From owner-freebsd-stable Mon Jan 15 19:33:23 2001 Delivered-To: freebsd-stable@freebsd.org Received: from lynx.aba.net.au (lynx.esec.com.au [203.21.84.1]) by hub.freebsd.org (Postfix) with SMTP id F205C37B69D for ; Mon, 15 Jan 2001 19:33:00 -0800 (PST) Received: (qmail 12870 invoked from network); 16 Jan 2001 03:32:58 -0000 Received: from swun.esec.com.au (HELO esec.com.au) (203.21.85.207) by lynx.esec.com.au with SMTP; 16 Jan 2001 03:32:58 -0000 Message-ID: <3A63C1FD.330CB59@esec.com.au> Date: Tue, 16 Jan 2001 14:37:33 +1100 From: Sam Wun Organization: eSec Limited X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Ron Rosson Cc: freebsd-stable@freebsd.org, snort-users@lists.sourceforge.net, ipfilter@coombs.anu.edu.au Subject: Re: [Snort-users] Server locks up every 5-6 days References: <20010115172424.A79430@lunatic.oneinsane.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Can you show your df result? Ron 'The InSaNe One' Rosson wrote: > I have a server running at a clients that has a problem of rebooting > every 5-6 days. It duties are as follows: > > Provide NAT for 25 workstations > Be a Network Firewall > Be a Network IDS > Run a Web server for easy viewing for the Higher-ups > > The Server is FreeBSD 4.2-STABLE as of Dec 21, 2000 running on a k6-2 > 400 (mobo has the pcib2: . The > internal and externla interfaces are Intel Pro 10/100B/100+ Ethernet > cards. Machine has 64megs of RAM > > The NAT and Firewall chores are being handled by ipfilter 3.4.8 > > The IDS is snort version 1.7 logging to a mysql database (localhost) > running the vision.conf ruleset (http://whitehats.com/ids) > > The webserver is Apach version 1.3.14 with mod_php4 (to allow ACID for > snort to be viewed proplerly). > > The only public port open to this box is 22 (ssh) for administrative > purposes. All other ports are blocked or filtered. > > >From looking at the /var/log/messages and the ACID interface the box > seems to get bombarded with the following log entires: > > Jan 11 18:26:30 mybox snort: IDS193/ddos-stacheldraht server-spoof: xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx > > Anyone have any ideas what could be causing this.. The Lockups are in > such a way that the only choice you have is to hit the reset button. > > TIA > -- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message