[Snort-users] Snort silently dying...
Carlos G Mendioroz
tron at ...4514...
Wed Mar 11 16:55:32 EDT 2015
Nope, as I said, it silently died.
The only sign of it leaving was "adapter xxx left promiscuous mode".
What surprised me is that it had been working for ages (well, months)
and without any change it started dying. It sounds like some "new"
attack was sending it belly up. Too late now, I have already upgraded :)
Y M @ 11/03/2015 17:40 -0300 dixit:
> Besides from upgrading to a newer Snort version, do you see any messages
> in syslog that may indicate what errors caused it o terminate?
> > Date: Mon, 9 Mar 2015 17:34:50 -0300
> > From: tron at ...4514...
> > To: snort-users at lists.sourceforge.net
> > Subject: [Snort-users] Snort silently dying...
> > Hi,
> > Version 22.214.171.124 GRE (Build 47), running on Ubuntu 14.04.
> > W/o any change, it started to die. I'm usually running 2 copies (one per
> > interface of interest, so to say).
> > I do report to dshield and became suspicious because I had not reported
> > anything in a day. Checked and there was only one of them running.
> > Most alarms I get come from SIP attacks. There is no "unusual activity"
> > that I'm aware of, but something is killing it.
> > Is there anything easy to track this down, short of starting a packet
> > trace and correlating the time of death (indicated by the interface
> > leaving promiscuous mode only) ?
> > I should update too, I guess, but that will be like sweeping under the
> > rug, wouln't it ?
> > TIA,
> > --
> > Carlos G Mendioroz <tron at ...4514...>
> > Dive into the World of Parallel Programming The Go Parallel Website,
> > by Intel and developed in partnership with Slashdot Media, is your
> hub for all
> > things parallel software development, from weekly thought leadership
> blogs to
> > news, videos, case studies, tutorials and more. Take a look and join the
> > conversation now. http://goparallel.sourceforge.net/
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> > Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
Carlos G Mendioroz <tron at ...4514...>
More information about the Snort-users