[Snort-devel] [ snort-Bugs-438904 ] Invalid timestamps on Alpha Linux

noreply at ...12... noreply at ...12...
Thu Sep 27 23:44:03 EDT 2001


Bugs item #438904, was opened at 2001-07-05 15:02
You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=103357&aid=438904&group_id=3357

Category: None
Group: None
>Status: Closed
>Resolution: Wont Fix
>Priority: 1
Submitted By: Nobody/Anonymous (nobody)
>Assigned to: Martin Roesch (roesch)
Summary: Invalid timestamps on Alpha Linux

Initial Comment:
PLATFORM:
Ruffian Alpha (by DeskStation Technologies)
RedHat 6.2 (2.2.16-3)
Snort-1.8-beta9 (and all previous)

PROBLEM:
Random dates and invalid years (with -y option) in 
log files on Alpha platform.

DESCRIPTION:
Following is selected log entries produced by testing 
with Nessus. All entries were collected on July 5, 
after 4pm within several seconds' span:

[**] IDS162 - PING Nmap2.36BETA [**]
07/31/64596097-22:55:18.0192.168.1.206 -> 192.168.1.38
ICMP TTL:38 TOS:0x0 ID:44588 IpLen:20 DgmLen:28
Type:8  Code:0  ID:13714   Seq:0  ECHO

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

[**] SCAN NULL [**]
05/03/116564777-06:06:14.192.168.1.206:0 -> 
192.168.1.38:0
TCP TTL:62 TOS:0x0 ID:15526 IpLen:20 DgmLen:20
******** Seq: 0x0  Ack: 0x0  Win: 0x0  TcpLen: 0

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

[**] SCAN Proxy attempt [**]
10/18/106995166-01:20:22.192.168.1.206:60589 -> 
192.168.1.38:1080
TCP TTL:62 TOS:0x0 ID:56005 IpLen:20 DgmLen:20
******S* Seq: 0x4FC53079  Ack: 0x0  Win: 0x800  
TcpLen: 20

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

[**] SCAN nmap fingerprint attempt [**]
12/19/67121471-22:23:26.0192.168.1.206:60598 -> 
192.168.1.38:21
TCP TTL:46 TOS:0x0 ID:28149 IpLen:20 DgmLen:60
**U*P*SF Seq: 0xDEDDD0BC  Ack: 0x0  Win: 0xC00  
TcpLen: 40  UrgPtr: 0x0
TCP Options (5) => WS: 10 NOP MSS: 265 TS: 1061109567 
0 EOL 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

[**] IDS028 - PING NMAP TCP [**]
12/19/67121471-22:23:26.0192.168.1.206:60599 -> 
192.168.1.38:21
TCP TTL:46 TOS:0x0 ID:21065 IpLen:20 DgmLen:60
***A**** Seq: 0xDEDDD0BC  Ack: 0x0  Win: 0xC00  
TcpLen: 40
TCP Options (5) => WS: 10 NOP MSS: 265 TS: 1061109567 
0 EOL 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

[**] IDS028 - PING NMAP TCP [**]
12/19/67121471-22:23:26.0192.168.1.206:60601 -> 
192.168.1.38:1
TCP TTL:46 TOS:0x0 ID:28804 IpLen:20 DgmLen:60
***A**** Seq: 0xDEDDD0BC  Ack: 0x0  Win: 0xC00  
TcpLen: 40
TCP Options (5) => WS: 10 NOP MSS: 265 TS: 1061109567 
0 EOL 

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

Following is the output of hwclock --debug
run on the Alpha host.

hwclock 2.13
User did not specific a clock access method.  
Searching for one...
Not selecting rtc method because:  Found file 
/dev/rtc, but The device special file '/dev/rtc' 
exists, but the device driver for it is
not in your kernel (and the kerneld service did not 
load it either.  See the 
Hwclock man page (section "Linux rtc device driver ") 
for details.

hwclock was built for a kernel without KDHWCLK 
capability (according to the kernel's kd.h header 
file), and the KDGHWCLK ioctl() doesn't work either.
Using direct I/O instructions to ISA clock.
booted from MILO
Ruffian BCD clock
Last drift adjustment done Thu Jul  5 15:00:21 2001 
(Time 994363221)
Last calibration done Thu Jul  5 15:00:21 2001 (Time 
994363221)
Assuming hardware clock is kept in LOCAL time.
Waiting for clock tick...
...got clock tick
Time read from Hardware Clock: Y=101 M=7 D=5 16:32:45
mktime_tz: TZ environment variable is not set.
Hw clock time : Thu Jul  5 16:32:45 2001 = 994368765 
seconds since 1969 UTC
Thu Jul  5 16:32:45 2001  -0.505956 seconds CDT
Skipping update of adjtime file because nothing has 
changed.

-- 
VLAD STREZHNEV
System Engineer,
IndiVisual Learning, Inc.
23 Empire Drive,
St. Paul, MN 55103


----------------------------------------------------------------------

>Comment By: Martin Roesch (roesch)
Date: 2001-09-27 23:37

Message:
Logged In: YES 
user_id=18573

I don't have an Alpha linux box to test any fixes or
generate any test data, patches will be accepted though...

----------------------------------------------------------------------

You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=103357&aid=438904&group_id=3357




More information about the Snort-devel mailing list