Snort unexpectedly terminates / signal 11 error



  • Hello, It's not a hardware issue, I tested on several pc-s Intel and AMD processors, It seems to be a rule issue, When I put these two rules

    #tcp
    alert tcp !$HOME_NET any -> $HOME_NET ![27000:30000,9987] (flags: S; msg:"Possible TCP DoS"; flow: stateless; threshold: type both, track by_src, count 200, seconds 1; sid:10001;rev:1;)

    #udp
    alert udp !$HOME_NET any -> $HOME_NET ![27000:30000,9987] (msg:"Possible UDP DoS"; flow: stateless; threshold: type both, track by_src, count 300, seconds 1; sid:10002;rev:1;)

    when the alert is triggered snort is exiting on signal 11.

    Those 2 rules were very important to me, can you plese tell me an alternative to them or can you please solve this problem?

    I tried also with gid in rules, but still not working

    With the old snort package in pfsense those 2 rules worked just fine.

    Thank you.



  • Try adding a classtype to the rule.



  • Thank you very much, It works when I added "classtype:attempted-dos; priority:1;", I was looking for a solution for this problem for like 2 months and you nailed it :)

    I`m so glad it works, thank you again.



  • Took me some time to figure it out myself - couldn't find anything on the web. At least now it can be found on the web  ;)
    Is it a bug? I thought that classtype is not mandatory. Actually all goes well until snort try to output to the alert log.


Log in to reply