Re: Pix crashing with ISS snmp checks

David LeBlanc (dleblancmindspring.com)
Mon, 08 Mar 1999 13:42:31 -0500

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Eberhard Mattes: "Re: fwtk gone?"
• Previous message: Joseph Pung: "Re: T120?"
• In reply to: nickFERALMONKEY.ORG: "T120?"
• Next in thread: Don Tuer: "Dialog on Microsoft's Proxy server?"
• Reply: Don Tuer: "Dialog on Microsoft's Proxy server?"

At 01:40 PM 3/4/99 -0500, Eric Budke wrote:

>Out of curiosity, how well can one determine where/when ISS stopped
>checking. The /tmp logs seem to give some indication, but nothing concrete,
>and unless I'm running a sniffer on the net at the same time, how does one
>go about determining which state your at.

There are two things you need to look at - one is the service scan, and the
other is that actual scan itself. The actual scan will log things to
%installdir%\tmp\[session name]_[dotted IP].tmplog, and the same format
with a suffix of .sslog will log the service scan. Both log files will
contain timestamps at various points. What I like to do is run a tail -f
on the logs while monitoring the host you're looking at. Couple that with
a ping -t, and you should be able to nail it pretty closely.

As Ted stated, the thing to do is divide and conquer - if you can't nail it
by watching the logs, start turning things off until you have one thing
that does it.

David LeBlanc
dleblancmindspring.com

• Next message: Eberhard Mattes: "Re: fwtk gone?"
• Previous message: Joseph Pung: "Re: T120?"
• In reply to: nickFERALMONKEY.ORG: "T120?"
• Next in thread: Don Tuer: "Dialog on Microsoft's Proxy server?"
• Reply: Don Tuer: "Dialog on Microsoft's Proxy server?"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:18:16 CDT