Failed to Initialize Dynamic Preprocessor: SF_SDF (IPV6) Version 1.1.1

Today I have tried to update my Snort and rules and when testing I got this error message because IPV6 was not enabled on my computer.

The fix is very simple, just delete sf_sdf.dll file from C:\Snort\lib\snort_dynamicpreprocessor directory and start snort again.

Update of snort is very simple and it can be described in few simple steps which can be used for fresh install as well:

  • download Snort 2.8.6 from the www.snort.org site
  • download WinPcap 4.1.1 from the www.winpcap.org
  • install both of them on the target machine
  • download the latest community rules from www.snort.org (you need to register and log in to be able to download them)
  • extract rules to C:\Snort overwriting existing files and open Snort.conf file in the etc map
  • find line nr. 155 and replace it to this dynamicpreprocessor directory C:\Snort\lib\snort_dynamicpreprocessor
  • then replace line 158 to this dynamicengine C:\Snort\lib\snort_dynamicengine\sf_engine.dll
  • and then comment out line 161 if you don’t have dynamic rules #dynamicdetection directory /usr/local/lib/snort_dynamicrules
  • now when you are done if you are not using IPV6 delete sf_sdf.dll file from C:\Snort\lib\snort_dynamicpreprocessor to avoid this error
  • start Snort to test it
  • start Snort as service if test is OK