Menu
▾
▴
Re: [Snort-inline-users] =?iso-2022-jp?b?c25vcnRfaW5saW5lLTIuNi4xLjUg?= =?iso-2022-jp?b?cHJvYmxlbXMgGyRCISQbKEJwbGVhc2UgaGVscCBtZSAh?=
|
From: ChunXin <ch...@os...> - 2007-10-12 04:50:09
|
See attchment ,it's my snort_inline.conf file
Regards
ChunXin
Will Metcalf 写道:
> send your snort_inline.conf please....
>
> Regards,
>
> Will
>
> On 10/11/07, ChunXin <ch...@os...> wrote:
>
>> I am using snort_inline-2.6.1.5,but I encountered many problems
>>
>> 1, my network topological graph as follow :
>>
>>
>> {Client (192.168.9.2) nmap}<--->{ snort_inline-2.6.1.5 }<--->{ Server
>> 192.168.1.2 (web) }
>>
>>
>> 2, And i started my snort_inline by this way : "iptables -A FORWARD -j
>> QUEUE && sonrt_inline -Q -c snort_inline.conf ",
>> When I use nmap scan web server , The snort_inline always stop and on
>> the screen showed "Segmentation fault"
>>
>> I use "strace" check his running status (strace -f -p 5668 ,5668 is pid
>> of snort_inline), when snort_inline stoped,the screen
>> showed :
>> --------------------------------------------------------------------------------------------------
>> gettimeofday({1192126318, 360095}, NULL) = 0
>> write(5, "[**] [122:1:0] (portscan) TCP Po"..., 44) = 44
>> write(5, "10/12-02:11:58.360095 192.168.9."..., 49) = 49
>> write(5, "PROTO255 TTL:0 TOS:0x0 ID:0 IpLe"..., 51) = 51
>> write(5, "\n", 1) = 1
>> write(6, "10/12-02:11:58.360095 [**] [122"..., 105) = 105
>> write(3, "ng\16G\237~\5\0\256\0\0\0\256\0\0\0MACDADMACDAD\10\0E\0"...,
>> 190) = 190
>> --- SIGSEGV (Segmentation fault) @ 0 (0) ---
>>
>> -----------------------------------------------------------------------------------------------------
>>
>> I tracked several times ,every time that like this information , and
>> the "(portscan)" word never changed!
>> It's a bug of sfportscan !? or I have not done right?
>>
>>
>> 3, my snort_inline-2.6.1.5 configure options as follow :
>> ./configure --prefix=/usr/local/snort_inline --enable-pthread
>> --enable-stream4udp --enable-dynamicplugin --enable-timestats
>> --enable-perfprofiling --enable-linux-smp-stats --enable-flexresp2
>> --enable-react --enable-nfnetlink --enable-clamav
>> --with-mysql=/usr/local/mysql
>> --with-libpcap-includes=/usr/local/libpcap/include
>> --with-libpcap-libraries=/usr/local/libpcap/lib
>> --with-clamav-includes=/usr/local/clamav/include
>> --with-clamav-defdir=/usr/local/clamav/share/clamav
>>
>> Best Regards
>>
>>
>> -------------------------------------------------------------------------
>> This SF.net email is sponsored by: Splunk Inc.
>> Still grepping through log files to find problems? Stop.
>> Now Search log events and configuration files using AJAX and a browser.
>> Download your FREE copy of Splunk now >> http://get.splunk.com/
>> _______________________________________________
>> Snort-inline-users mailing list
>> Sno...@li...
>> https://lists.sourceforge.net/lists/listinfo/snort-inline-users
>>
>>
|
