Date: Mon, 15 Jan 2001 17:24:24 -0800 From: Ron 'The InSaNe One' Rosson <insane@lunatic.oneinsane.net> To: freebsd-stable@freebsd.org Cc: snort-users@lists.sourceforge.net, ipfilter@coombs.anu.edu.au Subject: Server locks up every 5-6 days Message-ID: <20010115172424.A79430@lunatic.oneinsane.net>
next in thread | raw e-mail | index | archive | help
I have a server running at a clients that has a problem of rebooting every 5-6 days. It duties are as follows: Provide NAT for 25 workstations Be a Network Firewall Be a Network IDS Run a Web server for easy viewing for the Higher-ups The Server is FreeBSD 4.2-STABLE as of Dec 21, 2000 running on a k6-2 400 (mobo has the pcib2: <VIA 82C598MVP (Apollo MVP3) Chipset>. The internal and externla interfaces are Intel Pro 10/100B/100+ Ethernet cards. Machine has 64megs of RAM The NAT and Firewall chores are being handled by ipfilter 3.4.8 The IDS is snort version 1.7 logging to a mysql database (localhost) running the vision.conf ruleset (http://whitehats.com/ids) The webserver is Apach version 1.3.14 with mod_php4 (to allow ACID for snort to be viewed proplerly). The only public port open to this box is 22 (ssh) for administrative purposes. All other ports are blocked or filtered. From looking at the /var/log/messages and the ACID interface the box seems to get bombarded with the following log entires: Jan 11 18:26:30 mybox snort: IDS193/ddos-stacheldraht server-spoof: xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx Anyone have any ideas what could be causing this.. The Lockups are in such a way that the only choice you have is to hit the reset button. TIA -- ------------------------------------------------------------------------------ Ron Rosson ... and a UNIX user said ... The InSaNe One rm -rf * insane@oneinsane.net and all was /dev/null and *void() ------------------------------------------------------------------------------ I yield to Abdul Alhazred's superior knowledge of Cthulhu! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010115172424.A79430>