Snort mailing list archives
Latest CVS - still invalid timestamps on Alpha Linux
From: Vladimir Strezhnev <vlast () eetc com>
Date: Thu, 5 Jul 2001 17:06:55 -0500
PLATFORM: Ruffian Alpha (by DeskStation Technologies) RedHat 6.2 (2.2.16-3) Snort-1.8-beta9 (and all previous) PROBLEM: Random dates and invalid years (with -y option) in log files on Alpha platform. DESCRIPTION: Following is selected log entries produced by testing with Nessus. All entries were collected on July 5, after 4pm within several seconds' span: [**] IDS162 - PING Nmap2.36BETA [**] 07/31/64596097-22:55:18.0192.168.1.206 -> 192.168.1.38 ICMP TTL:38 TOS:0x0 ID:44588 IpLen:20 DgmLen:28 Type:8 Code:0 ID:13714 Seq:0 ECHO =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ [**] SCAN NULL [**] 05/03/116564777-06:06:14.192.168.1.206:0 -> 192.168.1.38:0 TCP TTL:62 TOS:0x0 ID:15526 IpLen:20 DgmLen:20 ******** Seq: 0x0 Ack: 0x0 Win: 0x0 TcpLen: 0 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ [**] SCAN Proxy attempt [**] 10/18/106995166-01:20:22.192.168.1.206:60589 -> 192.168.1.38:1080 TCP TTL:62 TOS:0x0 ID:56005 IpLen:20 DgmLen:20 ******S* Seq: 0x4FC53079 Ack: 0x0 Win: 0x800 TcpLen: 20 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ [**] SCAN nmap fingerprint attempt [**] 12/19/67121471-22:23:26.0192.168.1.206:60598 -> 192.168.1.38:21 TCP TTL:46 TOS:0x0 ID:28149 IpLen:20 DgmLen:60 **U*P*SF Seq: 0xDEDDD0BC Ack: 0x0 Win: 0xC00 TcpLen: 40 UrgPtr: 0x0 TCP Options (5) => WS: 10 NOP MSS: 265 TS: 1061109567 0 EOL =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ [**] IDS028 - PING NMAP TCP [**] 12/19/67121471-22:23:26.0192.168.1.206:60599 -> 192.168.1.38:21 TCP TTL:46 TOS:0x0 ID:21065 IpLen:20 DgmLen:60 ***A**** Seq: 0xDEDDD0BC Ack: 0x0 Win: 0xC00 TcpLen: 40 TCP Options (5) => WS: 10 NOP MSS: 265 TS: 1061109567 0 EOL =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ [**] IDS028 - PING NMAP TCP [**] 12/19/67121471-22:23:26.0192.168.1.206:60601 -> 192.168.1.38:1 TCP TTL:46 TOS:0x0 ID:28804 IpLen:20 DgmLen:60 ***A**** Seq: 0xDEDDD0BC Ack: 0x0 Win: 0xC00 TcpLen: 40 TCP Options (5) => WS: 10 NOP MSS: 265 TS: 1061109567 0 EOL =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ Here is the output of hwclock --debug run on the Alpha host. hwclock 2.13 User did not specific a clock access method. Searching for one... Not selecting rtc method because: Found file /dev/rtc, but The device special file '/dev/rtc' exists, but the device driver for it is not in your kernel (and the kerneld service did not load it either. See the Hwclock man page (section "Linux rtc device driver ") for details. hwclock was built for a kernel without KDHWCLK capability (according to the kernel's kd.h header file), and the KDGHWCLK ioctl() doesn't work either. Using direct I/O instructions to ISA clock. booted from MILO Ruffian BCD clock Last drift adjustment done Thu Jul 5 15:00:21 2001 (Time 994363221) Last calibration done Thu Jul 5 15:00:21 2001 (Time 994363221) Assuming hardware clock is kept in LOCAL time. Waiting for clock tick... ...got clock tick Time read from Hardware Clock: Y=101 M=7 D=5 16:32:45 mktime_tz: TZ environment variable is not set. Hw clock time : Thu Jul 5 16:32:45 2001 = 994368765 seconds since 1969 UTC Thu Jul 5 16:32:45 2001 -0.505956 seconds CDT Skipping update of adjtime file because nothing has changed. -- VLAD STREZHNEV _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Latest CVS - still invalid timestamps on Alpha Linux Vladimir Strezhnev (Jul 05)