Snort mailing list archives

Segfault on SMB Alert

From: "Whyte, Jesse" <Jesse.Whyte () us gambro com>
Date: Thu, 18 Apr 2002 11:20:12 -0600

I'm trying to test SMB alerting on a test box.  Here's the specs:

Red Hat 7.2
samba-client-2.2.1a-4.i386.rpm
samba-common-2.2.1a-4.i386.rpm
snort 1.8.6 (built with --enable-flexresp --enable-smbclient)

Here is the command-line:  "/usr/local/bin/snort -abdDeA full -M
/etc/snort.smb.alert -c /etc/snort.conf"

a rule in local.rules:  "alert tcp $EXTERNAL_NET any -> $HOME_NET 23 (flags:
S;)"

one line in /etc/snort.smb.alert:  machine_to_log_to (without prepended \\)

When this rule is activated via an inbound telnet, snort receives a SIG_SEGV
and dies, leaving no core file.  What am I doing wrong?  No messages in any
log file speak to this failure.  If I strace the running snort process as it
receives the S packet to port 23, it makes 5 recvfrom() calls, then receives
the SEGV signal.

Has anyone seen this before?  What am I doing wrong?

Thanks, Jesse

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Segfault on SMB Alert Whyte, Jesse (Apr 18)