Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 16 Jan 2001 14:37:33 +1100
From:      Sam Wun <swun@esec.com.au>
To:        Ron Rosson <insane@lunatic.oneinsane.net>
Cc:        freebsd-stable@freebsd.org, snort-users@lists.sourceforge.net, ipfilter@coombs.anu.edu.au
Subject:   Re: [Snort-users] Server locks up every 5-6 days
Message-ID:  <3A63C1FD.330CB59@esec.com.au>
References:  <20010115172424.A79430@lunatic.oneinsane.net>
next in thread | previous in thread | raw e-mail | index | archive | help 

Can you show your df result?
Ron 'The InSaNe One' Rosson wrote:

> I have a server running at a clients that has a problem of rebooting
> every 5-6 days. It duties are as follows:
>
>         Provide NAT for 25 workstations
>         Be a Network Firewall
>         Be a Network IDS
>         Run a Web server for easy viewing for the Higher-ups
>
> The Server is FreeBSD 4.2-STABLE as of Dec 21, 2000 running on a k6-2
> 400 (mobo has the pcib2: <VIA 82C598MVP (Apollo MVP3) Chipset>. The
> internal and externla interfaces are Intel Pro 10/100B/100+ Ethernet
> cards. Machine has 64megs of RAM
>
> The NAT and Firewall chores are being handled by ipfilter 3.4.8
>
> The IDS is snort version 1.7 logging to a mysql database (localhost)
> running the vision.conf ruleset (http://whitehats.com/ids)
>
> The webserver is Apach version 1.3.14 with mod_php4 (to allow ACID for
> snort to be viewed proplerly).
>
> The only public port open to this box is 22 (ssh) for administrative
> purposes. All other ports are blocked or filtered.
>
> >From looking at the /var/log/messages and the ACID interface the box
> seems to get bombarded with the following log entires:
>
> Jan 11 18:26:30 mybox snort: IDS193/ddos-stacheldraht server-spoof: xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx
>
> Anyone have any ideas what could be causing this.. The Lockups are in
> such a way that the only choice you have is to hit the reset button.
>
> TIA
> --



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A63C1FD.330CB59>