Pfsense WAN pppoe isp account desapeard
-
This is the weirdest thing ever seen.
I am running Snort(lowmem),Nut,Nmap,and PPTP,using a commel mini-itx PIII 667mhz 768 Mb ramshort time line :
1:47 -disable PPPOE server
enable PPTP
@ 7:23 the connection to the ISP was lost .10.6.30.254 04/02/08 07:29:24 04/02/08 07:29:24 system Info mpd Warning: no secret for "" found
10.6.30.254 04/02/08 07:29:24 04/02/08 07:29:24 system Info mpd mpd: empty auth name
10.6.30.254 04/02/08 07:29:24 04/02/08 07:29:24 system Info mpd [pppoe] PAP: using authname ""Also found this
10.6.30.254 04/02/08 07:25:45 04/02/08 07:25:45 system Info snortstartup[1496] Ram free BEFORE starting Snort: 18M – Ram free AFTER starting Snort: 19M -- Mode lowmem -- Snort memory usage:
Just a question ,i did install this box fresh,but i used an old config from 1.0.1 is theres anything that may cause conflicts ?
Thank you -
We are upgrading the config on import but a lot of things have happened between 1.0.1 and 1.2. Ther emight be edgecases where this is not working. Can you retest with a factory default config and try to reproduce the error? If it happens with a fresh 1.2 config and you show us the steps how to reproduce it we can start debugging.
-
This install e fresh i only uploaded the config from 1.01
4 now i'll just leave it has it is i just putted the user and pass for my ISP back,if i get this again i'll send you the system log of my syslog server .
I had this before once i changed my network cards ,but this time i did do that,i was changing to an Intel dual ethernet 32 bit pci card.I'll stay alert .
There is always the possibility of some sort of problem with the hardware (specially the Nics they are used -ebay)
for some reason have the felling Snort has something to do with it this time i never seen snort leaving so little memory on my system.I am just being lazy :P to avoid all the work with the rules,traffic shaping,dhcp,captive portal,etc… but if it continuous ill have to put my self to work and create the config from scratch.
Edit: i did some more testing trying to get the same error but without success.
-
The problem came back.
something made it restart and after the ISP PPPOe account (user and password) vanished .
Please not that there is a gap in 19:46 ,the system rebooted @ this time10.6.30.254 04/05/08 19:45:13 04/05/08 19:45:07 pfsense system Info mpd [pt0] LCP: Down event
10.6.30.254 04/05/08 19:45:13 04/05/08 19:45:07 pfsense system Info mpd [pt0] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:45:13 04/05/08 19:45:07 pfsense system Info mpd [pt0] pausing 7 seconds before open
10.6.30.254 04/05/08 19:45:13 04/05/08 19:45:07 pfsense system Info mpd [pt0] device is now in state DOWN
10.6.30.254 04/05/08 19:45:20 04/05/08 19:45:14 pfsense system Info mpd [pt0] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:45:20 04/05/08 19:45:14 pfsense system Info mpd [pt0] pausing 2 seconds before open
10.6.30.254 04/05/08 19:45:20 04/05/08 19:45:14 pfsense system Info mpd [pt0] device is now in state DOWN
10.6.30.254 04/05/08 19:45:22 04/05/08 19:45:16 pfsense system Info mpd [pt0] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:45:22 04/05/08 19:45:16 pfsense system Info mpd [pt0] pptp originate option is not enabled
10.6.30.254 04/05/08 19:45:22 04/05/08 19:45:16 pfsense system Info mpd [pt0] device is now in state OPENING
10.6.30.254 04/05/08 19:45:22 04/05/08 19:45:16 pfsense system Info mpd [pt0] device: DOWN event in state OPENING
10.6.30.254 04/05/08 19:45:22 04/05/08 19:45:16 pfsense system Info mpd [pt0] device is now in state DOWN
10.6.30.254 04/05/08 19:45:22 04/05/08 19:45:16 pfsense system Info mpd [pt0] link: DOWN event
10.6.30.254 04/05/08 19:45:22 04/05/08 19:45:16 pfsense system Info mpd [pt0] LCP: Down event
10.6.30.254 04/05/08 19:45:22 04/05/08 19:45:16 pfsense system Info mpd [pt0] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:45:22 04/05/08 19:45:16 pfsense system Info mpd [pt0] pausing 9 seconds before open
10.6.30.254 04/05/08 19:45:22 04/05/08 19:45:16 pfsense system Info mpd [pt0] device is now in state DOWN
10.6.30.254 04/05/08 19:45:31 04/05/08 19:45:25 pfsense system Info mpd [pt0] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:45:31 04/05/08 19:45:25 pfsense system Info mpd [pt0] pptp originate option is not enabled
10.6.30.254 04/05/08 19:45:31 04/05/08 19:45:25 pfsense system Info mpd [pt0] device is now in state OPENING
10.6.30.254 04/05/08 19:45:31 04/05/08 19:45:25 pfsense system Info mpd [pt0] device: DOWN event in state OPENING
