Re: [Snort-users] Snort v2.7.0 Now Available
This is a discussion on Re: [Snort-users] Snort v2.7.0 Now Available within the Snort forums, part of the System Security and Security Related category; Can you add your stream5 conf? BTW, if you have icmp tracking on in stream5 turn it off as this ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
07-20-2007
|
|||
|
|||
Re: [Snort-users] Snort v2.7.0 Now Available
Can you add your stream5 conf? BTW, if you have icmp tracking on in
stream5 turn it off as this is still experimental. Cheers, Justin On 7/20/07, Colin Grady <colin.grady@gmail.com> wrote: > I do not have a backtrace or pcap to provide, sorry. > > I used a compiled version using the following options: > > ./configure --prefix=/opt/snort --enable-pthread > --enable-dynamicplugin --enable-gre > > This is on Ubuntu feisty (server). > > Command-line options are: > > /opt/snort/bin/snort -c /opt/snort/etc/snort_eth0.conf -K none > > Making only a change to the config to switch from stream5 (when it > crashes after 1-2 minutes) to stream4 caused the Snort process to > remain stable and not segfault. Because of the consistency of the > segfault timeframe, I'm not sure it's related to the traffic crossing > the monitored wire. > > Thanks, > > Colin Grady > > > On 7/20/07, Justin Heath <justin.heath@gmail.com> wrote: > > On 7/20/07, Justin Heath <justin.heath@gmail.com> wrote: > > > Colin, > > > > > > Can you please provide some addtional detail? What OS, version etc? > > > Are you using a binary from snort.org or did you compile from source? > > > If you compiled from source what configure and build options did you > > > use? Do you have a pcap or backtrace associated with this fault? If > > > you have a backtrace and/or pcap and do not wish to post it to the > > > list please send to bugs@snort.org. > > > > > > > > > Cheers, > > > Justin > > > > > > On 7/20/07, Colin Grady <colin.grady@gmail.com> wrote: > > > > I'm seeing a segmentation fault occur after a couple minutes of > > > > running in IDS mode -- doesn't seem to matter if it's in daemon mode > > > > or not. Anyone else seeing this? > > > > > > > > Thanks, > > > > > > > > Colin Grady > > > > > > > > > > > > On 7/19/07, Snort Releases <snortreleases@snort.org> wrote: > > > > > Hi everyone, > > > > > > > > > > Snort v2.7.0 has been released. The software and source code is > > > > > available at: http://snort.org/dl/ > > > > > > > > > > A development version of v2.7.0 was mistakenly posted over the weekend. > > > > > We apologize for any confusion this may have caused. The final > > > > > v2.7.0 is now available on the Snort site. > > > > > > > > > > Snort v2.7.0 includes: > > > > > > > > > > * Target-based stream reassembly, including handling of TCP data > > > > > overlaps and anomalous TCP header flags on a per-destination basis. 11 > > > > > different target-based policies are supported. See README.stream5 for > > > > > specific configuration options for operating system targets. > > > > > * UDP session tracking > > > > > * Option to emulate Stream4 flushing behaviour > > > > > * Stream5 replaces BOTH Stream4 & Flow -- should disable both of > > > > > these when Stream5 is enabled. > > > > > * Security and memory footprint improvements > > > > > > > > > > Happy Snorting! > > > > > > > > > > The Snort Release Team > > > > > Sourcefire, Inc. > > > > > > > > > > ------------------------------------------------------------------------- > > > > > This SF.net email is sponsored by: Microsoft > > > > > Defy all challenges. Microsoft(R) Visual Studio 2005. > > > > > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > > > > > _______________________________________________ > > > > > Snort-users mailing list > > > > > Snort-users@lists.sourceforge.net > > > > > Go to this URL to change user options or unsubscribe: > > > > > https://lists.sourceforge.net/lists/...fo/snort-users > > > > > Snort-users list archive: > > > > > http://www.geocrawler.com/redir-sf.p...st=snort-users > > > > > > > > > > > > > ------------------------------------------------------------------------- > > > > This SF.net email is sponsored by: Microsoft > > > > Defy all challenges. Microsoft(R) Visual Studio 2005. > > > > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > > > > _______________________________________________ > > > > Snort-users mailing list > > > > Snort-users@lists.sourceforge.net > > > > Go to this URL to change user options or unsubscribe: > > > > https://lists.sourceforge.net/lists/...fo/snort-users > > > > Snort-users list archive: > > > > http://www.geocrawler.com/redir-sf.p...st=snort-users > > > > > > > > > > > ------------------------------------------------------------------------- > > This SF.net email is sponsored by: Microsoft > > Defy all challenges. Microsoft(R) Visual Studio 2005. > > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > > _______________________________________________ > > Snort-users mailing list > > Snort-users@lists.sourceforge.net > > Go to this URL to change user options or unsubscribe: > > https://lists.sourceforge.net/lists/...fo/snort-users > > Snort-users list archive: > > http://www.geocrawler.com/redir-sf.p...st=snort-users > > > ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
