[Snort-users] (no subject)

Bhagya Bantwal bbantwal at ...1935...
Wed Apr 17 10:35:40 EDT 2013


Hello Prathibha,

Does this happen with the latest snort build? (snort 2.9.4.5?)

-B

On Wed, Apr 17, 2013 at 1:55 AM, Prathibha P G <prathibhapg at ...11827...> wrote:
> Hi,
>          When I run in NIDS mode I am getting the following error
>
> mtech11 at ...16238...:~/X/snorting/installs/snort-2.9.1/log$ sudo snort -c
> /home/mtech11/X/snorting/installs/snort-2.9.1/etc/snort.conf -A fast
> Running in IDS mode
>
>         --== Initializing Snort ==--
> Initializing Output Plugins!
> Initializing Preprocessors!
> Initializing Plug-ins!
> Parsing Rules file
> "/home/mtech11/X/snorting/installs/snort-2.9.1/etc/snort.conf"
> PortVar 'HTTP_PORTS' defined :  [ 80:81 311 591 593 901 1220 1414 1830 2301
> 2381 2809 3128 3702 5250 7001 7777 7779 8000 8008 8028 8080 8088 8118 8123
> 8180:8181 8243 8280 8888 9090:9091 9443 9999 11371 ]
> PortVar 'SHELLCODE_PORTS' defined :  [ 0:79 81:65535 ]
> PortVar 'ORACLE_PORTS' defined :  [ 1024:65535 ]
> PortVar 'SSH_PORTS' defined :  [ 22 ]
> PortVar 'FTP_PORTS' defined :  [ 21 2100 3535 ]
> PortVar 'SIP_PORTS' defined :  [ 5060:5061 5600 ]
> Detection:
>    Search-Method = AC-Full-Q
>     Split Any/Any group = enabled
>     Search-Method-Optimizations = enabled
>     Maximum pattern length = 20
> Tagged Packet Limit: 256
> Loading dynamic engine /usr/local/lib/snort_dynamicengine/libsf_engine.so...
> done
> Loading all dynamic preprocessor libs from
> /usr/local/lib/snort_dynamicpreprocessor/...
>   Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_reputation_preproc.so...
> done
>   Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_imap_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_sip_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_pop_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so... done
>   Finished Loading all dynamic preprocessor libs from
> /usr/local/lib/snort_dynamicpreprocessor/
> Log directory = /var/log/snort
> WARNING: ip4 normalizations disabled because not inline
> WARNING: tcp normalizations disabled because not inline
> WARNING: icmp4 normalizations disabled because not inline
> Frag3 global config:
>     Max frags: 65536
>     Fragment memory cap: 4194304 bytes
> Frag3 engine config:
>     Bound Address: default
>     Target-based policy: WINDOWS
>     Fragment timeout: 180 seconds
>     Fragment min_ttl:   1
>     Fragment Anomalies: Alert
>     Overlap Limit:     10
>     Min fragment Length:     100
> Stream5 global config:
>     Track TCP sessions: ACTIVE
>     Max TCP sessions: 262144
>     Memcap (for reassembly packet storage): 8388608
>     Track UDP sessions: ACTIVE
>     Max UDP sessions: 131072
>     Track ICMP sessions: INACTIVE
>     Log info if session memory consumption exceeds 1048576
>     Send up to 2 active responses
>     Wait at least 5 seconds between responses
>     Protocol Aware Flushing: INACTIVE
>         Maximum Flush Point: 0
> Stream5 TCP Policy config:
>     Bound Address: default
>     Reassembly Policy: WINDOWS
>     Timeout: 180 seconds
>     Limit on TCP Overlaps: 10
>     Maximum number of bytes to queue per session: 1048576
>     Maximum number of segs to queue per session: 2621
>     Options:
>         Require 3-Way Handshake: YES
>         3-Way Handshake Timeout: 180
>         Detect Anomalies: YES
>     Reassembly Ports:
>       21 client (Footprint)
>       22 client (Footprint)
>       23 client (Footprint)
>       25 client (Footprint)
>       42 client (Footprint)
>       53 client (Footprint)
>       79 client (Footprint)
>       80 client (Footprint) server (Footprint)
>       81 client (Footprint) server (Footprint)
>       109 client (Footprint)
>       110 client (Footprint)
>       111 client (Footprint)
>       113 client (Footprint)
>       119 client (Footprint)
>       135 client (Footprint)
>       136 client (Footprint)
>       137 client (Footprint)
>       139 client (Footprint)
>       143 client (Footprint)
>       161 client (Footprint)
>       additional ports configured but not printed.
