Latest CVS - still invalid timestamps on Alpha Linux

[Vladimir Strezhnev <vlast () eetc com>]

PLATFORM:
Ruffian Alpha (by DeskStation Technologies)
RedHat 6.2 (2.2.16-3)
Snort-1.8-beta9 (and all previous)

PROBLEM:
Random dates and invalid years (with -y option) in log files on Alpha 
platform.

DESCRIPTION:
Following is selected log entries produced by testing with Nessus. All 
entries were collected on July 5, after 4pm within several seconds' span:

[**] IDS162 - PING Nmap2.36BETA [**]
07/31/64596097-22:55:18.0192.168.1.206 -> 192.168.1.38
ICMP TTL:38 TOS:0x0 ID:44588 IpLen:20 DgmLen:28
Type:8  Code:0  ID:13714   Seq:0  ECHO

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

[**] SCAN NULL [**]
05/03/116564777-06:06:14.192.168.1.206:0 -> 192.168.1.38:0
TCP TTL:62 TOS:0x0 ID:15526 IpLen:20 DgmLen:20
******** Seq: 0x0  Ack: 0x0  Win: 0x0  TcpLen: 0

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

[**] SCAN Proxy attempt [**]
10/18/106995166-01:20:22.192.168.1.206:60589 -> 192.168.1.38:1080
TCP TTL:62 TOS:0x0 ID:56005 IpLen:20 DgmLen:20
******S* Seq: 0x4FC53079  Ack: 0x0  Win: 0x800  TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

[**] SCAN nmap fingerprint attempt [**]
12/19/67121471-22:23:26.0192.168.1.206:60598 -> 192.168.1.38:21
TCP TTL:46 TOS:0x0 ID:28149 IpLen:20 DgmLen:60
**U*P*SF Seq: 0xDEDDD0BC  Ack: 0x0  Win: 0xC00  TcpLen: 40  UrgPtr: 0x0
TCP Options (5) => WS: 10 NOP MSS: 265 TS: 1061109567 0 EOL 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

[**] IDS028 - PING NMAP TCP [**]
12/19/67121471-22:23:26.0192.168.1.206:60599 -> 192.168.1.38:21
TCP TTL:46 TOS:0x0 ID:21065 IpLen:20 DgmLen:60
***A**** Seq: 0xDEDDD0BC  Ack: 0x0  Win: 0xC00  TcpLen: 40
TCP Options (5) => WS: 10 NOP MSS: 265 TS: 1061109567 0 EOL 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

[**] IDS028 - PING NMAP TCP [**]
12/19/67121471-22:23:26.0192.168.1.206:60601 -> 192.168.1.38:1
TCP TTL:46 TOS:0x0 ID:28804 IpLen:20 DgmLen:60
***A**** Seq: 0xDEDDD0BC  Ack: 0x0  Win: 0xC00  TcpLen: 40
TCP Options (5) => WS: 10 NOP MSS: 265 TS: 1061109567 0 EOL 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

Here is the output of hwclock --debug
run on the Alpha host.

hwclock 2.13
User did not specific a clock access method.  Searching for one...
Not selecting rtc method because:  Found file /dev/rtc, but The device 
special file '/dev/rtc' exists, but the device driver for it is
not in your kernel (and the kerneld service did not load it either.  See the 
Hwclock man page (section "Linux rtc device driver ") for details.

hwclock was built for a kernel without KDHWCLK capability (according to the 
kernel's kd.h header file), and the KDGHWCLK ioctl() doesn't work either.
Using direct I/O instructions to ISA clock.
booted from MILO
Ruffian BCD clock
Last drift adjustment done Thu Jul  5 15:00:21 2001 (Time 994363221)
Last calibration done Thu Jul  5 15:00:21 2001 (Time 994363221)
Assuming hardware clock is kept in LOCAL time.
Waiting for clock tick...
...got clock tick
Time read from Hardware Clock: Y=101 M=7 D=5 16:32:45
mktime_tz: TZ environment variable is not set.
Hw clock time : Thu Jul  5 16:32:45 2001 = 994368765 seconds since 1969 UTC
Thu Jul  5 16:32:45 2001  -0.505956 seconds CDT
Skipping update of adjtime file because nothing has changed.

-- 
VLAD STREZHNEV

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users