Snort mailing list archives

Re: Segment Fault Error in snort-2.9.4.5


From: Ashraf Ali <ashrafali.ibs () gmail com>
Date: Sun, 21 Apr 2013 12:42:24 +0530

Yes , snort is still running , and Baryard2 is stopped.
what i have observed is the sig id :1384 is repeated in community rules
also, so i have disabled it in snort rules by adding # in front .

is it because of duplicate rules in snort.rules and in community.rules ?

Ashraf



On Fri, Apr 19, 2013 at 7:52 PM, Joel Esler <jesler () sourcefire com> wrote:


On Apr 19, 2013, at 9:21 AM, Ashraf Ali <ashrafali.ibs () gmail com> wrote:

Hi All,

i have recently install snort 2.9.4.5, with rules from snort and ET . i
have  updated the sid-msg.map , classification.config , and
reference.config files before starting the deamons of snort and barnyard2.

everything was working fine in the past 2 days, but today , i have seen
barnyard2 Deamon is not running, and in the logs i found this

*
Opened spool file '/var/log/snort/snort.u2.136637438'
04/19-18:07:13.315134  [**] [1:1384:15] DOS UPnP malformed advertisement
[**]
Segmentation fault*

Does it mean that rule (sid 1384 ) is not in proper format or not correct ?



Is Snort running?  Just Barnyard2 stopped?

Joel


------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread: