Government Security
Network Security Resources

Jump to content

Photo

Ubuntu 10.04 + Snort

ubuntu shell ips ids
  • Please log in to reply
2 replies to this topic

#1 Ryan M

Ryan M

    Global Moderator

  • Colonel
  • 1,741 posts

Posted 05 April 2011 - 02:01 PM

Hey guys,

weird issue, I can't seem to resolve. I've double checked my snort.conf, and other conf files all is good, yet I keep getting this error in my terminal upon launching snort..

root@Freya:/etc/snort# snort -i eth0 -c /etc/snort/snort.conf
Running in IDS mode

        --== Initializing Snort ==--
Initializing Output Plugins!
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file /etc/snort/snort.conf
PortVar 'HTTP_PORTS' defined :  [ 80 ]
PortVar 'SHELLCODE_PORTS' defined :  [ 0:79 81:65535 ]
PortVar 'ORACLE_PORTS' defined :  [ 1521 ]
PortVar 'FTP_PORTS' defined :  [ 21 ]
Frag3 global config:
    Max frags: 65536
    Fragment memory cap: 4194304 bytes
ERROR: /etc/snort/snort.conf(293) => Invalid Frag3 engine option (overlap_limit)
Fatal Error, Quitting..
root@Freya:/etc/snort# 

I've checked the line pertaining to the frag3 preprocessors and all looks well. Can anyone shed some light? My snort.conf can be provided if needed.
There is no security on this earth. Only opportunity.
-Douglas MacArthur

GSO Compiled Exploit Database
----------------------------------------
[b]Mod at GovernmentSecurity

#2 No Dice

No Dice

    Retired GSO Second Lieutenant

  • Sergeant Major
  • 723 posts

Posted 05 April 2011 - 10:02 PM

overlap_limit <number> - Limits the number of overlapping fragments per packet. The default
is "0" (unlimited), the minimum is "0", and the maximum is "255". This is an
optional parameter. detect_anomalies option must be configured for this option
to take effect.



What does line 293 of /etc/snort/snort.conf show?

#3 Ryan M

Ryan M

    Global Moderator

  • Colonel
  • 1,741 posts

Posted 08 April 2011 - 09:18 PM

Hey ND, just caught your reply. Got that part working actually, I got Snort running (no sensors loading for some reason). I'm assuming at this point it was a botched install. Everything was compiled from source, so I probably botched something somewhere. Thanks for the reply though bud.
There is no security on this earth. Only opportunity.
-Douglas MacArthur

GSO Compiled Exploit Database
----------------------------------------
[b]Mod at GovernmentSecurity





Also tagged with one or more of these keywords: ubuntu, shell, ips, ids