Snort mailing list archives
Re: Flexresp problem
From: Alwin Raymundo <alrayworld () yahoo com>
Date: Sat, 20 Apr 2002 07:15:57 -0700 (PDT)
Hi everybody, I'm experience the same thing last week ago when I compiled my snort with mysql and flexresp. Some of our office mates using frontpage for web editing but our server is RH6.0 The edit some of our website at their respective home and there is no problem but when I compiled last week the snort(1.8.6) with mysql and flexresp all their connection has been reset the message in the log is "reset by peer". The sad thing is that I did not apply the resp rule in my *.rules Is this a bug or something? Can anyone explain it to us for educational purpose only. Thanks in Advance. --- Tudor Panaitescu <tpanaitescu () colorcon com> wrote:
OK. Used my workstation, "pure" RH7.2, all the updates from RH installed, libnet-1.0.2a-1snort, libpcap-0.6.2-9, snort compiled locally, no aliases on any interface, apache-fp-1.3.22-6, same set of rules as on the production boxes, no resp in any of the rules ... and .... the same problem. Connections matching the rules are reset (icmp_all in the alerts log) even if there's no resp in the rule .... Does it make any sense ? Is anybody else having the same problem ? Thank you and all the best, Tudor Erek Adams <erek () theadamsfamily net> on 04/15/2002 07:29:30 PM To: Tudor Panaitescu/ColorconUS@ColorconUS cc: snort-users () lists sourceforge net Subject Re: [Snort-users] Flexresp problem : On Mon, 15 Apr 2002, Tudor Panaitescu wrote:Nope, no changes. This is what makes it goofier.... Another thing: I haveanother sensor running in front of the firewall(no IP), RH7.1 upgraded toR.H7.2, same config, same packages, same ruleset... that one works fine.Could it be because of the aliases I have on eth0? Could be. I'd try removing them and see what happens.Any other thoughts ?It _really_ sounds like something special in just your config. I don't think there's anything that would cause this to happen in RH, but... You never know. :-) ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users ===== Alwin Raymundo __________________________________________________ Do You Yahoo!? Yahoo! Games - play chess, backgammon, pool and more http://games.yahoo.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Flexresp problem Tudor Panaitescu (Apr 14)
- Re: Flexresp problem Erek Adams (Apr 14)
- <Possible follow-ups>
- Re: Flexresp problem Tudor Panaitescu (Apr 15)
- Segmentation fault (core dumped) Carlos Augusto Silva (Apr 15)
- Re: Segmentation fault (core dumped) Erek Adams (Apr 15)
- Re: Flexresp problem Erek Adams (Apr 15)
- Segmentation fault (core dumped) Carlos Augusto Silva (Apr 15)
- Re: Flexresp problem Tudor Panaitescu (Apr 15)
- Re: Flexresp problem Erek Adams (Apr 15)
- Re: Flexresp problem Tudor Panaitescu (Apr 15)
- Re: Flexresp problem Tudor Panaitescu (Apr 20)
- Re: Flexresp problem Alwin Raymundo (Apr 20)
- Re: Flexresp problem Erek Adams (Apr 20)
- Re: Flexresp problem Tudor Panaitescu (Apr 20)
- Re: Flexresp problem Tudor Panaitescu (Apr 21)
- Re: Flexresp problem Erek Adams (Apr 21)