10.6.30.254 04/05/08 19:45:31 04/05/08 19:45:25 pfsense system Info mpd [pt0] device is now in state DOWN
10.6.30.254 04/05/08 19:45:31 04/05/08 19:45:25 pfsense system Info mpd [pt0] link: DOWN event
10.6.30.254 04/05/08 19:45:31 04/05/08 19:45:25 pfsense system Info mpd [pt0] LCP: Down event
10.6.30.254 04/05/08 19:45:31 04/05/08 19:45:25 pfsense system Info mpd [pt0] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:45:31 04/05/08 19:45:25 pfsense system Info mpd [pt0] pausing 9 seconds before open
10.6.30.254 04/05/08 19:45:31 04/05/08 19:45:25 pfsense system Info mpd [pt0] device is now in state DOWN
10.6.30.254 04/05/08 19:45:40 04/05/08 19:45:34 pfsense system Info mpd [pt0] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:45:40 04/05/08 19:45:34 pfsense system Info mpd [pt0] pptp originate option is not enabled
10.6.30.254 04/05/08 19:45:40 04/05/08 19:45:34 pfsense system Info mpd [pt0] device is now in state OPENING
10.6.30.254 04/05/08 19:45:40 04/05/08 19:45:34 pfsense system Info mpd [pt0] device: DOWN event in state OPENING
10.6.30.254 04/05/08 19:45:40 04/05/08 19:45:34 pfsense system Info mpd [pt0] device is now in state DOWN
10.6.30.254 04/05/08 19:45:40 04/05/08 19:45:34 pfsense system Info mpd [pt0] link: DOWN event
10.6.30.254 04/05/08 19:45:40 04/05/08 19:45:34 pfsense system Info mpd [pt0] LCP: Down event
10.6.30.254 04/05/08 19:45:40 04/05/08 19:45:34 pfsense system Info mpd [pt0] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:45:40 04/05/08 19:45:34 pfsense system Info mpd [pt0] pausing 9 seconds before open
10.6.30.254 04/05/08 19:45:40 04/05/08 19:45:34 pfsense system Info mpd [pt0] device is now in state DOWN
10.6.30.254 04/05/08 19:45:49 04/05/08 19:45:43 pfsense system Info mpd [pt0] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:45:49 04/05/08 19:45:43 pfsense system Info mpd [pt0] pptp originate option is not enabled
10.6.30.254 04/05/08 19:45:49 04/05/08 19:45:43 pfsense system Info mpd [pt0] device is now in state OPENING
10.6.30.254 04/05/08 19:45:49 04/05/08 19:45:43 pfsense system Info mpd [pt0] device: DOWN event in state OPENING
10.6.30.254 04/05/08 19:45:49 04/05/08 19:45:43 pfsense system Info mpd [pt0] device is now in state DOWN
10.6.30.254 04/05/08 19:45:49 04/05/08 19:45:43 pfsense system Info mpd [pt0] link: DOWN event
10.6.30.254 04/05/08 19:45:49 04/05/08 19:45:43 pfsense system Info mpd [pt0] LCP: Down event
10.6.30.254 04/05/08 19:45:49 04/05/08 19:45:43 pfsense system Info mpd [pt0] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:45:49 04/05/08 19:45:43 pfsense system Info mpd [pt0] pausing 7 seconds before open
10.6.30.254 04/05/08 19:45:49 04/05/08 19:45:43 pfsense system Info mpd [pt0] device is now in state DOWN
10.6.30.254 04/05/08 19:47:06 04/05/08 19:47:04 system Info mpd mpd: pid 229, version 3.18 (root@freebsd6.geekgod.com 12:32 6-Jan-2008)
10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:05 secur/auth Error sshlockout[243] sshlockout starting up
10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] ppp node is "mpd229-pppoe"
10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] exec: /sbin/ifconfig fxp0 up
10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] using interface ng0
10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] IPCP: peer address cannot be zero
10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] IFACE: Open event
10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] IPCP: Open event
10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] IPCP: state change Initial –> Starting
10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] IPCP: LayerStart
10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] bundle: OPEN event in state CLOSED
10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] opening link "pppoe"…
10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] link: OPEN event
10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] LCP: Open event
10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] LCP: state change Initial –> Starting
10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] LCP: LayerStart
10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] device is now in state OPENING
10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] rec'd ACNAME "far-br1"
10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 secur/auth Info sshd[242] Server listening on :: port 22.
10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 secur/auth Info sshd[242] Server listening on 0.0.0.0 port 22.
