[email protected]
[Top] [All Lists]

Bug#418777: marked as forwarded (psad: snort_rule_dl ignored ?!?)

Subject: Bug#418777: marked as forwarded psad: snort_rule_dl ignored ?!?
From: Debian Bug Tracking System
Date: Thu, 12 Apr 2007 05:54:03 +0000
Your message dated Thu, 12 Apr 2007 07:51:43 +0200
with message-id <[email protected]>
has caused the Debian Bug report #418777,
regarding psad: snort_rule_dl ignored ?!?
to be marked as having been forwarded to the upstream software
author(s) .

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Subject: Re: Bug#418777: psad: snort_rule_dl ignored ?!?
From: Daniel Gubser
Date: Thu, 12 Apr 2007 07:51:43 +0200
Hello Mike

Can you please help with this bug?

Thanks
Daniel


Richard A Nelson schrieb:
> Package: psad
> Version: 2.0.6-1
> Severity: normal
>
> The recent psad upgrade decided to start blocking my AIX boxes because
> of their large ping size (even though the content/size was not
> malicious).
>
> No problem, I thought, I'll update /etc/psad/snort_rule_dl to include
> SIDs 384(ping), and 499 (large packet) with danger level 0:
> ---------------------------------------------
> #384: ICMP PING
> 384 0;
>
> #499: ICMP Large ICMP Packet
> 499 0;
> --------------------------------------------
>
> I then cleared the currently blocked machines and started psad
>
> Unfortunately, psad still wants to block, for the same two SIDs
>
> For the nonce, I just commented out those two rules in
> snort_rules/*icmp* and so far that seems to be doing the trick
>
> -- System Information:
> Debian Release: lenny/sid
>   APT prefers testing-proposed-updates
>   APT policy: (500, 'testing-proposed-updates'), (500, 'unstable'), (500, 
> 'testing'), (500, 'stable'), (1, 'experimental')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 2.6.18-3-amd64 (SMP w/2 CPU cores)
> Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/bash
>
> Versions of packages psad depends on:
> ii  iptables                1.3.6.0debian1-5 administration tools for packet 
> fi
> ii  libc6                   2.3.6.ds1-13     GNU C Library: Shared libraries
> ii  libcarp-clan-perl       5.8-1            Perl enhancement to Carp error 
> log
> ii  libdate-calc-perl       5.4-5            Perl library for accessing dates
> ii  libnetwork-ipv4addr-per 0.10-1.1         The Net::IPv4Addr perl module 
> API 
> ii  libunix-syslog-perl     0.100-5          Perl interface to the UNIX 
> syslog(
> ii  perl                    5.8.8-7          Larry Wall's Practical 
> Extraction 
> ii  psmisc                  22.3-1           Utilities that use the proc 
> filesy
> ii  sysklogd [syslogd]      1.4.1-20         System Logging Daemon
> ii  whois                   4.7.21           the GNU whois client
>
> Versions of packages psad recommends:
> ii  bastille                      1:2.1.1-13 Security hardening tool
>
> -- no debconf information
>
>   
   

--- End Message ---
<Prev in Thread] Current Thread [Next in Thread>
  • Bug#418777: marked as forwarded (psad: snort_rule_dl ignored ?!?), Debian Bug Tracking System <=