Bug#418777: [Fwd: Re: Bug#418777: psad: snort_rule_dl ignored ?!?]

Daniel Gubser Sat, 14 Apr 2007 03:00:43 -0700

FYI. Daniel

--- Begin Message ---

Hi Daniel -


Yes, indeed this is a bug.  It will be fixed in the 2.0.7 release of
psad.

Thanks,

--
Michael Rash
http://www.cipherdyne.org/
Key fingerprint = 53EA 13EA 472E 3771 894F  AC69 95D8 5D6B A742 839F


On Apr 12, 2007, Daniel Gubser wrote:

> Hello Mike
> 
> Can you please help with this bug?
> 
> Thanks
> Daniel
> 
> 
> Richard A Nelson schrieb:
> > Package: psad
> > Version: 2.0.6-1
> > Severity: normal
> >
> > The recent psad upgrade decided to start blocking my AIX boxes because
> > of their large ping size (even though the content/size was not
> > malicious).
> >
> > No problem, I thought, I'll update /etc/psad/snort_rule_dl to include
> > SIDs 384(ping), and 499 (large packet) with danger level 0:
> > ---------------------------------------------
> > #384: ICMP PING
> > 384 0;
> >
> > #499: ICMP Large ICMP Packet
> > 499 0;
> > --------------------------------------------
> >
> > I then cleared the currently blocked machines and started psad
> >
> > Unfortunately, psad still wants to block, for the same two SIDs
> >
> > For the nonce, I just commented out those two rules in
> > snort_rules/*icmp* and so far that seems to be doing the trick
> >
> > -- System Information:
> > Debian Release: lenny/sid
> >   APT prefers testing-proposed-updates
> >   APT policy: (500, 'testing-proposed-updates'), (500, 'unstable'), (500, 
> > 'testing'), (500, 'stable'), (1, 'experimental')
> > Architecture: amd64 (x86_64)
> >
> > Kernel: Linux 2.6.18-3-amd64 (SMP w/2 CPU cores)
> > Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
> > Shell: /bin/sh linked to /bin/bash
> >
> > Versions of packages psad depends on:
> > ii  iptables                1.3.6.0debian1-5 administration tools for 
> > packet fi
> > ii  libc6                   2.3.6.ds1-13     GNU C Library: Shared libraries
> > ii  libcarp-clan-perl       5.8-1            Perl enhancement to Carp error 
> > log
> > ii  libdate-calc-perl       5.4-5            Perl library for accessing 
> > dates
> > ii  libnetwork-ipv4addr-per 0.10-1.1         The Net::IPv4Addr perl module 
> > API 
> > ii  libunix-syslog-perl     0.100-5          Perl interface to the UNIX 
> > syslog(
> > ii  perl                    5.8.8-7          Larry Wall's Practical 
> > Extraction 
> > ii  psmisc                  22.3-1           Utilities that use the proc 
> > filesy
> > ii  sysklogd [syslogd]      1.4.1-20         System Logging Daemon
> > ii  whois                   4.7.21           the GNU whois client
> >
> > Versions of packages psad recommends:
> > ii  bastille                      1:2.1.1-13 Security hardening tool
> >
> > -- no debconf information
> >
> >   
>

--- End Message ---

Bug#418777: [Fwd: Re: Bug#418777: psad: snort_rule_dl ignored ?!?]

Reply via email to