10.6.30.254 04/05/08 19:47:16 04/05/08 19:47:13 system Info mpd [pppoe] PPPoE connection timeout after 9 seconds
10.6.30.254 04/05/08 19:47:16 04/05/08 19:47:13 system Info mpd [pppoe] device: DOWN event in state OPENING
10.6.30.254 04/05/08 19:47:16 04/05/08 19:47:13 system Info mpd [pppoe] device is now in state DOWN
10.6.30.254 04/05/08 19:47:16 04/05/08 19:47:13 system Info mpd [pppoe] link: DOWN event
10.6.30.254 04/05/08 19:47:16 04/05/08 19:47:13 system Info mpd [pppoe] LCP: Down event
10.6.30.254 04/05/08 19:47:16 04/05/08 19:47:13 system Info mpd [pppoe] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:47:16 04/05/08 19:47:13 system Info mpd [pppoe] pausing 4 seconds before open
10.6.30.254 04/05/08 19:47:16 04/05/08 19:47:13 system Info mpd [pppoe] device is now in state DOWN
10.6.30.254 04/05/08 19:47:20 04/05/08 19:47:17 system Info mpd [pppoe] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:47:20 04/05/08 19:47:17 system Info mpd [pppoe] pausing 2 seconds before open
10.6.30.254 04/05/08 19:47:20 04/05/08 19:47:17 system Info mpd [pppoe] device is now in state DOWN
10.6.30.254 04/05/08 19:47:22 04/05/08 19:47:19 system Info mpd [pppoe] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:47:22 04/05/08 19:47:19 system Info mpd [pppoe] device is now in state OPENING
10.6.30.254 04/05/08 19:47:22 04/05/08 19:47:19 system Info mpd [pppoe] rec'd ACNAME "far-br1"
10.6.30.254 04/05/08 19:47:31 04/05/08 19:47:28 system Info mpd [pppoe] PPPoE connection timeout after 9 seconds
10.6.30.254 04/05/08 19:47:31 04/05/08 19:47:28 system Info mpd [pppoe] device: DOWN event in state OPENING
10.6.30.254 04/05/08 19:47:31 04/05/08 19:47:28 system Info mpd [pppoe] device is now in state DOWN
10.6.30.254 04/05/08 19:47:31 04/05/08 19:47:28 system Info mpd [pppoe] link: DOWN event
10.6.30.254 04/05/08 19:47:31 04/05/08 19:47:28 system Info mpd [pppoe] LCP: Down event
10.6.30.254 04/05/08 19:47:31 04/05/08 19:47:28 system Info mpd [pppoe] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:47:31 04/05/08 19:47:28 system Info mpd [pppoe] pausing 6 seconds before open
10.6.30.254 04/05/08 19:47:31 04/05/08 19:47:28 system Info mpd [pppoe] device is now in state DOWN
10.6.30.254 04/05/08 19:47:37 04/05/08 19:47:34 system Info mpd [pppoe] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:47:37 04/05/08 19:47:34 system Info mpd [pppoe] device is now in state OPENING
10.6.30.254 04/05/08 19:47:37 04/05/08 19:47:34 system Info mpd [pppoe] rec'd ACNAME "far-br1"
10.6.30.254 04/05/08 19:47:46 04/05/08 19:47:43 system Info mpd [pppoe] PPPoE connection timeout after 9 seconds
10.6.30.254 04/05/08 19:47:46 04/05/08 19:47:43 system Info mpd [pppoe] device: DOWN event in state OPENING
10.6.30.254 04/05/08 19:47:46 04/05/08 19:47:43 system Info mpd [pppoe] device is now in state DOWN
10.6.30.254 04/05/08 19:47:46 04/05/08 19:47:43 system Info mpd [pppoe] link: DOWN event
10.6.30.254 04/05/08 19:47:46 04/05/08 19:47:43 system Info mpd [pppoe] LCP: Down event
10.6.30.254 04/05/08 19:47:46 04/05/08 19:47:43 system Info mpd [pppoe] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:47:46 04/05/08 19:47:43 system Info mpd [pppoe] pausing 4 seconds before open
10.6.30.254 04/05/08 19:47:46 04/05/08 19:47:43 system Info mpd [pppoe] device is now in state DOWN
10.6.30.254 04/05/08 19:47:47 04/05/08 19:47:45 local 0 Info pf tcpdump: WARNING: pflog0: no IPv4 address assigned
10.6.30.254 04/05/08 19:47:47 04/05/08 19:47:45 local 0 Info pf tcpdump: listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 96 bytes
10.6.30.254 04/05/08 19:47:50 04/05/08 19:47:47 system Warning openvpn[349] Use –help for more information.
10.6.30.254 04/05/08 19:47:50 04/05/08 19:47:47 system Error openvpn[349] Options error: Unrecognized option or missing parameter(s) in /var/etc/openvpn_server0.conf:14: lport (2.0.6)
10.6.30.254 04/05/08 19:47:50 04/05/08 19:47:47 system Info mpd [pppoe] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:47:50 04/05/08 19:47:47 system Info mpd [pppoe] pausing 2 seconds before open
10.6.30.254 04/05/08 19:47:50 04/05/08 19:47:47 system Info mpd [pppoe] device is now in state DOWN
10.6.30.254 04/05/08 19:47:51 04/05/08 19:47:49 system Warning openvpn[353] Use –help for more information.
10.6.30.254 04/05/08 19:47:51 04/05/08 19:47:49 system Error openvpn[353] Options error: Unrecognized option or missing parameter(s) in /var/etc/openvpn_client0.conf:14: remote (2.0.6)
10.6.30.254 04/05/08 19:47:52 04/05/08 19:47:49 system Info mpd [pppoe] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:47:52 04/05/08 19:47:49 system Info mpd [pppoe] device is now in state OPENING
10.6.30.254 04/05/08 19:47:52 04/05/08 19:47:49 system Info mpd [pppoe] rec'd ACNAME "far-br1"
10.6.30.254 04/05/08 19:48:00 04/05/08 19:47:58 system Notice snort2c[520] snort2c running in daemon mode pid: 520
10.6.30.254 04/05/08 19:48:01 04/05/08 19:47:58 system Notice pftpx[530] listening on 127.0.0.1 port 8021
10.6.30.254 04/05/08 19:48:01 04/05/08 19:47:58 system Notice pftpx[538] listening on 127.0.0.1 port 8022
10.6.30.254 04/05/08 19:48:01 04/05/08 19:47:58 system Info mpd [pppoe] PPPoE connection timeout after 9 seconds
10.6.30.254 04/05/08 19:48:01 04/05/08 19:47:58 system Info mpd [pppoe] device: DOWN event in state OPENING
10.6.30.254 04/05/08 19:48:01 04/05/08 19:47:58 system Info mpd [pppoe] device is now in state DOWN
10.6.30.254 04/05/08 19:48:01 04/05/08 19:47:58 system Info mpd [pppoe] link: DOWN event
10.6.30.254 04/05/08 19:48:01 04/05/08 19:47:58 system Info mpd [pppoe] LCP: Down event
10.6.30.254 04/05/08 19:48:01 04/05/08 19:47:58 system Info mpd [pppoe] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:48:01 04/05/08 19:47:58 system Info mpd [pppoe] pausing 4 seconds before open
10.6.30.254 04/05/08 19:48:01 04/05/08 19:47:58 system Info mpd [pppoe] device is now in state DOWN
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:01 system Info dhcpd Internet Systems Consortium DHCP Server V3.0.5
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:01 system Info dhcpd Copyright 2004-2006 Internet Systems Consortium.
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:01 system Info dhcpd All rights reserved.
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:01 system Info dhcpd For info, please visit http://www.isc.org/sw/dhcp/
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 local 7 Info dhcpd Internet Systems Consortium DHCP Server V3.0.5
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 local 7 Info dhcpd Copyright 2004-2006 Internet Systems Consortium.
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 local 7 Info dhcpd All rights reserved.
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 local 7 Info dhcpd For info, please visit http://www.isc.org/sw/dhcp/
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 local 7 Info dhcpd Wrote 0 deleted host decls to leases file.
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 local 7 Info dhcpd Wrote 0 new dynamic host decls to leases file.
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 local 7 Info dhcpd Wrote 10 leases to leases file.
