Hello Richard Can you please give a try for a upgrade?
Daniel -----Weitergeleitete Nachricht----- > From: Michael Rash <[EMAIL PROTECTED]> > To: Daniel Gubser <[EMAIL PROTECTED]> > Subject: Re: Old bug in debian still open > Date: Fri, 04 Feb 2005 09:59:30 -0500 > > On Feb 04, 2005, Daniel Gubser wrote: > > > Hello Mike > > > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=265610 > > > > Can you help to find a sulution for this bug? > > Hi Daniel - > > Sure. It looks like the version he is using is 1.3.2-3, and the > auto-assignment code was definitely broken in that release. I > basically fixed it in 1.3.3, but needed an additional fix in > 1.3.4. I know that it is cliche to simply say "upgrade", but I > have put a significant amount of effort into fixing the auto- > danger level assignment code since 1.3.2. Psad-1.4.0 is the > best release yet (I've also attached a tarball of psad-1.4.1-pre1 > just in case you want it because there are a few fixes already > there too). > > Also, the note about the IGNORE_CONNTRACK_BUG_PKTS not working > very well; it looks like the subsequent psad alert he mentions > after this note is for UDP traffic. The IGNORE_CONNTRACK_BUG_PKTS > keyword strictly applies to TCP ACK packets... the connection > tracking timeouts for UDP may not be ideal, but they are not > nearly as bad as for TCP connections in the CLOSE_WAIT state. It > is certainly possible for iptables to block slow replies from > nameservers, which looks like all that is happening here... > > Let me know if I can be of any further assistance! Thanks for > helping psad out... this is what makes open source great. > > --Mike > > Michael Rash > http://www.cipherdyne.org/ > Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
