pfSense Gold Subscription

Author Topic: Problem SNORT 2.9.1 pkg v. 2.1  (Read 11543 times)

0 Members and 1 Guest are viewing this topic.

Offline taryezveb

  • Full Member
  • ***
  • Posts: 104
  • Karma: +0/-0
    • View Profile
Re: Problem SNORT 2.9.1 pkg v. 2.1
« Reply #60 on: January 28, 2012, 09:51:34 am »
My experience when upgrading:

I reinstalled Snort but would not start due to this error:

Code: [Select]
FATAL ERROR: pf.conf => Table snort2c,, don't exists in packet filter
On the first try on doing a fresh install of Snort failed with an error[did not write down the exact error]. On second fresh install, this time all went well. But Snort would not start, received this error:

Code: [Select]
kernel: pid 712 (snort), uid 0: exited on signal 11
Tried a reboot and still got the error above. Then unchecked "Settings will not be removed during deinstall." and did another fresh install. After updating the rules and using my old options/settings, all works great now.

I would like to Thank everyone that posted their experience.


Offline ermal

  • Administrator
  • Hero Member
  • *****
  • Posts: 3364
  • Karma: +0/-0
    • View Profile
Re: Problem SNORT 2.9.1 pkg v. 2.1
« Reply #61 on: January 28, 2012, 02:54:29 pm »
Where is the beer?  ;D

Offline Cino

  • Hero Member
  • *****
  • Posts: 1051
  • Karma: +0/-0
    • View Profile
Re: Problem SNORT 2.9.1 pkg v. 2.1
« Reply #62 on: January 28, 2012, 03:27:45 pm »
Where is the beer?  ;D

hmm, i could use one right now.. have to check to refrigerator... But seriously, If you guys really want to see fixes/added features to snort, please donate to the cause. I've already donated a couple of times myself last year. And I will continue to donate as I really love this freaking firewall :-) Yeah funds are tight just like everyone else and I have mouths to feed these days... But what ever you can donate goes a long way. Ermal just wants beer for using coding time.. In the US that could get him a case(2 12packs) of some great micro-brews for less then 25bucks or 1 1/2-2 cases of bud or girls-light, coors light i meant to say..

I bring this up because every time there is a problem with snort, the posts are so negative! I get the idea that certain users depend on snort like it will shut down their whole operation if its not working. If that is case, donate money then and stop b1tching.. Yeah I get piss when snort stops working but instead of b1tching about it. I post its broken, here are the logs, steps i tried to get it going..... Then I wait for a developer to fix.. Sometimes its not fix right away, but that is why we test... and test everything so the developer can try and it fix as quickly as possible...

i dont mean to offend anyone by this post... just me venting and saying my thoughts out loud

Offline taryezveb

  • Full Member
  • ***
  • Posts: 104
  • Karma: +0/-0
    • View Profile
Re: Problem SNORT 2.9.1 pkg v. 2.1
« Reply #63 on: January 28, 2012, 04:59:34 pm »
Where is the beer?  ;D

I sent funds to pfSense and made it clear to donate a portion to a few packages, including Snort of course. I will donate again when I can.

Thanks

Offline mdima

  • Sr. Member
  • ****
  • Posts: 384
  • Karma: +0/-0
    • View Profile
Re: Problem SNORT 2.9.1 pkg v. 2.1
« Reply #64 on: January 31, 2012, 01:47:52 pm »
Hi,
 I agree... I was deciding my company to support pfSense (then adding extra support hours because I needed a quick help), I have seen the time and effort that all the people involved in the project spend, and the quality as professionality and skills, and I think that all this can't be "just for free"...

Now that I switched to pfSense and I know it a little better, I can assert that it's my company's best interest to make this project sustainable for the people working in it, and I will push my company to renew the subscription when it will expire (even if it's not a good year, as I guess for many people).

Thanks to all,
Michele

Offline dhatz

  • Hero Member
  • *****
  • Posts: 1002
  • Karma: +0/-0
    • View Profile
Re: Problem SNORT 2.9.1 pkg v. 2.1
« Reply #65 on: February 02, 2012, 04:41:25 pm »
Please note that snort v2.9.0.5 End-of-Life day is a few weeks away:

Quote
You will now see that the EOL date for Snort version 2.9.0.5 is set for 2012-03-13, that's March 13, 2012.
http://blog.snort.org/2011/12/snort-2905-eol-date-has-been-posted.html

PS: On my system snort --version suggests it is version 2.9.0.5, but the package is labeled 2.9.1
« Last Edit: February 02, 2012, 05:13:25 pm by dhatz »

Offline Cino

  • Hero Member
  • *****
  • Posts: 1051
  • Karma: +0/-0
    • View Profile
Re: Problem SNORT 2.9.1 pkg v. 2.1
« Reply #66 on: February 02, 2012, 07:44:40 pm »
looks like the binaries have to be updated to either Snort 2.9.1.2 or Snort 2.9.2.  There is a Snort 2.9.2 binary on files.pfsense.org but its not compiled to use the alert_pf function from some testing I just did. I have a feeling this binary was going for the snort-dev package which isn't published anymore.

Offline ermal

  • Administrator
  • Hero Member
  • *****
  • Posts: 3364
  • Karma: +0/-0
    • View Profile
Re: Problem SNORT 2.9.1 pkg v. 2.1
« Reply #67 on: February 03, 2012, 10:22:23 am »
Quote
PS: On my system snort --version suggests it is version 2.9.0.5, but the package is labeled 2.9.1
Yeah but 2.9.0.5 seems to live longer than the 2.9.1 version.

I will get to 2.9.2.x asap.

Offline TooMeeK

  • Full Member
  • ***
  • Posts: 124
  • Karma: +0/-0
    • View Profile
Re: Problem SNORT 2.9.1 pkg v. 2.1
« Reply #68 on: February 04, 2012, 05:54:55 am »
Hi guys, let's have some fun with this.
SNORT is kicking me out everytime I click "save" on my Worpress site over SSL remotely :)
Any ideas?
« Last Edit: February 04, 2012, 06:06:35 am by TooMeeK »

Offline Cino

  • Hero Member
  • *****
  • Posts: 1051
  • Karma: +0/-0
    • View Profile
Re: Problem SNORT 2.9.1 pkg v. 2.1
« Reply #69 on: February 04, 2012, 08:12:45 am »
easy one, create a suppress list. do a search and you'll find many examples on how to set one up.

Offline ccb056

  • Full Member
  • ***
  • Posts: 129
  • Karma: +0/-0
    • View Profile
Re: Problem SNORT 2.9.1 pkg v. 2.1
« Reply #70 on: February 04, 2012, 12:09:56 pm »
this might work:

Code: [Select]
#(ssp_ssl) Invalid Client HELLO after Server HELLO Detected
suppress gen_id 137, sig_id 1

Offline Gradius

  • Full Member
  • ***
  • Posts: 140
  • Karma: +0/-0
    • View Profile
Re: Problem SNORT 2.9.1 pkg v. 2.1
« Reply #71 on: February 04, 2012, 12:39:10 pm »
Quote
PS: On my system snort --version suggests it is version 2.9.0.5, but the package is labeled 2.9.1
Yeah but 2.9.0.5 seems to live longer than the 2.9.1 version.

I will get to 2.9.2.x asap.


Last version is 2.9.2.1:
http://www.snort.org/snort-downloads

This means we will see that soon on pfsense as new package?

Offline Gradius

  • Full Member
  • ***
  • Posts: 140
  • Karma: +0/-0
    • View Profile
Re: Problem SNORT 2.9.1 pkg v. 2.1
« Reply #72 on: February 14, 2012, 10:45:17 pm »
What's the change on pkg v. 2.1.1 ?!
« Last Edit: February 14, 2012, 10:52:27 pm by Gradius »

Offline TooMeeK

  • Full Member
  • ***
  • Posts: 124
  • Karma: +0/-0
    • View Profile
Re: Problem SNORT 2.9.1 pkg v. 2.1
« Reply #73 on: March 31, 2012, 09:15:13 am »
Forgot to update:
Code: [Select]
#(ssp_ssl) Invalid Client HELLO after Server HELLO Detected
suppress gen_id 137, sig_id 1
Of course it worked like a charm. No more kicks.