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 local 7 Info dhcpd Listening on BPF/fxp1/00:d0:b7:81:7c:75/10.6.30/24
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 local 7 Info dhcpd Sending on BPF/fxp1/00:d0:b7:81:7c:75/10.6.30/24
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 local 7 Info dhcpd Sending on Socket/fallback/fallback-net
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info dnsmasq[626] started, version 2.39 cachesize 150
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info dnsmasq[626] compile time options: IPv6 GNU-getopt ISC-leasefile no-DBus no-I18N TFTP
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info dnsmasq[626] reading /var/dhcpd/var/db/dhcpd.leases
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info dnsmasq[626] reading /etc/resolv.conf
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info dnsmasq[626] using nameserver 208.67.222.222#53
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info dnsmasq[626] using nameserver 208.67.220.220#53
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info dnsmasq[626] read /etc/hosts - 2 addresses
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd mpd: pid 639, version 3.18 (root@freebsd6.geekgod.com 12:32 6-Jan-2008)
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd [pt0] ppp node is "mpd639-pt0"
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd mpd: local IP address for PPTP is 0.0.0.0
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd [pt0] using interface ng1
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd [pt1] ppp node is "mpd639-pt1"
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd [pt1] using interface ng2
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd [pt2] ppp node is "mpd639-pt2"
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd [pt2] using interface ng3
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd [pt3] ppp node is "mpd639-pt3"
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd [pt3] using interface ng4
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd [pt4] ppp node is "mpd639-pt4"
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd [pt4] using interface ng5
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd [pt5] ppp node is "mpd639-pt5"
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd [pt5] using interface ng6
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd [pt6] ppp node is "mpd639-pt6"
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd [pt6] using interface ng7
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd [pt7] ppp node is "mpd639-pt7"
10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt7] using interface ng8
10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt8] ppp node is "mpd639-pt8"
10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt8] using interface ng9
10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt9] ppp node is "mpd639-pt9"
10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt9] using interface ng10
10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt10] ppp node is "mpd639-pt10"
10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt10] using interface ng11
10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt11] ppp node is "mpd639-pt11"
10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt11] using interface ng12
10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt12] ppp node is "mpd639-pt12"
10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt12] using interface ng13
10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt13] ppp node is "mpd639-pt13"
10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt13] using interface ng14
10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt14] ppp node is "mpd639-pt14"
10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt14] using interface ng15
10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt15] ppp node is "mpd639-pt15"
10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt15] using interface ng16
10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pppoe] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pppoe] pausing 1 seconds before open
10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pppoe] device is now in state DOWN
10.6.30.254 04/05/08 19:48:06 04/05/08 19:48:03 system Info mpd [pppoe] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:48:06 04/05/08 19:48:03 system Info mpd [pppoe] device is now in state OPENING
10.6.30.254 04/05/08 19:48:06 04/05/08 19:48:03 system Info mpd [pppoe] rec'd ACNAME "far-br1"
10.6.30.254 04/05/08 19:48:10 04/05/08 19:48:08 system Info dhcpd Internet Systems Consortium DHCP Server V3.0.5
10.6.30.254 04/05/08 19:48:10 04/05/08 19:48:08 system Info dhcpd Copyright 2004-2006 Internet Systems Consortium.
10.6.30.254 04/05/08 19:48:10 04/05/08 19:48:08 system Info dhcpd All rights reserved.
10.6.30.254 04/05/08 19:48:10 04/05/08 19:48:08 system Info dhcpd For info, please visit http://www.isc.org/sw/dhcp/
10.6.30.254 04/05/08 19:48:10 04/05/08 19:48:08 local 7 Info dhcpd Internet Systems Consortium DHCP Server V3.0.5
10.6.30.254 04/05/08 19:48:10 04/05/08 19:48:08 local 7 Info dhcpd Copyright 2004-2006 Internet Systems Consortium.
10.6.30.254 04/05/08 19:48:10 04/05/08 19:48:08 local 7 Info dhcpd All rights reserved.
10.6.30.254 04/05/08 19:48:10 04/05/08 19:48:08 local 7 Info dhcpd For info, please visit http://www.isc.org/sw/dhcp/
10.6.30.254 04/05/08 19:48:10 04/05/08 19:48:08 local 7 Info dhcpd Wrote 0 deleted host decls to leases file.
10.6.30.254 04/05/08 19:48:10 04/05/08 19:48:08 local 7 Info dhcpd Wrote 0 new dynamic host decls to leases file.
10.6.30.254 04/05/08 19:48:10 04/05/08 19:48:08 local 7 Info dhcpd Wrote 10 leases to leases file.
10.6.30.254 04/05/08 19:48:10 04/05/08 19:48:08 local 7 Info dhcpd Listening on BPF/fxp1/00:d0:b7:81:7c:75/10.6.30/24
10.6.30.254 04/05/08 19:48:10 04/05/08 19:48:08 local 7 Info dhcpd Sending on BPF/fxp1/00:d0:b7:81:7c:75/10.6.30/24
10.6.30.254 04/05/08 19:48:10 04/05/08 19:48:08 local 7 Info dhcpd Sending on Socket/fallback/fallback-net
10.6.30.254 04/05/08 19:48:11 04/05/08 19:48:08 system Error routed[934] possible netmask problem between rl0:10.6.0.0/17 and fxp1:10.6.30.0/24
10.6.30.254 04/05/08 19:48:11 04/05/08 19:48:08 system Error routed[934] Send mcast sendto(rl0, 224.0.0.9.520): Network is unreachable
10.6.30.254 04/05/08 19:48:11 04/05/08 19:48:08 system Error routed[934] Send mcast sendto(fxp1, 224.0.0.9.520): Network is unreachable
10.6.30.254 04/05/08 19:48:11 04/05/08 19:48:09 local 0 Info pf 000000 rule 448/unkn(8): pass out on fxp1: (tos 0x0, ttl 1, id 5839, offset 0, flags [none], proto: IGMP (2), length: 32, options ( RA (148) len 4 )) 10.6.30.254 > 224.0.0.9: igmp v2 report 224.0.0.9
10.6.30.254 04/05/08 19:48:11 04/05/08 19:48:09 local 0 Info pf 001638 rule 449/unkn(8): pass out on rl0: (tos 0x0, ttl 1, id 52372, offset 0, flags [none], proto: IGMP (2), length: 32, options ( RA (148) len 4 )) 10.6.35.254 > 224.0.0.9: igmp v2 report 224.0.0.9
10.6.30.254 04/05/08 19:48:11 04/05/08 19:48:09 local 0 Info pf 000319 rule 449/unkn(8): pass out on rl0: (tos 0x0, ttl 1, id 60666, offset 0, flags [none], proto: IGMP (2), length: 32, options ( RA (148) len 4 )) 10.6.35.254 > 224.0.0.2: igmp v2 report 224.0.0.2
10.6.30.254 04/05/08 19:48:11 04/05/08 19:48:09 local 0 Info pf 000173 rule 448/unkn(8): pass out on fxp1: (tos 0x0, ttl 1, id 32222, offset 0, flags [none], proto: IGMP (2), length: 32, options ( RA (148) len 4 )) 10.6.30.254 > 224.0.0.2: igmp v2 report 224.0.0.2
10.6.30.254 04/05/08 19:48:11 04/05/08 19:48:09 local 0 Info pf 716251 rule 448/unkn(8): pass out on fxp1: (tos 0x0, ttl 1, id 29876, offset 0, flags [none], proto: IGMP (2), length: 32, options ( RA (148) len 4 )) 10.6.30.254 > 224.0.0.9: igmp v2 report 224.0.0.9
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] PPPoE connection successful
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] device: UP event in state OPENING
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] device is now in state UP
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] link: UP event
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] link: origination is local
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] LCP: Up event
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] LCP: state change Starting –> Req-Sent
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] LCP: phase shift DEAD –> ESTABLISH
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] LCP: SendConfigReq #1
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd MRU 1492
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd MAGICNUM bd4093e9
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] LCP: rec'd Configure Request #153 link 0 (Req-Sent)
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd MRU 1492
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd AUTHPROTO PAP
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd MAGICNUM 3283f015
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] LCP: SendConfigAck #153
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd MRU 1492
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd AUTHPROTO PAP
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd MAGICNUM 3283f015
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] LCP: state change Req-Sent –> Ack-Sent
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] LCP: rec'd Configure Ack #1 link 0 (Ack-Sent)
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd MRU 1492
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd MAGICNUM bd4093e9
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] LCP: state change Ack-Sent –> Opened
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] LCP: phase shift ESTABLISH –> AUTHENTICATE
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] LCP: auth: peer wants PAP, I want nothing
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] PAP: using authname ""
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd mpd: empty auth name
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd Warning: no secret for "" found
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] PAP: sending REQUEST
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] LCP: LayerUp
10.6.30.254 04/05/08 19:48:14 04/05/08 19:48:11 system Info mpd [pppoe] PAP: using authname ""
10.6.30.254 04/05/08 19:48:14 04/05/08 19:48:11 system Info mpd mpd: empty auth name
10.6.30.254 04/05/08 19:48:14 04/05/08 19:48:11 system Info mpd Warning: no secret for "" found
10.6.30.254 04/05/08 19:48:14 04/05/08 19:48:11 system Info mpd [pppoe] PAP: sending REQUEST
10.6.30.254 04/05/08 19:48:14 04/05/08 19:48:12 local 0 Info pf 2. 999542 rule 448/unkn(8): pass out on fxp1: (tos 0x0, ttl 1, id 16795, offset 0, flags [none], proto: IGMP (2), length: 32, options ( RA (148) len 4 )) 10.6.30.254 > 224.0.0.2: igmp v2 report 224.0.0.2
10.6.30.254 04/05/08 19:48:15 04/05/08 19:48:12 system Info dnsmasq[626] reading /var/dhcpd/var/db/dhcpd.leases
10.6.30.254 04/05/08 19:48:15 04/05/08 19:48:13 local 0 Info pf 199981 rule 449/unkn(8): pass out on rl0: (tos 0x0, ttl 1, id 12970, offset 0, flags [none], proto: IGMP (2), length: 32, options ( RA (148) len 4 )) 10.6.35.254 > 224.0.0.9: igmp v2 report 224.0.0.9
10.6.30.254 04/05/08 19:48:15 04/05/08 19:48:13 local 0 Info pf 200003 rule 449/unkn(8): pass out on rl0: (tos 0x0, ttl 1, id 9978, offset 0, flags [none], proto: IGMP (2), length: 32, options ( RA (148) len 4 )) 10.6.35.254 > 224.0.0.2: igmp v2 report 224.0.0.2
10.6.30.254 04/05/08 19:48:16 04/05/08 19:48:13 system Info mpd [pppoe] PAP: using authname ""
10.6.30.254 04/05/08 19:48:16 04/05/08 19:48:13 system Info mpd mpd: empty auth name
10.6.30.254 04/05/08 19:48:16 04/05/08 19:48:13 system Info mpd Warning: no secret for "" found
10.6.30.254 04/05/08 19:48:16 04/05/08 19:48:13 system Info mpd [pppoe] PAP: sending REQUEST
10.6.30.254 04/05/08 19:48:28 04/05/08 19:48:25 system Error snort2c[520] SIGTERM received - exiting
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Var 'fxp1_ADDRESS' defined, value len = 23 chars
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] , value = 10.6.30.0/255.255.255.0
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Var 'lo0_ADDRESS' defined, value len = 19 chars
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] , value = 127.0.0.0/255.0.0.0
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Parsing Rules file /usr/local/etc/snort/snort.conf
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Var 'AIM_SERVERS' defined, value len = 132 chars
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074]
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] [64.12.24.0/24,64.12.25.0/24,64.12.26.14/24,64.12.28.0/24,64.12.29.0/24,64.12.161.0/24,64.12.163.0/24,205.188.5.0/24,205.188.9.0
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] /24]
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Var 'HTTP_PORTS' defined, value len = 2 chars
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] , value = 80
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Var 'SHELLCODE_PORTS' defined, value len = 3 chars
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] , value = !80
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Var 'ORACLE_PORTS' defined, value len = 4 chars
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] , value = 1521
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Var 'HOME_NET' defined, value len = 54 chars
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] , value = [10.6.30.0/24,208.67.220.220,208.67.222.222,127.0.0.1]
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Var 'TELNET_SERVERS' defined, value len = 54 chars
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] , value = [10.6.30.0/24,208.67.220.220,208.67.222.222,127.0.0.1]
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Var 'SQL_SERVERS' defined, value len = 54 chars
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Error snort[1074] command line overrides rules file alert plugin!
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] , value = [10.6.30.0/24,208.67.220.220,208.67.222.222,127.0.0.1]
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Error snort[1074] command line overrides rules file alert plugin!
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Var 'HTTP_SERVERS' defined, value len = 54 chars
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] , value = [10.6.30.0/24,208.67.220.220,208.67.222.222,127.0.0.1]
