Snort mailing list archives

Re: Snort Problems -- access etc

From: Brad Lhotsky <lhotskyb () mail nih gov>
Date: Tue, 08 Nov 2005 18:40:05 -0500

We've had some issues with IPv6 with Fedora Core 4. Until it stopsexhibiting strange behavior, we've been disabling it:


/etc/sysconfig/network
NETWORKING_IPV6=no

/etc/modprobe.conf
alias net-pf-10 off
alias ipv6 off

If you still have problems, it could be something strange with hyperthreading. I've been setting things up with postgresql and rememberseeing a message about pgsql having performance problems with HTenabled. Granted, you're not using pgsql, but I'd try disabling HT fora day and seeing if you still get that weird behavior if disabling IPv6doesn't help.


Timothy A. Holmes wrote:


I am on the trail of a puzzle here:

I have a FC4 box running SNORT, and the associated processes (httpd,
mysql, etc) to keep it happy.

It is monitoring on one port which is outside our firewall, and is
talking to the inside on another port.

At times, everything seems happy happy, but other times, I try to hit
the box, and cannot get in either via http, or via ssh, the requests
keep timing out

I fed it the uptime command and all of the load averages came back as

0.00,

The box is a Pentium 4, 2.0 HT with one gig of memory and a 40 gig hard
drive

I could sure use some help tracking this down,  I cannot rely on SNORT
till I can get these access problems resolved.

I am also interested in using this as a learning tool for diagnosing
this type of problems in the future, so if you can include thoughts on
strategy etc that would be greatly appreciated.

Thanks

TIM


Timothy A. Holmes
IT Manager / Network Admin / Web Master / Computer Teacher

Medina Christian Academy

A Higher Standard...

Jeremiah 33:3

Jeremiah 29:11
Esther 4:14



-------------------------------------------------------
SF.Net email is sponsored by:

Tame your development challenges with Apache's Geronimo App Server.Download

it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


--
Brad Lhotsky <lhotskyb () grc nia nih gov>
NCTS Computer Specialist
Phone: 410.558.8006

Current thread:

Snort Problems -- access etc Timothy A. Holmes (Nov 08)
- Re: Snort Problems -- access etc Gene R Gomez (Nov 08)
- Re: Snort Problems -- access etc Brad Lhotsky (Nov 08)