Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-users] Snort v2.7.0 Now Available

from [Justin Heath] Network Security [Permanent Link]
Subject: Re: [Snort-users] Snort v2.7.0 Now Available
Date: Fri, 20 Jul 2007 16:33:04 -0400 
Can you add your stream5 conf? BTW, if you have icmp tracking on in
stream5 turn it off as this is still experimental.

Cheers,
Justin

On 7/20/07, Colin Grady <colin.grady@gmail.com> wrote:

I do not have a backtrace or pcap to provide, sorry.

I used a compiled version using the following options:

./configure --prefix=/opt/snort --enable-pthread
--enable-dynamicplugin --enable-gre

This is on Ubuntu feisty (server).

Command-line options are:

/opt/snort/bin/snort -c /opt/snort/etc/snort_eth0.conf -K none

Making only a change to the config to switch from stream5 (when it
crashes after 1-2 minutes) to stream4 caused the Snort process to
remain stable and not segfault. Because of the consistency of the
segfault timeframe, I'm not sure it's related to the traffic crossing
the monitored wire.

Thanks,

Colin Grady


On 7/20/07, Justin Heath <justin.heath@gmail.com> wrote:

On 7/20/07, Justin Heath <justin.heath@gmail.com> wrote:

Colin,

Can you please provide some addtional detail? What OS, version etc?
Are you using a binary from snort.org or did you compile from source?
If you compiled from source what configure and build options did you
use? Do you have a pcap or backtrace associated with this fault? If
you have a backtrace and/or pcap and do not wish to post it to the
list please send to bugs@snort.org.


Cheers,
Justin

On 7/20/07, Colin Grady <colin.grady@gmail.com> wrote:

I'm seeing a segmentation fault occur after a couple minutes of
running in IDS mode -- doesn't seem to matter if it's in daemon mode
or not. Anyone else seeing this?

Thanks,

Colin Grady


On 7/19/07, Snort Releases <snortreleases@snort.org> wrote:

Hi everyone,

Snort v2.7.0 has been released. The software and source code is
available at: http://snort.org/dl/

A development version of v2.7.0 was mistakenly posted over the 
weekend.
   We apologize for any confusion this may have caused.  The final
v2.7.0 is now available on the Snort site.

Snort v2.7.0 includes:

     * Target-based stream reassembly, including handling of TCP data
overlaps and anomalous TCP header flags on a per-destination basis. 11
different target-based policies are supported. See README.stream5 for
specific configuration options for operating system targets.
     * UDP session tracking
     * Option to emulate Stream4 flushing behaviour
     * Stream5 replaces BOTH Stream4 & Flow -- should disable both of
these when Stream5 is enabled.
     * Security and memory footprint improvements

Happy Snorting!

The Snort Release Team
Sourcefire, Inc.

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Snort-users] CVS is back up, Matt Kettler
Next by Date:  Re: [Snort-users] Snort v2.7.0 Now Available, Colin Grady
Previous by Thread:  Re: [Snort-users] Snort v2.7.0 Now Available, Colin Grady
Next by Thread:  Re: [Snort-users] Snort v2.7.0 Now Available, Colin Grady
Indexes:  [Date] [Thread] [Top] [All Lists]