Snort angriff?



  • Hi ist euch ein Angriff auf SNORT unter BSD bekannt?

    https://172.xxx.xxx.xxx:443/pkg_edit.php?xml=snort.xml&id=0

    https://172.xxx.xxx.xxx:443/snort_download_rules.php

    Performance = ac

    seit heute musste ich feststellen das trotz Neuinstallation das Online Update und der Zugriff auf die Rules nicht möglich ist.

    Die Datei scheint geladen zu werden, dennoch erscheint die Meldung „snort rules: md5 signature of rules mismatch.“ das entfernen bringt leider nichts, nach einer neu Installation erscheint die selbige Meldung.

    Hängt dies mit dem leichten Umbau der www.snort.org zusammen?

    pfSense 1.2.2
    built on Thu Jan 8 22:39:31 EST 2009

    Des weiteren stelle ich Verschlüsselungsprobleme unter pfSense fest?
    Probleme bei SSL Verbindungen!

    Dies ist nicht sofort der Fall, nach einer neu Installation gibt es keine Probleme, nach 24/h sind immer die selben Probleme zu finden, es kann doch nicht sein, das 1x am Tag die Firewall neu installiert werden muss. Mit SNORT waren die Probleme kurzzeitig weg.

    Cu
    plsvw39c

    ???



