Snort mailing list archives

Previous By Date Next
Previous By Thread Next

AW: Snort service stop

From: "Pesek Wolfgang (Mail)" <WPesek () council net>
Date: Sun, 12 Aug 2001 18:04:04 +0200
ACK !

Encountered the same problem on a W2k-box. (1.7 and mySQl)

After checkiing all settings and testing under all circumstances i found out
that the service is stopping when there is extrem ICMP-Traffic on the wire.
As soon as ICMP-Flooding is stopped snort is running without problems. 

Dont know if this is a problem with W2k or snort :-(

Anybody out there to give some hints ??

thanks in advance and best regards,
Wolfgang


-----Originalnachricht-----
Von: Ken Mencher
An: snort-users () lists sourceforge net
Gesendet: 06.08.01 21:56
Betreff: RE: [Snort-users] Snort service stop

I'm seeing something similar on 1.7 under W2k... 

Snort runs beautifully, picking up hackers of all sorts...for about
10-15 minutes...and then, nothing...(well, nothing goes into the logs,
at least...)

When I restart snort, it runs fine again for 10-15 minutes....and the
same thing...it just kinda stops... 

The program is still running, taking about 50% of my CPU power...but it
just isn't finding anything.... 



Ken Mencher 
-----Original Message----- 
From: gerhard () wtci net [ mailto:gerhard () wtci net
<mailto:gerhard () wtci net> ] 
Sent: Monday, August 06, 2001 11:34 AM 
To: snort-users () lists sourceforge net 
Subject: [Snort-users] Snort service stop 


Hi Guys, 

I was checking the archives, but do not find info on my problem. 
I'm running Snort 1.8p1, beautiful... logging on MySQL. 
Have 2 nics, 1 promiscuous and other to talk to db. 
Problem is when the connection to the db is lost, even for a split
second 
the snort service stop. 
The only entry in the log is " device eth0 left promiscuous mode" 
What do I have to check , was thinking of running a cron to restart
service 
,but missing the point then. 

Has anyone had the same problem ? 
Thank you 
Gerhard 

***CONFIDENTIALITY NOTICE***This email contains confidential information

which may also be legally privileged and which is intended only for the
use 
of the recipient(s) named above. If you are not the intended recipient,
you 
are hereby notified that forwarding or copying of this email, or the
taking 
of any action in reliance on its contents, may be strictly prohibited.
If 
you have received this email in error, please notify us immediately by
reply 
email and delete this message from your inbox. Thank you. 

_______________________________________________ 
Snort-users mailing list 
Snort-users () lists sourceforge net 
Go to this URL to change user options or unsubscribe: 
http://lists.sourceforge.net/lists/listinfo/snort-users
<http://lists.sourceforge.net/lists/listinfo/snort-users>  
Snort-users list archive: 
http://www.geocrawler.com/redir-sf.php3?list=snort-users
<http://www.geocrawler.com/redir-sf.php3?list=snort-users>
Previous By Date Next
Previous By Thread Next

Current thread: