RE: Sniffing out a firewall -SNORT blew up registrty

["Chiman" <chiman () hawaiian net>]

Someone mentioned the snort utility.  It looked really cool, and so I
installed it.  Somehow it blew up
my registry, and every time i reboot it says WINDOWS REGISTRY CHECKER:
Windows encountered an error accessing the system registry.  Windows will
restart and repair the system registry for you.  [OK}

LOL, I never wanted to be a windows expert... I do UNIX/Solaris/Linux/IOS
etc, but... it's like owning a car
where the check engine lite is always lit, but the hood is welded shut....

I've spent 4 hours on this problem so far... found out about the scanreg
/restore command (and the scanreg /fix
one too).  Which must be run in the windows (or is it really MSODS) safe
with command mode.  Windows never does fix
it of course.  I have also looked around in regedit (but changed nothing).
Also tried changing the system ini
files (from msconfig), cursed windows always puts things back, that I don't
want to boot, to try and take out snort.
I have never found anything on snort in the system.ini files (all of them)
nor the registry, but it ran before I
rebooted.

Did anyone else have this problem?  Or does anyone know what to do from
here?


I hate Windoze, (UNIX Live free or Die... :-)

Also tried running McAfee recovery disk, it runs Dr Solamens (sp?) doesn't
do anything to help either....

Also tried running the PC troubleshooting software from the McAfee site...

-----Original Message-----
From: firewall-wizards-admin () nfr com
[mailto:firewall-wizards-admin () nfr com]On Behalf Of Peter Lukas
Sent: Sunday, November 04, 2001 7:09 AM
To: Ryan Russell
Cc: ayoung () veros com; firewall-wizards () nfr com
Subject: Re: [fw-wiz] RE: Sniffing out a firewall problem


I was really trying more to give an example of the problem flags that can
be gathered locally with netstat before charging out and assessing other
devices for problems. Typically, that information could be gathered to
generate a report of troubles on the network when combined with other
factors (traffic amounts, duplex settings, etc).

Next time, I'll be sure to pipe the message through /bin/lawyer to avoid
a semantics debate with the peanut gallery, though...  ;-)

Peter

On Sat, 3 Nov 2001, Ryan Russell wrote:

> On Sat, 3 Nov 2001, Peter Lukas wrote:
>
> > You'll get some pretty useful stats. Typically, any system with Ierrs,
> > Oerrs or Collis will be experiencing a problem. Check caples, duplex
> > settings and of course, the card /switch port itself.
>
> Please be careful about making blanket statements about collisions
> automatically meaning problems.  On any connection that is supposed to be
> half-duplex Ethernet-style, collisions are perfectly normal, and you have
> to measure collisions against total traffic to even have a rudimentary
> problem measurement.
>
> Sorry, it's a pet peeve of mine.  When I used to be primarily a network
> engineer, I would have systems administrators come to me and report that
> the system was reporting collisions, please fix the network.  I'd reply
> that it was running half-duplex.  <blank stare>
>
>                                       Ryan

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards