplugin --enable-gre

This is on Ubuntu feisty (server).

Command-line options are:

/opt/snort/bin/snort -c /opt/snort/etc/snort_eth0.conf -K none

Making only a change to the config to switch from stream5 (when it
crashes after 1-2 minutes) to stream4 caused the Snort process to
remain stable and not segfault. Because of the consistency of the
segfault timeframe, I'm not sure it's related to the traffic crossing
the monitored wire.

Thanks,

Colin Grady


On 7/20/07, Justin Heath <justin.heath at ...11827...> wrote:
> On 7/20/07, Justin Heath <justin.heath at ...11827...> wrote:
> > Colin,
> >
> > Can you please provide some addtional detail? What OS, version etc?
> > Are you using a binary from snort.org or did you compile from source?
> > If you compiled from source what configure and build options did you
> > use? Do you have a pcap or backtrace associated with this fault? If
> > you have a backtrace and/or pcap and do not wish to post it to the
> > list please send to bugs at ...10585...
> >
> >
> > Cheers,
> > Justin
> >
> > On 7/20/07, Colin Grady <colin.grady at ...11827...> wrote:
> > > I'm seeing a segmentation fault occur after a couple minutes of
> > > running in IDS mode -- doesn't seem to matter if it's in daemon mode
> > > or not. Anyone else seeing this?
> > >
> > > Thanks,
> > >
> > > Colin Grady
> > >
> > >
> > > On 7/19/07, Snort Releases <snortreleases at ...950...> wrote:
> > > > Hi everyone,
> > > >
> > > > Snort v2.7.0 has been released. The software and source code is
> > > > available at: http://snort.org/dl/
> > > >
> > > > A development version of v2.7.0 was mistakenly posted over the weekend.
> > > >    We apologize for any confusion this may have caused.  The final
> > > > v2.7.0 is now available on the Snort site.
> > > >
> > > > Snort v2.7.0 includes:
> > > >
> > > >      * Target-based stream reassembly, including handling of TCP data
> > > > overlaps and anomalous TCP header flags on a per-destination basis. 11
> > > > different target-based policies are supported. See README.stream5 for
> > > > specific configuration options for operating system targets.
> > > >      * UDP session tracking
> > > >      * Option to emulate Stream4 flushing behaviour
> > > >      * Stream5 replaces BOTH Stream4 & Flow -- should disable both of
> > > > these when Stream5 is enabled.
> > > >      * Security and memory footprint improvements
> > > >
> > > > Happy Snorting!
> > > >
> > > > The Snort Release Team
> > > > Sourcefire, Inc.
> > > >
> > > > -------------------------------------------------------------------------
> > > > This SF.net email is sponsored by: Microsoft
> > > > Defy all challenges. Microsoft(R) Visual Studio 2005.
> > > > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> > > > _______________________________________________
> > > > Snort-users mailing list
> > > > Snort-users at lists.sourceforge.net
> > > > Go to this URL to change user options or unsubscribe:
> > > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > > Snort-users list archive:
> > > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > > >
> > >
> > > -------------------------------------------------------------------------
> > > This SF.net email is sponsored by: Microsoft
> > > Defy all challenges. Microsoft(R) Visual Studio 2005.
> > > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users at lists.sourceforge.net
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > >
> >
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2005.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>




More information about the Snort-users mailing list