> Stream5 UDP Policy config:
>     Timeout: 180 seconds
> HttpInspect Config:
>     GLOBAL CONFIG
>       Max Pipeline Requests:    0
>       Inspection Type:          STATELESS
>       Detect Proxy Usage:       NO
>       IIS Unicode Map Filename:
> /home/mtech11/X/snorting/installs/snort-2.9.1/etc/unicode.map
>       IIS Unicode Map Codepage: 1252
>       Memcap used for logging URI and Hostname: 150994944
>       Max Gzip Memory: 838860
>       Max Gzip Sessions: 6
>       Gzip Compress Depth: 65535
>       Gzip Decompress Depth: 65535
>     DEFAULT SERVER CONFIG:
>       Server profile: All
>       Ports: 80 81 311 591 593 901 1220 1414 1830 2301 2381 2809 3128 3702
> 5250 7001 7777 7779 8000 8008 8028 8080 8088 8118 8123 8180 8181 8243 8280
> 8888 9090 9091 9443 9999 11371
>       Server Flow Depth: 0
>       Client Flow Depth: 0
>       Max Chunk Length: 500000
>       Max Header Field Length: 750
>       Max Number Header Fields: 100
>       Max Number of WhiteSpaces allowed with header folding: 200
>       Inspect Pipeline Requests: YES
>       URI Discovery Strict Mode: NO
>       Allow Proxy Usage: NO
>       Disable Alerting: NO
>       Oversize Dir Length: 500
>       Only inspect URI: NO
>       Normalize HTTP Headers: NO
>       Inspect HTTP Cookies: YES
>       Inspect HTTP Responses: YES
>       Extract Gzip from responses: YES
>       Unlimited decompression of gzip data from responses: YES
>       Normalize HTTP Cookies: NO
>       Enable XFF and True Client IP: NO
>       Log HTTP URI data: NO
>       Log HTTP Hostname data: NO
>       Extended ASCII code support in URI: NO
>       Ascii: YES alert: NO
>       Double Decoding: YES alert: NO
>       %U Encoding: YES alert: YES
>       Bare Byte: YES alert: NO
>       UTF 8: YES alert: NO
>       IIS Unicode: YES alert: NO
>       Multiple Slash: YES alert: NO
>       IIS Backslash: YES alert: NO
>       Directory Traversal: YES alert: NO
>       Web Root Traversal: YES alert: NO
>       Apache WhiteSpace: YES alert: NO
>       IIS Delimiter: YES alert: NO
>       IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
>       Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07
>       Whitespace Characters: 0x09 0x0b 0x0c 0x0d
> rpc_decode arguments:
>     Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776
> 32777 32778 32779
>     alert_fragments: INACTIVE
>     alert_large_fragments: INACTIVE
>     alert_incomplete: INACTIVE
>     alert_multiple_requests: INACTIVE
> *** buffer overflow detected ***: snort terminated
> ======= Backtrace: =========
> /lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x50)[0x272390]
> /lib/tls/i686/cmov/libc.so.6(+0xe12ca)[0x2712ca]
> /lib/tls/i686/cmov/libc.so.6(+0xe0a08)[0x270a08]
> /lib/tls/i686/cmov/libc.so.6(_IO_default_xsputn+0x9e)[0x1f9afe]
> /lib/tls/i686/cmov/libc.so.6(_IO_vfprintf+0x368a)[0x1d029a]
> /lib/tls/i686/cmov/libc.so.6(__vsprintf_chk+0xad)[0x270abd]
> /lib/tls/i686/cmov/libc.so.6(__sprintf_chk+0x2d)[0x2709fd]
> snort[0x80cca2e]
> snort[0x8061a3b]
> snort[0x8072f22]
> snort[0x8073826]
> /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe6)[0x1a6bd6]
> snort[0x804b631]
> ======= Memory map: ========
> 00110000-0011e000 r-xp 00000000 08:08 1462490
> /usr/local/lib/snort_dynamicengine/libsf_engine.so.0.0.0
> 0011e000-0011f000 r--p 0000d000 08:08 1462490
> /usr/local/lib/snort_dynamicengine/libsf_engine.so.0.0.0
> 0011f000-00120000 rw-p 0000e000 08:08 1462490
