Snort angriff?

plsvw39c

Hi ist euch ein Angriff auf SNORT unter BSD bekannt?

https://172.xxx.xxx.xxx:443/pkg_edit.php?xml=snort.xml&id=0

https://172.xxx.xxx.xxx:443/snort_download_rules.php

Performance = ac

seit heute musste ich feststellen das trotz Neuinstallation das Online Update und der Zugriff auf die Rules nicht möglich ist.

Die Datei scheint geladen zu werden, dennoch erscheint die Meldung „snort rules: md5 signature of rules mismatch.“ das entfernen bringt leider nichts, nach einer neu Installation erscheint die selbige Meldung.

Hängt dies mit dem leichten Umbau der www.snort.org zusammen?

pfSense 1.2.2
built on Thu Jan 8 22:39:31 EST 2009

Des weiteren stelle ich Verschlüsselungsprobleme unter pfSense fest?
Probleme bei SSL Verbindungen!

Dies ist nicht sofort der Fall, nach einer neu Installation gibt es keine Probleme, nach 24/h sind immer die selben Probleme zu finden, es kann doch nicht sein, das 1x am Tag die Firewall neu installiert werden muss. Mit SNORT waren die Probleme kurzzeitig weg.

Cu
plsvw39c

???

plsvw39c

hier mal ein log der snort von heute

SnortStartup[7331]: Ram free BEFORE starting Snort: 60M – Ram free AFTER starting Snort: 60M -- Mode ac -- Snort memory usage:
snort2c[7320]: snort2c running in daemon mode pid: 7320
snort2c[7320]: snort2c running in daemon mode pid: 7320
snort[7305]: Daemon parent exiting
snort[7305]: Daemon parent exiting
snort[7305]: Child exited unexpectedly
snort[7305]: Child exited unexpectedly
snort[7315]: FATAL ERROR: Failed to Lock PID File "/var/run//snort_em0.pid" for PID "7315"
snort[7315]: FATAL ERROR: Failed to Lock PID File "/var/run//snort_em0.pid" for PID "7315"
snort[7315]: PID path stat checked out ok, PID path set to /var/run/
snort[7315]: PID path stat checked out ok, PID path set to /var/run/
snort[7305]: Initializing daemon mode
snort[7305]: Initializing daemon mode
snort[7305]: 0 out of 512 flowbits in use.
snort[7305]: 0 out of 512 flowbits in use.
snort[7305]: Log directory = /var/log/snort
snort[7305]: Log directory = /var/log/snort
snort[7305]: Rule application order: activation->dynamic->pass->drop->alert->log
snort[7305]: Rule application order: activation->dynamic->pass->drop->alert->log
snort[7305]: –-----------------------------------------------------------------------------
snort[7305]: –-----------------------------------------------------------------------------
snort[7305]: | none
snort[7305]: | none
snort[7305]: +–---------------------[suppression]–----------------------------------------
snort[7305]: +–---------------------[suppression]–----------------------------------------
snort[7305]: | none
snort[7305]: | none
snort[7305]: +–---------------------[thresholding-local]–---------------------------------
snort[7305]: +–---------------------[thresholding-local]–---------------------------------
snort[7305]: | none
snort[7305]: | none
snort[7305]: +–---------------------[thresholding-global]–--------------------------------
snort[7305]: +–---------------------[thresholding-global]–--------------------------------
snort[7305]: | memory-cap : 1048576 bytes
snort[7305]: | memory-cap : 1048576 bytes
snort[7305]: +–---------------------[thresholding-config]–--------------------------------
snort[7305]: +–---------------------[thresholding-config]–--------------------------------
snort[7305]:
snort[7305]:
snort[7305]: +–--------------------------------------------------------------------------
snort[7305]: +–--------------------------------------------------------------------------
snort[7305]: | s+d 0 0 0 0
snort[7305]: | s+d 0 0 0 0
snort[7305]: | nc 0 0 0 0
snort[7305]: | nc 0 0 0 0
snort[7305]: | any 0 0 0 0
snort[7305]: | any 0 0 0 0
snort[7305]: | dst 0 0 0 0
snort[7305]: | dst 0 0 0 0
snort[7305]: | src 0 0 0 0
snort[7305]: | src 0 0 0 0
snort[7305]: | tcp udp icmp ip
snort[7305]: | tcp udp icmp ip
snort[7305]: +–-----------------[Rule Port Counts]–-------------------------------------
snort[7305]: +–-----------------[Rule Port Counts]–-------------------------------------
snort[7305]: Server side data is trusted
snort[7305]: Server side data is trusted
snort[7305]: 992 993 994 995
snort[7305]: 992 993 994 995
snort[7305]: 443 465 563 636 989
snort[7305]: 443 465 563 636 989
snort[7305]: Ports:
snort[7305]: Ports:
snort[7305]: Encrypted packets: not inspected
snort[7305]: Encrypted packets: not inspected
snort[7305]: SSLPP config:
snort[7305]: SSLPP config:
snort[7305]:
snort[7305]:
snort[7305]: 53
snort[7305]: 53
snort[7305]: Ports:
snort[7305]: Ports:
snort[7305]: Experimental DNS RR Types Alert: INACTIVE
snort[7305]: Experimental DNS RR Types Alert: INACTIVE
snort[7305]: Obsolete DNS RR Types Alert: INACTIVE
snort[7305]: Obsolete DNS RR Types Alert: INACTIVE
snort[7305]: DNS Client rdata txt Overflow Alert: ACTIVE
snort[7305]: DNS Client rdata txt Overflow Alert: ACTIVE
snort[7305]: DNS config:
snort[7305]: DNS config:
snort[7305]: Maximum SMB command chaining: 3 commands
snort[7305]: Maximum SMB command chaining: 3 commands
snort[7305]: RPC over HTTP proxy: None
snort[7305]: RPC over HTTP proxy: None
snort[7305]: RPC over HTTP server: 1025-65535
snort[7305]: RPC over HTTP server: 1025-65535
snort[7305]: UDP: 1025-65535
snort[7305]: UDP: 1025-65535
snort[7305]: TCP: 1025-65535
snort[7305]: TCP: 1025-65535
snort[7305]: SMB: None
snort[7305]: SMB: None
snort[7305]: Autodetect ports
snort[7305]: Autodetect ports
snort[7305]: RPC over HTTP proxy: None
snort[7305]: RPC over HTTP proxy: None
snort[7305]: RPC over HTTP server: 593
snort[7305]: RPC over HTTP server: 593
snort[7305]: UDP: 135
snort[7305]: UDP: 135
snort[7305]: TCP: 135
snort[7305]: TCP: 135
snort[7305]: SMB: 139 445
snort[7305]: SMB: 139 445
snort[7305]: Detect ports
snort[7305]: Detect ports
snort[7305]: Policy: WinXP
snort[7305]: Policy: WinXP
snort[7305]: Server Default Configuration
snort[7305]: Server Default Configuration
snort[7305]: Events: none
snort[7305]: Events: none
snort[7305]: Memcap: 102400 KB
snort[7305]: Memcap: 102400 KB
snort[7305]: DCE/RPC Defragmentation: Enabled
snort[7305]: DCE/RPC Defragmentation: Enabled
snort[7305]: Global Configuration
snort[7305]: Global Configuration
snort[7305]: DCE/RPC 2 Preprocessor Configuration
snort[7305]: DCE/RPC 2 Preprocessor Configuration
snort[7305]: Alert on commands: None
snort[7305]: Alert on commands: None
snort[7305]: Drop on X-Link2State Alert: No
snort[7305]: Drop on X-Link2State Alert: No
snort[7305]: X-Link2State Alert: Yes
snort[7305]: X-Link2State Alert: Yes
snort[7305]: Max Response Line Length: 512
snort[7305]: Max Response Line Length: 512
snort[7305]: Max Header Line Length: 1000
snort[7305]: Max Header Line Length: 1000
snort[7305]: PIPELINING:246 CHUNKING:246 DSN:246 XQUEU:246
snort[7305]: PIPELINING:246 CHUNKING:246 DSN:246 XQUEU:246
snort[7305]: XLICENSE:246 X-LINK2STATE:246 XSTA:246 XTRN:246 XUSR:246
snort[7305]: XLICENSE:246 X-LINK2STATE:246 XSTA:246 XTRN:246 XUSR:246
snort[7305]: XADR:246 XAUTH:246 XCIR:246 XEXCH50:246 XGEN:246
snort[7305]: XADR:246 XAUTH:246 XCIR:246 XEXCH50:246 XGEN:246
snort[7305]: TURN:246 TURNME:246 VERB:246 VRFY:255 X-EXPS:246
snort[7305]: TURN:246 TURNME:246 VERB:246 VRFY:255 X-EXPS:246
snort[7305]: SIZE:255 STARTTLS:246 SOML:246 TICK:246 TIME:246
snort[7305]: SIZE:255 STARTTLS:246 SOML:246 TICK:246 TIME:246
snort[7305]: QUIT:246 RCPT:300 RSET:246 SAML:246 SEND:246
snort[7305]: QUIT:246 RCPT:300 RSET:246 SAML:246 SEND:246
snort[7305]: IDENT:255 MAIL:260 NOOP:255 ONEX:246 QUEU:246
snort[7305]: IDENT:255 MAIL:260 NOOP:255 ONEX:246 QUEU:246
snort[7305]: ETRN:246 EVFY:255 EXPN:255 HELO:500 HELP:500
snort[7305]: ETRN:246 EVFY:255 EXPN:255 HELO:500 HELP:500
snort[7305]: EHLO:500 EMAL:255 ESAM:255 ESND:255 ESOM:255
snort[7305]: EHLO:500 EMAL:255 ESAM:255 ESND:255 ESOM:255
snort[7305]: ATRN:255 AUTH:246 BDAT:255 DATA:246 DEBUG:255
snort[7305]: ATRN:255 AUTH:246 BDAT:255 DATA:246 DEBUG:255
snort[7305]: Max Specific Command Line Length:
snort[7305]: Max Specific Command Line Length:
snort[7305]: Max Command Line Length: Unlimited
snort[7305]: Max Command Line Length: Unlimited
snort[7305]: Ignore SMTP Alerts: No
snort[7305]: Ignore SMTP Alerts: No
snort[7305]: Ignore TLS Data: No
snort[7305]: Ignore TLS Data: No
snort[7305]: Ignore Data: No
snort[7305]: Ignore Data: No
snort[7305]: Normalize: ATRN AUTH BDAT DATA DEBUG EHLO EMAL ESAM ESND ESOM ETRN EVFY EXPN HELO HELP IDENT MAIL NOOP ONEX QUEU QUIT RCPT RSET SAML SEND SIZE STARTTLS SOML TICK TIME TURN TURNME VERB VRFY X-EXPS XADR XAUTH XCIR XEXCH50 XGEN XLICENSE X-LINK2STATE XSTA XTRN XUSR PIPELINING CHUNKING DSN XQUEU
snort[7305]: Normalize: ATRN AUTH BDAT DATA DEBUG EHLO EMAL ESAM ESND ESOM ETRN EVFY EXPN HELO HELP IDENT MAIL NOOP ONEX QUEU QUIT RCPT RSET SAML SEND SIZE STARTTLS SOML TICK TIME TURN TURNME VERB VRFY X-EXPS XADR XAUTH XCIR XEXCH50 XGEN XLICENSE X-LINK2STATE XSTA XTRN XUSR PIPELINING CHUNKING DSN XQUEU
snort[7305]: Inspection Type: Stateful
snort[7305]: Inspection Type: Stateful
snort[7305]: Ports: 25 465 691
snort[7305]: Ports: 25 465 691
snort[7305]: SMTP Config:
snort[7305]: SMTP Config:
snort[7305]: Max Response Length: 256
snort[7305]: Max Response Length: 256
snort[7305]: Check for Telnet Cmds: YES alert: YES
snort[7305]: Check for Telnet Cmds: YES alert: YES
snort[7305]: Check for Bounce Attacks: YES alert: YES
snort[7305]: Check for Bounce Attacks: YES alert: YES
snort[7305]: FTP Client: default
snort[7305]: FTP Client: default
snort[7305]: Identify open data channels: NO
snort[7305]: Identify open data channels: NO
snort[7305]: Check for Telnet Cmds: OFF
snort[7305]: Check for Telnet Cmds: OFF
snort[7305]: Ports: 21
snort[7305]: Ports: 21
snort[7305]: FTP Server: default
snort[7305]: FTP Server: default
snort[7305]: FTP CONFIG:
snort[7305]: FTP CONFIG:
snort[7305]: Detect Anomalies: NO
snort[7305]: Detect Anomalies: NO
snort[7305]: Normalize: YES
snort[7305]: Normalize: YES
snort[7305]: Are You There Threshold: 200
snort[7305]: Are You There Threshold: 200
snort[7305]: Ports: 23
snort[7305]: Ports: 23
snort[7305]: TELNET CONFIG:
snort[7305]: TELNET CONFIG:
snort[7305]: Continue to check encrypted data: NO
snort[7305]: Continue to check encrypted data: NO
snort[7305]: Check for Encrypted Traffic: OFF
snort[7305]: Check for Encrypted Traffic: OFF
snort[7305]: Inspection Type: stateless
snort[7305]: Inspection Type: stateless
snort[7305]: GLOBAL CONFIG
snort[7305]: GLOBAL CONFIG
snort[7305]: FTPTelnet Config:
snort[7305]: FTPTelnet Config:
snort[7305]: Finished Loading all dynamic preprocessor libs from /usr/local/lib/snort/dynamicpreprocessor/
snort[7305]: Finished Loading all dynamic preprocessor libs from /usr/local/lib/snort/dynamicpreprocessor/
snort[7305]: done
snort[7305]: done
snort[7305]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//libsf_ssl_preproc.so…
snort[7305]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//libsf_ssl_preproc.so…
snort[7305]: done
snort[7305]: done
snort[7305]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//libsf_ssh_preproc.so…
snort[7305]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//libsf_ssh_preproc.so…
snort[7305]: done
snort[7305]: done
snort[7305]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//libsf_smtp_preproc.so…
snort[7305]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//libsf_smtp_preproc.so…
snort[7305]: done
snort[7305]: done
snort[7305]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//libsf_ftptelnet_preproc.so…
snort[7305]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//libsf_ftptelnet_preproc.so…
snort[7305]: done
snort[7305]: done
snort[7305]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//libsf_dns_preproc.so…
snort[7305]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//libsf_dns_preproc.so…
snort[7305]: done
snort[7305]: done
snort[7305]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//libsf_dce2_preproc.so…
snort[7305]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//libsf_dce2_preproc.so…
snort[7305]: done
snort[7305]: done
snort[7305]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//libsf_dcerpc_preproc.so…
snort[7305]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//libsf_dcerpc_preproc.so…
snort[7305]: done
snort[7305]: done
snort[7305]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//lib_sfdynamic_preprocessor_example.so…
snort[7305]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//lib_sfdynamic_preprocessor_example.so…
snort[7305]: Loading all dynamic preprocessor libs from /usr/local/lib/snort/dynamicpreprocessor/…
snort[7305]: Loading all dynamic preprocessor libs from /usr/local/lib/snort/dynamicpreprocessor/…
snort[7305]: done
snort[7305]: done
snort[7305]: Loading dynamic engine /usr/local/lib/snort/dynamicengine/libsf_engine.so…
snort[7305]: Loading dynamic engine /usr/local/lib/snort/dynamicengine/libsf_engine.so…
snort[7305]: Tagged Packet Limit: 256
snort[7305]: command line overrides rules file alert plugin!
snort[7305]: Tagged Packet Limit: 256
snort[7305]: command line overrides rules file alert plugin!
snort[7305]: command line overrides rules file alert plugin!
snort[7305]:
snort[7305]: command line overrides rules file alert plugin!
snort[7305]:
snort[7305]:
snort[7305]:
snort[7305]: 127.0.0.1 / 255.255.255.255
snort[7305]: 127.0.0.1 / 255.255.255.255
snort[7305]:
snort[7305]:
snort[7305]: 172.XXX.XXX.XXX / 255.255.255.255
snort[7305]: 172.XXX.XXX.XXX / 255.255.255.255
snort[7305]:
snort[7305]:
snort[7305]: 172.XXX.XXX.XXX / 255.255.255.255
snort[7305]: 172.XXX.XXX.XXX / 255.255.255.255
snort[7305]:
snort[7305]:
snort[7305]: 172.XXX.XXX.XXX / 255.255.255.255
snort[7305]: 172.XXX.XXX.XXX / 255.255.255.255
snort[7305]:
snort[7305]:
snort[7305]: 172.XXX.XXX.XXX / 255.255.248.0
snort[7305]: 172.XXX.XXX.XXX / 255.255.248.0
snort[7305]: Ignore Scanner IP List:
snort[7305]: Ignore Scanner IP List:
snort[7305]: Number of Nodes: 36900
snort[7305]: Number of Nodes: 36900
snort[7305]: Memcap (in bytes): 10000000
snort[7305]: Memcap (in bytes): 10000000
snort[7305]: Sensitivity Level: Medium
snort[7305]: Sensitivity Level: Medium
snort[7305]: Detect Scan Type: portscan portsweep decoy_portscan distributed_portscan
snort[7305]: Detect Scan Type: portscan portsweep decoy_portscan distributed_portscan
snort[7305]: Detect Protocols: TCP UDP ICMP IP
snort[7305]: Detect Protocols: TCP UDP ICMP IP
snort[7305]: Portscan Detection Config:
snort[7305]: Portscan Detection Config:
snort[7305]: alert_multiple_requests: ACTIVE
snort[7305]: alert_multiple_requests: ACTIVE
snort[7305]: alert_incomplete: ACTIVE
snort[7305]: alert_incomplete: ACTIVE
snort[7305]: alert_large_fragments: ACTIVE
snort[7305]: alert_large_fragments: ACTIVE
snort[7305]: alert_fragments: INACTIVE
snort[7305]: alert_fragments: INACTIVE
snort[7305]: Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779
snort[7305]: Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779
snort[7305]: rpc_decode arguments:
snort[7305]: rpc_decode arguments:
snort[7305]: Whitespace Characters: 0x09 0x0b 0x0c 0x0d
snort[7305]: Whitespace Characters: 0x09 0x0b 0x0c 0x0d
snort[7305]: Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07
snort[7305]: Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07
snort[7305]: IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
snort[7305]: IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
snort[7305]: IIS Delimiter: YES alert: YES
snort[7305]: IIS Delimiter: YES alert: YES
snort[7305]: Apache WhiteSpace: YES alert: YES
snort[7305]: Apache WhiteSpace: YES alert: YES
snort[7305]: Web Root Traversal: YES alert: YES
snort[7305]: Web Root Traversal: YES alert: YES
snort[7305]: Directory Traversal: YES alert: NO
snort[7305]: Directory Traversal: YES alert: NO
snort[7305]: IIS Backslash: YES alert: NO
snort[7305]: IIS Backslash: YES alert: NO
snort[7305]: Multiple Slash: YES alert: NO
snort[7305]: Multiple Slash: YES alert: NO
snort[7305]: IIS Unicode: YES alert: YES
snort[7305]: IIS Unicode: YES alert: YES
snort[7305]: UTF 8: YES alert: NO
snort[7305]: UTF 8: YES alert: NO
snort[7305]: Base36: OFF
snort[7305]: Base36: OFF
snort[7305]: Bare Byte: YES alert: YES
snort[7305]: Bare Byte: YES alert: YES
snort[7305]: %U Encoding: YES alert: YES
snort[7305]: %U Encoding: YES alert: YES
snort[7305]: Double Decoding: YES alert: YES
snort[7305]: Double Decoding: YES alert: YES
snort[7305]: Ascii: YES alert: NO
snort[7305]: Ascii: YES alert: NO
snort[7305]: Normalize HTTP Cookies: NO
snort[7305]: Normalize HTTP Cookies: NO
snort[7305]: Normalize HTTP Headers: NO
snort[7305]: Normalize HTTP Headers: NO
snort[7305]: Only inspect URI: NO
snort[7305]: Only inspect URI: NO
snort[7305]: Oversize Dir Length: 0
snort[7305]: Oversize Dir Length: 0
snort[7305]: Disable Alerting: YES
snort[7305]: Disable Alerting: YES
snort[7305]: Allow Proxy Usage: NO
snort[7305]: Allow Proxy Usage: NO
snort[7305]: URI Discovery Strict Mode: NO
snort[7305]: URI Discovery Strict Mode: NO
snort[7305]: Inspect Pipeline Requests: YES
snort[7305]: Inspect Pipeline Requests: YES
snort[7305]: Max Number Header Fields: 0
snort[7305]: Max Number Header Fields: 0
snort[7305]: Max Header Field Length: 0
snort[7305]: Max Header Field Length: 0
snort[7305]: Max Chunk Length: 500000
snort[7305]: Max Chunk Length: 500000
snort[7305]: Client Flow Depth: 300
snort[7305]: Client Flow Depth: 300
snort[7305]: Server Flow Depth: 0
snort[7305]: Server Flow Depth: 0
snort[7305]: Ports: 80 3128 8080
snort[7305]: Ports: 80 3128 8080
snort[7305]: Server profile: All
snort[7305]: Server profile: All
snort[7305]: DEFAULT SERVER CONFIG:
snort[7305]: DEFAULT SERVER CONFIG:
snort[7305]: IIS Unicode Map Codepage: 1252
snort[7305]: IIS Unicode Map Codepage: 1252
snort[7305]: IIS Unicode Map Filename: /usr/local/etc/snort/unicode.map
snort[7305]: IIS Unicode Map Filename: /usr/local/etc/snort/unicode.map
snort[7305]: Detect Proxy Usage: NO
snort[7305]: Detect Proxy Usage: NO
snort[7305]: Inspection Type: STATELESS
snort[7305]: Inspection Type: STATELESS
snort[7305]: Max Pipeline Requests: 0
snort[7305]: Max Pipeline Requests: 0
snort[7305]: GLOBAL CONFIG
snort[7305]: GLOBAL CONFIG
snort[7305]: HttpInspect Config:
snort[7305]: HttpInspect Config:
snort[7305]: Dump Summary: No
snort[7305]: Dump Summary: No
snort[7305]: Packet Count: 10000
snort[7305]: Packet Count: 10000
snort[7305]: SnortFile Mode: INACTIVE
snort[7305]: SnortFile Mode: INACTIVE
snort[7305]: File Mode: /var/log/snort/snort.stats
snort[7305]: File Mode: /var/log/snort/snort.stats
snort[7305]: Console Mode: INACTIVE
snort[7305]: Console Mode: INACTIVE
snort[7305]: Max Perf Stats: INACTIVE
snort[7305]: Max Perf Stats: INACTIVE
snort[7305]: Event Stats: INACTIVE
snort[7305]: Event Stats: INACTIVE
snort[7305]: Flow Stats: INACTIVE
snort[7305]: Flow Stats: INACTIVE
snort[7305]: Time: 300 seconds
snort[7305]: Time: 300 seconds
snort[7305]: PerfMonitor config:
snort[7305]: PerfMonitor config:
snort[7305]: Timeout: 30 seconds
snort[7305]: Timeout: 30 seconds
snort[7305]: Stream5 ICMP Policy config:
snort[7305]: Stream5 ICMP Policy config:
snort[7305]: Timeout: 30 seconds
snort[7305]: Timeout: 30 seconds
snort[7305]: Stream5 UDP Policy config:
snort[7305]: Stream5 UDP Policy config:
snort[7305]: 19 client (Footprint) server (Footprint)
snort[7305]: 19 client (Footprint) server (Footprint)
snort[7305]: 18 client (Footprint) server (Footprint)
snort[7305]: 18 client (Footprint) server (Footprint)
snort[7305]: 17 client (Footprint) server (Footprint)
snort[7305]: 17 client (Footprint) server (Footprint)
snort[7305]: 16 client (Footprint) server (Footprint)
snort[7305]: 16 client (Footprint) server (Footprint)
snort[7305]: 15 client (Footprint) server (Footprint)
snort[7305]: 15 client (Footprint) server (Footprint)
snort[7305]: 14 client (Footprint) server (Footprint)
snort[7305]: 14 client (Footprint) server (Footprint)
snort[7305]: 13 client (Footprint) server (Footprint)
snort[7305]: 13 client (Footprint) server (Footprint)
snort[7305]: 12 client (Footprint) server (Footprint)
