HAVP.log: Connect () failed: Operation not permitted
I finally seem to have HAVP and Squid running concurrently and thought I was on my way to nirvana. Unfortunately, a new problem has reared its ugly head: I'm getting way too many "Server Not Responding" errors via HAVP (from /usr/local/share/examples/havp/templates/en/down.html?), even when the sites that trigger the error are up according to www.isthisdown.com. I reviewed the HAVP.log file and found hundreds of entries like
connect() failed: Operation not permitted
Could not connect to server (xxx.xxx.xxx.xxx)
For example, using a LAN client, I attempted to download the Mac OS X program "Paintbrush" from sourceforge.net, whose IP is 188.8.131.52. No matter what I tried, HAVP would tell me "Server Not Responding," even though sourceforge.net was live. I even E-mailed friends of mine to confirm sourceforge.net was up and running and they had no connectivity problems whatsoever.
Does anyone know why HAVP is telling me so many servers are not responding? It's driving me nuts and the logs aren't tell me anything other than the obvious–that it can't connect. Like duh!
It appears to be tied to Snort. I have a Snort2c alert which advises that an attack from 184.108.40.206 was detected and blocked. What's interesting is why Snort suspects sourceforge "attacked" my ip in the first place. To make matter even more confusing I have blocking turned off in Snort. Why is it blocking even if it was a legitimate attack (which I very much doubt)?
This is annoying as hell.
jim-p made some changes to the code and as a result snort2c is starting without permission.
I'll fix it tonight….......
jim-p is a way better coder than me so its not his fault.
As for your alerts when going to sourceforge. you may have to disable that alert or threshold it.