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Var 'SMTP_SERVERS' defined, value len = 54 chars
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] , value = [10.6.30.0/24,208.67.220.220,208.67.222.222,127.0.0.1]
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Var 'DNS_SERVERS' defined, value len = 54 chars
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] , value = [10.6.30.0/24,208.67.220.220,208.67.222.222,127.0.0.1]
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Var 'EXTERNAL_NET' defined, value len = 55 chars
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] , value = ![10.6.30.0/24,208.67.220.220,208.67.222.222,127.0.0.1]
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Var 'SSH_PORTS' defined, value len = 2 chars
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] , value = 22
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Var 'RULE_PATH' defined, value len = 26 chars
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] , value = /usr/local/etc/snort/rules
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Detection:
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Search-Method = Low-Mem
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] ,–---------[Flow Config]–--------------------
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] | Stats Interval: 0
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] | Hash Method: 2
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] | Memcap: 10485760
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] | Rows : 4099
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] | Overhead Bytes: 16400(%0.16)
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] `–--------------------------------------------
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Frag3 global config:
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Max frags: 8192
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Fragment memory cap: 4194304 bytes
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Frag3 engine config:
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Target-based policy: BSD
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Fragment timeout: 60 seconds
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Fragment min_ttl: 1
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Fragment ttl_limit: 5
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Fragment Problems: 0
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Frag3 engine config:
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Target-based policy: LAST
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Fragment timeout: 60 seconds
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Fragment min_ttl: 1
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Fragment ttl_limit: 5
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Fragment Problems: 1
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Bound Addresses: 0.0.0.0/0.0.0.0
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Stream5 global config:
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Track TCP sessions: ACTIVE
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Max TCP sessions: 8192
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Memcap (for reassembly packet storage): 8388608
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Track UDP sessions: ACTIVE
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Max UDP sessions: 131072
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Track ICMP sessions: ACTIVE
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Max ICMP sessions: 65536
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Stream5 TCP Policy config:
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Reassembly Policy: BSD
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Timeout: 30 seconds
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Min ttl: 1
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Options:
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Static Flushpoint Sizes: YES
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Reassembly Ports:
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 0 client (Footprint) server (Footprint)
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 1 client (Footprint) server (Footprint)
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 2 client (Footprint) server (Footprint)
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 3 client (Footprint) server (Footprint)
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 4 client (Footprint) server (Footprint)
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 5 client (Footprint) server (Footprint)
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 6 client (Footprint) server (Footprint)
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 7 client (Footprint) server (Footprint)
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 8 client (Footprint) server (Footprint)
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 9 client (Footprint) server (Footprint)
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 10 client (Footprint) server (Footprint)
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 11 client (Footprint) server (Footprint)
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 12 client (Footprint) server (Footprint)
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 13 client (Footprint) server (Footprint)
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 14 client (Footprint) server (Footprint)
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 15 client (Footprint) server (Footprint)
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 16 client (Footprint) server (Footprint)
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 17 client (Footprint) server (Footprint)
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 18 client (Footprint) server (Footprint)
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 19 client (Footprint) server (Footprint)
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Bound Addresses:0.0.0.0/0.0.0.0
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Stream5 UDP Policy config:
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Timeout: 30 seconds
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Stream5 ICMP Policy config:
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Timeout: 30 seconds
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] HttpInspect Config:
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] GLOBAL CONFIG
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Max Pipeline Requests: 0
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Inspection Type: STATELESS
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Detect Proxy Usage: NO
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] IIS Unicode Map Filename: /usr/local/etc/snort/unicode.map
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] IIS Unicode Map Codepage: 1252
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] DEFAULT SERVER CONFIG:
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Server profile: All
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Ports: 80 3128 8080
