[Snort-users] snort 2.8.6.0 core on solaris

Luis luis.mlists at ...11827...
Tue Jun 1 14:19:52 EDT 2010


Please let me know if this is the right forum for this question (only
subscribed to the users list)

After upgrading to 2.8.6.0 from 2.8.2 , one of my sensors is dumping core
after running for a while, none of the other sensors is having the same
issue..

here's pstack..  (changed hostname)


# pstack core_<hostname>_snort_10053_9001_1275398268_1482 |more
core 'core_<hostname>_snort_10053_9001_1275398268_1482' of 1482:
/opt/PP2K/bin/snort -u snort -g snort -c /opt/PP2K/etc/snort2.conf -d
 feb7508c GetSMBStringLength (9a8b7bb, 30, 8000, 30, 700, c807) + 74
 feb754e0 ProcessSMBTreeConnXReq (9a8b78f, 9a8b7af, 3c, 5c, 75, 3c) + 25c
 feb78d0c ProcessNextSMBCommand (75, 9a8b78f, 9a8b7af, 3c, 5c, 75) + c8
 feb77c64 ProcessRawSMB (9a59f70, 9a8b764, 87, ffbfea24, 13b4d78, 9a59f70) +
150
 feb789d8 DCERPCDecode (9a59f70, fd8ee828, 0, feb8c138, 0, 0) + 4b0
 feb79fec ProcessDCERPCPacket (9a59f70, 0, 0, 0, 5, cc85b0) + 190
 0006c928 Preprocess (9a59f70, cb0398, 0, b9fc78, 0, 73a574) + 37c
 0010957c _flush_ackd_4 (1838140, 1838220, ffbff070, ffbff130, ffbff118,
7b6) + a2c
 00107f04 flush_ackd (1838140, 1838220, ffbff070, ffbff130, ffbff118, 7b6) +
118
 00109bfc Stream5FlushTalker (ffbff070, 20f0aa80, ffbfee60, ffbfee5c,
13b4d78, 0) + 16c
 000f0d58 Stream5ResponseFlushStream (ffbff070, 0, ffbfee60, ffbfee5c,
13b4d78, 0) + d4
 feb788f8 DCERPCDecode (ffbff070, fd8ee828, 0, feb8c138, 0, 0) + 3d0
 feb79fec ProcessDCERPCPacket (ffbff070, 0, 0, 0, 5, cc85b0) + 190
 0006c928 Preprocess (ffbff070, ffffffff, ffbff118, ffbff130, 8, d4d0c8) +
37c
 0005c1cc ProcessPacket (0, ffbff848, 9ac9632, 0, 0, 0) + 31c
 0005bc64 PcapProcessPacket (0, ffbff848, 9ac9632, 7edca, 4c05087c, d38f920)
+ 330
 0014a744 pcap_read_dlpi (9a5ad30, 3add764a, 5b934, 0, 11, ffbff858) + 2ac
 0005f69c InterfaceThread (0, ffbfff86, e80cc, fedc8338, ba01f0, ffbfff86) +
118
 0006488c SnortProcess (0, ffbffacc, 0, 0, 0, 0) + 8
 0005af40 SnortMain (b, ffbffacc, 0, 0, 0, 738f7c) + a4
 0005ae84 main     (b, ffbffacc, ffbffafc, ba01f0, ff0c0140, 0) + 34
 00024f74 _start   (0, 0, 0, 0, 0, 0) + 5c


Any help/pointers would be appreciated..


Thanks


Luis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100601/94fd5342/attachment.html>


More information about the Snort-users mailing list