Snort mailing list archives
Re: Flexresp problem
From: "Tudor Panaitescu" <tpanaitescu () colorcon com>
Date: Sat, 20 Apr 2002 09:14:43 -0400
OK. Used my workstation, "pure" RH7.2, all the updates from RH installed, libnet-1.0.2a-1snort, libpcap-0.6.2-9, snort compiled locally, no aliases on any interface, apache-fp-1.3.22-6, same set of rules as on the production boxes, no resp in any of the rules ... and .... the same problem. Connections matching the rules are reset (icmp_all in the alerts log) even if there's no resp in the rule .... Does it make any sense ? Is anybody else having the same problem ? Thank you and all the best, Tudor Erek Adams <erek () theadamsfamily net> on 04/15/2002 07:29:30 PM To: Tudor Panaitescu/ColorconUS@ColorconUS cc: snort-users () lists sourceforge net Subject Re: [Snort-users] Flexresp problem : On Mon, 15 Apr 2002, Tudor Panaitescu wrote:
Nope, no changes. This is what makes it goofier .... Another thing: I have another sensor running in front of the firewall (no IP), RH7.1 upgraded to R.H7.2, same config, same packages, same ruleset ... that one works fine. Could it be because of the aliases I have on eth0 ?
Could be. I'd try removing them and see what happens.
Any other thoughts ?
It _really_ sounds like something special in just your config. I don't think there's anything that would cause this to happen in RH, but... You never know. :-) ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Flexresp problem Tudor Panaitescu (Apr 14)
- Re: Flexresp problem Erek Adams (Apr 14)
- <Possible follow-ups>
- Re: Flexresp problem Tudor Panaitescu (Apr 15)
- Segmentation fault (core dumped) Carlos Augusto Silva (Apr 15)
- Re: Segmentation fault (core dumped) Erek Adams (Apr 15)
- Re: Flexresp problem Erek Adams (Apr 15)
- Segmentation fault (core dumped) Carlos Augusto Silva (Apr 15)
- Re: Flexresp problem Tudor Panaitescu (Apr 15)
- Re: Flexresp problem Erek Adams (Apr 15)
- Re: Flexresp problem Tudor Panaitescu (Apr 15)
- Re: Flexresp problem Tudor Panaitescu (Apr 20)
- Re: Flexresp problem Alwin Raymundo (Apr 20)
- Re: Flexresp problem Erek Adams (Apr 20)
- Re: Flexresp problem Tudor Panaitescu (Apr 20)
- Re: Flexresp problem Tudor Panaitescu (Apr 21)
- Re: Flexresp problem Erek Adams (Apr 21)