[Snort-users] Snort v2.7.0 Now Available

Justin Heath justin.heath at ...11827...
Fri Jul 20 16:33:04 EDT 2007


Can you add your stream5 conf? BTW, if you have icmp tracking on in
stream5 turn it off as this is still experimental.

Cheers,
Justin

On 7/20/07, Colin Grady <colin.grady at ...11827...> wrote:
> I do not have a backtrace or pcap to provide, sorry.
>
> I used a compiled version using the following options:
>
> ./configure --prefix=/opt/snort --enable-pthread
> --enable-dynamicplugin --enable-gre
>
> This is on Ubuntu feisty (server).
>
> Command-line options are:
>
> /opt/snort/bin/snort -c /opt/snort/etc/snort_eth0.conf -K none
>
> Making only a change to the config to switch from stream5 (when it
> crashes after 1-2 minutes) to stream4 caused the Snort process to
> remain stable and not segfault. Because of the consistency of the
> segfault timeframe, I'm not sure it's related to the traffic crossing
> the monitored wire.
>
> Thanks,
>
> Colin Grady
>
>
> On 7/20/07, Justin Heath <justin.heath at ...11827...> wrote:
> > On 7/20/07, Justin Heath <justin.heath at ...11827...> wrote:
> > > Colin,
> > >
> > > Can you please provide some addtional detail? What OS, version etc?
> > > Are you using a binary from snort.org or did you compile from source?
> > > If you compiled from source what configure and build options did you
> > > use? Do you have a pcap or backtrace associated with this fault? If
> > > you have a backtrace and/or pcap and do not wish to post it to the
> > > list please send to bugs at ...10585...
> > >
> > >
> > > Cheers,
> > > Justin
> > >
> > > On 7/20/07, Colin Grady <colin.grady at ...11827...> wrote:
> > > > I'm seeing a segmentation fault occur after a couple minutes of
> > > > running in IDS mode -- doesn't seem to matter if it's in daemon mode
> > > > or not. Anyone else seeing this?
> > > >
> > > > Thanks,
> > > >
> > > > Colin Grady
> > > >
> > > >
> > > > On 7/19/07, Snort Releases <snortreleases at ...950...> wrote:
> > > > > Hi everyone,
> > > > >
> > > > > Snort v2.7.0 has been released. The software and source code is
> > > > > available at: http://snort.org/dl/
> > > > >
> > > > > A development version of v2.7.0 was mistakenly posted over the weekend.
> > > > >    We apologize for any confusion this may have caused.  The final
> > > > > v2.7.0 is now available on the Snort site.
> > > > >
> > > > > Snort v2.7.0 includes:
> > > > >
> > > > >      * Target-based stream reassembly, including handling of TCP data
> > > > > overlaps and anomalous TCP header flags on a per-destination basis. 11
> > > > > different target-based policies are supported. See README.stream5 for
> > > > > specific configuration options for operating system targets.
> > > > >      * UDP session tracking
> > > > >      * Option to emulate Stream4 flushing behaviour
> > > > >      * Stream5 replaces BOTH Stream4 & Flow -- should disable both of
> > > > > these when Stream5 is enabled.
> > > > >      * Security and memory footprint improvements
> > > > >
> > > > > Happy Snorting!
> > > > >
> > > > > The Snort Release Team
> > > > > Sourcefire, Inc.
> > > > >
> > > > > -------------------------------------------------------------------------
> > > > > This SF.net email is sponsored by: Microsoft
> > > > > Defy all challenges. Microsoft(R) Visual Studio 2005.
> > > > > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> > > > > _______________________________________________
> > > > > Snort-users mailing list
> > > > > Snort-users at lists.sourceforge.net
> > > > > Go to this URL to change user options or unsubscribe:
> > > > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > > > Snort-users list archive:
> > > > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > > > >
> > > >
> > > > -------------------------------------------------------------------------
> > > > This SF.net email is sponsored by: Microsoft
> > > > Defy all challenges. Microsoft(R) Visual Studio 2005.
> > > > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> > > > _______________________________________________
> > > > Snort-users mailing list
> > > > Snort-users at lists.sourceforge.net
> > > > Go to this URL to change user options or unsubscribe:
> > > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > > Snort-users list archive:
> > > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > > >
> > >
> >
> > -------------------------------------------------------------------------
> > This SF.net email is sponsored by: Microsoft
> > Defy all challenges. Microsoft(R) Visual Studio 2005.
> > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
>




More information about the Snort-users mailing list