Menu
▾
▴
snort-inline-users
|
From: Thomas P. <tho...@UG...> - 2003-11-24 16:52:04
|
> Hi, > > I'm trying to set up snort inline. But after initialization it errors > with code 16. Seems to be an ipq problem > (the sample program from libipq manual gave same error). > I guess I missed something during setup, but can't find out exactly what. > I'd highly appreciate any help. > > thanks in advance, > > Thomas Pollet > > This problem is quite similiar to the one discussed in_ > __http://sourceforge.net/mailarchive/forum.php?thread_id=3303416&forum_id=32933_ > <http://sourceforge.net/mailarchive/forum.php?thread_id=3303416&forum_id=32933> > although nobody posted a solution. > > for the record, > > I am using slackware 9, kernel 2.4.22, iptables-1.2.9 and my lsmod > looks like > > Module Size Used by Not tainted > iptable_filter 1644 1 (autoclean) > ip_conntrack_irc 2992 0 (unused) > ip_conntrack_ftp 3888 0 (unused) > ip_conntrack 18016 2 [ip_conntrack_irc ip_conntrack_ftp] > ipt_LOG 3384 0 (unused) > ip_tables 11768 2 [iptable_filter ipt_LOG] > pcmcia_core 38112 0 > ip_queue 5420 0 (unused) > ide-scsi 8048 0 > 3c59x 26736 1 > nls_cp850 3580 1 (autoclean) > nls_iso8859-15 3356 2 (autoclean) > ntfs 51040 2 (autoclean) > |
|
From: Brent D. <br...@de...> - 2003-12-15 04:28:25
|
I ran into this and realized I had a snort_inline process running in daemon
mode still. Don't know if that helps or not.
-- Brent
-----Original Message-----
From: sno...@li...
[mailto:sno...@li...]On Behalf Of Thomas
Pollet
Sent: Tuesday, November 25, 2003 10:54 AM
To: sno...@li...
Subject: Re: [Snort-inline-users] snort inline hangs
Hi,
I'm trying to set up snort inline. But after initialization it errors
with code 16. Seems to be an ipq problem
(the sample program from libipq manual gave same error).
I guess I missed something during setup, but can't find out exactly
what.
I'd highly appreciate any help.
thanks in advance,
Thomas Pollet
This problem is quite similiar to the one discussed in
http://sourceforge.net/mailarchive/forum.php?thread_id=3303416&forum_id=3293
3
although nobody posted a solution.
for the record,
I am using slackware 9, kernel 2.4.22, iptables-1.2.9 and my lsmod
looks like
Module Size Used by Not tainted
iptable_filter 1644 1 (autoclean)
ip_conntrack_irc 2992 0 (unused)
ip_conntrack_ftp 3888 0 (unused)
ip_conntrack 18016 2 [ip_conntrack_irc ip_conntrack_ftp]
ipt_LOG 3384 0 (unused)
ip_tables 11768 2 [iptable_filter ipt_LOG]
pcmcia_core 38112 0
ip_queue 5420 0 (unused)
ide-scsi 8048 0
3c59x 26736 1
nls_cp850 3580 1 (autoclean)
nls_iso8859-15 3356 2 (autoclean)
ntfs 51040 2 (autoclean)
|
|
From: Brent D. <br...@de...> - 2003-12-15 04:32:26
|
I have the problem in this thread http://sourceforge.net/mailarchive/forum.php?thread_id=3303416&forum_id=3293 3 that everything is being passed through unless it hits up against a limit. ip_queue is loaded but is unused. RedHat 9 with 2.4.22 patched with ebtables-brnf-3-vs-2.4.22 I am using the snort_inline toolkit for 2.05 and iptables 1.2.9 (removed the rpm version) bridge-utils is the latest and compiled from source Snort_inline will create entries in /var/log but they are never alerts - just packet dumps. I am only using test.rules Any help is most appreciated - I can provide more information if necessary. -- Brent |
|
From: Brent D. <br...@de...> - 2003-12-15 06:59:29
|
Ended up being that I didn't create /var/log/snort - so the proper log file was not present and it defaulted to just logging packet dumps. I didn't notice it because I was running snort_inline from the command line in the foreground. I started using snort_inline.sh and saw the error msg there. Incidently - my ip_queue is still unused but it doesn't seem to matter. -- Brent -----Original Message----- From: sno...@li... [mailto:sno...@li...]On Behalf Of Brent Deterding Sent: Sunday, December 14, 2003 10:32 PM To: sno...@li... Subject: [Snort-inline-users] snort_inline not blocking - ip_queue loaded but unused I have the problem in this thread http://sourceforge.net/mailarchive/forum.php?thread_id=3303416&forum_id=3293 3 that everything is being passed through unless it hits up against a limit. ip_queue is loaded but is unused. RedHat 9 with 2.4.22 patched with ebtables-brnf-3-vs-2.4.22 I am using the snort_inline toolkit for 2.05 and iptables 1.2.9 (removed the rpm version) bridge-utils is the latest and compiled from source Snort_inline will create entries in /var/log but they are never alerts - just packet dumps. I am only using test.rules Any help is most appreciated - I can provide more information if necessary. -- Brent ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-inline-users mailing list Sno...@li... https://lists.sourceforge.net/lists/listinfo/snort-inline-users |
|
From: pieter c. <pi...@co...> - 2003-12-15 08:33:33
|
Can you verify that your rules actually have drop/sdrop/reject targets? Pieter On Mon, 2003-12-15 at 04:32, Brent Deterding wrote: > I have the problem in this thread > http://sourceforge.net/mailarchive/forum.php?thread_id=3303416&forum_id=3293 > 3 that everything is being passed through unless it hits up against a limit. > ip_queue is loaded but is unused. > > RedHat 9 with 2.4.22 patched with ebtables-brnf-3-vs-2.4.22 > I am using the snort_inline toolkit for 2.05 and iptables 1.2.9 (removed the > rpm version) > bridge-utils is the latest and compiled from source > > Snort_inline will create entries in /var/log but they are never alerts - > just packet dumps. I am only using test.rules > > Any help is most appreciated - I can provide more information if necessary. > > -- Brent > > > > ------------------------------------------------------- > This SF.net email is sponsored by: IBM Linux Tutorials. > Become an expert in LINUX or just sharpen your skills. Sign up for IBM's > Free Linux Tutorials. Learn everything from the bash shell to sys admin. > Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click > _______________________________________________ > Snort-inline-users mailing list > Sno...@li... > https://lists.sourceforge.net/lists/listinfo/snort-inline-users |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X