Snort mailing list archives
AW: (Snort-users) Snort (rpm) die with big ping. (was: e-mai
From: <sandro.poppi () wacker com>
Date: Wed, 19 Sep 2001 07:54:00 +0200
If I remember right this has been posted on the list some days before (can't find it in the archive, strange). I think this is nothing special with my RPM but with snort itself, maybe a buffer overflow (I'm not very familiar with debugging in linux). Marty, you might have a look on it. Regards, Sandro
-----Ursprüngliche Nachricht----- Von: "Bruno Gimenes Pereti" <pereti () ump edu br> at Internet Gesendet: Dienstag, 18. September 2001 11:09 An: <snort-users () lists sourceforge net> at Internet Betreff: [Snort-users] Snort (rpm) die with big ping. (was: e-mail al Hi Sandro, First of all, thank you Sandro for your contrib with your site. I installed the snort you packed in rpm and got a strange result. Well, first let me show the sistem: RedHat 7.1, kernel 2.4.2-2, mysql-3.23.36-1, libpcap-0.4-39 (all rpm). I configured snort to log in a remote mysql server where I have another snort logging. It started perfectly but there were no new sensor id added in the table snort.sensor. For testing I did: "ping 192.168.1.100 -s 65507" the snort died. Here is the output of "gdb snort core": (gdb) backtrace #0 0x81807f7e in ?? () #1 0x0804b8b1 in strcpy () at ../sysdeps/generic/strcpy.c:31 #2 0x0807ba4c in strcpy () at ../sysdeps/generic/strcpy.c:31 #3 0x0807b4ec in strcpy () at ../sysdeps/generic/strcpy.c:31 #4 0x080577a6 in strcpy () at ../sysdeps/generic/strcpy.c:31 #5 0x0804b8b1 in strcpy () at ../sysdeps/generic/strcpy.c:31 #6 0x0807c736 in strcpy () at ../sysdeps/generic/strcpy.c:31 #7 0x0807ca5f in strcpy () at ../sysdeps/generic/strcpy.c:31 #8 0x0807d70f in strcpy () at ../sysdeps/generic/strcpy.c:31 #9 0x0804ce3f in strcpy () at ../sysdeps/generic/strcpy.c:31 #10 0x0804b767 in strcpy () at ../sysdeps/generic/strcpy.c:31 #11 0x401a0177 in __libc_start_main (main=0x804b0b0 <strcpy+276>, argc=2, ubp_av=0xbffffb2c, init=0x804a4f4 <_init>, fini=0x8087100 <_fini>, rtld_fini=0x4000e184 <_dl_fini>, stack_end=0xbffffb1c) at ../sysdeps/generic/libc-start.c:129 The strange thing is that the other machine where I have snort and libpcap compiled locally the snort don't die. Could anyone help me? thank's Bruno Gimenes Pereti. ----- Original Message ----- From: <sandro.poppi () wacker com> To: <erek () theadamsfamily net>; <snortlst () hotmail com> Cc: <snort-users () lists sourceforge net> Sent: Tuesday, September 18, 2001 2:10 AM Subject: [Snort-users] AW: (Snort-users) e-mail alertsYou might want to have a look on my Snort-Statistics-HOWTO athttp://www.lug-burghausen.org/projects/Snort-Statistics/t1.htm
l where I used
swatch to send emails and winpopups. HTH Ciao, Sandro
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- AW: (Snort-users) Snort (rpm) die with big ping. (was: e-mai sandro.poppi (Sep 19)