×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Security, hacker detection & forensics FAQ

Troubleshooting Log files

Signal 11 error in the log file by SefLogic
Posted: 9 Jul 03

Ok, what just happened? All of my interfaces just went down or people can still access my internal web server but my internal users cannot access the Internet. Here are just two of the many things that can happen on some idle Tuesday morning.
As being the great admin that you are you check the logs and see an error message saying ôsignal 11ö and you think to yourself what is signal 11 and what does it mean.

Well 99.9 percent of the time a ôsignal 11ö means that you have a port conflict. And a quick way to check this is by looking at the daemon that was shutdown on the following line in the logs.

The best and fastest way to check for a port conflict is to open the gsp.cf file in the sg/ directory. This file lists all of the ports that the SEF/Raptor/VR/SGS is listening on and if you have two of the same port numbers in this file then you have a port conflict.

90 percent of the time the conflict is caused by DNSD, The admin wants to pass traffic through the firewall to a DNS server, so the admin creates DNS Rules that allows this traffic to pass from the internal network to the internet or DMZ. This will create a port conflict because the Raptor/SEF is an application firewall and it has a DNSD daemon that listens for DNS requests plus the admin has her own rule and protocols listening for DNS requests.

Before Symantec release the June 2003 patch another big reason for port conflicts and signal 11 messages was when the admin used the all* rule in the services. This rule should not be used for two reasons. One it can cause port conflicts and two all* means everything, donÆt be lazy create the rules that your users need and keep the rules up to date.

From more information check the Symantec support site.

Signal 11 Troubleshooting Guide
http://service1.symantec.com/support/ent-gate.nsf/docid/2002120307104654?Open&src=w

Using ALL* as a service in rules
http://service1.symantec.com/support/ent-gate.nsf/docid/2002111908175854?Open&src=w

Product Updates
Symantec Enterprise Firewall 7.0 for Windows NT/2000
http://www.symantec.com/techsupp/enterprise/products/sym_ent_firewall/sym_ent_firewall_7_nt/files.html

Back to Security, hacker detection & forensics FAQ Index
Back to Security, hacker detection & forensics Forum

My Archive

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close