snort[7305]: 12 client (Footprint) server (Footprint)
snort[7305]: 11 client (Footprint) server (Footprint)
snort[7305]: 11 client (Footprint) server (Footprint)
snort[7305]: 10 client (Footprint) server (Footprint)
snort[7305]: 10 client (Footprint) server (Footprint)
snort[7305]: 9 client (Footprint) server (Footprint)
snort[7305]: 9 client (Footprint) server (Footprint)
snort[7305]: 8 client (Footprint) server (Footprint)
snort[7305]: 8 client (Footprint) server (Footprint)
snort[7305]: 7 client (Footprint) server (Footprint)
snort[7305]: 7 client (Footprint) server (Footprint)
snort[7305]: 6 client (Footprint) server (Footprint)
snort[7305]: 6 client (Footprint) server (Footprint)
snort[7305]: 5 client (Footprint) server (Footprint)
snort[7305]: 5 client (Footprint) server (Footprint)
snort[7305]: 4 client (Footprint) server (Footprint)
snort[7305]: 4 client (Footprint) server (Footprint)
snort[7305]: 3 client (Footprint) server (Footprint)
snort[7305]: 3 client (Footprint) server (Footprint)
snort[7305]: 2 client (Footprint) server (Footprint)
snort[7305]: 2 client (Footprint) server (Footprint)
snort[7305]: 1 client (Footprint) server (Footprint)
snort[7305]: 1 client (Footprint) server (Footprint)
snort[7305]: 0 client (Footprint) server (Footprint)
snort[7305]: 0 client (Footprint) server (Footprint)
snort[7305]: Reassembly Ports:
snort[7305]: Reassembly Ports:
snort[7305]: Static Flushpoint Sizes: YES
snort[7305]: Static Flushpoint Sizes: YES
snort[7305]: Options:
snort[7305]: Options:
snort[7305]: Maximum number of segs to queue per session: 2621
snort[7305]: Maximum number of segs to queue per session: 2621
snort[7305]: Maximum number of bytes to queue per session: 1048576
snort[7305]: Maximum number of bytes to queue per session: 1048576
snort[7305]: Min ttl: 1
snort[7305]: Min ttl: 1
snort[7305]: Timeout: 30 seconds
snort[7305]: Timeout: 30 seconds
snort[7305]: Reassembly Policy: BSD
snort[7305]: Reassembly Policy: BSD
snort[7305]: Stream5 TCP Policy config:
snort[7305]: Stream5 TCP Policy config:
snort[7305]: Bound Addresses:0.0.0.0/0.0.0.0
snort[7305]: Bound Addresses:0.0.0.0/0.0.0.0
snort[7305]: 3306 client (Footprint)
snort[7305]: 3306 client (Footprint)
snort[7305]: 2401 client (Footprint)
snort[7305]: 2401 client (Footprint)
snort[7305]: 1521 client (Footprint)
snort[7305]: 1521 client (Footprint)
snort[7305]: 1433 client (Footprint)
snort[7305]: 1433 client (Footprint)
snort[7305]: 514 client (Footprint)
snort[7305]: 514 client (Footprint)
snort[7305]: 513 client (Footprint)
snort[7305]: 513 client (Footprint)
snort[7305]: 445 client (Footprint)
snort[7305]: 445 client (Footprint)
snort[7305]: 143 client (Footprint)
snort[7305]: 143 client (Footprint)
snort[7305]: 139 client (Footprint)
snort[7305]: 139 client (Footprint)
snort[7305]: 137 client (Footprint)
snort[7305]: 137 client (Footprint)
snort[7305]: 136 client (Footprint)
snort[7305]: 136 client (Footprint)
snort[7305]: 135 client (Footprint)
snort[7305]: 135 client (Footprint)
snort[7305]: 111 client (Footprint)
snort[7305]: 111 client (Footprint)
snort[7305]: 110 client (Footprint)
snort[7305]: 110 client (Footprint)
snort[7305]: 80 client (Footprint)
snort[7305]: 80 client (Footprint)
snort[7305]: 53 client (Footprint)
snort[7305]: 53 client (Footprint)
snort[7305]: 42 client (Footprint)
snort[7305]: 42 client (Footprint)
snort[7305]: 25 client (Footprint)
snort[7305]: 25 client (Footprint)
snort[7305]: 23 client (Footprint)
snort[7305]: 23 client (Footprint)
snort[7305]: 21 client (Footprint)
snort[7305]: 21 client (Footprint)
snort[7305]: Reassembly Ports:
snort[7305]: Reassembly Ports:
snort[7305]: Maximum number of segs to queue per session: 2621
snort[7305]: Maximum number of segs to queue per session: 2621
snort[7305]: Maximum number of bytes to queue per session: 1048576
snort[7305]: Maximum number of bytes to queue per session: 1048576
snort[7305]: Min ttl: 1
snort[7305]: Min ttl: 1
snort[7305]: Timeout: 30 seconds
snort[7305]: Timeout: 30 seconds
snort[7305]: Reassembly Policy: MACOS
snort[7305]: Reassembly Policy: MACOS
snort[7305]: Stream5 TCP Policy config:
snort[7305]: Stream5 TCP Policy config:
snort[7305]: Bound Addresses:0.0.0.0/0.0.0.0
snort[7305]: Bound Addresses:0.0.0.0/0.0.0.0
snort[7305]: 3306 client (Footprint)
snort[7305]: 3306 client (Footprint)
snort[7305]: 2401 client (Footprint)
snort[7305]: 2401 client (Footprint)
snort[7305]: 1521 client (Footprint)
snort[7305]: 1521 client (Footprint)
snort[7305]: 1433 client (Footprint)
snort[7305]: 1433 client (Footprint)
snort[7305]: 514 client (Footprint)
snort[7305]: 514 client (Footprint)
snort[7305]: 513 client (Footprint)
snort[7305]: 513 client (Footprint)
snort[7305]: 445 client (Footprint)
snort[7305]: 445 client (Footprint)
snort[7305]: 143 client (Footprint)
snort[7305]: 143 client (Footprint)
snort[7305]: 139 client (Footprint)
snort[7305]: 139 client (Footprint)
snort[7305]: 137 client (Footprint)
snort[7305]: 137 client (Footprint)
snort[7305]: 136 client (Footprint)
snort[7305]: 136 client (Footprint)
snort[7305]: 135 client (Footprint)
snort[7305]: 135 client (Footprint)
snort[7305]: 111 client (Footprint)
snort[7305]: 111 client (Footprint)
snort[7305]: 110 client (Footprint)
snort[7305]: 110 client (Footprint)
snort[7305]: 80 client (Footprint)
snort[7305]: 80 client (Footprint)
snort[7305]: 53 client (Footprint)
snort[7305]: 53 client (Footprint)
snort[7305]: 42 client (Footprint)
snort[7305]: 42 client (Footprint)
snort[7305]: 25 client (Footprint)
snort[7305]: 25 client (Footprint)
snort[7305]: 23 client (Footprint)
snort[7305]: 23 client (Footprint)
snort[7305]: 21 client (Footprint)
snort[7305]: 21 client (Footprint)
snort[7305]: Reassembly Ports:
snort[7305]: Reassembly Ports:
snort[7305]: Maximum number of segs to queue per session: 2621
snort[7305]: Maximum number of segs to queue per session: 2621
snort[7305]: Maximum number of bytes to queue per session: 1048576
snort[7305]: Maximum number of bytes to queue per session: 1048576
snort[7305]: Min ttl: 1
snort[7305]: Min ttl: 1
snort[7305]: Timeout: 30 seconds
snort[7305]: Timeout: 30 seconds
snort[7305]: Reassembly Policy: WINDOWS VISTA
snort[7305]: Reassembly Policy: WINDOWS VISTA
snort[7305]: Stream5 TCP Policy config:
snort[7305]: Stream5 TCP Policy config:
snort[7305]: Bound Addresses:0.0.0.0/0.0.0.0
snort[7305]: Bound Addresses:0.0.0.0/0.0.0.0
snort[7305]: 3306 client (Footprint)
snort[7305]: 3306 client (Footprint)
snort[7305]: 2401 client (Footprint)
snort[7305]: 2401 client (Footprint)
snort[7305]: 1521 client (Footprint)
snort[7305]: 1521 client (Footprint)
snort[7305]: 1433 client (Footprint)
snort[7305]: 1433 client (Footprint)
snort[7305]: 514 client (Footprint)
snort[7305]: 514 client (Footprint)
snort[7305]: 513 client (Footprint)
snort[7305]: 513 client (Footprint)
snort[7305]: 445 client (Footprint)
snort[7305]: 445 client (Footprint)
snort[7305]: 143 client (Footprint)
snort[7305]: 143 client (Footprint)
snort[7305]: 139 client (Footprint)
snort[7305]: 139 client (Footprint)
snort[7305]: 137 client (Footprint)
snort[7305]: 137 client (Footprint)
snort[7305]: 136 client (Footprint)
snort[7305]: 136 client (Footprint)
snort[7305]: 135 client (Footprint)
snort[7305]: 135 client (Footprint)
snort[7305]: 111 client (Footprint)
snort[7305]: 111 client (Footprint)
snort[7305]: 110 client (Footprint)
snort[7305]: 110 client (Footprint)
snort[7305]: 80 client (Footprint)
snort[7305]: 80 client (Footprint)
snort[7305]: 53 client (Footprint)
snort[7305]: 53 client (Footprint)
snort[7305]: 42 client (Footprint)
snort[7305]: 42 client (Footprint)
snort[7305]: 25 client (Footprint)
snort[7305]: 25 client (Footprint)
snort[7305]: 23 client (Footprint)
snort[7305]: 23 client (Footprint)
snort[7305]: 21 client (Footprint)
snort[7305]: 21 client (Footprint)
snort[7305]: Reassembly Ports:
snort[7305]: Reassembly Ports:
snort[7305]: Maximum number of segs to queue per session: 2621
snort[7305]: Maximum number of segs to queue per session: 2621
snort[7305]: Maximum number of bytes to queue per session: 1048576
snort[7305]: Maximum number of bytes to queue per session: 1048576
snort[7305]: Min ttl: 1
snort[7305]: Min ttl: 1
snort[7305]: Timeout: 30 seconds
snort[7305]: Timeout: 30 seconds
snort[7305]: Reassembly Policy: LINUX
snort[7305]: Reassembly Policy: LINUX
snort[7305]: Stream5 TCP Policy config:
snort[7305]: Stream5 TCP Policy config:
snort[7305]: Bound Addresses:0.0.0.0/0.0.0.0
snort[7305]: Bound Addresses:0.0.0.0/0.0.0.0
snort[7305]: 3306 client (Footprint)
snort[7305]: 3306 client (Footprint)
snort[7305]: 2401 client (Footprint)
snort[7305]: 2401 client (Footprint)
snort[7305]: 1521 client (Footprint)
snort[7305]: 1521 client (Footprint)
snort[7305]: 1433 client (Footprint)
snort[7305]: 1433 client (Footprint)
snort[7305]: 514 client (Footprint)
snort[7305]: 514 client (Footprint)
snort[7305]: 513 client (Footprint)
snort[7305]: 513 client (Footprint)
snort[7305]: 445 client (Footprint)
snort[7305]: 445 client (Footprint)
snort[7305]: 143 client (Footprint)
snort[7305]: 143 client (Footprint)
snort[7305]: 139 client (Footprint)
snort[7305]: 139 client (Footprint)
snort[7305]: 137 client (Footprint)
snort[7305]: 137 client (Footprint)
snort[7305]: 136 client (Footprint)
snort[7305]: 136 client (Footprint)
snort[7305]: 135 client (Footprint)
snort[7305]: 135 client (Footprint)
snort[7305]: 111 client (Footprint)
snort[7305]: 111 client (Footprint)
snort[7305]: 110 client (Footprint)
snort[7305]: 110 client (Footprint)
snort[7305]: 80 client (Footprint)
snort[7305]: 80 client (Footprint)
snort[7305]: 53 client (Footprint)
snort[7305]: 53 client (Footprint)
snort[7305]: 42 client (Footprint)
snort[7305]: 42 client (Footprint)
snort[7305]: 25 client (Footprint)
snort[7305]: 25 client (Footprint)
snort[7305]: 23 client (Footprint)
snort[7305]: 23 client (Footprint)
snort[7305]: 21 client (Footprint)
snort[7305]: 21 client (Footprint)
snort[7305]: Reassembly Ports:
snort[7305]: Reassembly Ports:
snort[7305]: Maximum number of segs to queue per session: 2621
snort[7305]: Maximum number of segs to queue per session: 2621
snort[7305]: Maximum number of bytes to queue per session: 1048576
snort[7305]: Maximum number of bytes to queue per session: 1048576
snort[7305]: Min ttl: 1
snort[7305]: Min ttl: 1
snort[7305]: Timeout: 30 seconds
snort[7305]: Timeout: 30 seconds
snort[7305]: Reassembly Policy: WINDOWS
snort[7305]: Reassembly Policy: WINDOWS
snort[7305]: Stream5 TCP Policy config:
snort[7305]: Stream5 TCP Policy config:
snort[7305]: Log info if session memory consumption exceeds 1048576
snort[7305]: Log info if session memory consumption exceeds 1048576
snort[7305]: Max ICMP sessions: 65536
snort[7305]: Max ICMP sessions: 65536
snort[7305]: Track ICMP sessions: ACTIVE
snort[7305]: Track ICMP sessions: ACTIVE
snort[7305]: Max UDP sessions: 131072
snort[7305]: Max UDP sessions: 131072
snort[7305]: Track UDP sessions: ACTIVE
snort[7305]: Track UDP sessions: ACTIVE
snort[7305]: Memcap (for reassembly packet storage): 8388608
snort[7305]: Memcap (for reassembly packet storage): 8388608
snort[7305]: Max TCP sessions: 8192
snort[7305]: Max TCP sessions: 8192
snort[7305]: Track TCP sessions: ACTIVE
snort[7305]: Track TCP sessions: ACTIVE
snort[7305]: Stream5 global config:
snort[7305]: Stream5 global config:
snort[7305]: Fragment Problems: 1
snort[7305]: Fragment Problems: 1
snort[7305]: Fragment ttl_limit (not used): 5
snort[7305]: Fragment ttl_limit (not used): 5
snort[7305]: Fragment min_ttl: 1
snort[7305]: Fragment min_ttl: 1
snort[7305]: Fragment timeout: 60 seconds
snort[7305]: Fragment timeout: 60 seconds
snort[7305]: Target-based policy: BSD
snort[7305]: Target-based policy: BSD
snort[7305]: Frag3 engine config:
snort[7305]: Frag3 engine config:
snort[7305]: Fragment Problems: 0
snort[7305]: Fragment Problems: 0
snort[7305]: Fragment ttl_limit (not used): 5
snort[7305]: Fragment ttl_limit (not used): 5
snort[7305]: Fragment min_ttl: 1
snort[7305]: Fragment min_ttl: 1
snort[7305]: Fragment timeout: 60 seconds
snort[7305]: Fragment timeout: 60 seconds
snort[7305]: Target-based policy: FIRST
snort[7305]: Target-based policy: FIRST
snort[7305]: Frag3 engine config:
snort[7305]: Frag3 engine config:
snort[7305]: Fragment Problems: 0
snort[7305]: Fragment Problems: 0
snort[7305]: Fragment ttl_limit (not used): 5
snort[7305]: Fragment ttl_limit (not used): 5
snort[7305]: Fragment min_ttl: 1
snort[7305]: Fragment min_ttl: 1
snort[7305]: Fragment timeout: 60 seconds
snort[7305]: Fragment timeout: 60 seconds
snort[7305]: Target-based policy: LINUX
snort[7305]: Target-based policy: LINUX
snort[7305]: Frag3 engine config:
snort[7305]: Frag3 engine config:
snort[7305]: Fragment Problems: 0
snort[7305]: Fragment Problems: 0
snort[7305]: Fragment ttl_limit (not used): 5
snort[7305]: Fragment ttl_limit (not used): 5
snort[7305]: Fragment min_ttl: 1
snort[7305]: Fragment min_ttl: 1
snort[7305]: Fragment timeout: 60 seconds
snort[7305]: Fragment timeout: 60 seconds
snort[7305]: Target-based policy: WINDOWS
snort[7305]: Target-based policy: WINDOWS
snort[7305]: Frag3 engine config:
snort[7305]: Frag3 engine config:
snort[7305]: Fragment memory cap: 4194304 bytes
snort[7305]: Fragment memory cap: 4194304 bytes
snort[7305]: Max frags: 8192
snort[7305]: Max frags: 8192
snort[7305]: Frag3 global config:
snort[7305]: Frag3 global config:
snort[7305]: Search-Method = AC-Full-Q
snort[7305]: Search-Method = AC-Full-Q
snort[7305]: Detection:
snort[7305]: Detection:
snort[7305]:
snort[7305]:
snort[7305]: [ 25 443 465 636 993 995 ]
snort[7305]: [ 25 443 465 636 993 995 ]
snort[7305]: PortVar 'SSL_PORTS' defined :
snort[7305]: PortVar 'SSL_PORTS' defined :
snort[7305]:
snort[7305]:
snort[7305]: [ 25 143 465 691 ]
snort[7305]: [ 25 143 465 691 ]
snort[7305]: PortVar 'MAIL_PORTS' defined :
snort[7305]: PortVar 'MAIL_PORTS' defined :
snort[7305]:
snort[7305]:
snort[7305]: [ 23 ]
snort[7305]: [ 23 ]
snort[7305]: PortVar 'TELNET_PORTS' defined :
snort[7305]: PortVar 'TELNET_PORTS' defined :
snort[7305]:
snort[7305]:
snort[7305]: [ XXX ]
snort[7305]: [ XXX ]
snort[7305]: PortVar 'SSH_PORTS' defined :
snort[7305]: PortVar 'SSH_PORTS' defined :
snort[7305]:
snort[7305]:
snort[7305]: [ 161 ]
snort[7305]: [ 161 ]
snort[7305]: PortVar 'SNMP_PORTS' defined :
snort[7305]: PortVar 'SNMP_PORTS' defined :
snort[7305]:
snort[7305]:
snort[7305]: [ 25 ]
snort[7305]: [ 25 ]
snort[7305]: PortVar 'SMTP_PORTS' defined :
snort[7305]: PortVar 'SMTP_PORTS' defined :
snort[7305]:
snort[7305]:
snort[7305]: [ 139 445 ]
snort[7305]: [ 139 445 ]
snort[7305]: PortVar 'SMB_PORTS' defined :
snort[7305]: PortVar 'SMB_PORTS' defined :
snort[7305]:
snort[7305]:
snort[7305]: [ 514 ]
snort[7305]: [ 514 ]
snort[7305]: PortVar 'RSH_PORTS' defined :
snort[7305]: PortVar 'RSH_PORTS' defined :
snort[7305]:
snort[7305]:
snort[7305]: [ 513 ]
snort[7305]: [ 513 ]
snort[7305]: PortVar 'RLOGIN_PORTS' defined :
snort[7305]: PortVar 'RLOGIN_PORTS' defined :
snort[7305]:
snort[7305]:
snort[7305]: [ 111 32770:32779 ]
snort[7305]: [ 111 32770:32779 ]
snort[7305]: PortVar 'SUNRPC_PORTS' defined :
snort[7305]: PortVar 'SUNRPC_PORTS' defined :
snort[7305]:
snort[7305]:
snort[7305]: [ 110 ]
snort[7305]: [ 110 ]
snort[7305]: PortVar 'POP3_PORTS' defined :
snort[7305]: PortVar 'POP3_PORTS' defined :
snort[7305]:
snort[7305]:
snort[7305]: [ 109 ]
snort[7305]: [ 109 ]
snort[7305]: PortVar 'POP2_PORTS' defined :
snort[7305]: PortVar 'POP2_PORTS' defined :
snort[7305]:
snort[7305]:
snort[7305]: [ 119 ]
snort[7305]: [ 119 ]
snort[7305]: PortVar 'NNTP_PORTS' defined :
snort[7305]: PortVar 'NNTP_PORTS' defined :
snort[7305]:
snort[7305]:
snort[7305]: [ 1433 ]
snort[7305]: [ 1433 ]
snort[7305]: PortVar 'MSSQL_PORTS' defined :
snort[7305]: PortVar 'MSSQL_PORTS' defined :
snort[7305]:
snort[7305]:
snort[7305]: [ 6665:6669 7000 ]
snort[7305]: [ 6665:6669 7000 ]
snort[7305]: PortVar 'IRC_PORTS' defined :
snort[7305]: PortVar 'IRC_PORTS' defined :
snort[7305]:
snort[7305]:
snort[7305]: [ 143 ]
snort[7305]: [ 143 ]
snort[7305]: PortVar 'IMAP_PORTS' defined :
snort[7305]: PortVar 'IMAP_PORTS' defined :
snort[7305]:
snort[7305]:
snort[7305]: [ 21 ]
snort[7305]: [ 21 ]
snort[7305]: PortVar 'FTP_PORTS' defined :
snort[7305]: PortVar 'FTP_PORTS' defined :
snort[7305]:
snort[7305]:
snort[7305]: [ 79 ]
snort[7305]: [ 79 ]
snort[7305]: PortVar 'FINGER_PORTS' defined :
snort[7305]: PortVar 'FINGER_PORTS' defined :
snort[7305]:
snort[7305]:
snort[7305]: [ 53 ]
snort[7305]: [ 53 ]
snort[7305]: PortVar 'DNS_PORTS' defined :
snort[7305]: PortVar 'DNS_PORTS' defined :
snort[7305]:
snort[7305]:
snort[7305]: [ 113 ]
snort[7305]: [ 113 ]
snort[7305]: PortVar 'AUTH_PORTS' defined :
snort[7305]: PortVar 'AUTH_PORTS' defined :
snort[7305]:
snort[7305]:
snort[7305]: [ 1521 ]
snort[7305]: [ 1521 ]
snort[7305]: PortVar 'ORACLE_PORTS' defined :
snort[7305]: PortVar 'ORACLE_PORTS' defined :
snort[7305]:
snort[7305]:
snort[7305]: [ 0:79 81:65535 ]
snort[7305]: [ 0:79 81:65535 ]
snort[7305]: PortVar 'SHELLCODE_PORTS' defined :
snort[7305]: PortVar 'SHELLCODE_PORTS' defined :
snort[7305]:
snort[7305]:
snort[7305]: [ 80 ]
snort[7305]: [ 80 ]
snort[7305]: PortVar 'HTTP_PORTS' defined :
snort[7305]: PortVar 'HTTP_PORTS' defined :
snort[7305]: Parsing Rules file /usr/local/etc/snort/snort.conf
snort[7305]: Parsing Rules file /usr/local/etc/snort/snort.conf
snort2c[7148]: SIGTERM received - exiting
snort2c[7148]: SIGTERM received - exiting
SnortStartup[7176]: Ram free BEFORE starting Snort: 60M – Ram free AFTER starting Snort: 60M -- Mode ac-bnfa -- Snort memory usage:
snort2c[7148]: snort2c running in daemon mode pid: 7148
snort2c[7148]: snort2c running in daemon mode pid: 7148
snort[7143]: Daemon parent exiting
snort[7143]: Daemon parent exiting
snort[7143]: Child exited unexpectedly
snort[7143]: Child exited unexpectedly
snort[7144]: FATAL ERROR: Failed to Lock PID File "/var/run//snort_em0.pid" for PID "7144"
snort[7144]: FATAL ERROR: Failed to Lock PID File "/var/run//snort_em0.pid" for PID "7144"
snort[7144]: PID path stat checked out ok, PID path set to /var/run/
snort[7144]: PID path stat checked out ok, PID path set to /var/run/
snort[7143]: Initializing daemon mode
snort[7143]: Initializing daemon mode
snort[7143]: 0 out of 512 flowbits in use.
snort[7143]: 0 out of 512 flowbits in use.
snort[7143]: Log directory = /var/log/snort
snort[7143]: Log directory = /var/log/snort
snort[7143]: Rule application order: activation->dynamic->pass->drop->alert->log
snort[7143]: Rule application order: activation->dynamic->pass->drop->alert->log
snort[7143]: –-----------------------------------------------------------------------------
snort[7143]: –-----------------------------------------------------------------------------
snort[7143]: | none
snort[7143]: | none
snort[7143]: +–---------------------[suppression]–----------------------------------------
snort[7143]: +–---------------------[suppression]–----------------------------------------
snort[7143]: | none
snort[7143]: | none
snort[7143]: +–---------------------[thresholding-local]–---------------------------------
snort[7143]: +–---------------------[thresholding-local]–---------------------------------
snort[7143]: | none
snort[7143]: | none
snort[7143]: +–---------------------[thresholding-global]–--------------------------------
snort[7143]: +–---------------------[thresholding-global]–--------------------------------
snort[7143]: | memory-cap : 1048576 bytes
snort[7143]: | memory-cap : 1048576 bytes
snort[7143]: +–---------------------[thresholding-config]–--------------------------------
snort[7143]: +–---------------------[thresholding-config]–--------------------------------
snort[7143]:
snort[7143]:
snort[7143]: +–--------------------------------------------------------------------------
snort[7143]: +–--------------------------------------------------------------------------
snort[7143]: | s+d 0 0 0 0
snort[7143]: | s+d 0 0 0 0

log_snort_290509.txt

plsvw39c

und hier noch ein log vom 07.05.2009

snort[21987]: S5: Pruned 5 sessions from cache. 16 ssns for memcap: 94987/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 16 ssns for memcap: 94987/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 21 ssns for memcap: 8388213/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 21 ssns for memcap: 8388213/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 20 ssns for memcap: 8383672/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 20 ssns for memcap: 8383672/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 25 ssns for memcap: 8386927/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 25 ssns for memcap: 8386927/8388608
snort[21987]: S5: Pruned 10 sessions from cache. 26 ssns for memcap: 8387286/8388608
snort[21987]: S5: Pruned 10 sessions from cache. 26 ssns for memcap: 8387286/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 33 ssns for memcap: 8387612/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 33 ssns for memcap: 8387612/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 38 ssns for memcap: 8385784/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 38 ssns for memcap: 8385784/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 43 ssns for memcap: 8387403/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 43 ssns for memcap: 8387403/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 48 ssns for memcap: 8387462/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 48 ssns for memcap: 8387462/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 52 ssns for memcap: 8385574/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 52 ssns for memcap: 8385574/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 57 ssns for memcap: 8387219/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 57 ssns for memcap: 8387219/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 60 ssns for memcap: 8386529/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 60 ssns for memcap: 8386529/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 64 ssns for memcap: 8388325/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 64 ssns for memcap: 8388325/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 69 ssns for memcap: 8385646/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 69 ssns for memcap: 8385646/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 74 ssns for memcap: 8386844/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 74 ssns for memcap: 8386844/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 78 ssns for memcap: 8387124/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 78 ssns for memcap: 8387124/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 77 ssns for memcap: 8387095/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 77 ssns for memcap: 8387095/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 82 ssns for memcap: 8386155/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 82 ssns for memcap: 8386155/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 82 ssns for memcap: 8386473/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 82 ssns for memcap: 8386473/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 87 ssns for memcap: 8387367/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 87 ssns for memcap: 8387367/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 88 ssns for memcap: 8386568/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 88 ssns for memcap: 8386568/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 93 ssns for memcap: 8384253/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 93 ssns for memcap: 8384253/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 98 ssns for memcap: 8388220/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 98 ssns for memcap: 8388220/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 103 ssns for memcap: 8387404/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 103 ssns for memcap: 8387404/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 108 ssns for memcap: 8387989/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 108 ssns for memcap: 8387989/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 111 ssns for memcap: 8387583/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 111 ssns for memcap: 8387583/8388608
snort[21987]: S5: Pruned 10 sessions from cache. 116 ssns for memcap: 8387810/8388608
snort[21987]: S5: Pruned 10 sessions from cache. 116 ssns for memcap: 8387810/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 126 ssns for memcap: 8388578/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 126 ssns for memcap: 8388578/8388608
snort[21987]: S5: Pruned 10 sessions from cache. 126 ssns for memcap: 8388193/8388608
snort[21987]: S5: Pruned 10 sessions from cache. 126 ssns for memcap: 8388193/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 136 ssns for memcap: 8388374/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 136 ssns for memcap: 8388374/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 141 ssns for memcap: 8387881/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 141 ssns for memcap: 8387881/8388608
snort[21987]: S5: Pruned 10 sessions from cache. 146 ssns for memcap: 8387570/8388608
snort[21987]: S5: Pruned 10 sessions from cache. 146 ssns for memcap: 8387570/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 156 ssns for memcap: 8388461/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 156 ssns for memcap: 8388461/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 161 ssns for memcap: 8387376/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 161 ssns for memcap: 8387376/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 165 ssns for memcap: 8379370/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 165 ssns for memcap: 8379370/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 170 ssns for memcap: 8388040/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 170 ssns for memcap: 8388040/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 175 ssns for memcap: 8388416/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 175 ssns for memcap: 8388416/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 180 ssns for memcap: 8387592/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 180 ssns for memcap: 8387592/8388608
snort[21987]: S5: Pruned 10 sessions from cache. 185 ssns for memcap: 8388341/8388608
snort[21987]: S5: Pruned 10 sessions from cache. 185 ssns for memcap: 8388341/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 195 ssns for memcap: 8387631/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 195 ssns for memcap: 8387631/8388608
snort[21987]: S5: Pruned 15 sessions from cache. 200 ssns for memcap: 8388580/8388608
snort[21987]: S5: Pruned 15 sessions from cache. 200 ssns for memcap: 8388580/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 215 ssns for memcap: 8387963/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 215 ssns for memcap: 8387963/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 220 ssns for memcap: 8388289/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 220 ssns for memcap: 8388289/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 225 ssns for memcap: 8387970/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 225 ssns for memcap: 8387970/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 230 ssns for memcap: 8388171/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 230 ssns for memcap: 8388171/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 236 ssns for memcap: 8387577/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 236 ssns for memcap: 8387577/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 241 ssns for memcap: 8386007/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 241 ssns for memcap: 8386007/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 246 ssns for memcap: 8388450/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 246 ssns for memcap: 8388450/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 251 ssns for memcap: 8387539/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 251 ssns for memcap: 8387539/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 255 ssns for memcap: 8386725/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 255 ssns for memcap: 8386725/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 260 ssns for memcap: 8387335/8388608
snort[21987]: S5: Pruned 5 sessions from cache. 260 ssns for memcap: 8387335/8388608
snort2c[22003]: attack detected non-whitelisted ip: 195.47.35.134 blocked !
snort2c[22003]: attack detected non-whitelisted ip: 195.47.35.134 blocked !
snort2c[22003]: attack detected non-whitelisted ip: 213.236.208.156 blocked !
snort2c[22003]: attack detected non-whitelisted ip: 213.236.208.156 blocked !
snort2c[22003]: attack detected non-whitelisted ip: 213.236.208.156 blocked !
snort2c[22003]: attack detected non-whitelisted ip: 213.236.208.156 blocked !
snort[21987]: Not Using PCAP_FRAMES
snort[21987]: Not Using PCAP_FRAMES
snort[21987]: Snort initialization completed successfully (pid=21987)
snort[21987]: Snort initialization completed successfully (pid=21987)
snort[21987]: Daemon initialized, signaled parent pid: 21980
snort[21987]: Daemon initialized, signaled parent pid: 21980
snort[21980]: Daemon parent exiting
snort[21980]: Daemon parent exiting
snort[21987]: Writing PID "21987" to file "/var/run//snort_xl0.pid"
snort[21987]: Writing PID "21987" to file "/var/run//snort_xl0.pid"
snort[21987]: PID path stat checked out ok, PID path set to /var/run/
snort[21987]: PID path stat checked out ok, PID path set to /var/run/
snort[21980]: 0 out of 512 flowbits in use.
snort[21980]: 0 out of 512 flowbits in use.
snort[21980]: Log directory = /var/log/snort
snort[21980]: Log directory = /var/log/snort
snort[21980]: Rule application order: activation->dynamic->pass->drop->alert->log
snort[21980]: Rule application order: activation->dynamic->pass->drop->alert->log
snort[21980]: –-----------------------------------------------------------------------------
snort[21980]: –-----------------------------------------------------------------------------
snort[21980]: | none
snort[21980]: | none
snort[21980]: +–---------------------[suppression]–----------------------------------------
snort[21980]: +–---------------------[suppression]–----------------------------------------
snort[21980]: | none
snort[21980]: | none
snort[21980]: +–---------------------[thresholding-local]–---------------------------------
snort[21980]: +–---------------------[thresholding-local]–---------------------------------
snort[21980]: | none
snort[21980]: | none
snort[21980]: +–---------------------[thresholding-global]–--------------------------------
snort[21980]: +–---------------------[thresholding-global]–--------------------------------
snort[21980]: | memory-cap : 1048576 bytes
snort[21980]: | memory-cap : 1048576 bytes
snort[21980]: +–---------------------[thresholding-config]–--------------------------------
snort[21980]: +–---------------------[thresholding-config]–--------------------------------
snort[21980]:
snort[21980]:
snort[21980]: +–-----------------[Rule Port Counts]–------------------------------------- | tcp udp icmp ip | src 0 0 0 0 | dst 0 0 0 0 | any 0 0 0 0 | nc 0 0 0 0 | s+d 0 0 0 0 +----------------------------------------------------------------------------
snort[21980]: +–-----------------[Rule Port Counts]–------------------------------------- | tcp udp icmp ip | src 0 0 0 0 | dst 0 0 0 0 | any 0 0 0 0 | nc 0 0 0 0 | s+d 0 0 0 0 +----------------------------------------------------------------------------
snort[21980]:
snort[21980]:
snort[21980]: 53
snort[21980]: 53
snort[21980]: Ports:
snort[21980]: Ports:
snort[21980]: Experimental DNS RR Types Alert: INACTIVE
snort[21980]: Experimental DNS RR Types Alert: INACTIVE
snort[21980]: Obsolete DNS RR Types Alert: INACTIVE
snort[21980]: Obsolete DNS RR Types Alert: INACTIVE
snort[21980]: DNS Client rdata txt Overflow Alert: ACTIVE
snort[21980]: DNS Client rdata txt Overflow Alert: ACTIVE
snort[21980]: DNS config:
snort[21980]: DNS config:
snort[21980]:
snort[21980]:
snort[21980]: Alert if memcap exceeded DISABLED
snort[21980]: Alert if memcap exceeded DISABLED
snort[21980]: Memcap: 100000 KB
snort[21980]: Memcap: 100000 KB
snort[21980]: Max Frag Size: 3000 bytes
snort[21980]: Max Frag Size: 3000 bytes
snort[21980]: DCE/RPC fragmentation ENABLED
snort[21980]: DCE/RPC fragmentation ENABLED
snort[21980]: SMB fragmentation ENABLED
snort[21980]: SMB fragmentation ENABLED
snort[21980]: Autodetect ports ENABLED
snort[21980]: Autodetect ports ENABLED
snort[21980]: DCE/RPC Decoder config:
snort[21980]: DCE/RPC Decoder config:
snort[21980]: Alert on commands: None
snort[21980]: Alert on commands: None
snort[21980]: Drop on X-Link2State Alert: No
snort[21980]: Drop on X-Link2State Alert: No
snort[21980]: X-Link2State Alert: Yes
snort[21980]: X-Link2State Alert: Yes
snort[21980]: Max Response Line Length: 512
snort[21980]: Max Response Line Length: 512
snort[21980]: Max Header Line Length: 1000
snort[21980]: Max Header Line Length: 1000
snort[21980]: PIPELINING:246 CHUNKING:246 DSN:246 XQUEU:246
snort[21980]: PIPELINING:246 CHUNKING:246 DSN:246 XQUEU:246
snort[21980]: XLICENSE:246 X-LINK2STATE:246 XSTA:246 XTRN:246 XUSR:246
snort[21980]: XLICENSE:246 X-LINK2STATE:246 XSTA:246 XTRN:246 XUSR:246
snort[21980]: XADR:246 XAUTH:246 XCIR:246 XEXCH50:246 XGEN:246
snort[21980]: XADR:246 XAUTH:246 XCIR:246 XEXCH50:246 XGEN:246
snort[21980]: TURN:246 TURNME:246 VERB:246 VRFY:255 X-EXPS:246
snort[21980]: TURN:246 TURNME:246 VERB:246 VRFY:255 X-EXPS:246
snort[21980]: SIZE:255 STARTTLS:246 SOML:246 TICK:246 TIME:246
snort[21980]: SIZE:255 STARTTLS:246 SOML:246 TICK:246 TIME:246
snort[21980]: QUIT:246 RCPT:300 RSET:246 SAML:246 SEND:246
snort[21980]: QUIT:246 RCPT:300 RSET:246 SAML:246 SEND:246
snort[21980]: IDENT:255 MAIL:260 NOOP:255 ONEX:246 QUEU:246
snort[21980]: IDENT:255 MAIL:260 NOOP:255 ONEX:246 QUEU:246
snort[21980]: ETRN:246 EVFY:255 EXPN:255 HELO:500 HELP:500
snort[21980]: ETRN:246 EVFY:255 EXPN:255 HELO:500 HELP:500
snort[21980]: EHLO:500 EMAL:255 ESAM:255 ESND:255 ESOM:255
snort[21980]: EHLO:500 EMAL:255 ESAM:255 ESND:255 ESOM:255
snort[21980]: ATRN:255 AUTH:246 BDAT:255 DATA:246 DEBUG:255
snort[21980]: ATRN:255 AUTH:246 BDAT:255 DATA:246 DEBUG:255
snort[21980]: Max Specific Command Line Length:
snort[21980]: Max Specific Command Line Length:
snort[21980]: Max Command Line Length: Unlimited
snort[21980]: Max Command Line Length: Unlimited
snort[21980]: Ignore SMTP Alerts: No
snort[21980]: Ignore SMTP Alerts: No
snort[21980]: Ignore TLS Data: No
snort[21980]: Ignore TLS Data: No
snort[21980]: Ignore Data: No
snort[21980]: Ignore Data: No
snort[21980]: Normalize: ATRN AUTH BDAT DATA DEBUG EHLO EMAL ESAM ESND ESOM ETRN EVFY EXPN HELO HELP IDENT MAIL NOOP ONEX QUEU QUIT RCPT RSET SAML SEND SIZE STARTTLS SOML TICK TIME TURN TURNME VERB VRFY X-EXPS XADR XAUTH XCIR XEXCH50 XGEN XLICENSE X-LINK2STATE XSTA XTRN XUSR PIPELINING CHUNKING DSN XQUEU
snort[21980]: Normalize: ATRN AUTH BDAT DATA DEBUG EHLO EMAL ESAM ESND ESOM ETRN EVFY EXPN HELO HELP IDENT MAIL NOOP ONEX QUEU QUIT RCPT RSET SAML SEND SIZE STARTTLS SOML TICK TIME TURN TURNME VERB VRFY X-EXPS XADR XAUTH XCIR XEXCH50 XGEN XLICENSE X-LINK2STATE XSTA XTRN XUSR PIPELINING CHUNKING DSN XQUEU
snort[21980]: Inspection Type: Stateful
snort[21980]: Inspection Type: Stateful
snort[21980]: Ports: 25 465 691
snort[21980]: Ports: 25 465 691
snort[21980]: SMTP Config:
snort[21980]: SMTP Config:
snort[21980]: Max Response Length: 100
snort[21980]: Max Response Length: 100
snort[21980]: Check for Telnet Cmds: OFF
snort[21980]: Check for Telnet Cmds: OFF
snort[21980]: Check for Bounce Attacks: OFF
snort[21980]: Check for Bounce Attacks: OFF
snort[21980]: FTP Client: default
snort[21980]: FTP Client: default
snort[21980]: Identify open data channels: NO
snort[21980]: Identify open data channels: NO
snort[21980]: Check for Telnet Cmds: OFF
snort[21980]: Check for Telnet Cmds: OFF
snort[21980]: Ports: 21
snort[21980]: Ports: 21
snort[21980]: FTP Server: default
snort[21980]: FTP Server: default
snort[21980]: FTP CONFIG:
snort[21980]: FTP CONFIG:
snort[21980]: Continue to check encrypted data: NO
snort[21980]: Continue to check encrypted data: NO
snort[21980]: Check for Encrypted Traffic: OFF
snort[21980]: Check for Encrypted Traffic: OFF
snort[21980]: Inspection Type: stateless
snort[21980]: Inspection Type: stateless
snort[21980]: GLOBAL CONFIG
snort[21980]: GLOBAL CONFIG
snort[21980]: FTPTelnet Config:
snort[21980]: FTPTelnet Config:
snort[21980]: done
snort[21980]: done
snort[21980]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_ssh_preproc.so…
snort[21980]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_ssh_preproc.so…
snort[21980]: done
snort[21980]: done
snort[21980]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_smtp_preproc.so…
snort[21980]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_smtp_preproc.so…
snort[21980]: done
snort[21980]: done
snort[21980]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_ftptelnet_preproc.so…
snort[21980]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_ftptelnet_preproc.so…
snort[21980]: done
snort[21980]: done
snort[21980]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_dns_preproc.so…
snort[21980]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_dns_preproc.so…
snort[21980]: done
snort[21980]: done
snort[21980]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_dcerpc_preproc.so…
snort[21980]: Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_dcerpc_preproc.so…
snort[21980]: done
snort[21980]: done
snort[21980]: Loading dynamic engine /usr/local/lib/snort/dynamicengine/libsf_engine.so…
snort[21980]: Loading dynamic engine /usr/local/lib/snort/dynamicengine/libsf_engine.so…
snort[21980]: Tagged Packet Limit: 256
snort[21980]: command line overrides rules file alert plugin!
snort[21980]: Tagged Packet Limit: 256
snort[21980]: command line overrides rules file alert plugin!
snort[21980]: command line overrides rules file alert plugin!
snort[21980]:
snort[21980]: command line overrides rules file alert plugin!
snort[21980]:
snort[21980]:
snort[21980]:
snort[21980]: 127.0.0.1 / 255.255.255.255
snort[21980]: 127.0.0.1 / 255.255.255.255
snort[21980]:
snort[21980]:
snort[21980]: 172.XXX.XXX.XXX / 255.255.255.255
snort[21980]: 172.XXX.XXX.XXX / 255.255.255.255
snort[21980]:
snort[21980]:
snort[21980]: 172.XXX.XXX.XXX / 255.255.255.255
snort[21980]: 172.XXX.XXX.XXX / 255.255.255.255
snort[21980]:
snort[21980]:
snort[21980]: 172.XXX.XXX.XXX / 255.255.255.255
snort[21980]: 172.XXX.XXX.XXX / 255.255.255.255
snort[21980]:
snort[21980]:
snort[21980]: 172.XXX.XXX.XXX / 255.255.0.0
snort[21980]: 172.XXX.XXX.XXX / 255.255.0.0
snort[21980]: Ignore Scanner IP List:
snort[21980]: Ignore Scanner IP List:
snort[21980]: Number of Nodes: 3869
snort[21980]: Number of Nodes: 3869
snort[21980]: Memcap (in bytes): 1048576
snort[21980]: Memcap (in bytes): 1048576
snort[21980]: Sensitivity Level: Low
snort[21980]: Sensitivity Level: Low
snort[21980]: Detect Scan Type: portscan portsweep decoy_portscan distributed_portscan
snort[21980]: Detect Scan Type: portscan portsweep decoy_portscan distributed_portscan
snort[21980]: Detect Protocols: TCP UDP ICMP IP
snort[21980]: Detect Protocols: TCP UDP ICMP IP
snort[21980]: Portscan Detection Config:
snort[21980]: Portscan Detection Config:
snort[21980]: alert_multiple_requests: ACTIVE
snort[21980]: alert_multiple_requests: ACTIVE
snort[21980]: alert_incomplete: ACTIVE
snort[21980]: alert_incomplete: ACTIVE
snort[21980]: alert_large_fragments: ACTIVE
snort[21980]: alert_large_fragments: ACTIVE
snort[21980]: alert_fragments: INACTIVE
snort[21980]: alert_fragments: INACTIVE
snort[21980]: Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779
snort[21980]: Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779
snort[21980]: rpc_decode arguments:
snort[21980]: rpc_decode arguments:
snort[21980]: Whitespace Characters: 0x09 0x0b 0x0c 0x0d
snort[21980]: Whitespace Characters: 0x09 0x0b 0x0c 0x0d
snort[21980]: Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07
snort[21980]: Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07
snort[21980]: IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
snort[21980]: IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
