3. Snort crashes occasionally on ioctl error

Snort crashes occasionally on ioctl error

  • F

    Recent Snort versions (up to package v.2.2.3) crash with the following system log message, when blocking is enabled:

    snort[60245]: FATAL ERROR: s2c_pf_block() => ioctl() DIOCRADDADDRS: Inappropriate ioctl for device

    I am pretty sure that this error did not occcur with packages based on snort vs. 2.9.0.

    In this case the error occured when only the snort p2p rules were enabled, but I've seen this also with emerging threats rules.

    0
  • F

    The snort interface also went down when using the emerging threats p2p rules, only. It seemed that there was a larger time delay between blocking the offender and the crash of the interface. I'll keep at it.

    0
  • F

    I went back to enable the snort p2p rules and deactivated the ET rules. This time the interface did not crash when running a p2p client, but as already described somewhere else, there were bogus alert messages like

    (http_inspect) HTTP RESPONSE GZIP DECOMPRESSION FAILED - Unknown Traffic
    (http_inspect) SIMPLE REQUEST - Unknown Traffic

    for both interfaces I installed (WAN and LAN side).

    Things are working in a way but something seems to be scrambled.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy