Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Replies 38 replies
  • Subscribers 0 subscribers
  • Views 11263 views
  • Users 0 members are here
Options
Suggested

[7.920][BUG][FIXED] IPS stuck in a loop and won't stop loading.

Billybob
Just adding some information on my condition. Its obvious that IPS is broken in this version. My IPS keeps on trying to reload although its turned off via webadmin. I did turn it on initially and had lost connectivity but now it just keeps on running. 

Tried /var/mdw/scripts/snort stop and get done but in IPS log I can see where it is constantly reloading
A few snippets
2010:06:02-15:34:54 gatekeeper snort[9055]: Enabling inline operation

2010:06:02-15:34:54 gatekeeper snort[9055]: NFQUEUE ID set to: 0

2010:06:02-15:34:54 gatekeeper snort[9055]: Running in IDS mode

2010:06:02-15:34:54 gatekeeper snort[9055]: 

2010:06:02-15:34:54 gatekeeper snort[9055]:         --== Initializing Snort ==--

2010:06:02-15:34:54 gatekeeper snort[9055]: Initializing Output Plugins!


and after a few more lines, I get 
2010:06:02-15:35:16 gatekeeper snort[9055]: WARNING: Invalid content option in shared object rule: gid:3, sid:13476 : Fast pattern offset and length cannot be greater than the length of the pattern.  Rule will not be registered.

2010:06:02-15:35:16 gatekeeper snort[9055]: WARNING: gid:3, sid:15470. Fast pattern "only" flag used in combination with a fast pattern offset,length - honoring "only" flag and ignoring fast pattern offset,length.

and it continues on. I however never loose connectivity luckily [;)] Will probably reboot.

Regards
Parents
  • 0 in reply to kbr
    Hi kbr,
    everything but HTTP proxy works. I suspect they were working before I ran the "patterndist ips" command.

    NTP test is down to 3ms from 0.1s or failing.

    Audio streaming, pop3 all work.

    Power off restart appears to be a part solution.

    With the http proxy in standard mode I still receive the scanner instance message.

    I am currently connected with PF rules only.

    Ian M

    Update - cleared the proxy cache and everything now appears to be working correctly.
  • 0 in reply to RFCat_vk_01
    Update - cleared the proxy cache and everything now appears to be working correctly.


    Glad to hear that, thanks for the feedback!
  • 0 in reply to kbr
    Didn't work for me.
    ( This is system After patch install downloaded 06/06/) 

    [7.920After Patch from 7.912 with IPS and FW non functional]
    loginuser@roxy73:/home/login > su
    Password: 
    roxy73:/home/login # patterndist ips
    cp: cannot stat `/var/up2date/ips/u2d-ips-*.tgz.gpg': No such file or directory
    ips_pattern_update returned 'u2d-ips-7-174:1275302692'
    roxy73:/home/login # 


    [After Fresh rebuild from ISO and logged in as root] 
    loginuser@roxy73:/home/login > patterndist ips
    cp: cannot create regular file `/var/pattern/tmp/snortgroups.ph': Permission denied
    cp: cannot create regular file `/var/pattern/tmp/snortrules.ph': Permission denied
    cp: cannot create regular file `/var/pattern/tmp/snortrules_reporting.ph': Permission denied
    cp: cannot create regular file `/var/pattern/tmp/snortrules_reporting.pst': Permission denied
    mv: cannot stat `/var/pattern/tmp/*': No such file or directory
    cp: cannot create regular file `/var/pattern/tmp/decoder.rules': Permission denied
    cp: cannot create regular file `/var/pattern/tmp/preprocessor.rules': Permission denied
    mv: cannot stat `/var/pattern/tmp/*': No such file or directory
    rm: cannot remove `/var/sec/chroot-snort/usr/lib/snort/so_rules/bad-traffic.so': Permission denied
    rm: cannot remove `/var/sec/chroot-snort/usr/lib/snort/so_rules/chat.so': Permission denied
    rm: cannot remove `/var/sec/chroot-snort/usr/lib/snort/so_rules/dos.so': Permission denied
    rm: cannot remove `/var/sec/chroot-snort/usr/lib/snort/so_rules/exploit.so': Permission denied
    rm: cannot remove `/var/sec/chroot-snort/usr/lib/snort/so_rules/icmp.so': Permission denied
    rm: cannot remove `/var/sec/chroot-snort/usr/lib/snort/so_rules/imap.so': Permission denied
    rm: cannot remove `/var/sec/chroot-snort/usr/lib/snort/so_rules/misc.so': Permission denied
    rm: cannot remove `/var/sec/chroot-snort/usr/lib/snort/so_rules/multimedia.so': Permission denied
    rm: cannot remove `/var/sec/chroot-snort/usr/lib/snort/so_rules/netbios.so': Permission denied
    rm: cannot remove `/var/sec/chroot-snort/usr/lib/snort/so_rules/nntp.so': Permission denied
    rm: cannot remove `/var/sec/chroot-snort/usr/lib/snort/so_rules/pop3.so': Permission denied
    rm: cannot remove `/var/sec/chroot-snort/usr/lib/snort/so_rules/smtp.so': Permission denied
    rm: cannot remove `/var/sec/chroot-snort/usr/lib/snort/so_rules/sql.so': Permission denied
    rm: cannot remove `/var/sec/chroot-snort/usr/lib/snort/so_rules/web-activex.so': Permission denied
    rm: cannot remove `/var/sec/chroot-snort/usr/lib/snort/so_rules/web-client.so': Permission denied
    rm: cannot remove `/var/sec/chroot-snort/usr/lib/snort/so_rules/web-iis.so': Permission denied
    rm: cannot remove `/var/sec/chroot-snort/usr/lib/snort/so_rules/web-misc.so': Permission denied
    cp: cannot create regular file `/var/pattern/tmp/bad-traffic.so': Permission denied
    cp: cannot create regular file `/var/pattern/tmp/chat.so': Permission denied
    cp: cannot create regular file `/var/pattern/tmp/dos.so': Permission denied
    cp: cannot create regular file `/var/pattern/tmp/exploit.so': Permission denied
    cp: cannot create regular file `/var/pattern/tmp/icmp.so': Permission denied
    cp: cannot create regular file `/var/pattern/tmp/imap.so': Permission denied
    cp: cannot create regular file `/var/pattern/tmp/misc.so': Permission denied
    cp: cannot create regular file `/var/pattern/tmp/multimedia.so': Permission denied
    cp: cannot create regular file `/var/pattern/tmp/netbios.so': Permission denied
    cp: cannot create regular file `/var/pattern/tmp/nntp.so': Permission denied
    cp: cannot create regular file `/var/pattern/tmp/pop3.so': Permission denied
    cp: cannot create regular file `/var/pattern/tmp/smtp.so': Permission denied
    cp: cannot create regular file `/var/pattern/tmp/sql.so': Permission denied
    cp: cannot create regular file `/var/pattern/tmp/web-activex.so': Permission denied
    cp: cannot create regular file `/var/pattern/tmp/web-client.so': Permission denied
    cp: cannot create regular file `/var/pattern/tmp/web-iis.so': Permission denied
    cp: cannot create regular file `/var/pattern/tmp/web-misc.so': Permission denied
    mv: cannot stat `/var/pattern/tmp/*': No such file or directory
    /usr/local/bin/patterndist: line 209: /usr/local/bin/confd-client.plx: Permission denied
    loginuser@roxy73:/home/login >
  • 0 in reply to Mark_D_01
    You don't have to patch if you rebuilt from ISO. It should work by itself.
Reply Children
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?