Menu
▾
▴
Re: [Snort-inline-users] =?iso-2022-jp?b?c25vcnRfaW5saW5lLTIuNi4xLjUg?= =?iso-2022-jp?b?cHJvYmxlbXMgGyRCISQbKEJwbGVhc2UgaGVscCBtZSAh?=
|
From: Will M. <wil...@gm...> - 2007-10-12 03:03:27
|
send your snort_inline.conf please....
Regards,
Will
On 10/11/07, ChunXin <ch...@os...> wrote:
> I am using snort_inline-2.6.1.5,but I encountered many problems
>
> 1, my network topological graph as follow :
>
>
> {Client (192.168.9.2) nmap}<--->{ snort_inline-2.6.1.5 }<--->{ Server
> 192.168.1.2 (web) }
>
>
> 2, And i started my snort_inline by this way : "iptables -A FORWARD -j
> QUEUE && sonrt_inline -Q -c snort_inline.conf ",
> When I use nmap scan web server , The snort_inline always stop and on
> the screen showed "Segmentation fault"
>
> I use "strace" check his running status (strace -f -p 5668 ,5668 is pid
> of snort_inline), when snort_inline stoped,the screen
> showed :
> --------------------------------------------------------------------------------------------------
> gettimeofday({1192126318, 360095}, NULL) = 0
> write(5, "[**] [122:1:0] (portscan) TCP Po"..., 44) = 44
> write(5, "10/12-02:11:58.360095 192.168.9."..., 49) = 49
> write(5, "PROTO255 TTL:0 TOS:0x0 ID:0 IpLe"..., 51) = 51
> write(5, "\n", 1) = 1
> write(6, "10/12-02:11:58.360095 [**] [122"..., 105) = 105
> write(3, "ng\16G\237~\5\0\256\0\0\0\256\0\0\0MACDADMACDAD\10\0E\0"...,
> 190) = 190
> --- SIGSEGV (Segmentation fault) @ 0 (0) ---
>
> -----------------------------------------------------------------------------------------------------
>
> I tracked several times ,every time that like this information , and
> the "(portscan)" word never changed!
> It's a bug of sfportscan !? or I have not done right?
>
>
> 3, my snort_inline-2.6.1.5 configure options as follow :
> ./configure --prefix=/usr/local/snort_inline --enable-pthread
> --enable-stream4udp --enable-dynamicplugin --enable-timestats
> --enable-perfprofiling --enable-linux-smp-stats --enable-flexresp2
> --enable-react --enable-nfnetlink --enable-clamav
> --with-mysql=/usr/local/mysql
> --with-libpcap-includes=/usr/local/libpcap/include
> --with-libpcap-libraries=/usr/local/libpcap/lib
> --with-clamav-includes=/usr/local/clamav/include
> --with-clamav-defdir=/usr/local/clamav/share/clamav
>
> Best Regards
>
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems? Stop.
> Now Search log events and configuration files using AJAX and a browser.
> Download your FREE copy of Splunk now >> http://get.splunk.com/
> _______________________________________________
> Snort-inline-users mailing list
> Sno...@li...
> https://lists.sourceforge.net/lists/listinfo/snort-inline-users
>
|
