[Snort-users] Starting Snort 2.9.0.1

Jason Wallace jason.r.wallace at ...11827...
Thu Nov 4 13:21:53 EDT 2010


I'm guessing that is a seg fault... probably because you have this
enabled in your snort.conf...

/usr/local/lib/snort_dynamicpreprocessor//lib_sfdynamic_preprocessor_example.so...
done

On Thu, Nov 4, 2010 at 12:58 PM, José R. Cristo Almaguer
<jose.cristo at ...14976...> wrote:
> When a try to run snort I get this error, anybody have any idea?
>
> ----------------------------------------------------------------------------
> ------------------
> ns1:/var/log# snort -c /etc/snort/snort.conf
> Running in IDS mode
>
>        --== Initializing Snort ==--
> Initializing Output Plugins!
> Initializing Preprocessors!
> Initializing Plug-ins!
> Parsing Rules file "/etc/snort/snort.conf"
> PortVar 'HTTP_PORTS' defined :  [ 80 311 591 593 901 1220 1414 2301 2381
> 2809 3128 3702 7777 7779 8000 8008 8028 8080 8118 8123 8180 8243 8280 8888
> 9443 9999 11371 ]
> PortVar 'SHELLCODE_PORTS' defined :  [ 0:79 81:65535 ]
> PortVar 'ORACLE_PORTS' defined :  [ 1024:65535 ]
> PortVar 'SSH_PORTS' defined :  [ 22 ]
> Detection:
>   Search-Method = AC-Full-Q
>    Split Any/Any group = enabled
>    Search-Method-Optimizations = enabled
>    Maximum pattern length = 20
> Tagged Packet Limit: 256
> Loading dynamic engine /usr/local/lib/snort_dynamicengine/libsf_engine.so...
> done
> Loading all dynamic preprocessor libs from
> /usr/local/lib/snort_dynamicpreprocessor/...
>  Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so... done
>  Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//lib_sfdynamic_preprocessor_example
> .so... done
>  Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so... done
>  Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so... done
>  Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so... done
>  Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... done
>  Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so... done
>  Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so... done
>  Finished Loading all dynamic preprocessor libs from
> /usr/local/lib/snort_dynamicpreprocessor/
> Log directory = /var/log/snort
> Frag3 global config:
>    Max frags: 65536
>    Fragment memory cap: 4194304 bytes
> Frag3 engine config:
>    Target-based policy: WINDOWS
>    Fragment timeout: 180 seconds
>    Fragment min_ttl:   1
>    Fragment Problems: 1
>    Overlap Limit:     10
>    Min fragment Length:     100
> Stream5 global config:
>    Track TCP sessions: ACTIVE
>    Max TCP sessions: 8192
>    Memcap (for reassembly packet storage): 8388608
>    Track UDP sessions: ACTIVE
>    Max UDP sessions: 131072
>    Track ICMP sessions: INACTIVE
>    Log info if session memory consumption exceeds 1048576
>    Send up to 0 active responses
> Stream5 TCP Policy config:
>    Reassembly Policy: WINDOWS
>    Timeout: 180 seconds
>    Limit on TCP Overlaps: 10
>    Maximum number of bytes to queue per session: 1048576
>    Maximum number of segs to queue per session: 2621
>    Options:
>        Require 3-Way Handshake: YES
>        3-Way Handshake Timeout: 180
>        Detect Anomalies: YES
>    Reassembly Ports:
>      21 client (Footprint)
>      22 client (Footprint)
>      23 client (Footprint)
>      25 client (Footprint)
>      42 client (Footprint)
>      53 client (Footprint)
>      79 client (Footprint)
>      80 client (Footprint) server (Footprint)
>      109 client (Footprint)
>      110 client (Footprint)
>      111 client (Footprint)
>      113 client (Footprint)
>      119 client (Footprint)
>      135 client (Footprint)
>      136 client (Footprint)
>      137 client (Footprint)
>      139 client (Footprint)
>      143 client (Footprint)
>      161 client (Footprint)
>      311 client (Footprint) server (Footprint)
> Stream5 UDP Policy config:
>    Timeout: 180 seconds
> HttpInspect Config:
>    GLOBAL CONFIG
>      Max Pipeline Requests:    0
>      Inspection Type:          STATELESS
>      Detect Proxy Usage:       NO
>      IIS Unicode Map Filename: /etc/snort/unicode.map
>      IIS Unicode Map Codepage: 1252
>      Max Gzip Memory: 838860
>      Max Gzip Sessions: 20
>      Gzip Compress Depth: 20480
>      Gzip Decompress Depth: 20480
>    DEFAULT SERVER CONFIG:
>      Server profile: All
>      Ports: 80 311 591 593 901 1220 1414 2301 2381 2809 3128 3702 7777 7779
> 8000 8008 8028 8080 8118 8123 8180 8243 8280 8888 9443 9999 11371
>      Server Flow Depth: 0
>      Client Flow Depth: 0
>      Max Chunk Length: 500000
>      Max Header Field Length: 750
>      Max Number Header Fields: 100
>      Inspect Pipeline Requests: YES
>      URI Discovery Strict Mode: NO
>      Allow Proxy Usage: NO
>      Disable Alerting: NO
>      Oversize Dir Length: 500
>      Only inspect URI: NO
>      Normalize HTTP Headers: NO
>      Inspect HTTP Cookies: YES
>      Inspect HTTP Responses: YES
>      Extract Gzip from responses: YES
>      Unlimited decompression of gzip data from responses: NO
>      Normalize HTTP Cookies: NO
>      Enable XFF and True Client IP: NO
>      Extended ASCII code support in URI: NO
>      Ascii: YES alert: NO
>      Double Decoding: YES alert: NO
>      %U Encoding: YES alert: YES
>      Bare Byte: YES alert: NO
>      Base36: OFF
>      UTF 8: YES alert: NO
>      IIS Unicode: YES alert: NO
>      Multiple Slash: YES alert: NO
>      IIS Backslash: YES alert: NO
>      Directory Traversal: YES alert: NO
>      Web Root Traversal: YES alert: NO
>      Apache WhiteSpace: YES alert: NO
>      IIS Delimiter: YES alert: NO
>      IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
>      Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07
>      Whitespace Characters: 0x09 0x0b 0x0c 0x0d
> rpc_decode arguments:
>    Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776
> 32777 32778 32779
>    alert_fragments: INACTIVE
>    alert_large_fragments: INACTIVE
>    alert_incomplete: INACTIVE
>    alert_multiple_requests: INACTIVE
> Violación de segmento
>
>
> --
> Este mensaje ha sido analizado por MailScanner
> en busca de virus y otros contenidos peligrosos,
> y se considera que está limpio.
> For all your IT requirements visit: http://www.transtec.co.uk
>
>
> ------------------------------------------------------------------------------
> The Next 800 Companies to Lead America's Growth: New Video Whitepaper
> David G. Thomson, author of the best-selling book "Blueprint to a
> Billion" shares his insights and actions to help propel your
> business during the next growth cycle. Listen Now!
> http://p.sf.net/sfu/SAP-dev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>




More information about the Snort-users mailing list