  • hier mal ein log der snort von heute

    SnortStartup[7331]: Ram free BEFORE starting Snort: 60M – Ram free AFTER starting Snort: 60M -- Mode ac -- Snort memory usage:
    snort2c[7320]: snort2c running in daemon mode pid: 7320
    snort2c[7320]: snort2c running in daemon mode pid: 7320
    snort[7305]: Daemon parent exiting
    snort[7305]: Daemon parent exiting
    snort[7305]: Child exited unexpectedly
    snort[7305]: Child exited unexpectedly
    snort[7315]: FATAL ERROR: Failed to Lock PID File "/var/run//snort_em0.pid" for PID "7315"
    snort[7315]: FATAL ERROR: Failed to Lock PID File "/var/run//snort_em0.pid" for PID "7315"
    snort[7315]: PID path stat checked out ok, PID path set to /var/run/
    snort[7315]: PID path stat checked out ok, PID path set to /var/run/
    snort[7305]: Initializing daemon mode
    snort[7305]: Initializing daemon mode
    snort[7305]: 0 out of 512 flowbits in use.
    snort[7305]: 0 out of 512 flowbits in use.
    snort[7305]: Log directory = /var/log/snort
    snort[7305]: Log directory = /var/log/snort
    snort[7305]: Rule application order: activation->dynamic->pass->drop->alert->log
    snort[7305]: Rule application order: activation->dynamic->pass->drop->alert->log
    snort[7305]: –-----------------------------------------------------------------------------
    snort[7305]: –-----------------------------------------------------------------------------
    snort[7305]: | none
    snort[7305]: | none
    snort[7305]: +–---------------------[suppression]–----------------------------------------
    snort[7305]: +–---------------------[suppression]–----------------------------------------
    snort[7305]: | none
    snort[7305]: | none
    snort[7305]: +–---------------------[thresholding-local]–---------------------------------
    snort[7305]: +–---------------------[thresholding-local]–---------------------------------
    snort[7305]: | none
    snort[7305]: | none
    snort[7305]: +–---------------------[thresholding-global]–--------------------------------
    snort[7305]: +–---------------------[thresholding-global]–--------------------------------
    snort[7305]: | memory-cap : 1048576 bytes
    snort[7305]: | memory-cap : 1048576 bytes
    snort[7305]: +–---------------------[thresholding-config]–--------------------------------
    snort[7305]: +–---------------------[thresholding-config]–--------------------------------
    snort[7305]:
    snort[7305]:
    snort[7305]: +–--------------------------------------------------------------------------
    snort[7305]: +–--------------------------------------------------------------------------
    snort[7305]: | s+d 0 0 0 0
    snort[7305]: | s+d 0 0 0 0
    snort[7305]: | nc 0 0 0 0
    snort[7305]: | nc 0 0 0 0
    snort[7305]: | any 0 0 0 0
    snort[7305]: | any 0 0 0 0
    snort[7305]: | dst 0 0 0 0
    snort[7305]: | dst 0 0 0 0
    snort[7305]: | src 0 0 0 0
    snort[7305]: | src 0 0 0 0
    snort[7305]: | tcp udp icmp ip
    snort[7305]: | tcp udp icmp ip
    snort[7305]: +–-----------------[Rule Port Counts]–-------------------------------------
    snort[7305]: +–-----------------[Rule Port Counts]–-------------------------------------
    snort[7305]: Server side data is trusted
    snort[7305]: Server side data is trusted
    snort[7305]: 992 993 994 995
    snort[7305]: 992 993 994 995
    snort[7305]: 443 465 563 636 989
    snort[7305]: 443 465 563 636 989
    snort[7305]: Ports:
    snort[7305]: Ports:
    snort[7305]: Encrypted packets: not inspected
    snort[7305]: Encrypted packets: not inspected
    snort[7305]: SSLPP config:
    snort[7305]: SSLPP config:
    snort[7305]:
    snort[7305]:
    snort[7305]: 53
    snort[7305]: 53
    snort[7305]: Ports:
    snort[7305]: Ports:
    snort[7305]: Experimental DNS RR Types Alert: INACTIVE
    snort[7305]: Experimental DNS RR Types Alert: INACTIVE
    snort[7305]: Obsolete DNS RR Types Alert: INACTIVE
    snort[7305]: Obsolete DNS RR Types Alert: INACTIVE
    snort[7305]: DNS Client rdata txt Overflow Alert: ACTIVE
    snort[7305]: DNS Client rdata txt Overflow Alert: ACTIVE
    snort[7305]: DNS config:
    snort[7305]: DNS config:
    snort[7305]: Maximum SMB command chaining: 3 commands
    snort[7305]: Maximum SMB command chaining: 3 commands
    snort[7305]: RPC over HTTP proxy: None
    snort[7305]: RPC over HTTP proxy: None
    snort[7305]: RPC over HTTP server: 1025-65535
    snort[7305]: RPC over HTTP server: 1025-65535
    snort[7305]: UDP: 1025-65535
    snort[7305]: UDP: 1025-65535
    snort[7305]: TCP: 1025-65535
    snort[7305]: TCP: 1025-65535
    snort[7305]: SMB: None
    snort[7305]: SMB: None
    snort[7305]: Autodetect ports
    snort[7305]: Autodetect ports
    snort[7305]: RPC over HTTP proxy: None
    snort[7305]: RPC over HTTP proxy: None
    snort[7305]: RPC over HTTP server: 593
    snort[7305]: RPC over HTTP server: 593
    snort[7305]: UDP: 135
    snort[7305]: UDP: 135
    snort[7305]: TCP: 135
    snort[7305]: TCP: 135
    snort[7305]: SMB: 139 445
    snort[7305]: SMB: 139 445
    snort[7305]: Detect ports
    snort[7305]: Detect ports
    snort[7305]: Policy: WinXP
    snort[7305]: Policy: WinXP
    snort[7305]: Server Default Configuration
    snort[7305]: Server Default Configuration
    snort[7305]: Events: none
    snort[7305]: Events: none
    snort[7305]: Memcap: 102400 KB
    snort[7305]: Memcap: 102400 KB
    snort[7305]: DCE/RPC Defragmentation: Enabled
    snort[7305]: DCE/RPC Defragmentation: Enabled
    snort[7305]: Global Configuration
    snort[7305]: Global Configuration
    snort[7305]: DCE/RPC 2 Preprocessor Configuration
    snort[7305]: DCE/RPC 2 Preprocessor Configuration
    snort[7305]: Alert on commands: None
    snort[7305]: Alert on commands: None
    snort[7305]: Drop on X-Link2State Alert: No
    snort[7305]: Drop on X-Link2State Alert: No
    snort[7305]: X-Link2State Alert: Yes
    snort[7305]: X-Link2State Alert: Yes
    snort[7305]: Max Response Line Length: 512
    snort[7305]: Max Response Line Length: 512
    snort[7305]: Max Header Line Length: 1000
    snort[7305]: Max Header Line Length: 1000
    snort[7305]: PIPELINING:246 CHUNKING:246 DSN:246 XQUEU:246
    snort[7305]: PIPELINING:246 CHUNKING:246 DSN:246 XQUEU:246
    snort[7305]: XLICENSE:246 X-LINK2STATE:246 XSTA:246 XTRN:246 XUSR:246
    snort[7305]: XLICENSE:246 X-LINK2STATE:246 XSTA:246 XTRN:246 XUSR:246
    snort[7305]: XADR:246 XAUTH:246 XCIR:246 XEXCH50:246 XGEN:246
    snort[7305]: XADR:246 XAUTH:246 XCIR:246 XEXCH50:246 XGEN:246
    snort[7305]: TURN:246 TURNME:246 VERB:246 VRFY:255 X-EXPS:246
    snort[7305]: TURN:246 TURNME:246 VERB:246 VRFY:255 X-EXPS:246
    snort[7305]: SIZE:255 STARTTLS:246 SOML:246 TICK:246 TIME:246
    snort[7305]: SIZE:255 STARTTLS:246 SOML:246 TICK:246 TIME:246
    snort[7305]: QUIT:246 RCPT:300 RSET:246 SAML:246 SEND:246
    snort[7305]: QUIT:246 RCPT:300 RSET:246 SAML:246 SEND:246
    snort[7305]: IDENT:255 MAIL:260 NOOP:255 ONEX:246 QUEU:246
    snort[7305]: IDENT:255 MAIL:260 NOOP:255 ONEX:246 QUEU:246
    snort[7305]: ETRN:246 EVFY:255 EXPN:255 HELO:500 HELP:500
    snort[7305]: ETRN:246 EVFY:255 EXPN:255 HELO:500 HELP:500
    snort[7305]: EHLO:500 EMAL:255 ESAM:255 ESND:255 ESOM:255
    snort[7305]: EHLO:500 EMAL:255 ESAM:255 ESND:255 ESOM:255
    snort[7305]: ATRN:255 AUTH:246 BDAT:255 DATA:246 DEBUG:255
    snort[7305]: ATRN:255 AUTH:246 BDAT:255 DATA:246 DEBUG:255
    snort[7305]: Max Specific Command Line Length:
    snort[7305]: Max Specific Command Line Length:
    snort[7305]: Max Command Line Length: Unlimited
    snort[7305]: Max Command Line Length: Unlimited
    snort[7305]: Ignore SMTP Alerts: No
    snort[7305]: Ignore SMTP Alerts: No
    snort[7305]: Ignore TLS Data: No
    snort[7305]: Ignore TLS Data: No
    snort[7305]: Ignore Data: No
    snort[7305]: Ignore Data: No
    snort[7305]: Normalize: ATRN AUTH BDAT DATA DEBUG EHLO EMAL ESAM ESND ESOM ETRN EVFY EXPN HELO HELP IDENT MAIL NOOP ONEX QUEU QUIT RCPT RSET SAML SEND SIZE STARTTLS SOML TICK TIME TURN TURNME VERB VRFY X-EXPS XADR XAUTH XCIR XEXCH50 XGEN XLICENSE X-LINK2STATE XSTA XTRN XUSR PIPELINING CHUNKING DSN XQUEU
    snort[7305]: Normalize: ATRN AUTH BDAT DATA DEBUG EHLO EMAL ESAM ESND ESOM ETRN EVFY EXPN HELO HELP IDENT MAIL NOOP ONEX QUEU QUIT RCPT RSET SAML SEND SIZE STARTTLS SOML TICK TIME TURN TURNME VERB VRFY X-EXPS XADR XAUTH XCIR XEXCH50 XGEN XLICENSE X-LINK2STATE XSTA XTRN XUSR PIPELINING CHUNKING DSN XQUEU
    snort[7305]: Inspection Type: Stateful
    snort[7305]: Inspection Type: Stateful
    snort[7305]: Ports: 25 465 691
    snort[7305]: Ports: 25 465 691
    snort[7305]: SMTP Config:
    snort[7305]: SMTP Config:
    snort[7305]: Max Response Length: 256
    snort[7305]: Max Response Length: 256
    snort[7305]: Check for Telnet Cmds: YES alert: YES
    snort[7305]: Check for Telnet Cmds: YES alert: YES
    snort[7305]: Check for Bounce Attacks: YES alert: YES
    snort[7305]: Check for Bounce Attacks: YES alert: YES
    snort[7305]: FTP Client: default
    snort[7305]: FTP Client: default
    snort[7305]: Identify open data channels: NO
    snort[7305]: Identify open data channels: NO
    snort[7305]: Check for Telnet Cmds: OFF
    snort[7305]: Check for Telnet Cmds: OFF
    snort[7305]: Ports: 21
    snort[7305]: Ports: 21
    snort[7305]: FTP Server: default
    snort[7305]: FTP Server: default
    snort[7305]: FTP CONFIG:
    snort[7305]: FTP CONFIG:
    snort[7305]: Detect Anomalies: NO
    snort[7305]: Detect Anomalies: NO
    snort[7305]: Normalize: YES
    snort[7305]: Normalize: YES
    snort[7305]: Are You There Threshold: 200
    snort[7305]: Are You There Threshold: 200
    snort[7305]: Ports: 23
    snort[7305]: Ports: 23
    snort[7305]: TELNET CONFIG:
    snort[7305]: TELNET CONFIG:
    snort[7305]: Continue to check encrypted data: NO
    snort[7305]: Continue to check encrypted data: NO
    snort[7305]: Check for Encrypted Traffic: OFF
    snort[7305]: Check for Encrypted Traffic: OFF
    snort[7305]: Inspection Type: stateless
    snort[7305]: Inspection Type: stateless
    snort[7305]: GLOBAL CONFIG
    snort[7305]: GLOBAL CONFIG
    snort[7305]: FTPTelnet Config:
    snort[7305]: FTPTelnet Config:
    snort[7305]: Finished Loading all dynamic preprocessor libs from /usr/local/lib/snort/dynamicpreprocessor/
    snort[7305]: Finished Loading all dynamic preprocessor libs from /usr/local/lib/snort/dynamicpreprocessor/
    snort[7305]: done
    snort[7305]: done
    snort[7305]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//libsf_ssl_preproc.so…
    snort[7305]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//libsf_ssl_preproc.so…
