Snort unexpectedly terminates / signal 11 error
-
Hello, It's not a hardware issue, I tested on several pc-s Intel and AMD processors, It seems to be a rule issue, When I put these two rules
#tcp
alert tcp !$HOME_NET any -> $HOME_NET ![27000:30000,9987] (flags: S; msg:"Possible TCP DoS"; flow: stateless; threshold: type both, track by_src, count 200, seconds 1; sid:10001;rev:1;)#udp
alert udp !$HOME_NET any -> $HOME_NET ![27000:30000,9987] (msg:"Possible UDP DoS"; flow: stateless; threshold: type both, track by_src, count 300, seconds 1; sid:10002;rev:1;)when the alert is triggered snort is exiting on signal 11.
Those 2 rules were very important to me, can you plese tell me an alternative to them or can you please solve this problem?
I tried also with gid in rules, but still not working
With the old snort package in pfsense those 2 rules worked just fine.
Thank you.
-
Try adding a classtype to the rule.
-
Thank you very much, It works when I added "classtype:attempted-dos; priority:1;", I was looking for a solution for this problem for like 2 months and you nailed it :)
I`m so glad it works, thank you again.
-
Took me some time to figure it out myself - couldn't find anything on the web. At least now it can be found on the web ;)
Is it a bug? I thought that classtype is not mandatory. Actually all goes well until snort try to output to the alert log.