> /usr/local/lib/snort_dynamicengine/libsf_engine.so.0.0.0
> 00120000-00130000 rw-p 00000000 00:00 0
> 00130000-00138000 r-xp 00000000 08:08 1593583
> /usr/local/lib/snort_dynamicpreprocessor/libsf_imap_preproc.so.0.0.0
> 00138000-00139000 r--p 00007000 08:08 1593583
> /usr/local/lib/snort_dynamicpreprocessor/libsf_imap_preproc.so.0.0.0
> 00139000-0013a000 rw-p 00008000 08:08 1593583
> /usr/local/lib/snort_dynamicpreprocessor/libsf_imap_preproc.so.0.0.0
> 0013a000-0013d000 r-xp 00000000 08:08 1593595
> /usr/local/lib/snort_dynamicpreprocessor/libsf_dns_preproc.so.0.0.0
> 0013d000-0013e000 r--p 00002000 08:08 1593595
> /usr/local/lib/snort_dynamicpreprocessor/libsf_dns_preproc.so.0.0.0
> 0013e000-0013f000 rw-p 00003000 08:08 1593595
> /usr/local/lib/snort_dynamicpreprocessor/libsf_dns_preproc.so.0.0.0
> 00148000-00163000 r-xp 00000000 08:08 1179673    /lib/ld-2.11.1.so
> 00163000-00164000 r--p 0001a000 08:08 1179673    /lib/ld-2.11.1.so
> 00164000-00165000 rw-p 0001b000 08:08 1179673    /lib/ld-2.11.1.so
> 0016a000-0018e000 r-xp 00000000 08:08 1311599
> /lib/tls/i686/cmov/libm-2.11.1.so
> 0018e000-0018f000 r--p 00023000 08:08 1311599
> /lib/tls/i686/cmov/libm-2.11.1.so
> 0018f000-00190000 rw-p 00024000 08:08 1311599
> /lib/tls/i686/cmov/libm-2.11.1.so
> 00190000-002e3000 r-xp 00000000 08:08 1311591
> /lib/tls/i686/cmov/libc-2.11.1.so
> 002e3000-002e4000 ---p 00153000 08:08 1311591
> /lib/tls/i686/cmov/libc-2.11.1.so
> 002e4000-002e6000 r--p 00153000 08:08 1311591
> /lib/tls/i686/cmov/libc-2.11.1.so
> 002e6000-002e7000 rw-p 00155000 08:08 1311591
> /lib/tls/i686/cmov/libc-2.11.1.so
> 002e7000-002ea000 rw-p 00000000 00:00 0
> 002ea000-00318000 r-xp 00000000 08:08 1593603
> /usr/local/lib/snort_dynamicpreprocessor/libsf_dce2_preproc.so.0.0.0
> 00318000-00319000 r--p 0002d000 08:08 1593603
> /usr/local/lib/snort_dynamicpreprocessor/libsf_dce2_preproc.so.0.0.0
> 00319000-0031a000 rw-p 0002e000 08:08 1593603
> /usr/local/lib/snort_dynamicpreprocessor/libsf_dce2_preproc.so.0.0.0
> 0031a000-0032e000 rw-p 00000000 00:00 0
> 003c1000-003cb000 r-xp 00000000 08:08 1311608
> /lib/tls/i686/cmov/libnss_files-2.11.1.so
> 003cb000-003cc000 r--p 00009000 08:08 1311608
> /lib/tls/i686/cmov/libnss_files-2.11.1.so
> 003cc000-003cd000 rw-p 0000a000 08:08 1311608
> /lib/tls/i686/cmov/libnss_files-2.11.1.so
> 00587000-0058f000 r-xp 00000000 08:08 1593579
> /usr/local/lib/snort_dynamicpreprocessor/libsf_pop_preproc.so.0.0.0
> 0058f000-00590000 r--p 00007000 08:08 1593579
> /usr/local/lib/snort_dynamicpreprocessor/libsf_pop_preproc.so.0.0.0
> 00590000-00591000 rw-p 00008000 08:08 1593579
> /usr/local/lib/snort_dynamicpreprocessor/libsf_pop_preproc.so.0.0.0
> 006d2000-006e5000 r-xp 00000000 08:08 1179846    /lib/libz.so.1.2.3.3
> 006e5000-006e6000 r--p 00012000 08:08 1179846    /lib/libz.so.1.2.3.3
> 006e6000-006e7000 rw-p 00013000 08:08 1179846    /lib/libz.so.1.2.3.3
> 0072e000-00730000 r-xp 00000000 08:08 1311597
> /lib/tls/i686/cmov/libdl-2.11.1.so
> 00730000-00731000 r--p 00001000 08:08 1311597
> /lib/tls/i686/cmov/libdl-2.11.1.so
> 00731000-00732000 rw-p 00002000 08:08 1311597
> /lib/tls/i686/cmov/libdl-2.11.1.so
> 00757000-0075e000 r-xp 00000000 08:08 1593607
> /usr/local/lib/snort_dynamicpreprocessor/libsf_sdf_preproc.so.0.0.0
> 0075e000-0075f000 r--p 00006000 08:08 1593607
> /usr/local/lib/snort_dynamicpreprocessor/libsf_sdf_preproc.so.0.0.0
> 0075f000-00760000 rw-p 00007000 08:08 1593607
> /usr/local/lib/snort_dynamicpreprocessor/libsf_sdf_preproc.so.0.0.0
> 0076d000-0078a000 r-xp 00000000 08:08 1192046    /lib/libgcc_s.so.1
> 0078a000-0078b000 r--p 0001c000 08:08 1192046    /lib/libgcc_s.so.1
> 0078b000-0078c000 rw-p 0001d000 08:08 1192046    /lib/libgcc_s.so.1
> 0079c000-007cb000 r-xp 00000000 08:08 1179789    /lib/libpcre.so.3.12.1
> 007cb000-007cc000 r--p 0002e000 08:08 1179789    /lib/libpcre.so.3.12.1
> 007cc000-007cd000 rw-p 0002f000 08:08 1179789    /lib/libpcre.so.3.12.1
> 007db000-007e5000 r-xp 00000000 08:08 1462454
> /usr/local/lib/libdnet.1.0.1
> 007e5000-007e6000 r--p 00009000 08:08 1462454
> /usr/local/lib/libdnet.1.0.1
> 007e6000-007e7000 rw-p 0000a000 08:08 1462454
> /usr/local/lib/libdnet.1.0.1
> 007e7000-007e9000 rw-p 00000000 00:00 0
> 008aa000-008ba000 r-xp 00000000 08:08 1593575
> /usr/local/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so.0.0.0
> 008ba000-008bb000 r--p 0000f000 08:08 1593575
> /usr/local/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so.0.0.0
> 008bb000-008bc000 rw-p 00010000 08:08 1593575
> /usr/local/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so.0.0.0
> 008df000-008eb000 r-xp 00000000 08:08 1593587
> /usr/local/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.so.0.0.0
> 008eb000-008ec000 ---p 0000c000 08:08 1593587
> /usr/local/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.so.0.0.0
> 008ec000-008ed000 r--p 0000c000 08:08 1593587
> /usr/local/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.so.0.0.0
> 008ed000-008ee000 rw-p 0000d000 08:08 1593587
> /usr/local/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.so.0.0.0
> 008ee000-008ef000 rw-p 00000000 00:00 0
> 0091e000-0094b000 r-xp 00000000 08:08 921120     /usr/lib/libpcap.so.1.0.0
> 0094b000-0094c000 r--p 0002c000 08:08 921120     /usr/lib/libpcap.so.1.0.0
> 0094c000-0094d000 rw-p 0002d000 08:08 921120     /usr/lib/libpcap.so.1.0.0
> 00a7d000-00a90000 r-xp 00000000 08:08 1311602
> /lib/tls/i686/cmov/libnsl-2.11.1.so
> 00a90000-00a91000 r--p 00012000 08:08 1311602
> /lib/tls/i686/cmov/libnsl-2.11.1.so
> 00a91000-00a92000 rw-p 00013000 08:08 1311602
> /lib/tls/i686/cmov/libnsl-2.11.1.so
> 00a92000-00a94000 rw-p 00000000 00:00 0
> 00aa9000-00aaa000 r-xp 00000000 00:00 0          [vdso]
> 00b50000-00b56000 r-xp 00000000 08:08 1593615
> /usr/local/lib/snort_dynamicpreprocessor/libsf_reputation_preproc.so.0.0.0
> 00b56000-00b57000 r--p 00005000 08:08 1593615
> /usr/local/lib/snort_dynamicpreprocessor/libsf_reputation_preproc.so.0.0.0
> 00b57000-00b58000 rw-p 00006000 08:08 1593615
> /usr/local/lib/snort_dynamicpreprocessor/libsf_reputation_preproc.so.0.0.0
> 00c8e000-00c91000 r-xp 00000000 08:08 1593591    /usr/local
> /lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so.0.0.0
> 00c91000-00c92000 r--p 00002000 08:08 1593591
> /usr/local/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so.0.0.0Aborted
>  can any body help?????????????????
>
> ------------------------------------------------------------------------------
> Precog is a next-generation analytics platform capable of advanced
> analytics on semi-structured data. The platform includes APIs for building
> apps and a phenomenal toolset for data science. Developers can use
> our toolset for easy data analysis & visualization. Get a free account!
> http://www2.precog.com/precogplatform/slashdotnewsletter
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort
> news!




More information about the Snort-users mailing list