Various problems in 1.8p1

[Andreas Steinmetz <ast () domdv de>]

Hi,
since upgrading to snort 1.8p1 from snort 1.7 I do snort crashes about 2 times
a day. Right now I set up core dumping and wait for the crash to happen again.
What may be a hint, however, is these two alerts I've got (no, the system time
is set properly, all other alerts show the proper timestamp):

01/01-02:00:00.000000  [**] [1:527:1] MISC same SRC/DST [**] [Classification:
Potentially Bad Traffic] [Priority: 2] {IP} 0.0.0.0 -> 0.0.0.0
01/01-02:00:00.536870912  [**] [1:527:1] MISC same SRC/DST [**]
[Classification: Potentially Bad Traffic] [Priority: 2] {IP} 0.0.0.0 -> 0.0.0.0

This smells like an uninitialized pointer or uninitialized memory problem.

BTW: The stream4 preprocessor floods the logs with "spp_stream4: Possible
RETRANSMISSION detection" entries when alerts for this preprocessor are
enabled. Unfortunately the alerts are caused by a perfectly established tcp vpn
connection that usually is connected for months (2MBit<->ATM<->128KBit). tcpdump
shows nothing unusual regarding this connection.


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users