[Oisf-users] New Suricata install crashes on Windows
J. Oquendo
joquendo at e-fensive.net
Tue Jun 5 18:54:50 UTC 2012
Hey everyone, I just went through a clean install via the msi on the
site, on a W2K3 machine. No matter what rules I use, the application
seems to crash:
C:\Suricata>suricata.exe -c suricata.yaml -i 22.21.20.19 -s
rules\emerging-web_server.rules
5/6/2012 -- 14:36:00 - <Info> - translated 22.21.20.19 to pcap device
\Device\NPF_{02858509-0BC6-4461-8626-3CB0251A21CA}
5/6/2012 -- 14:36:00 - <Info> - This is Suricata version 1.2.1 RELEASE
5/6/2012 -- 14:36:00 - <Info> - CPUs/cores online: 2
5/6/2012 -- 14:36:00 - <Info> - Failure when trying to get MTU via ioctl: 22
5/6/2012 -- 14:36:00 - <Info> - Using PCRE match-limit setting of: 35000
3 [main] suricata 5308 exception::handle: Exception:
STATUS_ILLEGAL_INSTRUCTION
1514 [main] suricata 5308 open_stackdumpfile: Dumping stack trace to
suricata.exe.stackdump
Thought it had something to do with mtu settings, so I opened
suricata.yaml modified the MTU to 1514, tried again:
C:\Suricata>suricata.exe -c suricata.yaml -i 22.21.20.19 -s
rules\emerging-web_server.rules
5/6/2012 -- 14:37:15 - <Info> - translated 22.21.20.19 to pcap device
\Device\NPF_{02858509-0BC6-4461-8626-3CB0251A21CA}
5/6/2012 -- 14:37:15 - <Info> - This is Suricata version 1.2.1 RELEASE
5/6/2012 -- 14:37:15 - <Info> - CPUs/cores online: 2
5/6/2012 -- 14:37:15 - <Info> - Using PCRE match-limit setting of: 3500
3 [main] suricata 976 exception::handle: Exception:
STATUS_ILLEGAL_INSTRUCTION
4623 [main] suricata 976 open_stackdumpfile: Dumping stack trace to
suricata.exe.stackdump
From time to time, I have seen equipment dislike even that MTU of 1514
so I also tried 1500, still the same. I thought rules, but wouldn't make
sense to me. Doesn't matter what rules I try, suricata always crashes.
Any pointers on how to resolve this? I tried Googling this issue before
posting, closest I got was:
http://code.google.com/p/security-onion/issues/detail?id=26
--
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM
"It takes 20 years to build a reputation and five minutes to
ruin it. If you think about that, you'll do things
differently." - Warren Buffett
CCEC BDEE 74ED 0575 8104 7B90 B60D 6401 56CC DBEA
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB60D640156CCDBEA
More information about the Oisf-users
mailing list