Pages

Friday, April 30

Snort 2.8.6 segfaults

Putting this post up for the people who will Google the error.
If you get an error that looks like something like this:
"segfault at 0 ip b7955947 sp bfa35d70 error 4 in libsf_engine.so.0.0.0[b7953000+8000]"

When you start Snort after you have upgraded to 2.8.6 from 2.8.5.3 (or whatever)

This means you are running 2.8.5.3 SO rules with the 2.8.6 engine. You need the 2.8.6 rules to run with the 2.8.6 engine.

You can get the rules here: http://www.snort.org/snort-rules

Make sure you read this post too: http://blog.joelesler.net/2010/04/new-vrt-rulepack-changes.html
at
Labels: , , , ,

1 comment:

Tweets that mention Snort 2.8.6 segfaults | Finshake -- Topsy.com said...

[...] This post was mentioned on Twitter by JoelEsler. JoelEsler said: Snort 2.8.6 segfaults http://goo.gl/fb/oJ2rM [...]

Fri Apr 30, 04:30:00 AM

Post a Comment

Subscribe to: Post Comments (Atom)
  • Offset, Depth, Distance, and Within
    Without going off the deep-end here and discussing every single Snort rule keyword, I just wanted to touch on a few modifiers that people so...
  • Writing Snort Rules Correctly
    Let me start off by saying I'm not bashing the writer of this article, and I'm trying not to be super critical.  I don't want to...
  • Moving from Omnifocus to Reminders
    Let's say you're like me, an avid Omnifocus user, but you've been hearing great things about Reminders on MacOS/iOS/iPadOS, and ...