From owner-freebsd-stable Mon Jan 15 17:24:47 2001 Delivered-To: freebsd-stable@freebsd.org Received: from lunatic.oneinsane.net (lunatic.oneinsane.net [207.113.133.231]) by hub.freebsd.org (Postfix) with ESMTP id EDBD537B69E for ; Mon, 15 Jan 2001 17:24:24 -0800 (PST) Received: by lunatic.oneinsane.net (Postfix, from userid 1000) id 3F2B015551; Mon, 15 Jan 2001 17:24:24 -0800 (PST) Date: Mon, 15 Jan 2001 17:24:24 -0800 From: Ron 'The InSaNe One' Rosson To: freebsd-stable@freebsd.org Cc: snort-users@lists.sourceforge.net, ipfilter@coombs.anu.edu.au Subject: Server locks up every 5-6 days Message-ID: <20010115172424.A79430@lunatic.oneinsane.net> Reply-To: Ron Rosson Mail-Followup-To: freebsd-stable@freebsd.org, snort-users@lists.sourceforge.net, ipfilter@coombs.anu.edu.au Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i X-Operating-System: FreeBSD lunatic.oneinsane.net 4.1.1-STABLE X-Moon: The Moon is Waning Gibbous (56% of Full) X-Opinion: What you read here is my IMHO X-WWW: http://www.oneinsane.net X-GPG-FINGERPRINT: 3F11 DB43 F080 C037 96F0 F8D3 5BD2 652B 171C 86DB X-Uptime: 4:57PM up 78 days, 19:12, 1 user, load averages: 0.11, 0.08, 0.01 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I have a server running at a clients that has a problem of rebooting every 5-6 days. It duties are as follows: Provide NAT for 25 workstations Be a Network Firewall Be a Network IDS Run a Web server for easy viewing for the Higher-ups The Server is FreeBSD 4.2-STABLE as of Dec 21, 2000 running on a k6-2 400 (mobo has the pcib2: . The internal and externla interfaces are Intel Pro 10/100B/100+ Ethernet cards. Machine has 64megs of RAM The NAT and Firewall chores are being handled by ipfilter 3.4.8 The IDS is snort version 1.7 logging to a mysql database (localhost) running the vision.conf ruleset (http://whitehats.com/ids) The webserver is Apach version 1.3.14 with mod_php4 (to allow ACID for snort to be viewed proplerly). The only public port open to this box is 22 (ssh) for administrative purposes. All other ports are blocked or filtered. From looking at the /var/log/messages and the ACID interface the box seems to get bombarded with the following log entires: Jan 11 18:26:30 mybox snort: IDS193/ddos-stacheldraht server-spoof: xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx Anyone have any ideas what could be causing this.. The Lockups are in such a way that the only choice you have is to hit the reset button. TIA -- ------------------------------------------------------------------------------ Ron Rosson ... and a UNIX user said ... The InSaNe One rm -rf * insane@oneinsane.net and all was /dev/null and *void() ------------------------------------------------------------------------------ I yield to Abdul Alhazred's superior knowledge of Cthulhu! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message