Need to verify if I am being spoofed or hacked
-
Need help understanding what is happening after the snort notification show the alert. It seems that a 7:50:30am some IP sends some files and then the snort starts notifying of a possible spoof, can someone help me understand that is happening. Greatly appreciate any help, I have drilled google without luck on understanding what is happening.
May 11 07:50:30 snort 46192 spo_pf -> Firewall interface IP address change notification monitoring thread started.
May 11 07:50:30 snort 46192 spo_pf -> adding firewall interface lo0 IPv4 address 10.10.10.1 to automatic interface IP Pass List.
May 11 07:50:30 snort 46192 spo_pf -> adding firewall interface lo0 IPv4 address 127.0.0.1 to automatic interface IP Pass List.
May 11 07:50:30 snort 46192 spo_pf -> adding firewall interface lo0 IPv6 address fe80::1 to automatic interface IP Pass List.
May 11 07:50:30 snort 46192 spo_pf -> adding firewall interface lo0 IPv6 address ::1 to automatic interface IP Pass List.
May 11 07:50:30 snort 46192 spo_pf -> adding firewall interface igb3 IPv4 address 192.168.30.1 to automatic interface IP Pass List.
May 11 07:50:30 snort 46192 spo_pf -> adding firewall interface igb3 IPv6 address fe80::2e0:67ff:fe21:5ff3 to automatic interface IP Pass List.
May 11 07:50:30 snort 46192 spo_pf -> adding firewall interface igb2 IPv4 address 192.168.20.1 to automatic interface IP Pass List.
May 11 07:50:30 snort 46192 spo_pf -> adding firewall interface igb2 IPv6 address fe80::2e0:67ff:fe21:5ff2 to automatic interface IP Pass List.
May 11 07:50:30 snort 46192 spo_pf -> adding firewall interface igb1 IPv4 address 10.0.0.75 to automatic interface IP Pass List.
May 11 07:50:30 snort 46192 spo_pf -> adding firewall interface igb1 IPv6 address fe80::2e0:67ff:fe21:5ff1 to automatic interface IP Pass List.
May 11 07:50:30 snort 46192 spo_pf -> adding firewall interface igb0 IPv4 address 10.0.0.74 to automatic interface IP Pass List.
May 11 07:50:30 snort 46192 spo_pf -> adding firewall interface igb0 IPv6 address fe80::2e0:67ff:fe21:5ff0 to automatic interface IP Pass List.
May 11 07:50:30 snort 46192 [1:26989:7] FILE-OTHER Multiple products ZIP archive virus detection bypass attempt [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 34.104.35.123:80 -> 192.168.30.110:40370