snort[21980]: IIS Delimiter: YES alert: YES
snort[21980]: IIS Delimiter: YES alert: YES
snort[21980]: Apache WhiteSpace: YES alert: YES
snort[21980]: Apache WhiteSpace: YES alert: YES
snort[21980]: Web Root Traversal: YES alert: YES
snort[21980]: Web Root Traversal: YES alert: YES
snort[21980]: Directory Traversal: YES alert: NO
snort[21980]: Directory Traversal: YES alert: NO
snort[21980]: IIS Backslash: YES alert: NO
snort[21980]: IIS Backslash: YES alert: NO
snort[21980]: Multiple Slash: YES alert: NO
snort[21980]: Multiple Slash: YES alert: NO
snort[21980]: IIS Unicode: YES alert: YES
snort[21980]: IIS Unicode: YES alert: YES
snort[21980]: UTF 8: YES alert: NO
snort[21980]: UTF 8: YES alert: NO
snort[21980]: Base36: OFF
snort[21980]: Base36: OFF
snort[21980]: Bare Byte: YES alert: YES
snort[21980]: Bare Byte: YES alert: YES
snort[21980]: %U Encoding: YES alert: YES
snort[21980]: %U Encoding: YES alert: YES
snort[21980]: Double Decoding: YES alert: YES
snort[21980]: Double Decoding: YES alert: YES
snort[21980]: Ascii: YES alert: NO
snort[21980]: Ascii: YES alert: NO
snort[21980]: Only inspect URI: NO
snort[21980]: Only inspect URI: NO
snort[21980]: Oversize Dir Length: 0
snort[21980]: Oversize Dir Length: 0
snort[21980]: Disable Alerting: YES
snort[21980]: Disable Alerting: YES
snort[21980]: Allow Proxy Usage: NO
snort[21980]: Allow Proxy Usage: NO
snort[21980]: URI Discovery Strict Mode: NO
snort[21980]: URI Discovery Strict Mode: NO
snort[21980]: Inspect Pipeline Requests: YES
snort[21980]: Inspect Pipeline Requests: YES
snort[21980]: Max Header Field Length: 0
snort[21980]: Max Header Field Length: 0
snort[21980]: Max Chunk Length: 500000
snort[21980]: Max Chunk Length: 500000
snort[21980]: Flow Depth: 0
snort[21980]: Flow Depth: 0
snort[21980]: Ports: 80 3128 8080
snort[21980]: Ports: 80 3128 8080
snort[21980]: Server profile: All
snort[21980]: Server profile: All
snort[21980]: DEFAULT SERVER CONFIG:
snort[21980]: DEFAULT SERVER CONFIG:
snort[21980]: IIS Unicode Map Codepage: 1252
snort[21980]: IIS Unicode Map Codepage: 1252
snort[21980]: IIS Unicode Map Filename: /usr/local/etc/snort/unicode.map
snort[21980]: IIS Unicode Map Filename: /usr/local/etc/snort/unicode.map
snort[21980]: Detect Proxy Usage: NO
snort[21980]: Detect Proxy Usage: NO
snort[21980]: Inspection Type: STATELESS
snort[21980]: Inspection Type: STATELESS
snort[21980]: Max Pipeline Requests: 0
snort[21980]: Max Pipeline Requests: 0
snort[21980]: GLOBAL CONFIG
snort[21980]: GLOBAL CONFIG
snort[21980]: HttpInspect Config:
snort[21980]: HttpInspect Config:
snort[21980]: Timeout: 30 seconds
snort[21980]: Timeout: 30 seconds
snort[21980]: Stream5 ICMP Policy config:
snort[21980]: Stream5 ICMP Policy config:
snort[21980]: Timeout: 30 seconds
snort[21980]: Timeout: 30 seconds
snort[21980]: Stream5 UDP Policy config:
snort[21980]: Stream5 UDP Policy config:
snort[21980]: 19 client (Footprint) server (Footprint)
snort[21980]: 19 client (Footprint) server (Footprint)
snort[21980]: 18 client (Footprint) server (Footprint)
snort[21980]: 18 client (Footprint) server (Footprint)
snort[21980]: 17 client (Footprint) server (Footprint)
snort[21980]: 17 client (Footprint) server (Footprint)
snort[21980]: 16 client (Footprint) server (Footprint)
snort[21980]: 16 client (Footprint) server (Footprint)
snort[21980]: 15 client (Footprint) server (Footprint)
snort[21980]: 15 client (Footprint) server (Footprint)
snort[21980]: 14 client (Footprint) server (Footprint)
snort[21980]: 14 client (Footprint) server (Footprint)
snort[21980]: 13 client (Footprint) server (Footprint)
snort[21980]: 13 client (Footprint) server (Footprint)
snort[21980]: 12 client (Footprint) server (Footprint)
snort[21980]: 12 client (Footprint) server (Footprint)
snort[21980]: 11 client (Footprint) server (Footprint)
snort[21980]: 11 client (Footprint) server (Footprint)
snort[21980]: 10 client (Footprint) server (Footprint)
snort[21980]: 10 client (Footprint) server (Footprint)
snort[21980]: 9 client (Footprint) server (Footprint)
snort[21980]: 9 client (Footprint) server (Footprint)
snort[21980]: 8 client (Footprint) server (Footprint)
snort[21980]: 8 client (Footprint) server (Footprint)
snort[21980]: 7 client (Footprint) server (Footprint)
snort[21980]: 7 client (Footprint) server (Footprint)
snort[21980]: 6 client (Footprint) server (Footprint)
snort[21980]: 6 client (Footprint) server (Footprint)
snort[21980]: 5 client (Footprint) server (Footprint)
snort[21980]: 5 client (Footprint) server (Footprint)
snort[21980]: 4 client (Footprint) server (Footprint)
snort[21980]: 4 client (Footprint) server (Footprint)
snort[21980]: 3 client (Footprint) server (Footprint)
snort[21980]: 3 client (Footprint) server (Footprint)
snort[21980]: 2 client (Footprint) server (Footprint)
snort[21980]: 2 client (Footprint) server (Footprint)
snort[21980]: 1 client (Footprint) server (Footprint)
snort[21980]: 1 client (Footprint) server (Footprint)
snort[21980]: 0 client (Footprint) server (Footprint)
snort[21980]: 0 client (Footprint) server (Footprint)
snort[21980]: Reassembly Ports:
snort[21980]: Reassembly Ports:
snort[21980]: Static Flushpoint Sizes: YES
snort[21980]: Static Flushpoint Sizes: YES
snort[21980]: Options:
snort[21980]: Options:
snort[21980]: Min ttl: 1
snort[21980]: Min ttl: 1
snort[21980]: Timeout: 30 seconds
snort[21980]: Timeout: 30 seconds
snort[21980]: Reassembly Policy: BSD
snort[21980]: Reassembly Policy: BSD
snort[21980]: Stream5 TCP Policy config:
snort[21980]: Stream5 TCP Policy config:
snort[21980]: Max ICMP sessions: 65536
snort[21980]: Max ICMP sessions: 65536
snort[21980]: Track ICMP sessions: ACTIVE
snort[21980]: Track ICMP sessions: ACTIVE
snort[21980]: Max UDP sessions: 131072
snort[21980]: Max UDP sessions: 131072
snort[21980]: Track UDP sessions: ACTIVE
snort[21980]: Track UDP sessions: ACTIVE
snort[21980]: Memcap (for reassembly packet storage): 8388608
snort[21980]: Memcap (for reassembly packet storage): 8388608
snort[21980]: Max TCP sessions: 8192
snort[21980]: Max TCP sessions: 8192
snort[21980]: Track TCP sessions: ACTIVE
snort[21980]: Track TCP sessions: ACTIVE
snort[21980]: Stream5 global config:
snort[21980]: Stream5 global config:
snort[21980]: Fragment Problems: 1
snort[21980]: Fragment Problems: 1
snort[21980]: Fragment ttl_limit (not used): 5
snort[21980]: Fragment ttl_limit (not used): 5
snort[21980]: Fragment min_ttl: 1
snort[21980]: Fragment min_ttl: 1
snort[21980]: Fragment timeout: 60 seconds
snort[21980]: Fragment timeout: 60 seconds
snort[21980]: Target-based policy: LAST
snort[21980]: Target-based policy: LAST
snort[21980]: Frag3 engine config:
snort[21980]: Frag3 engine config:
snort[21980]: Fragment memory cap: 4194304 bytes
snort[21980]: Fragment memory cap: 4194304 bytes
snort[21980]: Max frags: 8192
snort[21980]: Max frags: 8192
snort[21980]: Frag3 global config:
snort[21980]: Frag3 global config:
snort[21980]: Search-Method = AC-BNFA-Q
snort[21980]: Search-Method = AC-BNFA-Q
snort[21980]: Detection:
snort[21980]: Detection:
snort[21980]:
snort[21980]:
snort[21980]: [ 25 443 465 636 993 995 ]
snort[21980]: [ 25 443 465 636 993 995 ]
snort[21980]: PortVar 'SSL_PORTS' defined :
snort[21980]: PortVar 'SSL_PORTS' defined :
snort[21980]:
snort[21980]:
snort[21980]: [ 25 143 465 691 ]
snort[21980]: [ 25 143 465 691 ]
snort[21980]: PortVar 'MAIL_PORTS' defined :
snort[21980]: PortVar 'MAIL_PORTS' defined :
snort[21980]:
snort[21980]:
snort[21980]: [ 23 ]
snort[21980]: [ 23 ]
snort[21980]: PortVar 'TELNET_PORTS' defined :
snort[21980]: PortVar 'TELNET_PORTS' defined :
snort[21980]:
snort[21980]:
snort[21980]: [ XXX ]
snort[21980]: [ XXX ]
snort[21980]: PortVar 'SSH_PORTS' defined :
snort[21980]: PortVar 'SSH_PORTS' defined :
snort[21980]:
snort[21980]:
snort[21980]: [ 161 ]
snort[21980]: [ 161 ]
snort[21980]: PortVar 'SNMP_PORTS' defined :
snort[21980]: PortVar 'SNMP_PORTS' defined :
snort[21980]:
snort[21980]:
snort[21980]: [ 25 ]
snort[21980]: [ 25 ]
snort[21980]: PortVar 'SMTP_PORTS' defined :
snort[21980]: PortVar 'SMTP_PORTS' defined :
snort[21980]:
snort[21980]:
snort[21980]: [ 139 445 ]
snort[21980]: [ 139 445 ]
snort[21980]: PortVar 'SMB_PORTS' defined :
snort[21980]: PortVar 'SMB_PORTS' defined :
snort[21980]:
snort[21980]:
snort[21980]: [ 514 ]
snort[21980]: [ 514 ]
snort[21980]: PortVar 'RSH_PORTS' defined :
snort[21980]: PortVar 'RSH_PORTS' defined :
snort[21980]:
snort[21980]:
snort[21980]: [ 513 ]
snort[21980]: [ 513 ]
snort[21980]: PortVar 'RLOGIN_PORTS' defined :
snort[21980]: PortVar 'RLOGIN_PORTS' defined :
snort[21980]:
snort[21980]:
snort[21980]: [ 111 32770:32779 ]
snort[21980]: [ 111 32770:32779 ]
snort[21980]: PortVar 'SUNRPC_PORTS' defined :
snort[21980]: PortVar 'SUNRPC_PORTS' defined :
snort[21980]:
snort[21980]:
snort[21980]: [ 110 ]
snort[21980]: [ 110 ]
snort[21980]: PortVar 'POP3_PORTS' defined :
snort[21980]: PortVar 'POP3_PORTS' defined :
snort[21980]:
snort[21980]:
snort[21980]: [ 109 ]
snort[21980]: [ 109 ]
snort[21980]: PortVar 'POP2_PORTS' defined :
snort[21980]: PortVar 'POP2_PORTS' defined :
snort[21980]:
snort[21980]:
snort[21980]: [ 119 ]
snort[21980]: [ 119 ]
snort[21980]: PortVar 'NNTP_PORTS' defined :
snort[21980]: PortVar 'NNTP_PORTS' defined :
snort[21980]:
snort[21980]:
snort[21980]: [ 1433 ]
snort[21980]: [ 1433 ]
snort[21980]: PortVar 'MSSQL_PORTS' defined :
snort[21980]: PortVar 'MSSQL_PORTS' defined :
snort[21980]:
snort[21980]:
snort[21980]: [ 6665:6669 7000 ]
snort[21980]: [ 6665:6669 7000 ]
snort[21980]: PortVar 'IRC_PORTS' defined :
snort[21980]: PortVar 'IRC_PORTS' defined :
snort[21980]:
snort[21980]:
snort[21980]: [ 143 ]
snort[21980]: [ 143 ]
snort[21980]: PortVar 'IMAP_PORTS' defined :
snort[21980]: PortVar 'IMAP_PORTS' defined :
snort[21980]:
snort[21980]:
snort[21980]: [ 21 ]
snort[21980]: [ 21 ]
snort[21980]: PortVar 'FTP_PORTS' defined :
snort[21980]: PortVar 'FTP_PORTS' defined :
snort[21980]:
snort[21980]:
snort[21980]: [ 79 ]
snort[21980]: [ 79 ]
snort[21980]: PortVar 'FINGER_PORTS' defined :
snort[21980]: PortVar 'FINGER_PORTS' defined :
snort[21980]:
snort[21980]:
snort[21980]: [ 53 ]
snort[21980]: [ 53 ]
snort[21980]: PortVar 'DNS_PORTS' defined :
snort[21980]: PortVar 'DNS_PORTS' defined :
snort[21980]:
snort[21980]:
snort[21980]: [ 113 ]
