Snort mailing list archives

Re: Flexresp problem

From: "Tudor Panaitescu" <tpanaitescu () colorcon com>
Date: Mon, 15 Apr 2002 06:26:51 -0400



If snort is stopped, the web service works fine, no resets whatsoever. I
commented out the offending rules in web-frontpage, started snort and everything
works fine again. The interesting thing is that Snort 1.8.3 worked fine, same
machine, same web server, (almost) same set of rules. Pretty goofy, isn't it ?

Thanks,
Tudor








Erek Adams <erek () theadamsfamily net> on 04/14/2002 09:33:06 PM
                                                              
                                                              
                                                              
  To:          Tudor Panaitescu/ColorconUS@ColorconUS         
                                                              
  cc:          snort-users () lists sourceforge net              
                                                              
                                                              
                                                              
  Subject      Re: [Snort-users] Flexresp problem             
  :                                                           
                                                              






On Sun, 14 Apr 2002, Tudor Panaitescu wrote:

[...snip...]

Situation: no resp configured for web-frontpage "access to shtml.exe" and
still all the connections to http://IP[1,2,3]/shtml.exe* from !HOME_NET are
reset. The same for "author.exe" rules, no resp configured but the
connections from !HOME_NET are reset.

Do you know what's all about ?


Well...  I can only assume something else is going on.

Force this to happen, and capture the traffic to binary as you do so.  Then
trace back over the packets to see what's causing the reset--Webserver or
Snortbox.  That would show you your culprit.

Also check your apache error_log file.  Perhaps you've got some apache
redirects going on?  Maybe someone else is session sniping on your net?

Lotsa things that it could be....  Just need to get more info on what's
causing it.

Cheers!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net





_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Flexresp problem Tudor Panaitescu (Apr 14)
- Re: Flexresp problem Erek Adams (Apr 14)
- <Possible follow-ups>
- Re: Flexresp problem Tudor Panaitescu (Apr 15)
  - Segmentation fault (core dumped) Carlos Augusto Silva (Apr 15)
    - Re: Segmentation fault (core dumped) Erek Adams (Apr 15)
  - Re: Flexresp problem Erek Adams (Apr 15)
- Re: Flexresp problem Tudor Panaitescu (Apr 15)
  - Re: Flexresp problem Erek Adams (Apr 15)
- Re: Flexresp problem Tudor Panaitescu (Apr 15)
- Re: Flexresp problem Tudor Panaitescu (Apr 20)
  - Re: Flexresp problem Alwin Raymundo (Apr 20)
  - Re: Flexresp problem Erek Adams (Apr 20)
- Re: Flexresp problem Tudor Panaitescu (Apr 20)

(Thread continues...)