|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Russ Combs (rcombs
sourcefire.com)
Date: Tue Jun 11 2013 - 04:09:20 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, Jun 11, 2013 at 4:57 AM, Mayur Patil <ram.nath241089gmail.com>wrote:
> Problem is that when I connect cable I am able to ping to machine but
> still unable to ssh.
>
> When I try to do ssh from other machine, it says connection refused.
>
> Now I connect the cable and reboot system. When the system starts, it
> automatically starts
>
> checking packets i.e. packet dump mode.
>
> I think Snort script is preventing CentOS to boot as GUI as well as CLI.
>
Most likely you system is just slow to respond to your input because it is
bogged down dumping packets.
>
> I am pretty sure that this is Snort script problem.
>
Yes, and the solution is to disable the script or fix it as I explained
earlier by adding a snort.conf to Snort's command line. Adding a conf will
allow Snort to inspect the traffic and output any alerts instead of dumping
all the packets.
>
> Now what to do ??
>
Until you get Snort configured to do what you want, I suggest disabling the
script from start up. That depends on how you enabled the script.
>
> Please correct if I am wrong !!
>
> Seeking for your guidance,
>
> Thanks !!
>
> --
> *Cheers,
> Mayur*.
>
> On Tue, Jun 11, 2013 at 2:09 PM, Russ Combs <rcombssourcefire.com> wrote:
>
>>
>>
>> On Tue, Jun 11, 2013 at 4:26 AM, Mayur Patil <ram.nath241089gmail.com>wrote:
>>
>>> The snort message is as follows:
>>>
>>> Initializing output plugins !!
>>>
>>> pcap DAQ is configured to passive.
>>>
>>> Acquiring network traffic from "eth0"
>>>
>>> Decoding ethernet
>>>
>>> --==Initialization Complete==--
>>>
>>> SNort
>>> .
>>> .
>>> .
>>> . //messages of version number
>>> .
>>> .
>>> .
>>>
>>> Commencing packet processing (pid=1668)
>>>
>>> and stopped there !!
>>>
>>> I have unplugged n/w cable and got above output.
>>>
>>> Does "shell in" means getting grub console then yes !!
>>>
>>
>> I meant ssh but if unplugging the cable works, that's great.
>>
>>>
>>> I can get grub console.
>>>
>>> Looking forward for guidance,
>>>
>>
>> I'm guessing that you are still in packet dump mode and that you really
>> want IDS mode. Do you know what the command line arguments to Snort are?
>> If it is running now you can do something like "ps alx | grep snort" to
>> see. You need to add -c snort.conf to run in IDS mode.
>>
>>> **
>>> On Tue, Jun 11, 2013 at 1:45 PM, Russ Combs <rcombssourcefire.com>wrote:
>>>
>>>>
>>>>
>>>> On Tue, Jun 11, 2013 at 4:12 AM, Mayur Patil <ram.nath241089gmail.com>wrote:
>>>>
>>>>> Thanks Russ sir for reply.
>>>>>
>>>>> My problem is I am unable to log into command line mode i.e.
>>>>> Ctrl+Alt+F2
>>>>>
>>>>> and also GUI mode of CentOS. And after that I have to add this path.
>>>>>
>>>>> Would you please guide me how to do that it will be a great help !!
>>>>>
>>>>> Can you shell in? If that doesn't work, try unplugging your network
>>>> cable(s).
>>>>
>>>>
>>>>> Thank you !!
>>>>> --
>>>>> *Cheers,
>>>>> Mayur*.
>>>>>
>>>>> On Tue, Jun 11, 2013 at 1:33 PM, Russ Combs <rcombssourcefire.com>wrote:
>>>>>
>>>>>> On Tue, Jun 11, 2013 at 3:41 AM, Mayur Patil <
>>>>>> ram.nath241089gmail.com> wrote:
>>>>>>
>>>>>>> Hello,
>>>>>>>
>>>>>>> I am seeing something like this
>>>>>>>
>>>>>>> *06/11 11:0246 10.1.46.123:136 -> 10.1.46.255:137*
>>>>>>> * UDP:TTL :128 TOS:8 ID:20 IpLen:20 DgmLen:78 Len:50
>>>>>>>
>>>>>>> * in continuous streaming of packets.
>>>>>>> *
>>>>>>> *
>>>>>>> * *Now I am sure that this is the Snort startup script
>>>>>>> problem.....!!
>>>>>>>
>>>>>>> At the starting I have seen message *starting snort in packet
>>>>>>> dump mode*
>>>>>>>
>>>>>>> Please help how to disable this mode or disable snort script from
>>>>>>> loading at boot time??
>>>>>>>
>>>>>>
>>>>>> *Running in packet dump mode is because you don't have a "-c
>>>>>> path/snort.conf" option on your command line. *
>>>>>>
>>>>>>>
>>>>>>> On Tue, Jun 11, 2013 at 11:00 AM, Mayur Patil <
>>>>>>> ram.nath241089gmail.com> wrote:
>>>>>>>
>>>>>>>> Hello,
>>>>>>>>
>>>>>>>> I have stuck on one issue. I am unable to see either GUI or CLI
>>>>>>>> for CentOS 6.3.
>>>>>>>>
>>>>>>>> Description as follows:
>>>>>>>>
>>>>>>>> I was just checking my snort script on centos machine yesterday.
>>>>>>>> So I left machine as it is.
>>>>>>>>
>>>>>>>> When I come today, screen location has changed on desktop so I
>>>>>>>> adjusted and reboot.
>>>>>>>>
>>>>>>>> When I reboot it takes much time to boot, so I press any key on
>>>>>>>> keyboard it shows
>>>>>>>>
>>>>>>>> fast continuous streaming, no idea of what, seems like to be
>>>>>>>> many packets
>>>>>>>>
>>>>>>>> Somewhat
>>>>>>>>
>>>>>>>> UDP---TLS-----255.255.255.0 ------------------->
>>>>>>>>
>>>>>>>> like this. When I try to load the Ctrl+Alt+f2 nothing happens.
>>>>>>>>
>>>>>>>> I am also unable to login through Putty but I am able to ping
>>>>>>>> the machine.
>>>>>>>>
>>>>>>>> How to stop this packet steaming??
>>>>>>>>
>>>>>>>> Need help please!!
>>>>>>>>
>>>>>>>
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]