snort[21980]: [ 113 ]
snort[21980]: PortVar 'AUTH_PORTS' defined :
snort[21980]: PortVar 'AUTH_PORTS' defined :
snort[21980]:
snort[21980]:
snort[21980]: [ 1521 ]
snort[21980]: [ 1521 ]
snort[21980]: PortVar 'ORACLE_PORTS' defined :
snort[21980]: PortVar 'ORACLE_PORTS' defined :
snort[21980]:
snort[21980]:
snort[21980]: [ 0:79 81:65535 ]
snort[21980]: [ 0:79 81:65535 ]
snort[21980]: PortVar 'SHELLCODE_PORTS' defined :
snort[21980]: PortVar 'SHELLCODE_PORTS' defined :
snort[21980]:
snort[21980]:
snort[21980]: [ 80 ]
snort[21980]: [ 80 ]
snort[21980]: PortVar 'HTTP_PORTS' defined :
snort[21980]: PortVar 'HTTP_PORTS' defined :
snort[21980]: Parsing Rules file /usr/local/etc/snort/snort.conf
snort[21980]: Parsing Rules file /usr/local/etc/snort/snort.conf
snort[52032]: Snort exiting
snort[52032]: Snort exiting
snort[52032]: ===============================================================================
snort[52032]: ===============================================================================
snort[52032]: Total packets processed: 12855573
snort[52032]: Total packets processed: 12855573
snort[52032]: Self-referencing paths ("./"): 0
snort[52032]: Self-referencing paths ("./"): 0
snort[52032]: Extra slashes ("//"): 214
snort[52032]: Extra slashes ("//"): 214
snort[52032]: Directory traversals: 0
snort[52032]: Directory traversals: 0
snort[52032]: Base 36: 0
snort[52032]: Base 36: 0
snort[52032]: Non-ASCII representable: 4914
snort[52032]: Non-ASCII representable: 4914
snort[52032]: Double unicode: 0
snort[52032]: Double unicode: 0
snort[52032]: Unicode: 166
snort[52032]: Unicode: 166
snort[52032]: Post parameters extracted: 100
snort[52032]: Post parameters extracted: 100
snort[52032]: GET methods: 2277
snort[52032]: GET methods: 2277
snort[52032]: POST methods: 195
snort[52032]: POST methods: 195
snort[52032]: HTTP Inspect - encodings (Note: stream-reassembled packets included):
snort[52032]: HTTP Inspect - encodings (Note: stream-reassembled packets included):
snort[52032]: ===============================================================================
snort[52032]: ===============================================================================
snort[52032]: Events: 0
snort[52032]: Events: 0
snort[52032]: UDP Discards: 0
snort[52032]: UDP Discards: 0
snort[52032]: UDP Timeouts: 217
snort[52032]: UDP Timeouts: 217
snort[52032]: UDP Sessions Deleted: 16298
snort[52032]: UDP Sessions Deleted: 16298
snort[52032]: UDP Sessions Created: 16298
snort[52032]: UDP Sessions Created: 16298
snort[52032]: TCP Discards: 310272
snort[52032]: TCP Discards: 310272
snort[52032]: TCP Segments Used: 8764130
snort[52032]: TCP Segments Used: 8764130
snort[52032]: TCP Rebuilt Packets: 3769643
snort[52032]: TCP Rebuilt Packets: 3769643
snort[52032]: TCP Segments Released: 8774120
snort[52032]: TCP Segments Released: 8774120
snort[52032]: TCP Segments Queued: 8774120
snort[52032]: TCP Segments Queued: 8774120
snort[52032]: TCP Overlaps: 275636
snort[52032]: TCP Overlaps: 275636
snort[52032]: TCP Timeouts: 2797
snort[52032]: TCP Timeouts: 2797
snort[52032]: TCP StreamTrackers Deleted: 17427
snort[52032]: TCP StreamTrackers Deleted: 17427
snort[52032]: TCP StreamTrackers Created: 17427
snort[52032]: TCP StreamTrackers Created: 17427
snort[52032]: ICMP Prunes: 0
snort[52032]: ICMP Prunes: 0
snort[52032]: UDP Prunes: 0
snort[52032]: UDP Prunes: 0
snort[52032]: TCP Prunes: 0
snort[52032]: TCP Prunes: 0
snort[52032]: ICMP sessions: 0
snort[52032]: ICMP sessions: 0
snort[52032]: UDP sessions: 16081
snort[52032]: UDP sessions: 16081
snort[52032]: TCP sessions: 14949
snort[52032]: TCP sessions: 14949
snort[52032]: Total sessions: 31030
snort[52032]: Total sessions: 31030
snort[52032]: Stream5 statistics:
snort[52032]: Stream5 statistics:
snort[52032]: ===============================================================================
snort[52032]: ===============================================================================
snort[52032]: Frag Nodes Deleted: 0
snort[52032]: Frag Nodes Deleted: 0
snort[52032]: Frag Nodes Inserted: 0
snort[52032]: Frag Nodes Inserted: 0
snort[52032]: FragTrackers Auto Freed: 0
snort[52032]: FragTrackers Auto Freed: 0
snort[52032]: FragTrackers Dumped: 0
snort[52032]: FragTrackers Dumped: 0
snort[52032]: FragTrackers Added: 0
snort[52032]: FragTrackers Added: 0
snort[52032]: Alerts: 0
snort[52032]: Alerts: 0
snort[52032]: Anomalies: 0
snort[52032]: Anomalies: 0
snort[52032]: Overlaps: 0
snort[52032]: Overlaps: 0
snort[52032]: Timeouts: 0
snort[52032]: Timeouts: 0
snort[52032]: Memory Faults: 0
snort[52032]: Memory Faults: 0
snort[52032]: Discards: 0
snort[52032]: Discards: 0
snort[52032]: Frags Reassembled: 0
snort[52032]: Frags Reassembled: 0
snort[52032]: Total Fragments: 0
snort[52032]: Total Fragments: 0
snort[52032]: Frag3 statistics:
snort[52032]: Frag3 statistics:
snort[52032]: ===============================================================================
snort[52032]: ===============================================================================
snort[52032]: PASSED: 0
snort[52032]: PASSED: 0
snort[52032]: LOGGED: 8
snort[52032]: LOGGED: 8
snort[52032]: ALERTS: 8
snort[52032]: ALERTS: 8
snort[52032]: Action Stats:
snort[52032]: Action Stats:
snort[52032]: ===============================================================================
snort[52032]: ===============================================================================
snort[52032]: Total: 15704925
snort[52032]: Total: 15704925
snort[52032]: S5 G 2: 8828 (0.056%)
snort[52032]: S5 G 2: 8828 (0.056%)
snort[52032]: S5 G 1: 8483 (0.054%)
snort[52032]: S5 G 1: 8483 (0.054%)
snort[52032]: InvChkSum: 32 (0.000%)
snort[52032]: InvChkSum: 32 (0.000%)
snort[52032]: DISCARD: 0 (0.000%)
snort[52032]: DISCARD: 0 (0.000%)
snort[52032]: OTHER: 2700 (0.017%)
snort[52032]: OTHER: 2700 (0.017%)
snort[52032]: IPX: 0 (0.000%)
snort[52032]: IPX: 0 (0.000%)
snort[52032]: ETHLOOP: 0 (0.000%)
snort[52032]: ETHLOOP: 0 (0.000%)
snort[52032]: EAPOL: 0 (0.000%)
snort[52032]: EAPOL: 0 (0.000%)
snort[52032]: ARP: 318 (0.002%)
snort[52032]: ARP: 318 (0.002%)
snort[52032]: FRAG 6: 0 (0.000%)
snort[52032]: FRAG 6: 0 (0.000%)
snort[52032]: FRAG: 0 (0.000%)
snort[52032]: FRAG: 0 (0.000%)
snort[52032]: ICMPdis: 0 (0.000%)
snort[52032]: ICMPdis: 0 (0.000%)
snort[52032]: UDPdisc: 0 (0.000%)
snort[52032]: UDPdisc: 0 (0.000%)
snort[52032]: TCPdisc: 0 (0.000%)
snort[52032]: TCPdisc: 0 (0.000%)
snort[52032]: ICMP: 11307 (0.072%)
snort[52032]: ICMP: 11307 (0.072%)
snort[52032]: UDP: 26604 (0.169%)
snort[52032]: UDP: 26604 (0.169%)
snort[52032]: TCP: 15646685 (99.629%)
snort[52032]: TCP: 15646685 (99.629%)
snort[52032]: ICMP-IP: 0 (0.000%)
snort[52032]: ICMP-IP: 0 (0.000%)
snort[52032]: ICMP6: 0 (0.000%)
snort[52032]: ICMP6: 0 (0.000%)
snort[52032]: UDP 6: 0 (0.000%)
snort[52032]: UDP 6: 0 (0.000%)
snort[52032]: TCP 6: 0 (0.000%)
snort[52032]: TCP 6: 0 (0.000%)
snort[52032]: IP4disc: 0 (0.000%)
snort[52032]: IP4disc: 0 (0.000%)
snort[52032]: IP4: 15704607 (99.998%)
snort[52032]: IP4: 15704607 (99.998%)
snort[52032]: IP6disc: 0 (0.000%)
snort[52032]: IP6disc: 0 (0.000%)
snort[52032]: IP6opts: 0 (0.000%)
snort[52032]: IP6opts: 0 (0.000%)
snort[52032]: IP6 EXT: 0 (0.000%)
snort[52032]: IP6 EXT: 0 (0.000%)
snort[52032]: IPV6: 0 (0.000%)
snort[52032]: IPV6: 0 (0.000%)
snort[52032]: VLAN: 0 (0.000%)
snort[52032]: VLAN: 0 (0.000%)
snort[52032]: ETHdisc: 0 (0.000%)
snort[52032]: ETHdisc: 0 (0.000%)
snort[52032]: ETH: 15704925 (100.000%)
snort[52032]: ETH: 15704925 (100.000%)
snort[52032]: Breakdown by protocol (includes rebuilt packets):
snort[52032]: Breakdown by protocol (includes rebuilt packets):
snort[52032]: ===============================================================================
snort[52032]: ===============================================================================
snort[52032]: Outstanding: 0 (0.000%)
snort[52032]: Outstanding: 0 (0.000%)
snort[52032]: Dropped: 0 (0.000%)
snort[52032]: Dropped: 0 (0.000%)
snort[52032]: Analyzed: 15687614 (100.000%)
snort[52032]: Analyzed: 15687614 (100.000%)
snort[52032]: Received: 15687614
snort[52032]: Received: 15687614
snort[52032]: Packet Wire Totals:
snort[52032]: Packet Wire Totals:
snort[52032]: ===============================================================================
snort[52032]: ===============================================================================
snort[52032]: *** Caught Term-Signal
snort[52032]: *** Caught Term-Signal
snort2c[52103]: snort2c running in daemon mode pid: 52103
snort2c[52103]: snort2c running in daemon mode pid: 52103
snort[52032]: Not Using PCAP_FRAMES
snort[52032]: Not Using PCAP_FRAMES
snort[52032]: Snort initialization completed successfully (pid=52032)
snort[52032]: Snort initialization completed successfully (pid=52032)
snort[52032]: Daemon initialized, signaled parent pid: 52031
snort[52032]: Daemon initialized, signaled parent pid: 52031
snort[52031]: Daemon parent exiting
snort[52031]: Daemon parent exiting
snort[52032]: Writing PID "52032" to file "/var/run//snort_xl0.pid"
snort[52032]: Writing PID "52032" to file "/var/run//snort_xl0.pid"
snort[52032]: PID path stat checked out ok, PID path set to /var/run/
snort[52032]: PID path stat checked out ok, PID path set to /var/run/
snort[52031]: Initializing daemon mode
snort[52031]: Initializing daemon mode
snort[52031]: 0 out of 512 flowbits in use.
snort[52031]: 0 out of 512 flowbits in use.
snort[52031]: Log directory = /var/log/snort
snort[52031]: Log directory = /var/log/snort
snort[52031]: Rule application order: activation->dynamic->pass->drop->alert->log
snort[52031]: Rule application order: activation->dynamic->pass->drop->alert->log
snort[52031]: –-----------------------------------------------------------------------------
snort[52031]: –-----------------------------------------------------------------------------
snort[52031]: | none
snort[52031]: | none
snort[52031]: +–---------------------[suppression]–----------------------------------------

log_snort_070509.txt

plsvw39c

Problem behoben, es lag an der Zuordnung des SNORT Interface, dieses muss bei Standard Konfiguration auf WAN stehen um ein Online Update durchzuführen, danach kann es manuell Konfiguriert werden.

Cu
plsvw39c