[Snort-users] Errors after upgrade to 2.9.4.1

Alexander Grüner agruener at ...348...
Wed Mar 13 09:51:29 EDT 2013


Hello,

after upgrading Snort from 2.9.3.1 to 2.9.4.1 and daq from 1.1.1 to 
2.0.0 I have some problems.

Snort does not start

Mar 13 14:27:36 computer snort[3758]:   Finished Loading all dynamic 
preprocessor libs from /usr/local/snort/lib/snort_dynamicpreprocessor/

Mar 13 14:27:36 computer snort[3758]: FATAL ERROR: The dynamic detection 
library "/usr/local/snort/lib/snort_dynamicrules/p2p.so" version 1.0 
compiled with dynamic engine library version 1.16 isn't compatible with 
the current dynamic engine library 
"/usr/local/snort/lib/snort_dynamicengine/libsf_engine.so" version 1.17.


The files are old:

user at ...4972...:/usr/local/snort/lib/snort_dynamicrules$ ll
total 2744
drwxr-xr-x 2 root root   4096 Sep 11  2012 ./
drwxr-xr-x 7 root root   4096 Okt 25  2011 ../
-rwxr-xr-x 1 root root 226471 Sep 11  2012 bad-traffic.so*
-rwxr-xr-x 1 root root  37326 Sep 11  2012 chat.so*
-rwxr-xr-x 1 root root 302172 Sep 11  2012 dos.so*
-rwxr-xr-x 1 root root 361980 Sep 11  2012 exploit.so*
-rwxr-xr-x 1 root root  38375 Sep 11  2012 icmp.so*
-rwxr-xr-x 1 root root  44963 Sep 11  2012 imap.so*
-rwxr-xr-x 1 root root 151736 Sep 11  2012 misc.so*
-rwxr-xr-x 1 root root  61134 Sep 11  2012 multimedia.so*
-rwxr-xr-x 1 root root 174463 Sep 11  2012 netbios.so*
-rwxr-xr-x 1 root root  36765 Sep 11  2012 nntp.so*
-rwxr-xr-x 1 root root  35975 Sep 11  2012 p2p.so*
-rwxr-xr-x 1 root root 125858 Sep 11  2012 smtp.so*
-rwxr-xr-x 1 root root  62847 Sep 11  2012 snmp.so*
-rwxr-xr-x 1 root root  71521 Sep 11  2012 specific-threats.so*
-rwxr-xr-x 1 root root  46375 Sep 11  2012 web-activex.so*
-rwxr-xr-x 1 root root 883593 Sep 11  2012 web-client.so*
-rwxr-xr-x 1 root root  37774 Sep 11  2012 web-iis.so*
-rwxr-xr-x 1 root root  69621 Sep 11  2012 web-misc.so*


I do not know if this corresponds to my oinkmaster issue. I am not able 
to download snapshot 2941 but 2940 works.

Does not work:
#url = 
http://www.snort.org/pub-bin/oinkmaster.cgi/***************/snortrules-snapshot-2941.tar.gz

Works:
url = 
http://www.snort.org/pub-bin/oinkmaster.cgi/************/snortrules-snapshot-2940.tar.gz


user at ...4972...:~/snort-2.9.4.1$ sudo /usr/sbin/oinkmaster -o 
/usr/local/snort/rules

Loading /etc/oinkmaster.conf
Downloading file from 
http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapshot-2941.tar.gz... 

/usr/sbin/oinkmaster: Error: could not download from 
http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapshot-2941.tar.gz. 
Output from wget follows:

http://www.snort.org/pub-bin/oinkmaster.cgi/*oinkcode*/snortrules-snapshot-2941.tar.gzResolving 
proxy.domain.de (proxy.doamin.de)... 192.168.101.11
Connecting to proxy.domain.de (proxy.domain.de)|192.168.101.11|:3128... 
connected.
Proxy request sent, awaiting response... 403 Forbidden
2013-03-13 14:05:00 ERROR 403: Forbidden.


Any help / idea is appreciated.

Alexander




More information about the Snort-users mailing list