    snort[7305]: done
    snort[7305]: done
    snort[7305]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//libsf_ssh_preproc.so…
    snort[7305]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//libsf_ssh_preproc.so…
    snort[7305]: done
    snort[7305]: done
    snort[7305]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//libsf_smtp_preproc.so…
    snort[7305]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//libsf_smtp_preproc.so…
    snort[7305]: done
    snort[7305]: done
    snort[7305]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//libsf_ftptelnet_preproc.so…
    snort[7305]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//libsf_ftptelnet_preproc.so…
    snort[7305]: done
    snort[7305]: done
    snort[7305]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//libsf_dns_preproc.so…
    snort[7305]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//libsf_dns_preproc.so…
    snort[7305]: done
    snort[7305]: done
    snort[7305]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//libsf_dce2_preproc.so…
    snort[7305]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//libsf_dce2_preproc.so…
    snort[7305]: done
    snort[7305]: done
    snort[7305]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//libsf_dcerpc_preproc.so…
    snort[7305]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//libsf_dcerpc_preproc.so…
    snort[7305]: done
    snort[7305]: done
    snort[7305]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//lib_sfdynamic_preprocessor_example.so…
    snort[7305]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//lib_sfdynamic_preprocessor_example.so…
    snort[7305]: Loading all dynamic preprocessor libs from /usr/local/lib/snort/dynamicpreprocessor/…
    snort[7305]: Loading all dynamic preprocessor libs from /usr/local/lib/snort/dynamicpreprocessor/…
    snort[7305]: done
    snort[7305]: done
    snort[7305]: Loading dynamic engine /usr/local/lib/snort/dynamicengine/libsf_engine.so…
    snort[7305]: Loading dynamic engine /usr/local/lib/snort/dynamicengine/libsf_engine.so…
    snort[7305]: Tagged Packet Limit: 256
    snort[7305]: command line overrides rules file alert plugin!
    snort[7305]: Tagged Packet Limit: 256
    snort[7305]: command line overrides rules file alert plugin!
    snort[7305]: command line overrides rules file alert plugin!
    snort[7305]:
    snort[7305]: command line overrides rules file alert plugin!
    snort[7305]:
    snort[7305]:
    snort[7305]:
    snort[7305]: 127.0.0.1 / 255.255.255.255
    snort[7305]: 127.0.0.1 / 255.255.255.255
    snort[7305]:
    snort[7305]:
    snort[7305]: 172.XXX.XXX.XXX / 255.255.255.255
    snort[7305]: 172.XXX.XXX.XXX / 255.255.255.255
    snort[7305]:
    snort[7305]:
    snort[7305]: 172.XXX.XXX.XXX / 255.255.255.255
    snort[7305]: 172.XXX.XXX.XXX / 255.255.255.255
    snort[7305]:
    snort[7305]:
    snort[7305]: 172.XXX.XXX.XXX / 255.255.255.255
    snort[7305]: 172.XXX.XXX.XXX / 255.255.255.255
    snort[7305]:
    snort[7305]:
    snort[7305]: 172.XXX.XXX.XXX / 255.255.248.0
    snort[7305]: 172.XXX.XXX.XXX / 255.255.248.0
    snort[7305]: Ignore Scanner IP List:
    snort[7305]: Ignore Scanner IP List:
    snort[7305]: Number of Nodes: 36900
    snort[7305]: Number of Nodes: 36900
    snort[7305]: Memcap (in bytes): 10000000
    snort[7305]: Memcap (in bytes): 10000000
    snort[7305]: Sensitivity Level: Medium
    snort[7305]: Sensitivity Level: Medium
    snort[7305]: Detect Scan Type: portscan portsweep decoy_portscan distributed_portscan
    snort[7305]: Detect Scan Type: portscan portsweep decoy_portscan distributed_portscan
    snort[7305]: Detect Protocols: TCP UDP ICMP IP
    snort[7305]: Detect Protocols: TCP UDP ICMP IP
    snort[7305]: Portscan Detection Config:
    snort[7305]: Portscan Detection Config:
    snort[7305]: alert_multiple_requests: ACTIVE
    snort[7305]: alert_multiple_requests: ACTIVE
    snort[7305]: alert_incomplete: ACTIVE
    snort[7305]: alert_incomplete: ACTIVE
    snort[7305]: alert_large_fragments: ACTIVE
    snort[7305]: alert_large_fragments: ACTIVE
    snort[7305]: alert_fragments: INACTIVE
    snort[7305]: alert_fragments: INACTIVE
    snort[7305]: Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779
    snort[7305]: Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779
    snort[7305]: rpc_decode arguments:
    snort[7305]: rpc_decode arguments:
    snort[7305]: Whitespace Characters: 0x09 0x0b 0x0c 0x0d
    snort[7305]: Whitespace Characters: 0x09 0x0b 0x0c 0x0d
    snort[7305]: Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07
    snort[7305]: Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07
    snort[7305]: IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
    snort[7305]: IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
    snort[7305]: IIS Delimiter: YES alert: YES
    snort[7305]: IIS Delimiter: YES alert: YES
    snort[7305]: Apache WhiteSpace: YES alert: YES
    snort[7305]: Apache WhiteSpace: YES alert: YES
    snort[7305]: Web Root Traversal: YES alert: YES
    snort[7305]: Web Root Traversal: YES alert: YES
    snort[7305]: Directory Traversal: YES alert: NO
    snort[7305]: Directory Traversal: YES alert: NO
    snort[7305]: IIS Backslash: YES alert: NO
    snort[7305]: IIS Backslash: YES alert: NO
    snort[7305]: Multiple Slash: YES alert: NO
    snort[7305]: Multiple Slash: YES alert: NO
    snort[7305]: IIS Unicode: YES alert: YES
    snort[7305]: IIS Unicode: YES alert: YES
    snort[7305]: UTF 8: YES alert: NO
    snort[7305]: UTF 8: YES alert: NO
    snort[7305]: Base36: OFF
    snort[7305]: Base36: OFF
    snort[7305]: Bare Byte: YES alert: YES
    snort[7305]: Bare Byte: YES alert: YES
    snort[7305]: %U Encoding: YES alert: YES
    snort[7305]: %U Encoding: YES alert: YES
    snort[7305]: Double Decoding: YES alert: YES
    snort[7305]: Double Decoding: YES alert: YES
    snort[7305]: Ascii: YES alert: NO
    snort[7305]: Ascii: YES alert: NO
    snort[7305]: Normalize HTTP Cookies: NO
    snort[7305]: Normalize HTTP Cookies: NO
    snort[7305]: Normalize HTTP Headers: NO
    snort[7305]: Normalize HTTP Headers: NO
    snort[7305]: Only inspect URI: NO
    snort[7305]: Only inspect URI: NO
    snort[7305]: Oversize Dir Length: 0
    snort[7305]: Oversize Dir Length: 0
    snort[7305]: Disable Alerting: YES
    snort[7305]: Disable Alerting: YES
    snort[7305]: Allow Proxy Usage: NO
    snort[7305]: Allow Proxy Usage: NO
    snort[7305]: URI Discovery Strict Mode: NO
    snort[7305]: URI Discovery Strict Mode: NO
    snort[7305]: Inspect Pipeline Requests: YES
    snort[7305]: Inspect Pipeline Requests: YES
    snort[7305]: Max Number Header Fields: 0
    snort[7305]: Max Number Header Fields: 0
    snort[7305]: Max Header Field Length: 0
    snort[7305]: Max Header Field Length: 0
    snort[7305]: Max Chunk Length: 500000
    snort[7305]: Max Chunk Length: 500000
    snort[7305]: Client Flow Depth: 300
    snort[7305]: Client Flow Depth: 300
    snort[7305]: Server Flow Depth: 0
    snort[7305]: Server Flow Depth: 0
    snort[7305]: Ports: 80 3128 8080
    snort[7305]: Ports: 80 3128 8080
    snort[7305]: Server profile: All
    snort[7305]: Server profile: All
    snort[7305]: DEFAULT SERVER CONFIG:
    snort[7305]: DEFAULT SERVER CONFIG:
    snort[7305]: IIS Unicode Map Codepage: 1252
    snort[7305]: IIS Unicode Map Codepage: 1252
    snort[7305]: IIS Unicode Map Filename: /usr/local/etc/snort/unicode.map
    snort[7305]: IIS Unicode Map Filename: /usr/local/etc/snort/unicode.map
    snort[7305]: Detect Proxy Usage: NO
    snort[7305]: Detect Proxy Usage: NO
    snort[7305]: Inspection Type: STATELESS
    snort[7305]: Inspection Type: STATELESS
    snort[7305]: Max Pipeline Requests: 0
    snort[7305]: Max Pipeline Requests: 0
    snort[7305]: GLOBAL CONFIG
    snort[7305]: GLOBAL CONFIG
    snort[7305]: HttpInspect Config:
    snort[7305]: HttpInspect Config:
    snort[7305]: Dump Summary: No
    snort[7305]: Dump Summary: No
    snort[7305]: Packet Count: 10000
    snort[7305]: Packet Count: 10000
    snort[7305]: SnortFile Mode: INACTIVE
    snort[7305]: SnortFile Mode: INACTIVE
    snort[7305]: File Mode: /var/log/snort/snort.stats
    snort[7305]: File Mode: /var/log/snort/snort.stats
    snort[7305]: Console Mode: INACTIVE
    snort[7305]: Console Mode: INACTIVE
    snort[7305]: Max Perf Stats: INACTIVE
    snort[7305]: Max Perf Stats: INACTIVE
    snort[7305]: Event Stats: INACTIVE
    snort[7305]: Event Stats: INACTIVE
    snort[7305]: Flow Stats: INACTIVE
    snort[7305]: Flow Stats: INACTIVE
    snort[7305]: Time: 300 seconds
    snort[7305]: Time: 300 seconds
    snort[7305]: PerfMonitor config:
    snort[7305]: PerfMonitor config:
    snort[7305]: Timeout: 30 seconds
    snort[7305]: Timeout: 30 seconds
    snort[7305]: Stream5 ICMP Policy config:
    snort[7305]: Stream5 ICMP Policy config:
    snort[7305]: Timeout: 30 seconds
    snort[7305]: Timeout: 30 seconds
    snort[7305]: Stream5 UDP Policy config:
    snort[7305]: Stream5 UDP Policy config:
    snort[7305]: 19 client (Footprint) server (Footprint)
    snort[7305]: 19 client (Footprint) server (Footprint)
    snort[7305]: 18 client (Footprint) server (Footprint)
    snort[7305]: 18 client (Footprint) server (Footprint)
    snort[7305]: 17 client (Footprint) server (Footprint)
    snort[7305]: 17 client (Footprint) server (Footprint)
    snort[7305]: 16 client (Footprint) server (Footprint)
    snort[7305]: 16 client (Footprint) server (Footprint)
    snort[7305]: 15 client (Footprint) server (Footprint)
    snort[7305]: 15 client (Footprint) server (Footprint)
    snort[7305]: 14 client (Footprint) server (Footprint)
    snort[7305]: 14 client (Footprint) server (Footprint)
    snort[7305]: 13 client (Footprint) server (Footprint)
    snort[7305]: 13 client (Footprint) server (Footprint)
    snort[7305]: 12 client (Footprint) server (Footprint)
    snort[7305]: 12 client (Footprint) server (Footprint)
    snort[7305]: 11 client (Footprint) server (Footprint)
    snort[7305]: 11 client (Footprint) server (Footprint)
    snort[7305]: 10 client (Footprint) server (Footprint)
    snort[7305]: 10 client (Footprint) server (Footprint)
    snort[7305]: 9 client (Footprint) server (Footprint)
    snort[7305]: 9 client (Footprint) server (Footprint)
    snort[7305]: 8 client (Footprint) server (Footprint)
    snort[7305]: 8 client (Footprint) server (Footprint)
    snort[7305]: 7 client (Footprint) server (Footprint)
    snort[7305]: 7 client (Footprint) server (Footprint)
    snort[7305]: 6 client (Footprint) server (Footprint)
    snort[7305]: 6 client (Footprint) server (Footprint)
    snort[7305]: 5 client (Footprint) server (Footprint)
    snort[7305]: 5 client (Footprint) server (Footprint)
    snort[7305]: 4 client (Footprint) server (Footprint)
    snort[7305]: 4 client (Footprint) server (Footprint)
    snort[7305]: 3 client (Footprint) server (Footprint)
    snort[7305]: 3 client (Footprint) server (Footprint)
    snort[7305]: 2 client (Footprint) server (Footprint)
    snort[7305]: 2 client (Footprint) server (Footprint)
    snort[7305]: 1 client (Footprint) server (Footprint)
    snort[7305]: 1 client (Footprint) server (Footprint)
    snort[7305]: 0 client (Footprint) server (Footprint)
    snort[7305]: 0 client (Footprint) server (Footprint)
    snort[7305]: Reassembly Ports:
    snort[7305]: Reassembly Ports:
    snort[7305]: Static Flushpoint Sizes: YES
    snort[7305]: Static Flushpoint Sizes: YES
    snort[7305]: Options:
    snort[7305]: Options:
    snort[7305]: Maximum number of segs to queue per session: 2621
    snort[7305]: Maximum number of segs to queue per session: 2621
    snort[7305]: Maximum number of bytes to queue per session: 1048576
    snort[7305]: Maximum number of bytes to queue per session: 1048576
    snort[7305]: Min ttl: 1
    snort[7305]: Min ttl: 1
    snort[7305]: Timeout: 30 seconds
    snort[7305]: Timeout: 30 seconds
    snort[7305]: Reassembly Policy: BSD
    snort[7305]: Reassembly Policy: BSD
    snort[7305]: Stream5 TCP Policy config:
    snort[7305]: Stream5 TCP Policy config:
    snort[7305]: Bound Addresses:0.0.0.0/0.0.0.0
    snort[7305]: Bound Addresses:0.0.0.0/0.0.0.0
    snort[7305]: 3306 client (Footprint)
    snort[7305]: 3306 client (Footprint)
    snort[7305]: 2401 client (Footprint)
    snort[7305]: 2401 client (Footprint)
    snort[7305]: 1521 client (Footprint)
    snort[7305]: 1521 client (Footprint)
    snort[7305]: 1433 client (Footprint)
    snort[7305]: 1433 client (Footprint)
    snort[7305]: 514 client (Footprint)
    snort[7305]: 514 client (Footprint)
    snort[7305]: 513 client (Footprint)
    snort[7305]: 513 client (Footprint)
    snort[7305]: 445 client (Footprint)
    snort[7305]: 445 client (Footprint)
    snort[7305]: 143 client (Footprint)
    snort[7305]: 143 client (Footprint)
    snort[7305]: 139 client (Footprint)
    snort[7305]: 139 client (Footprint)
    snort[7305]: 137 client (Footprint)
    snort[7305]: 137 client (Footprint)
    snort[7305]: 136 client (Footprint)
    snort[7305]: 136 client (Footprint)
    snort[7305]: 135 client (Footprint)
    snort[7305]: 135 client (Footprint)
    snort[7305]: 111 client (Footprint)
    snort[7305]: 111 client (Footprint)
    snort[7305]: 110 client (Footprint)
    snort[7305]: 110 client (Footprint)
    snort[7305]: 80 client (Footprint)
    snort[7305]: 80 client (Footprint)
    snort[7305]: 53 client (Footprint)
    snort[7305]: 53 client (Footprint)
    snort[7305]: 42 client (Footprint)
    snort[7305]: 42 client (Footprint)
    snort[7305]: 25 client (Footprint)
    snort[7305]: 25 client (Footprint)
    snort[7305]: 23 client (Footprint)
    snort[7305]: 23 client (Footprint)
    snort[7305]: 21 client (Footprint)
    snort[7305]: 21 client (Footprint)
    snort[7305]: Reassembly Ports:
    snort[7305]: Reassembly Ports:
    snort[7305]: Maximum number of segs to queue per session: 2621
    snort[7305]: Maximum number of segs to queue per session: 2621
    snort[7305]: Maximum number of bytes to queue per session: 1048576
    snort[7305]: Maximum number of bytes to queue per session: 1048576
    snort[7305]: Min ttl: 1
    snort[7305]: Min ttl: 1
    snort[7305]: Timeout: 30 seconds
    snort[7305]: Timeout: 30 seconds
    snort[7305]: Reassembly Policy: MACOS
    snort[7305]: Reassembly Policy: MACOS
    snort[7305]: Stream5 TCP Policy config:
    snort[7305]: Stream5 TCP Policy config:
    snort[7305]: Bound Addresses:0.0.0.0/0.0.0.0
    snort[7305]: Bound Addresses:0.0.0.0/0.0.0.0
    snort[7305]: 3306 client (Footprint)
    snort[7305]: 3306 client (Footprint)
    snort[7305]: 2401 client (Footprint)
    snort[7305]: 2401 client (Footprint)
    snort[7305]: 1521 client (Footprint)
    snort[7305]: 1521 client (Footprint)
    snort[7305]: 1433 client (Footprint)
    snort[7305]: 1433 client (Footprint)
    snort[7305]: 514 client (Footprint)
    snort[7305]: 514 client (Footprint)
    snort[7305]: 513 client (Footprint)
    snort[7305]: 513 client (Footprint)
    snort[7305]: 445 client (Footprint)
    snort[7305]: 445 client (Footprint)
    snort[7305]: 143 client (Footprint)
    snort[7305]: 143 client (Footprint)
    snort[7305]: 139 client (Footprint)
    snort[7305]: 139 client (Footprint)
    snort[7305]: 137 client (Footprint)
    snort[7305]: 137 client (Footprint)
    snort[7305]: 136 client (Footprint)
    snort[7305]: 136 client (Footprint)
    snort[7305]: 135 client (Footprint)
    snort[7305]: 135 client (Footprint)
    snort[7305]: 111 client (Footprint)
    snort[7305]: 111 client (Footprint)
    snort[7305]: 110 client (Footprint)
    snort[7305]: 110 client (Footprint)
    snort[7305]: 80 client (Footprint)
    snort[7305]: 80 client (Footprint)
    snort[7305]: 53 client (Footprint)
    snort[7305]: 53 client (Footprint)
    snort[7305]: 42 client (Footprint)
    snort[7305]: 42 client (Footprint)
    snort[7305]: 25 client (Footprint)
    snort[7305]: 25 client (Footprint)
    snort[7305]: 23 client (Footprint)
    snort[7305]: 23 client (Footprint)
    snort[7305]: 21 client (Footprint)
    snort[7305]: 21 client (Footprint)
    snort[7305]: Reassembly Ports:
    snort[7305]: Reassembly Ports:
    snort[7305]: Maximum number of segs to queue per session: 2621
    snort[7305]: Maximum number of segs to queue per session: 2621
    snort[7305]: Maximum number of bytes to queue per session: 1048576
    snort[7305]: Maximum number of bytes to queue per session: 1048576
    snort[7305]: Min ttl: 1
    snort[7305]: Min ttl: 1
    snort[7305]: Timeout: 30 seconds
    snort[7305]: Timeout: 30 seconds
    snort[7305]: Reassembly Policy: WINDOWS VISTA
    snort[7305]: Reassembly Policy: WINDOWS VISTA
    snort[7305]: Stream5 TCP Policy config:
    snort[7305]: Stream5 TCP Policy config:
    snort[7305]: Bound Addresses:0.0.0.0/0.0.0.0
    snort[7305]: Bound Addresses:0.0.0.0/0.0.0.0
    snort[7305]: 3306 client (Footprint)
    snort[7305]: 3306 client (Footprint)
    snort[7305]: 2401 client (Footprint)
    snort[7305]: 2401 client (Footprint)
    snort[7305]: 1521 client (Footprint)
    snort[7305]: 1521 client (Footprint)
    snort[7305]: 1433 client (Footprint)
    snort[7305]: 1433 client (Footprint)
    snort[7305]: 514 client (Footprint)
    snort[7305]: 514 client (Footprint)
    snort[7305]: 513 client (Footprint)
    snort[7305]: 513 client (Footprint)
    snort[7305]: 445 client (Footprint)
    snort[7305]: 445 client (Footprint)
    snort[7305]: 143 client (Footprint)
    snort[7305]: 143 client (Footprint)
    snort[7305]: 139 client (Footprint)
    snort[7305]: 139 client (Footprint)
    snort[7305]: 137 client (Footprint)
    snort[7305]: 137 client (Footprint)
    snort[7305]: 136 client (Footprint)
    snort[7305]: 136 client (Footprint)
    snort[7305]: 135 client (Footprint)
    snort[7305]: 135 client (Footprint)
    snort[7305]: 111 client (Footprint)
    snort[7305]: 111 client (Footprint)
    snort[7305]: 110 client (Footprint)
    snort[7305]: 110 client (Footprint)
    snort[7305]: 80 client (Footprint)
    snort[7305]: 80 client (Footprint)
    snort[7305]: 53 client (Footprint)
    snort[7305]: 53 client (Footprint)
    snort[7305]: 42 client (Footprint)
    snort[7305]: 42 client (Footprint)
    snort[7305]: 25 client (Footprint)
    snort[7305]: 25 client (Footprint)
    snort[7305]: 23 client (Footprint)
    snort[7305]: 23 client (Footprint)
    snort[7305]: 21 client (Footprint)
    snort[7305]: 21 client (Footprint)
    snort[7305]: Reassembly Ports:
    snort[7305]: Reassembly Ports:
    snort[7305]: Maximum number of segs to queue per session: 2621
    snort[7305]: Maximum number of segs to queue per session: 2621
    snort[7305]: Maximum number of bytes to queue per session: 1048576
    snort[7305]: Maximum number of bytes to queue per session: 1048576
    snort[7305]: Min ttl: 1
    snort[7305]: Min ttl: 1
    snort[7305]: Timeout: 30 seconds
    snort[7305]: Timeout: 30 seconds
    snort[7305]: Reassembly Policy: LINUX
    snort[7305]: Reassembly Policy: LINUX
    snort[7305]: Stream5 TCP Policy config:
    snort[7305]: Stream5 TCP Policy config:
    snort[7305]: Bound Addresses:0.0.0.0/0.0.0.0
    snort[7305]: Bound Addresses:0.0.0.0/0.0.0.0
    snort[7305]: 3306 client (Footprint)
    snort[7305]: 3306 client (Footprint)
    snort[7305]: 2401 client (Footprint)
    snort[7305]: 2401 client (Footprint)
    snort[7305]: 1521 client (Footprint)
    snort[7305]: 1521 client (Footprint)
    snort[7305]: 1433 client (Footprint)
    snort[7305]: 1433 client (Footprint)
    snort[7305]: 514 client (Footprint)
    snort[7305]: 514 client (Footprint)
    snort[7305]: 513 client (Footprint)
    snort[7305]: 513 client (Footprint)
    snort[7305]: 445 client (Footprint)
    snort[7305]: 445 client (Footprint)
    snort[7305]: 143 client (Footprint)
    snort[7305]: 143 client (Footprint)
    snort[7305]: 139 client (Footprint)
    snort[7305]: 139 client (Footprint)
    snort[7305]: 137 client (Footprint)
    snort[7305]: 137 client (Footprint)
    snort[7305]: 136 client (Footprint)
    snort[7305]: 136 client (Footprint)
    snort[7305]: 135 client (Footprint)
    snort[7305]: 135 client (Footprint)
    snort[7305]: 111 client (Footprint)
    snort[7305]: 111 client (Footprint)
    snort[7305]: 110 client (Footprint)
    snort[7305]: 110 client (Footprint)
    snort[7305]: 80 client (Footprint)
    snort[7305]: 80 client (Footprint)
    snort[7305]: 53 client (Footprint)
    snort[7305]: 53 client (Footprint)
    snort[7305]: 42 client (Footprint)
    snort[7305]: 42 client (Footprint)
    snort[7305]: 25 client (Footprint)
    snort[7305]: 25 client (Footprint)
    snort[7305]: 23 client (Footprint)
    snort[7305]: 23 client (Footprint)
    snort[7305]: 21 client (Footprint)
    snort[7305]: 21 client (Footprint)
    snort[7305]: Reassembly Ports:
    snort[7305]: Reassembly Ports:
    snort[7305]: Maximum number of segs to queue per session: 2621
    snort[7305]: Maximum number of segs to queue per session: 2621
    snort[7305]: Maximum number of bytes to queue per session: 1048576
    snort[7305]: Maximum number of bytes to queue per session: 1048576
    snort[7305]: Min ttl: 1
    snort[7305]: Min ttl: 1
    snort[7305]: Timeout: 30 seconds
    snort[7305]: Timeout: 30 seconds
    snort[7305]: Reassembly Policy: WINDOWS
    snort[7305]: Reassembly Policy: WINDOWS
    snort[7305]: Stream5 TCP Policy config:
    snort[7305]: Stream5 TCP Policy config:
    snort[7305]: Log info if session memory consumption exceeds 1048576
    snort[7305]: Log info if session memory consumption exceeds 1048576
    snort[7305]: Max ICMP sessions: 65536
    snort[7305]: Max ICMP sessions: 65536
    snort[7305]: Track ICMP sessions: ACTIVE
    snort[7305]: Track ICMP sessions: ACTIVE
    snort[7305]: Max UDP sessions: 131072
    snort[7305]: Max UDP sessions: 131072
    snort[7305]: Track UDP sessions: ACTIVE
    snort[7305]: Track UDP sessions: ACTIVE
    snort[7305]: Memcap (for reassembly packet storage): 8388608
    snort[7305]: Memcap (for reassembly packet storage): 8388608
    snort[7305]: Max TCP sessions: 8192
    snort[7305]: Max TCP sessions: 8192
    snort[7305]: Track TCP sessions: ACTIVE
    snort[7305]: Track TCP sessions: ACTIVE
    snort[7305]: Stream5 global config:
    snort[7305]: Stream5 global config:
    snort[7305]: Fragment Problems: 1
    snort[7305]: Fragment Problems: 1
    snort[7305]: Fragment ttl_limit (not used): 5
    snort[7305]: Fragment ttl_limit (not used): 5
    snort[7305]: Fragment min_ttl: 1
    snort[7305]: Fragment min_ttl: 1
    snort[7305]: Fragment timeout: 60 seconds
    snort[7305]: Fragment timeout: 60 seconds
    snort[7305]: Target-based policy: BSD
    snort[7305]: Target-based policy: BSD
    snort[7305]: Frag3 engine config:
    snort[7305]: Frag3 engine config:
    snort[7305]: Fragment Problems: 0
    snort[7305]: Fragment Problems: 0
    snort[7305]: Fragment ttl_limit (not used): 5
    snort[7305]: Fragment ttl_limit (not used): 5
    snort[7305]: Fragment min_ttl: 1
    snort[7305]: Fragment min_ttl: 1
    snort[7305]: Fragment timeout: 60 seconds
    snort[7305]: Fragment timeout: 60 seconds
    snort[7305]: Target-based policy: FIRST
    snort[7305]: Target-based policy: FIRST
    snort[7305]: Frag3 engine config:
    snort[7305]: Frag3 engine config:
    snort[7305]: Fragment Problems: 0
    snort[7305]: Fragment Problems: 0
    snort[7305]: Fragment ttl_limit (not used): 5
    snort[7305]: Fragment ttl_limit (not used): 5
    snort[7305]: Fragment min_ttl: 1
    snort[7305]: Fragment min_ttl: 1
    snort[7305]: Fragment timeout: 60 seconds
    snort[7305]: Fragment timeout: 60 seconds
    snort[7305]: Target-based policy: LINUX
    snort[7305]: Target-based policy: LINUX
    snort[7305]: Frag3 engine config:
    snort[7305]: Frag3 engine config:
    snort[7305]: Fragment Problems: 0
    snort[7305]: Fragment Problems: 0
    snort[7305]: Fragment ttl_limit (not used): 5
    snort[7305]: Fragment ttl_limit (not used): 5
    snort[7305]: Fragment min_ttl: 1
    snort[7305]: Fragment min_ttl: 1
    snort[7305]: Fragment timeout: 60 seconds
    snort[7305]: Fragment timeout: 60 seconds
    snort[7305]: Target-based policy: WINDOWS
    snort[7305]: Target-based policy: WINDOWS
    snort[7305]: Frag3 engine config:
    snort[7305]: Frag3 engine config:
    snort[7305]: Fragment memory cap: 4194304 bytes
    snort[7305]: Fragment memory cap: 4194304 bytes
    snort[7305]: Max frags: 8192
    snort[7305]: Max frags: 8192
    snort[7305]: Frag3 global config:
    snort[7305]: Frag3 global config:
    snort[7305]: Search-Method = AC-Full-Q
    snort[7305]: Search-Method = AC-Full-Q
    snort[7305]: Detection:
    snort[7305]: Detection:
    snort[7305]:
    snort[7305]:
    snort[7305]: [ 25 443 465 636 993 995 ]
    snort[7305]: [ 25 443 465 636 993 995 ]
    snort[7305]: PortVar 'SSL_PORTS' defined :
    snort[7305]: PortVar 'SSL_PORTS' defined :
    snort[7305]:
    snort[7305]:
    snort[7305]: [ 25 143 465 691 ]
    snort[7305]: [ 25 143 465 691 ]
    snort[7305]: PortVar 'MAIL_PORTS' defined :
    snort[7305]: PortVar 'MAIL_PORTS' defined :
    snort[7305]:
    snort[7305]:
    snort[7305]: [ 23 ]
    snort[7305]: [ 23 ]
    snort[7305]: PortVar 'TELNET_PORTS' defined :
    snort[7305]: PortVar 'TELNET_PORTS' defined :
    snort[7305]:
    snort[7305]:
    snort[7305]: [ XXX ]
    snort[7305]: [ XXX ]
    snort[7305]: PortVar 'SSH_PORTS' defined :
    snort[7305]: PortVar 'SSH_PORTS' defined :
    snort[7305]:
    snort[7305]:
    snort[7305]: [ 161 ]
    snort[7305]: [ 161 ]
    snort[7305]: PortVar 'SNMP_PORTS' defined :
    snort[7305]: PortVar 'SNMP_PORTS' defined :
    snort[7305]:
    snort[7305]:
    snort[7305]: [ 25 ]
    snort[7305]: [ 25 ]
    snort[7305]: PortVar 'SMTP_PORTS' defined :
    snort[7305]: PortVar 'SMTP_PORTS' defined :
    snort[7305]:
    snort[7305]:
    snort[7305]: [ 139 445 ]
    snort[7305]: [ 139 445 ]
    snort[7305]: PortVar 'SMB_PORTS' defined :
    snort[7305]: PortVar 'SMB_PORTS' defined :
    snort[7305]:
    snort[7305]:
    snort[7305]: [ 514 ]
    snort[7305]: [ 514 ]
    snort[7305]: PortVar 'RSH_PORTS' defined :
    snort[7305]: PortVar 'RSH_PORTS' defined :
    snort[7305]:
    snort[7305]:
    snort[7305]: [ 513 ]
    snort[7305]: [ 513 ]
    snort[7305]: PortVar 'RLOGIN_PORTS' defined :
    snort[7305]: PortVar 'RLOGIN_PORTS' defined :
    snort[7305]:
    snort[7305]:
    snort[7305]: [ 111 32770:32779 ]
    snort[7305]: [ 111 32770:32779 ]
    snort[7305]: PortVar 'SUNRPC_PORTS' defined :
    snort[7305]: PortVar 'SUNRPC_PORTS' defined :
    snort[7305]:
    snort[7305]:
    snort[7305]: [ 110 ]
    snort[7305]: [ 110 ]
    snort[7305]: PortVar 'POP3_PORTS' defined :
    snort[7305]: PortVar 'POP3_PORTS' defined :
    snort[7305]:
    snort[7305]:
    snort[7305]: [ 109 ]
    snort[7305]: [ 109 ]
    snort[7305]: PortVar 'POP2_PORTS' defined :
    snort[7305]: PortVar 'POP2_PORTS' defined :
    snort[7305]:
    snort[7305]:
    snort[7305]: [ 119 ]
    snort[7305]: [ 119 ]
    snort[7305]: PortVar 'NNTP_PORTS' defined :
    snort[7305]: PortVar 'NNTP_PORTS' defined :
    snort[7305]:
    snort[7305]:
    snort[7305]: [ 1433 ]
    snort[7305]: [ 1433 ]
    snort[7305]: PortVar 'MSSQL_PORTS' defined :
    snort[7305]: PortVar 'MSSQL_PORTS' defined :
    snort[7305]:
    snort[7305]:
    snort[7305]: [ 6665:6669 7000 ]
    snort[7305]: [ 6665:6669 7000 ]
    snort[7305]: PortVar 'IRC_PORTS' defined :
    snort[7305]: PortVar 'IRC_PORTS' defined :
    snort[7305]:
    snort[7305]:
    snort[7305]: [ 143 ]
    snort[7305]: [ 143 ]
    snort[7305]: PortVar 'IMAP_PORTS' defined :
    snort[7305]: PortVar 'IMAP_PORTS' defined :
    snort[7305]:
    snort[7305]:
    snort[7305]: [ 21 ]
    snort[7305]: [ 21 ]
    snort[7305]: PortVar 'FTP_PORTS' defined :
    snort[7305]: PortVar 'FTP_PORTS' defined :
    snort[7305]:
    snort[7305]:
    snort[7305]: [ 79 ]
    snort[7305]: [ 79 ]
    snort[7305]: PortVar 'FINGER_PORTS' defined :
    snort[7305]: PortVar 'FINGER_PORTS' defined :
    snort[7305]:
    snort[7305]:
    snort[7305]: [ 53 ]
    snort[7305]: [ 53 ]
    snort[7305]: PortVar 'DNS_PORTS' defined :
    snort[7305]: PortVar 'DNS_PORTS' defined :
    snort[7305]:
    snort[7305]:
    snort[7305]: [ 113 ]
    snort[7305]: [ 113 ]
    snort[7305]: PortVar 'AUTH_PORTS' defined :
    snort[7305]: PortVar 'AUTH_PORTS' defined :
    snort[7305]:
    snort[7305]:
    snort[7305]: [ 1521 ]
    snort[7305]: [ 1521 ]
    snort[7305]: PortVar 'ORACLE_PORTS' defined :
    snort[7305]: PortVar 'ORACLE_PORTS' defined :
    snort[7305]:
    snort[7305]:
    snort[7305]: [ 0:79 81:65535 ]
    snort[7305]: [ 0:79 81:65535 ]
    snort[7305]: PortVar 'SHELLCODE_PORTS' defined :
    snort[7305]: PortVar 'SHELLCODE_PORTS' defined :
    snort[7305]:
    snort[7305]:
    snort[7305]: [ 80 ]
    snort[7305]: [ 80 ]
    snort[7305]: PortVar 'HTTP_PORTS' defined :
    snort[7305]: PortVar 'HTTP_PORTS' defined :
    snort[7305]: Parsing Rules file /usr/local/etc/snort/snort.conf
    snort[7305]: Parsing Rules file /usr/local/etc/snort/snort.conf
    snort2c[7148]: SIGTERM received - exiting
    snort2c[7148]: SIGTERM received - exiting
    SnortStartup[7176]: Ram free BEFORE starting Snort: 60M – Ram free AFTER starting Snort: 60M -- Mode ac-bnfa -- Snort memory usage:
    snort2c[7148]: snort2c running in daemon mode pid: 7148
    snort2c[7148]: snort2c running in daemon mode pid: 7148
    snort[7143]: Daemon parent exiting
    snort[7143]: Daemon parent exiting
    snort[7143]: Child exited unexpectedly
    snort[7143]: Child exited unexpectedly
    snort[7144]: FATAL ERROR: Failed to Lock PID File "/var/run//snort_em0.pid" for PID "7144"
    snort[7144]: FATAL ERROR: Failed to Lock PID File "/var/run//snort_em0.pid" for PID "7144"
    snort[7144]: PID path stat checked out ok, PID path set to /var/run/
    snort[7144]: PID path stat checked out ok, PID path set to /var/run/
    snort[7143]: Initializing daemon mode
    snort[7143]: Initializing daemon mode
    snort[7143]: 0 out of 512 flowbits in use.
    snort[7143]: 0 out of 512 flowbits in use.
    snort[7143]: Log directory = /var/log/snort
    snort[7143]: Log directory = /var/log/snort
    snort[7143]: Rule application order: activation->dynamic->pass->drop->alert->log
    snort[7143]: Rule application order: activation->dynamic->pass->drop->alert->log
    snort[7143]: –-----------------------------------------------------------------------------
    snort[7143]: –-----------------------------------------------------------------------------
    snort[7143]: | none
    snort[7143]: | none
    snort[7143]: +–---------------------[suppression]–----------------------------------------
    snort[7143]: +–---------------------[suppression]–----------------------------------------
    snort[7143]: | none
    snort[7143]: | none
    snort[7143]: +–---------------------[thresholding-local]–---------------------------------
    snort[7143]: +–---------------------[thresholding-local]–---------------------------------
    snort[7143]: | none
    snort[7143]: | none
    snort[7143]: +–---------------------[thresholding-global]–--------------------------------
    snort[7143]: +–---------------------[thresholding-global]–--------------------------------
    snort[7143]: | memory-cap : 1048576 bytes
    snort[7143]: | memory-cap : 1048576 bytes
    snort[7143]: +–---------------------[thresholding-config]–--------------------------------
    snort[7143]: +–---------------------[thresholding-config]–--------------------------------
    snort[7143]:
    snort[7143]:
    snort[7143]: +–--------------------------------------------------------------------------
    snort[7143]: +–--------------------------------------------------------------------------
    snort[7143]: | s+d 0 0 0 0
    snort[7143]: | s+d 0 0 0 0

    log_snort_290509.txt



  • und hier noch ein log vom 07.05.2009

    snort[21987]: S5: Pruned 5 sessions from cache. 16 ssns for memcap: 94987/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 16 ssns for memcap: 94987/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 21 ssns for memcap: 8388213/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 21 ssns for memcap: 8388213/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 20 ssns for memcap: 8383672/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 20 ssns for memcap: 8383672/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 25 ssns for memcap: 8386927/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 25 ssns for memcap: 8386927/8388608
    snort[21987]: S5: Pruned 10 sessions from cache. 26 ssns for memcap: 8387286/8388608
    snort[21987]: S5: Pruned 10 sessions from cache. 26 ssns for memcap: 8387286/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 33 ssns for memcap: 8387612/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 33 ssns for memcap: 8387612/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 38 ssns for memcap: 8385784/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 38 ssns for memcap: 8385784/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 43 ssns for memcap: 8387403/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 43 ssns for memcap: 8387403/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 48 ssns for memcap: 8387462/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 48 ssns for memcap: 8387462/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 52 ssns for memcap: 8385574/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 52 ssns for memcap: 8385574/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 57 ssns for memcap: 8387219/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 57 ssns for memcap: 8387219/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 60 ssns for memcap: 8386529/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 60 ssns for memcap: 8386529/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 64 ssns for memcap: 8388325/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 64 ssns for memcap: 8388325/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 69 ssns for memcap: 8385646/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 69 ssns for memcap: 8385646/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 74 ssns for memcap: 8386844/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 74 ssns for memcap: 8386844/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 78 ssns for memcap: 8387124/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 78 ssns for memcap: 8387124/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 77 ssns for memcap: 8387095/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 77 ssns for memcap: 8387095/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 82 ssns for memcap: 8386155/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 82 ssns for memcap: 8386155/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 82 ssns for memcap: 8386473/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 82 ssns for memcap: 8386473/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 87 ssns for memcap: 8387367/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 87 ssns for memcap: 8387367/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 88 ssns for memcap: 8386568/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 88 ssns for memcap: 8386568/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 93 ssns for memcap: 8384253/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 93 ssns for memcap: 8384253/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 98 ssns for memcap: 8388220/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 98 ssns for memcap: 8388220/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 103 ssns for memcap: 8387404/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 103 ssns for memcap: 8387404/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 108 ssns for memcap: 8387989/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 108 ssns for memcap: 8387989/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 111 ssns for memcap: 8387583/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 111 ssns for memcap: 8387583/8388608
    snort[21987]: S5: Pruned 10 sessions from cache. 116 ssns for memcap: 8387810/8388608
    snort[21987]: S5: Pruned 10 sessions from cache. 116 ssns for memcap: 8387810/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 126 ssns for memcap: 8388578/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 126 ssns for memcap: 8388578/8388608
    snort[21987]: S5: Pruned 10 sessions from cache. 126 ssns for memcap: 8388193/8388608
    snort[21987]: S5: Pruned 10 sessions from cache. 126 ssns for memcap: 8388193/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 136 ssns for memcap: 8388374/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 136 ssns for memcap: 8388374/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 141 ssns for memcap: 8387881/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 141 ssns for memcap: 8387881/8388608
    snort[21987]: S5: Pruned 10 sessions from cache. 146 ssns for memcap: 8387570/8388608
    snort[21987]: S5: Pruned 10 sessions from cache. 146 ssns for memcap: 8387570/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 156 ssns for memcap: 8388461/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 156 ssns for memcap: 8388461/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 161 ssns for memcap: 8387376/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 161 ssns for memcap: 8387376/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 165 ssns for memcap: 8379370/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 165 ssns for memcap: 8379370/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 170 ssns for memcap: 8388040/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 170 ssns for memcap: 8388040/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 175 ssns for memcap: 8388416/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 175 ssns for memcap: 8388416/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 180 ssns for memcap: 8387592/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 180 ssns for memcap: 8387592/8388608
    snort[21987]: S5: Pruned 10 sessions from cache. 185 ssns for memcap: 8388341/8388608
    snort[21987]: S5: Pruned 10 sessions from cache. 185 ssns for memcap: 8388341/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 195 ssns for memcap: 8387631/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 195 ssns for memcap: 8387631/8388608
    snort[21987]: S5: Pruned 15 sessions from cache. 200 ssns for memcap: 8388580/8388608
    snort[21987]: S5: Pruned 15 sessions from cache. 200 ssns for memcap: 8388580/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 215 ssns for memcap: 8387963/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 215 ssns for memcap: 8387963/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 220 ssns for memcap: 8388289/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 220 ssns for memcap: 8388289/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 225 ssns for memcap: 8387970/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 225 ssns for memcap: 8387970/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 230 ssns for memcap: 8388171/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 230 ssns for memcap: 8388171/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 236 ssns for memcap: 8387577/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 236 ssns for memcap: 8387577/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 241 ssns for memcap: 8386007/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 241 ssns for memcap: 8386007/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 246 ssns for memcap: 8388450/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 246 ssns for memcap: 8388450/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 251 ssns for memcap: 8387539/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 251 ssns for memcap: 8387539/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 255 ssns for memcap: 8386725/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 255 ssns for memcap: 8386725/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 260 ssns for memcap: 8387335/8388608
    snort[21987]: S5: Pruned 5 sessions from cache. 260 ssns for memcap: 8387335/8388608
    snort2c[22003]: attack detected non-whitelisted ip: 195.47.35.134 blocked !
    snort2c[22003]: attack detected non-whitelisted ip: 195.47.35.134 blocked !
    snort2c[22003]: attack detected non-whitelisted ip: 213.236.208.156 blocked !
    snort2c[22003]: attack detected non-whitelisted ip: 213.236.208.156 blocked !
    snort2c[22003]: attack detected non-whitelisted ip: 213.236.208.156 blocked !
    snort2c[22003]: attack detected non-whitelisted ip: 213.236.208.156 blocked !
    snort[21987]: Not Using PCAP_FRAMES
    snort[21987]: Not Using PCAP_FRAMES
    snort[21987]: Snort initialization completed successfully (pid=21987)
    snort[21987]: Snort initialization completed successfully (pid=21987)
    snort[21987]: Daemon initialized, signaled parent pid: 21980
    snort[21987]: Daemon initialized, signaled parent pid: 21980
    snort[21980]: Daemon parent exiting
    snort[21980]: Daemon parent exiting
    snort[21987]: Writing PID "21987" to file "/var/run//snort_xl0.pid"
    snort[21987]: Writing PID "21987" to file "/var/run//snort_xl0.pid"
    snort[21987]: PID path stat checked out ok, PID path set to /var/run/
    snort[21987]: PID path stat checked out ok, PID path set to /var/run/
    snort[21980]: 0 out of 512 flowbits in use.
    snort[21980]: 0 out of 512 flowbits in use.
    snort[21980]: Log directory = /var/log/snort
    snort[21980]: Log directory = /var/log/snort
    snort[21980]: Rule application order: activation->dynamic->pass->drop->alert->log
    snort[21980]: Rule application order: activation->dynamic->pass->drop->alert->log
    snort[21980]: –-----------------------------------------------------------------------------
    snort[21980]: –-----------------------------------------------------------------------------
    snort[21980]: | none
    snort[21980]: | none
    snort[21980]: +–---------------------[suppression]–----------------------------------------
    snort[21980]: +–---------------------[suppression]–----------------------------------------
    snort[21980]: | none
    snort[21980]: | none
    snort[21980]: +–---------------------[thresholding-local]–---------------------------------
    snort[21980]: +–---------------------[thresholding-local]–---------------------------------
    snort[21980]: | none
    snort[21980]: | none
    snort[21980]: +–---------------------[thresholding-global]–--------------------------------
    snort[21980]: +–---------------------[thresholding-global]–--------------------------------
    snort[21980]: | memory-cap : 1048576 bytes
    snort[21980]: | memory-cap : 1048576 bytes
    snort[21980]: +–---------------------[thresholding-config]–--------------------------------
    snort[21980]: +–---------------------[thresholding-config]–--------------------------------
    snort[21980]:
    snort[21980]:
    snort[21980]: +–-----------------[Rule Port Counts]–------------------------------------- | tcp udp icmp ip | src 0 0 0 0 | dst 0 0 0 0 | any 0 0 0 0 | nc 0 0 0 0 | s+d 0 0 0 0 +----------------------------------------------------------------------------
    snort[21980]: +–-----------------[Rule Port Counts]–------------------------------------- | tcp udp icmp ip | src 0 0 0 0 | dst 0 0 0 0 | any 0 0 0 0 | nc 0 0 0 0 | s+d 0 0 0 0 +----------------------------------------------------------------------------
    snort[21980]:
    snort[21980]:
    snort[21980]: 53
    snort[21980]: 53
    snort[21980]: Ports:
    snort[21980]: Ports:
    snort[21980]: Experimental DNS RR Types Alert: INACTIVE
    snort[21980]: Experimental DNS RR Types Alert: INACTIVE
    snort[21980]: Obsolete DNS RR Types Alert: INACTIVE
    snort[21980]: Obsolete DNS RR Types Alert: INACTIVE
    snort[21980]: DNS Client rdata txt Overflow Alert: ACTIVE
    snort[21980]: DNS Client rdata txt Overflow Alert: ACTIVE
    snort[21980]: DNS config:
    snort[21980]: DNS config:
    snort[21980]:
    snort[21980]:
    snort[21980]: Alert if memcap exceeded DISABLED
    snort[21980]: Alert if memcap exceeded DISABLED
    snort[21980]: Memcap: 100000 KB
    snort[21980]: Memcap: 100000 KB
    snort[21980]: Max Frag Size: 3000 bytes
    snort[21980]: Max Frag Size: 3000 bytes
    snort[21980]: DCE/RPC fragmentation ENABLED
    snort[21980]: DCE/RPC fragmentation ENABLED
    snort[21980]: SMB fragmentation ENABLED
    snort[21980]: SMB fragmentation ENABLED
    snort[21980]: Autodetect ports ENABLED
    snort[21980]: Autodetect ports ENABLED
    snort[21980]: DCE/RPC Decoder config:
    snort[21980]: DCE/RPC Decoder config:
    snort[21980]: Alert on commands: None
    snort[21980]: Alert on commands: None
    snort[21980]: Drop on X-Link2State Alert: No
    snort[21980]: Drop on X-Link2State Alert: No
    snort[21980]: X-Link2State Alert: Yes
    snort[21980]: X-Link2State Alert: Yes
    snort[21980]: Max Response Line Length: 512
    snort[21980]: Max Response Line Length: 512
    snort[21980]: Max Header Line Length: 1000
    snort[21980]: Max Header Line Length: 1000
    snort[21980]: PIPELINING:246 CHUNKING:246 DSN:246 XQUEU:246
    snort[21980]: PIPELINING:246 CHUNKING:246 DSN:246 XQUEU:246
    snort[21980]: XLICENSE:246 X-LINK2STATE:246 XSTA:246 XTRN:246 XUSR:246
    snort[21980]: XLICENSE:246 X-LINK2STATE:246 XSTA:246 XTRN:246 XUSR:246
    snort[21980]: XADR:246 XAUTH:246 XCIR:246 XEXCH50:246 XGEN:246
    snort[21980]: XADR:246 XAUTH:246 XCIR:246 XEXCH50:246 XGEN:246
    snort[21980]: TURN:246 TURNME:246 VERB:246 VRFY:255 X-EXPS:246
    snort[21980]: TURN:246 TURNME:246 VERB:246 VRFY:255 X-EXPS:246
    snort[21980]: SIZE:255 STARTTLS:246 SOML:246 TICK:246 TIME:246
    snort[21980]: SIZE:255 STARTTLS:246 SOML:246 TICK:246 TIME:246
    snort[21980]: QUIT:246 RCPT:300 RSET:246 SAML:246 SEND:246
    snort[21980]: QUIT:246 RCPT:300 RSET:246 SAML:246 SEND:246
    snort[21980]: IDENT:255 MAIL:260 NOOP:255 ONEX:246 QUEU:246
    snort[21980]: IDENT:255 MAIL:260 NOOP:255 ONEX:246 QUEU:246
    snort[21980]: ETRN:246 EVFY:255 EXPN:255 HELO:500 HELP:500
    snort[21980]: ETRN:246 EVFY:255 EXPN:255 HELO:500 HELP:500
    snort[21980]: EHLO:500 EMAL:255 ESAM:255 ESND:255 ESOM:255
