Snort mailing list archives
Re: Snort 1.8.6 crashes after Ping of Death
From: Chris Green <cmg () sourcefire com>
Date: Thu, 11 Jul 2002 13:22:20 -0400
Rich Adamson <radamson () routers com> writes:
Chris, Think there might be some common things going on with v1.8.7 (and possibly earlier versions) that are masking the root-cause of issues. The following is a guess based on what I've been seeing the last few days: 1. The Win32 Barebones v1.8.7 release locks up a Win2kPro machine requiring a power-cycle to correct. The lockup seems to occur on the "second" alert when using a command line startup of: snort -c "e:\snort\snort.conf" -l "e:\snort\log" -A full -i 3 -s 127.0.0.1 By removing the -l option, the systems seems to be okay. (Note: smells something like the user's comment below, but only occurs when logging to a local disk file, not to mysql. You might not be seeing this issue if you're logging to some other non-flat-file location.
2. Check the contents of the current v1.8.7 downloadable file. At least from a Windows perspective, several source files appear to be missing. I can't tell if that's because the "project" list for Visual Studio might have old files still included (but the actual source files are removed) or what. Since the files are not within a section of code devoted to Win32 it appears as though they were simply missed in the tarball. Missing files include: avi_tree.c, spp_minfrag.c, spp_tcp_stream.c, spp_stream3.c. (Example: the Visual Studio Projects can't find spp_tcp_stream.c, but the tarball includes spp_tcp_stream2.c. Issue?)
Yes, there is an issue with the build scripts for 1.8.7 tarball. We will resolve them in the 1.9 set where a lot more windows specific fixes have been going in thanks to the work of Chris Reid. We'll work on resolving a lot of these issues for the 1.9 release. Sorry for the difficulties. I don't have many spare cycles at the moment. It will probably be the weekend before I have any time to look at it. -- Chris Green <cmg () sourcefire com> "Not everyone holds these truths to be self-evident, so we've worked up a proof of them as Appendix A." -- Paul Prescod ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek PC Mods, Computing goodies, cases & more http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort 1.8.6 crashes after Ping of Death Night-Stalker (Jul 11)
- Re: Snort 1.8.6 crashes after Ping of Death Chris Green (Jul 11)
- Re: Snort 1.8.6 crashes after Ping of Death Rich Adamson (Jul 11)
- Re: Snort 1.8.6 crashes after Ping of Death Chris Green (Jul 11)
- Re: Snort 1.8.6 crashes after Ping of Death Rich Adamson (Jul 11)
- Re: Snort 1.8.6 crashes after Ping of Death Rich Adamson (Jul 11)
- <Possible follow-ups>
- RE: Snort 1.8.6 crashes after Ping of Death McCammon, Keith (Jul 11)
- Re: Snort 1.8.6 crashes after Ping of Death Chris Green (Jul 11)