[Oisf-users] "suricata: double free or corruption" when I use bpf filter

Peter Manev petermanev at gmail.com
Wed Nov 9 21:16:17 UTC 2011 

On Wed, Nov 9, 2011 at 9:30 PM, carlopmart <carlopmart at gmail.com> wrote:

> On 11/09/2011 08:09 PM, Victor Julien wrote:
>
>> On 11/09/2011 06:58 PM, carlopmart wrote:
>>
>>> On 11/09/2011 06:44 PM, Peter Manev wrote:
>>>
>>>> Do you mind sharing the pcap?
>>>>
>>>
>>> No, here it is:
>>>
>>>
>> It works for me both with the pcap file and by going to that site. Are
>> you sure the rule is properly loaded?
>>
>>
> I think so. My suricata.yaml ... and rules directory:
>
> root at eorlingas:~# ls -la /data/config/etc/suricata/**rules/
> total 6988
> drwxr-xr-x 2 root root    4096 2011-11-09 17:21 .
> drwxr-xr-x 3 root root    4096 2011-11-09 17:59 ..
> -rw-r--r-- 1 root root  122503 2011-11-09 17:00 botcc.rules
> -rw-r--r-- 1 root root    6370 2011-11-09 17:00 ciarmy.rules
> -rw-r--r-- 1 root root  491257 2011-11-09 17:00 compromised.rules
> -rw-r--r-- 1 root root   12790 2011-11-09 17:00 drop.rules
> -rw-r--r-- 1 root root    2508 2011-11-09 17:00 dshield.rules
> -rw-r--r-- 1 root root  235300 2011-11-09 17:00 emerging-activex.rules
> -rw-r--r-- 1 root root   37067 2011-11-09 17:00
> emerging-attack_response.rules
> -rw-r--r-- 1 root root   32238 2011-11-09 17:00 emerging-chat.rules
> -rw-r--r-- 1 root root  147196 2011-11-09 17:00
> emerging-current_events.rules
> -rw-r--r-- 1 root root  261943 2011-11-09 17:00 emerging-deleted.rules
> -rw-r--r-- 1 root root   19160 2011-11-09 17:00 emerging-dns.rules
> -rw-r--r-- 1 root root   17882 2011-11-09 17:00 emerging-dos.rules
> -rw-r--r-- 1 root root  122459 2011-11-09 17:00 emerging-exploit.rules
> -rw-r--r-- 1 root root   37721 2011-11-09 17:00 emerging-ftp.rules
> -rw-r--r-- 1 root root   28306 2011-11-09 17:00 emerging-games.rules
> -rw-r--r-- 1 root root   14436 2011-11-09 17:00 emerging-icmp_info.rules
> -rw-r--r-- 1 root root    8657 2011-11-09 17:00 emerging-icmp.rules
> -rw-r--r-- 1 root root   14507 2011-11-09 17:00 emerging-imap.rules
> -rw-r--r-- 1 root root    9937 2011-11-09 17:00
> emerging-inappropriate.rules
> -rw-r--r-- 1 root root  279296 2011-11-09 17:00 emerging-malware.rules
> -rw-r--r-- 1 root root   19759 2011-11-09 17:00 emerging-misc.rules
> -rw-r--r-- 1 root root   31295 2011-11-09 17:00
> emerging-mobile_malware.rules
> -rw-r--r-- 1 root root  311949 2011-11-09 17:00 emerging-netbios.rules
> -rw-r--r-- 1 root root   43172 2011-11-09 17:00 emerging-p2p.rules
> -rw-r--r-- 1 root root  265967 2011-11-09 17:00 emerging-policy.rules
> -rw-r--r-- 1 root root    7769 2011-11-09 17:00 emerging-pop3.rules
> -rw-r--r-- 1 root root   48381 2011-11-09 17:00 emerging-rpc.rules
> -rw-r--r-- 1 root root    9316 2011-11-09 17:00 emerging-scada.rules
> -rw-r--r-- 1 root root   91967 2011-11-09 17:00 emerging-scan.rules
> -rw-r--r-- 1 root root   62699 2011-11-09 17:00 emerging-shellcode.rules
> -rw-r--r-- 1 root root    7846 2011-11-09 17:00 emerging-smtp.rules
> -rw-r--r-- 1 root root   10341 2011-11-09 17:00 emerging-snmp.rules
> -rw-r--r-- 1 root root  187606 2011-11-09 17:00 emerging-sql.rules
> -rw-r--r-- 1 root root    4093 2011-11-09 17:00 emerging-telnet.rules
> -rw-r--r-- 1 root root    5749 2011-11-09 17:00 emerging-tftp.rules
> -rw-r--r-- 1 root root  635106 2011-11-09 17:00 emerging-trojan.rules
> -rw-r--r-- 1 root root  150469 2011-11-09 17:00 emerging-user_agents.rules
> -rw-r--r-- 1 root root   17721 2011-11-09 17:00 emerging-virus.rules
> -rw-r--r-- 1 root root    8478 2011-11-09 17:00 emerging-voip.rules
> -rw-r--r-- 1 root root   90005 2011-11-09 17:00 emerging-web_client.rules
> -rw-r--r-- 1 root root  114405 2011-11-09 17:00 emerging-web_server.rules
> -rw-r--r-- 1 root root 2718773 2011-11-09 17:00 emerging-web_specific_apps.
> **rules
> -rw-r--r-- 1 root root   13911 2011-11-09 17:00 emerging-worm.rules
> -rw-r--r-- 1 root root   12601 2011-11-09 17:00 rbn-malvertisers.rules
> -rw-r--r-- 1 root root  265321 2011-11-09 17:00 rbn.rules
> -rw-r--r-- 1 root root   32413 2011-11-09 17:00 tor.rules
>
>
> --
> CL Martinez
> carlopmart {at} gmail {d0t} com
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
>
it does alert with your yaml too....

-- 
Peter Manev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20111109/e464f11a/attachment-0002.html>

More information about the Oisf-users mailing list