    snort[21980]: EHLO:500 EMAL:255 ESAM:255 ESND:255 ESOM:255
    snort[21980]: ATRN:255 AUTH:246 BDAT:255 DATA:246 DEBUG:255
    snort[21980]: ATRN:255 AUTH:246 BDAT:255 DATA:246 DEBUG:255
    snort[21980]: Max Specific Command Line Length:
    snort[21980]: Max Specific Command Line Length:
    snort[21980]: Max Command Line Length: Unlimited
    snort[21980]: Max Command Line Length: Unlimited
    snort[21980]: Ignore SMTP Alerts: No
    snort[21980]: Ignore SMTP Alerts: No
    snort[21980]: Ignore TLS Data: No
    snort[21980]: Ignore TLS Data: No
    snort[21980]: Ignore Data: No
    snort[21980]: Ignore Data: No
    snort[21980]: Normalize: ATRN AUTH BDAT DATA DEBUG EHLO EMAL ESAM ESND ESOM ETRN EVFY EXPN HELO HELP IDENT MAIL NOOP ONEX QUEU QUIT RCPT RSET SAML SEND SIZE STARTTLS SOML TICK TIME TURN TURNME VERB VRFY X-EXPS XADR XAUTH XCIR XEXCH50 XGEN XLICENSE X-LINK2STATE XSTA XTRN XUSR PIPELINING CHUNKING DSN XQUEU
    snort[21980]: Normalize: ATRN AUTH BDAT DATA DEBUG EHLO EMAL ESAM ESND ESOM ETRN EVFY EXPN HELO HELP IDENT MAIL NOOP ONEX QUEU QUIT RCPT RSET SAML SEND SIZE STARTTLS SOML TICK TIME TURN TURNME VERB VRFY X-EXPS XADR XAUTH XCIR XEXCH50 XGEN XLICENSE X-LINK2STATE XSTA XTRN XUSR PIPELINING CHUNKING DSN XQUEU
    snort[21980]: Inspection Type: Stateful
    snort[21980]: Inspection Type: Stateful
    snort[21980]: Ports: 25 465 691
    snort[21980]: Ports: 25 465 691
    snort[21980]: SMTP Config:
    snort[21980]: SMTP Config:
    snort[21980]: Max Response Length: 100
    snort[21980]: Max Response Length: 100
    snort[21980]: Check for Telnet Cmds: OFF
    snort[21980]: Check for Telnet Cmds: OFF
    snort[21980]: Check for Bounce Attacks: OFF
    snort[21980]: Check for Bounce Attacks: OFF
    snort[21980]: FTP Client: default
    snort[21980]: FTP Client: default
    snort[21980]: Identify open data channels: NO
    snort[21980]: Identify open data channels: NO
    snort[21980]: Check for Telnet Cmds: OFF
    snort[21980]: Check for Telnet Cmds: OFF
    snort[21980]: Ports: 21
    snort[21980]: Ports: 21
    snort[21980]: FTP Server: default
    snort[21980]: FTP Server: default
    snort[21980]: FTP CONFIG:
    snort[21980]: FTP CONFIG:
    snort[21980]: Continue to check encrypted data: NO
    snort[21980]: Continue to check encrypted data: NO
    snort[21980]: Check for Encrypted Traffic: OFF
    snort[21980]: Check for Encrypted Traffic: OFF
    snort[21980]: Inspection Type: stateless
    snort[21980]: Inspection Type: stateless
    snort[21980]: GLOBAL CONFIG
    snort[21980]: GLOBAL CONFIG
    snort[21980]: FTPTelnet Config:
    snort[21980]: FTPTelnet Config:
    snort[21980]: done
    snort[21980]: done
    snort[21980]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_ssh_preproc.so…
    snort[21980]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_ssh_preproc.so…
    snort[21980]: done
    snort[21980]: done
    snort[21980]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_smtp_preproc.so…
    snort[21980]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_smtp_preproc.so…
    snort[21980]: done
    snort[21980]: done
    snort[21980]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_ftptelnet_preproc.so…
    snort[21980]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_ftptelnet_preproc.so…
    snort[21980]: done
    snort[21980]: done
    snort[21980]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_dns_preproc.so…
    snort[21980]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_dns_preproc.so…
    snort[21980]: done
    snort[21980]: done
    snort[21980]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_dcerpc_preproc.so…
    snort[21980]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_dcerpc_preproc.so…
    snort[21980]: done
    snort[21980]: done
    snort[21980]: Loading dynamic engine /usr/local/lib/snort/dynamicengine/libsf_engine.so…
    snort[21980]: Loading dynamic engine /usr/local/lib/snort/dynamicengine/libsf_engine.so…
    snort[21980]: Tagged Packet Limit: 256
    snort[21980]: command line overrides rules file alert plugin!
    snort[21980]: Tagged Packet Limit: 256
    snort[21980]: command line overrides rules file alert plugin!
    snort[21980]: command line overrides rules file alert plugin!
    snort[21980]:
    snort[21980]: command line overrides rules file alert plugin!
    snort[21980]:
    snort[21980]:
    snort[21980]:
    snort[21980]: 127.0.0.1 / 255.255.255.255
    snort[21980]: 127.0.0.1 / 255.255.255.255
    snort[21980]:
    snort[21980]:
    snort[21980]: 172.XXX.XXX.XXX / 255.255.255.255
    snort[21980]: 172.XXX.XXX.XXX / 255.255.255.255
    snort[21980]:
    snort[21980]:
    snort[21980]: 172.XXX.XXX.XXX / 255.255.255.255
    snort[21980]: 172.XXX.XXX.XXX / 255.255.255.255
    snort[21980]:
    snort[21980]:
    snort[21980]: 172.XXX.XXX.XXX / 255.255.255.255
    snort[21980]: 172.XXX.XXX.XXX / 255.255.255.255
    snort[21980]:
    snort[21980]:
    snort[21980]: 172.XXX.XXX.XXX / 255.255.0.0
    snort[21980]: 172.XXX.XXX.XXX / 255.255.0.0
    snort[21980]: Ignore Scanner IP List:
    snort[21980]: Ignore Scanner IP List:
    snort[21980]: Number of Nodes: 3869
    snort[21980]: Number of Nodes: 3869
    snort[21980]: Memcap (in bytes): 1048576
    snort[21980]: Memcap (in bytes): 1048576
    snort[21980]: Sensitivity Level: Low
    snort[21980]: Sensitivity Level: Low
    snort[21980]: Detect Scan Type: portscan portsweep decoy_portscan distributed_portscan
    snort[21980]: Detect Scan Type: portscan portsweep decoy_portscan distributed_portscan
    snort[21980]: Detect Protocols: TCP UDP ICMP IP
    snort[21980]: Detect Protocols: TCP UDP ICMP IP
    snort[21980]: Portscan Detection Config:
    snort[21980]: Portscan Detection Config:
    snort[21980]: alert_multiple_requests: ACTIVE
    snort[21980]: alert_multiple_requests: ACTIVE
    snort[21980]: alert_incomplete: ACTIVE
    snort[21980]: alert_incomplete: ACTIVE
    snort[21980]: alert_large_fragments: ACTIVE
    snort[21980]: alert_large_fragments: ACTIVE
    snort[21980]: alert_fragments: INACTIVE
    snort[21980]: alert_fragments: INACTIVE
    snort[21980]: Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779
    snort[21980]: Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779
    snort[21980]: rpc_decode arguments:
    snort[21980]: rpc_decode arguments:
    snort[21980]: Whitespace Characters: 0x09 0x0b 0x0c 0x0d
    snort[21980]: Whitespace Characters: 0x09 0x0b 0x0c 0x0d
    snort[21980]: Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07
    snort[21980]: Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07
    snort[21980]: IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
    snort[21980]: IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
    snort[21980]: IIS Delimiter: YES alert: YES
    snort[21980]: IIS Delimiter: YES alert: YES
    snort[21980]: Apache WhiteSpace: YES alert: YES
    snort[21980]: Apache WhiteSpace: YES alert: YES
    snort[21980]: Web Root Traversal: YES alert: YES
    snort[21980]: Web Root Traversal: YES alert: YES
    snort[21980]: Directory Traversal: YES alert: NO
    snort[21980]: Directory Traversal: YES alert: NO
    snort[21980]: IIS Backslash: YES alert: NO
    snort[21980]: IIS Backslash: YES alert: NO
    snort[21980]: Multiple Slash: YES alert: NO
    snort[21980]: Multiple Slash: YES alert: NO
    snort[21980]: IIS Unicode: YES alert: YES
    snort[21980]: IIS Unicode: YES alert: YES
    snort[21980]: UTF 8: YES alert: NO
    snort[21980]: UTF 8: YES alert: NO
    snort[21980]: Base36: OFF
    snort[21980]: Base36: OFF
    snort[21980]: Bare Byte: YES alert: YES
    snort[21980]: Bare Byte: YES alert: YES
    snort[21980]: %U Encoding: YES alert: YES
    snort[21980]: %U Encoding: YES alert: YES
    snort[21980]: Double Decoding: YES alert: YES
    snort[21980]: Double Decoding: YES alert: YES
    snort[21980]: Ascii: YES alert: NO
    snort[21980]: Ascii: YES alert: NO
    snort[21980]: Only inspect URI: NO
    snort[21980]: Only inspect URI: NO
    snort[21980]: Oversize Dir Length: 0
    snort[21980]: Oversize Dir Length: 0
    snort[21980]: Disable Alerting: YES
    snort[21980]: Disable Alerting: YES
    snort[21980]: Allow Proxy Usage: NO
    snort[21980]: Allow Proxy Usage: NO
    snort[21980]: URI Discovery Strict Mode: NO
    snort[21980]: URI Discovery Strict Mode: NO
    snort[21980]: Inspect Pipeline Requests: YES
    snort[21980]: Inspect Pipeline Requests: YES
    snort[21980]: Max Header Field Length: 0
    snort[21980]: Max Header Field Length: 0
    snort[21980]: Max Chunk Length: 500000
    snort[21980]: Max Chunk Length: 500000
    snort[21980]: Flow Depth: 0
    snort[21980]: Flow Depth: 0
    snort[21980]: Ports: 80 3128 8080
    snort[21980]: Ports: 80 3128 8080
    snort[21980]: Server profile: All
    snort[21980]: Server profile: All
    snort[21980]: DEFAULT SERVER CONFIG:
    snort[21980]: DEFAULT SERVER CONFIG:
    snort[21980]: IIS Unicode Map Codepage: 1252
    snort[21980]: IIS Unicode Map Codepage: 1252
    snort[21980]: IIS Unicode Map Filename: /usr/local/etc/snort/unicode.map
    snort[21980]: IIS Unicode Map Filename: /usr/local/etc/snort/unicode.map
    snort[21980]: Detect Proxy Usage: NO
    snort[21980]: Detect Proxy Usage: NO
    snort[21980]: Inspection Type: STATELESS
    snort[21980]: Inspection Type: STATELESS
    snort[21980]: Max Pipeline Requests: 0
    snort[21980]: Max Pipeline Requests: 0
    snort[21980]: GLOBAL CONFIG
    snort[21980]: GLOBAL CONFIG
    snort[21980]: HttpInspect Config:
    snort[21980]: HttpInspect Config:
    snort[21980]: Timeout: 30 seconds
    snort[21980]: Timeout: 30 seconds
    snort[21980]: Stream5 ICMP Policy config:
    snort[21980]: Stream5 ICMP Policy config:
    snort[21980]: Timeout: 30 seconds
    snort[21980]: Timeout: 30 seconds
    snort[21980]: Stream5 UDP Policy config:
    snort[21980]: Stream5 UDP Policy config:
    snort[21980]: 19 client (Footprint) server (Footprint)
    snort[21980]: 19 client (Footprint) server (Footprint)
    snort[21980]: 18 client (Footprint) server (Footprint)
    snort[21980]: 18 client (Footprint) server (Footprint)
    snort[21980]: 17 client (Footprint) server (Footprint)
    snort[21980]: 17 client (Footprint) server (Footprint)
    snort[21980]: 16 client (Footprint) server (Footprint)
    snort[21980]: 16 client (Footprint) server (Footprint)
    snort[21980]: 15 client (Footprint) server (Footprint)
    snort[21980]: 15 client (Footprint) server (Footprint)
    snort[21980]: 14 client (Footprint) server (Footprint)
    snort[21980]: 14 client (Footprint) server (Footprint)
    snort[21980]: 13 client (Footprint) server (Footprint)
    snort[21980]: 13 client (Footprint) server (Footprint)
    snort[21980]: 12 client (Footprint) server (Footprint)
    snort[21980]: 12 client (Footprint) server (Footprint)
    snort[21980]: 11 client (Footprint) server (Footprint)
    snort[21980]: 11 client (Footprint) server (Footprint)
    snort[21980]: 10 client (Footprint) server (Footprint)
    snort[21980]: 10 client (Footprint) server (Footprint)
    snort[21980]: 9 client (Footprint) server (Footprint)
    snort[21980]: 9 client (Footprint) server (Footprint)
    snort[21980]: 8 client (Footprint) server (Footprint)
    snort[21980]: 8 client (Footprint) server (Footprint)
    snort[21980]: 7 client (Footprint) server (Footprint)
    snort[21980]: 7 client (Footprint) server (Footprint)
    snort[21980]: 6 client (Footprint) server (Footprint)
    snort[21980]: 6 client (Footprint) server (Footprint)
    snort[21980]: 5 client (Footprint) server (Footprint)
    snort[21980]: 5 client (Footprint) server (Footprint)
    snort[21980]: 4 client (Footprint) server (Footprint)
    snort[21980]: 4 client (Footprint) server (Footprint)
    snort[21980]: 3 client (Footprint) server (Footprint)
    snort[21980]: 3 client (Footprint) server (Footprint)
    snort[21980]: 2 client (Footprint) server (Footprint)
    snort[21980]: 2 client (Footprint) server (Footprint)
    snort[21980]: 1 client (Footprint) server (Footprint)
    snort[21980]: 1 client (Footprint) server (Footprint)
    snort[21980]: 0 client (Footprint) server (Footprint)
    snort[21980]: 0 client (Footprint) server (Footprint)
    snort[21980]: Reassembly Ports:
    snort[21980]: Reassembly Ports:
    snort[21980]: Static Flushpoint Sizes: YES
    snort[21980]: Static Flushpoint Sizes: YES
    snort[21980]: Options:
    snort[21980]: Options:
    snort[21980]: Min ttl: 1
    snort[21980]: Min ttl: 1
    snort[21980]: Timeout: 30 seconds
    snort[21980]: Timeout: 30 seconds
    snort[21980]: Reassembly Policy: BSD
    snort[21980]: Reassembly Policy: BSD
    snort[21980]: Stream5 TCP Policy config:
    snort[21980]: Stream5 TCP Policy config:
    snort[21980]: Max ICMP sessions: 65536
    snort[21980]: Max ICMP sessions: 65536
    snort[21980]: Track ICMP sessions: ACTIVE
    snort[21980]: Track ICMP sessions: ACTIVE
    snort[21980]: Max UDP sessions: 131072
    snort[21980]: Max UDP sessions: 131072
    snort[21980]: Track UDP sessions: ACTIVE
    snort[21980]: Track UDP sessions: ACTIVE
    snort[21980]: Memcap (for reassembly packet storage): 8388608
    snort[21980]: Memcap (for reassembly packet storage): 8388608
    snort[21980]: Max TCP sessions: 8192
    snort[21980]: Max TCP sessions: 8192
    snort[21980]: Track TCP sessions: ACTIVE
    snort[21980]: Track TCP sessions: ACTIVE
    snort[21980]: Stream5 global config:
    snort[21980]: Stream5 global config:
    snort[21980]: Fragment Problems: 1
    snort[21980]: Fragment Problems: 1
    snort[21980]: Fragment ttl_limit (not used): 5
    snort[21980]: Fragment ttl_limit (not used): 5
    snort[21980]: Fragment min_ttl: 1
    snort[21980]: Fragment min_ttl: 1
    snort[21980]: Fragment timeout: 60 seconds
    snort[21980]: Fragment timeout: 60 seconds
    snort[21980]: Target-based policy: LAST
    snort[21980]: Target-based policy: LAST
    snort[21980]: Frag3 engine config:
    snort[21980]: Frag3 engine config:
    snort[21980]: Fragment memory cap: 4194304 bytes
    snort[21980]: Fragment memory cap: 4194304 bytes
    snort[21980]: Max frags: 8192
    snort[21980]: Max frags: 8192
    snort[21980]: Frag3 global config:
    snort[21980]: Frag3 global config:
    snort[21980]: Search-Method = AC-BNFA-Q
    snort[21980]: Search-Method = AC-BNFA-Q
    snort[21980]: Detection:
    snort[21980]: Detection:
    snort[21980]:
    snort[21980]:
    snort[21980]: [ 25 443 465 636 993 995 ]
    snort[21980]: [ 25 443 465 636 993 995 ]
    snort[21980]: PortVar 'SSL_PORTS' defined :
    snort[21980]: PortVar 'SSL_PORTS' defined :
    snort[21980]:
    snort[21980]:
    snort[21980]: [ 25 143 465 691 ]
    snort[21980]: [ 25 143 465 691 ]
    snort[21980]: PortVar 'MAIL_PORTS' defined :
    snort[21980]: PortVar 'MAIL_PORTS' defined :
    snort[21980]:
    snort[21980]:
    snort[21980]: [ 23 ]
    snort[21980]: [ 23 ]
    snort[21980]: PortVar 'TELNET_PORTS' defined :
    snort[21980]: PortVar 'TELNET_PORTS' defined :
    snort[21980]:
    snort[21980]:
    snort[21980]: [ XXX ]
    snort[21980]: [ XXX ]
    snort[21980]: PortVar 'SSH_PORTS' defined :
    snort[21980]: PortVar 'SSH_PORTS' defined :
    snort[21980]:
    snort[21980]:
    snort[21980]: [ 161 ]
    snort[21980]: [ 161 ]
    snort[21980]: PortVar 'SNMP_PORTS' defined :
    snort[21980]: PortVar 'SNMP_PORTS' defined :
    snort[21980]:
    snort[21980]:
    snort[21980]: [ 25 ]
    snort[21980]: [ 25 ]
    snort[21980]: PortVar 'SMTP_PORTS' defined :
    snort[21980]: PortVar 'SMTP_PORTS' defined :
    snort[21980]:
    snort[21980]:
    snort[21980]: [ 139 445 ]
    snort[21980]: [ 139 445 ]
    snort[21980]: PortVar 'SMB_PORTS' defined :
    snort[21980]: PortVar 'SMB_PORTS' defined :
    snort[21980]:
    snort[21980]:
    snort[21980]: [ 514 ]
    snort[21980]: [ 514 ]
    snort[21980]: PortVar 'RSH_PORTS' defined :
    snort[21980]: PortVar 'RSH_PORTS' defined :
    snort[21980]:
    snort[21980]:
    snort[21980]: [ 513 ]
    snort[21980]: [ 513 ]
    snort[21980]: PortVar 'RLOGIN_PORTS' defined :
    snort[21980]: PortVar 'RLOGIN_PORTS' defined :
    snort[21980]:
    snort[21980]:
    snort[21980]: [ 111 32770:32779 ]
    snort[21980]: [ 111 32770:32779 ]
    snort[21980]: PortVar 'SUNRPC_PORTS' defined :
    snort[21980]: PortVar 'SUNRPC_PORTS' defined :
    snort[21980]:
    snort[21980]:
    snort[21980]: [ 110 ]
    snort[21980]: [ 110 ]
    snort[21980]: PortVar 'POP3_PORTS' defined :
    snort[21980]: PortVar 'POP3_PORTS' defined :
    snort[21980]:
    snort[21980]:
    snort[21980]: [ 109 ]
    snort[21980]: [ 109 ]
    snort[21980]: PortVar 'POP2_PORTS' defined :
    snort[21980]: PortVar 'POP2_PORTS' defined :
    snort[21980]:
    snort[21980]:
    snort[21980]: [ 119 ]
    snort[21980]: [ 119 ]
    snort[21980]: PortVar 'NNTP_PORTS' defined :
    snort[21980]: PortVar 'NNTP_PORTS' defined :
    snort[21980]:
    snort[21980]:
    snort[21980]: [ 1433 ]
    snort[21980]: [ 1433 ]
    snort[21980]: PortVar 'MSSQL_PORTS' defined :
    snort[21980]: PortVar 'MSSQL_PORTS' defined :
    snort[21980]:
    snort[21980]:
    snort[21980]: [ 6665:6669 7000 ]
    snort[21980]: [ 6665:6669 7000 ]
    snort[21980]: PortVar 'IRC_PORTS' defined :
    snort[21980]: PortVar 'IRC_PORTS' defined :
    snort[21980]:
    snort[21980]:
    snort[21980]: [ 143 ]
    snort[21980]: [ 143 ]
    snort[21980]: PortVar 'IMAP_PORTS' defined :
    snort[21980]: PortVar 'IMAP_PORTS' defined :
    snort[21980]:
    snort[21980]:
    snort[21980]: [ 21 ]
    snort[21980]: [ 21 ]
    snort[21980]: PortVar 'FTP_PORTS' defined :
    snort[21980]: PortVar 'FTP_PORTS' defined :
    snort[21980]:
    snort[21980]:
    snort[21980]: [ 79 ]
    snort[21980]: [ 79 ]
    snort[21980]: PortVar 'FINGER_PORTS' defined :
    snort[21980]: PortVar 'FINGER_PORTS' defined :
    snort[21980]:
    snort[21980]:
    snort[21980]: [ 53 ]
    snort[21980]: [ 53 ]
    snort[21980]: PortVar 'DNS_PORTS' defined :
    snort[21980]: PortVar 'DNS_PORTS' defined :
    snort[21980]:
    snort[21980]:
    snort[21980]: [ 113 ]
    snort[21980]: [ 113 ]
    snort[21980]: PortVar 'AUTH_PORTS' defined :
    snort[21980]: PortVar 'AUTH_PORTS' defined :
    snort[21980]:
    snort[21980]:
    snort[21980]: [ 1521 ]
    snort[21980]: [ 1521 ]
    snort[21980]: PortVar 'ORACLE_PORTS' defined :
    snort[21980]: PortVar 'ORACLE_PORTS' defined :
    snort[21980]:
    snort[21980]:
    snort[21980]: [ 0:79 81:65535 ]
    snort[21980]: [ 0:79 81:65535 ]
    snort[21980]: PortVar 'SHELLCODE_PORTS' defined :
    snort[21980]: PortVar 'SHELLCODE_PORTS' defined :
    snort[21980]:
    snort[21980]:
    snort[21980]: [ 80 ]
    snort[21980]: [ 80 ]
    snort[21980]: PortVar 'HTTP_PORTS' defined :
    snort[21980]: PortVar 'HTTP_PORTS' defined :
    snort[21980]: Parsing Rules file /usr/local/etc/snort/snort.conf
    snort[21980]: Parsing Rules file /usr/local/etc/snort/snort.conf
    snort[52032]: Snort exiting
    snort[52032]: Snort exiting
    snort[52032]: ===============================================================================
    snort[52032]: ===============================================================================
    snort[52032]: Total packets processed: 12855573
    snort[52032]: Total packets processed: 12855573
    snort[52032]: Self-referencing paths ("./"): 0
    snort[52032]: Self-referencing paths ("./"): 0
    snort[52032]: Extra slashes ("//"): 214
    snort[52032]: Extra slashes ("//"): 214
    snort[52032]: Directory traversals: 0
    snort[52032]: Directory traversals: 0
    snort[52032]: Base 36: 0
    snort[52032]: Base 36: 0
    snort[52032]: Non-ASCII representable: 4914
    snort[52032]: Non-ASCII representable: 4914
    snort[52032]: Double unicode: 0
    snort[52032]: Double unicode: 0
    snort[52032]: Unicode: 166
    snort[52032]: Unicode: 166
    snort[52032]: Post parameters extracted: 100
    snort[52032]: Post parameters extracted: 100
    snort[52032]: GET methods: 2277
    snort[52032]: GET methods: 2277
    snort[52032]: POST methods: 195
    snort[52032]: POST methods: 195
    snort[52032]: HTTP Inspect - encodings (Note: stream-reassembled packets included):
    snort[52032]: HTTP Inspect - encodings (Note: stream-reassembled packets included):
    snort[52032]: ===============================================================================
    snort[52032]: ===============================================================================
    snort[52032]: Events: 0
    snort[52032]: Events: 0
    snort[52032]: UDP Discards: 0
    snort[52032]: UDP Discards: 0
    snort[52032]: UDP Timeouts: 217
    snort[52032]: UDP Timeouts: 217
    snort[52032]: UDP Sessions Deleted: 16298
    snort[52032]: UDP Sessions Deleted: 16298
    snort[52032]: UDP Sessions Created: 16298
    snort[52032]: UDP Sessions Created: 16298
    snort[52032]: TCP Discards: 310272
    snort[52032]: TCP Discards: 310272
    snort[52032]: TCP Segments Used: 8764130
    snort[52032]: TCP Segments Used: 8764130
    snort[52032]: TCP Rebuilt Packets: 3769643
    snort[52032]: TCP Rebuilt Packets: 3769643
    snort[52032]: TCP Segments Released: 8774120
    snort[52032]: TCP Segments Released: 8774120
    snort[52032]: TCP Segments Queued: 8774120
    snort[52032]: TCP Segments Queued: 8774120
    snort[52032]: TCP Overlaps: 275636
    snort[52032]: TCP Overlaps: 275636
    snort[52032]: TCP Timeouts: 2797
    snort[52032]: TCP Timeouts: 2797
    snort[52032]: TCP StreamTrackers Deleted: 17427
    snort[52032]: TCP StreamTrackers Deleted: 17427
    snort[52032]: TCP StreamTrackers Created: 17427
    snort[52032]: TCP StreamTrackers Created: 17427
    snort[52032]: ICMP Prunes: 0
    snort[52032]: ICMP Prunes: 0
    snort[52032]: UDP Prunes: 0
    snort[52032]: UDP Prunes: 0
    snort[52032]: TCP Prunes: 0
    snort[52032]: TCP Prunes: 0
    snort[52032]: ICMP sessions: 0
    snort[52032]: ICMP sessions: 0
    snort[52032]: UDP sessions: 16081
    snort[52032]: UDP sessions: 16081
    snort[52032]: TCP sessions: 14949
    snort[52032]: TCP sessions: 14949
    snort[52032]: Total sessions: 31030
    snort[52032]: Total sessions: 31030
    snort[52032]: Stream5 statistics:
    snort[52032]: Stream5 statistics:
    snort[52032]: ===============================================================================
    snort[52032]: ===============================================================================
    snort[52032]: Frag Nodes Deleted: 0
    snort[52032]: Frag Nodes Deleted: 0
    snort[52032]: Frag Nodes Inserted: 0
    snort[52032]: Frag Nodes Inserted: 0
    snort[52032]: FragTrackers Auto Freed: 0
    snort[52032]: FragTrackers Auto Freed: 0
    snort[52032]: FragTrackers Dumped: 0
    snort[52032]: FragTrackers Dumped: 0
    snort[52032]: FragTrackers Added: 0
    snort[52032]: FragTrackers Added: 0
    snort[52032]: Alerts: 0
    snort[52032]: Alerts: 0
    snort[52032]: Anomalies: 0
    snort[52032]: Anomalies: 0
    snort[52032]: Overlaps: 0
    snort[52032]: Overlaps: 0
    snort[52032]: Timeouts: 0
    snort[52032]: Timeouts: 0
    snort[52032]: Memory Faults: 0
    snort[52032]: Memory Faults: 0
    snort[52032]: Discards: 0
    snort[52032]: Discards: 0
    snort[52032]: Frags Reassembled: 0
    snort[52032]: Frags Reassembled: 0
    snort[52032]: Total Fragments: 0
    snort[52032]: Total Fragments: 0
    snort[52032]: Frag3 statistics:
    snort[52032]: Frag3 statistics:
    snort[52032]: ===============================================================================
    snort[52032]: ===============================================================================
    snort[52032]: PASSED: 0
    snort[52032]: PASSED: 0
    snort[52032]: LOGGED: 8
    snort[52032]: LOGGED: 8
    snort[52032]: ALERTS: 8
    snort[52032]: ALERTS: 8
    snort[52032]: Action Stats:
    snort[52032]: Action Stats:
    snort[52032]: ===============================================================================
    snort[52032]: ===============================================================================
    snort[52032]: Total: 15704925
    snort[52032]: Total: 15704925
    snort[52032]: S5 G 2: 8828 (0.056%)
    snort[52032]: S5 G 2: 8828 (0.056%)
    snort[52032]: S5 G 1: 8483 (0.054%)
    snort[52032]: S5 G 1: 8483 (0.054%)
    snort[52032]: InvChkSum: 32 (0.000%)
    snort[52032]: InvChkSum: 32 (0.000%)
    snort[52032]: DISCARD: 0 (0.000%)
    snort[52032]: DISCARD: 0 (0.000%)
    snort[52032]: OTHER: 2700 (0.017%)
    snort[52032]: OTHER: 2700 (0.017%)
    snort[52032]: IPX: 0 (0.000%)
    snort[52032]: IPX: 0 (0.000%)
    snort[52032]: ETHLOOP: 0 (0.000%)
    snort[52032]: ETHLOOP: 0 (0.000%)
    snort[52032]: EAPOL: 0 (0.000%)
    snort[52032]: EAPOL: 0 (0.000%)
    snort[52032]: ARP: 318 (0.002%)
    snort[52032]: ARP: 318 (0.002%)
    snort[52032]: FRAG 6: 0 (0.000%)
    snort[52032]: FRAG 6: 0 (0.000%)
    snort[52032]: FRAG: 0 (0.000%)
    snort[52032]: FRAG: 0 (0.000%)
    snort[52032]: ICMPdis: 0 (0.000%)
    snort[52032]: ICMPdis: 0 (0.000%)
    snort[52032]: UDPdisc: 0 (0.000%)
    snort[52032]: UDPdisc: 0 (0.000%)
    snort[52032]: TCPdisc: 0 (0.000%)
    snort[52032]: TCPdisc: 0 (0.000%)
    snort[52032]: ICMP: 11307 (0.072%)
    snort[52032]: ICMP: 11307 (0.072%)
    snort[52032]: UDP: 26604 (0.169%)
    snort[52032]: UDP: 26604 (0.169%)
    snort[52032]: TCP: 15646685 (99.629%)
    snort[52032]: TCP: 15646685 (99.629%)
    snort[52032]: ICMP-IP: 0 (0.000%)
    snort[52032]: ICMP-IP: 0 (0.000%)
    snort[52032]: ICMP6: 0 (0.000%)
    snort[52032]: ICMP6: 0 (0.000%)
    snort[52032]: UDP 6: 0 (0.000%)
    snort[52032]: UDP 6: 0 (0.000%)
    snort[52032]: TCP 6: 0 (0.000%)
    snort[52032]: TCP 6: 0 (0.000%)
    snort[52032]: IP4disc: 0 (0.000%)
    snort[52032]: IP4disc: 0 (0.000%)
    snort[52032]: IP4: 15704607 (99.998%)
    snort[52032]: IP4: 15704607 (99.998%)
    snort[52032]: IP6disc: 0 (0.000%)
    snort[52032]: IP6disc: 0 (0.000%)
    snort[52032]: IP6opts: 0 (0.000%)
    snort[52032]: IP6opts: 0 (0.000%)
    snort[52032]: IP6 EXT: 0 (0.000%)
    snort[52032]: IP6 EXT: 0 (0.000%)
    snort[52032]: IPV6: 0 (0.000%)
    snort[52032]: IPV6: 0 (0.000%)
    snort[52032]: VLAN: 0 (0.000%)
    snort[52032]: VLAN: 0 (0.000%)
    snort[52032]: ETHdisc: 0 (0.000%)
    snort[52032]: ETHdisc: 0 (0.000%)
    snort[52032]: ETH: 15704925 (100.000%)
    snort[52032]: ETH: 15704925 (100.000%)
    snort[52032]: Breakdown by protocol (includes rebuilt packets):
    snort[52032]: Breakdown by protocol (includes rebuilt packets):
    snort[52032]: ===============================================================================
    snort[52032]: ===============================================================================
    snort[52032]: Outstanding: 0 (0.000%)
    snort[52032]: Outstanding: 0 (0.000%)
    snort[52032]: Dropped: 0 (0.000%)
    snort[52032]: Dropped: 0 (0.000%)
    snort[52032]: Analyzed: 15687614 (100.000%)
    snort[52032]: Analyzed: 15687614 (100.000%)
    snort[52032]: Received: 15687614
    snort[52032]: Received: 15687614
    snort[52032]: Packet Wire Totals:
    snort[52032]: Packet Wire Totals:
    snort[52032]: ===============================================================================
    snort[52032]: ===============================================================================
    snort[52032]: *** Caught Term-Signal
    snort[52032]: *** Caught Term-Signal
    snort2c[52103]: snort2c running in daemon mode pid: 52103
    snort2c[52103]: snort2c running in daemon mode pid: 52103
    snort[52032]: Not Using PCAP_FRAMES
    snort[52032]: Not Using PCAP_FRAMES
    snort[52032]: Snort initialization completed successfully (pid=52032)
    snort[52032]: Snort initialization completed successfully (pid=52032)
    snort[52032]: Daemon initialized, signaled parent pid: 52031
    snort[52032]: Daemon initialized, signaled parent pid: 52031
    snort[52031]: Daemon parent exiting
    snort[52031]: Daemon parent exiting
    snort[52032]: Writing PID "52032" to file "/var/run//snort_xl0.pid"
    snort[52032]: Writing PID "52032" to file "/var/run//snort_xl0.pid"
    snort[52032]: PID path stat checked out ok, PID path set to /var/run/
    snort[52032]: PID path stat checked out ok, PID path set to /var/run/
    snort[52031]: Initializing daemon mode
    snort[52031]: Initializing daemon mode
    snort[52031]: 0 out of 512 flowbits in use.
    snort[52031]: 0 out of 512 flowbits in use.
    snort[52031]: Log directory = /var/log/snort
    snort[52031]: Log directory = /var/log/snort
    snort[52031]: Rule application order: activation->dynamic->pass->drop->alert->log
    snort[52031]: Rule application order: activation->dynamic->pass->drop->alert->log
    snort[52031]: –-----------------------------------------------------------------------------
    snort[52031]: –-----------------------------------------------------------------------------
    snort[52031]: | none
    snort[52031]: | none
    snort[52031]: +–---------------------[suppression]–----------------------------------------

    log_snort_070509.txt



  • Problem behoben, es lag an der Zuordnung des SNORT Interface, dieses muss bei Standard Konfiguration auf WAN stehen um ein Online Update durchzuführen, danach kann es manuell Konfiguriert werden.

    Cu
    plsvw39c


Locked