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Flow Depth: 0
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Max Chunk Length: 500000
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Inspect Pipeline Requests: YES
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] URI Discovery Strict Mode: NO
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Allow Proxy Usage: NO
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Disable Alerting: YES
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Oversize Dir Length: 0
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Only inspect URI: NO
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Ascii: YES alert: NO
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Double Decoding: YES alert: YES
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] %U Encoding: YES alert: YES
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Bare Byte: YES alert: YES
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Base36: OFF
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] UTF 8: YES alert: NO
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] IIS Unicode: YES alert: YES
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Multiple Slash: YES alert: NO
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] IIS Backslash: YES alert: NO
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Directory Traversal: YES alert: NO
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Web Root Traversal: YES alert: YES
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Apache WhiteSpace: YES alert: YES
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] IIS Delimiter: YES alert: YES
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Non-RFC Compliant Characters: 0x00
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Whitespace Characters: 0x09 0x0b 0x0c 0x0d
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] rpc_decode arguments:
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Ports to decode RPC on: 111 32771
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] alert_fragments: INACTIVE
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] alert_large_fragments: ACTIVE
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] alert_incomplete: ACTIVE
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] alert_multiple_requests: ACTIVE
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Portscan Detection Config:
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Detect Protocols: TCP UDP ICMP IP
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Detect Scan Type: portscan portsweep decoy_portscan distributed_portscan
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Sensitivity Level: Low
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Memcap (in bytes): 1048576
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Number of Nodes: 3869
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Ignore Scanner IP List:
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 10.6.30.0 / 255.255.255.0
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074]
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 208.67.220.220 / 255.255.255.255
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074]
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 208.67.222.222 / 255.255.255.255
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074]
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 127.0.0.1 / 255.255.255.255
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074]
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074]
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Info mpd [pppoe] LCP: authorization timer expired
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Info mpd [pppoe] LCP: authorization failed
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Info mpd [pppoe] device: CLOSE event in state UP
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Info mpd [pppoe] device is now in state CLOSING
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Info mpd [pppoe] device: DOWN event in state CLOSING
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Info mpd [pppoe] device is now in state DOWN
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Info mpd [pppoe] error writing len 12 frame to bypass: Network is down
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Info mpd [pppoe] link: DOWN event
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Info mpd [pppoe] LCP: Down event
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Info mpd [pppoe] LCP: state change Opened –> Starting
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Info mpd [pppoe] LCP: phase shift AUTHENTICATE –> DEAD
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Info mpd [pppoe] LCP: LayerDown
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Info mpd [pppoe] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Info mpd [pppoe] pausing 4 seconds before open
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Info mpd [pppoe] device is now in state DOWN
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Tagged Packet Limit: 256
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Loading all dynamic preprocessor libs from /usr/local/lib/snort/dynamicpreprocessor/…
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//libsf_dcerpc_preproc.so…
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] done
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//libsf_dns_preproc.so…
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] done
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//libsf_ftptelnet_preproc.so…
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] done
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//libsf_smtp_preproc.so…
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] done
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//libsf_ssh_preproc.so…
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] done
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Finished Loading all dynamic preprocessor libs from /usr/local/lib/snort/dynamicpreprocessor/
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_ftptelnet_preproc.so…
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] done
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_smtp_preproc.so…
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] done
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] FTPTelnet Config:
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] GLOBAL CONFIG
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Inspection Type: stateless
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Check for Encrypted Traffic: OFF
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Continue to check encrypted data: NO
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] FTP CONFIG:
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] FTP Server: default
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Ports: 21
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Check for Telnet Cmds: OFF
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Identify open data channels: NO
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] FTP Client: default
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Check for Bounce Attacks: OFF
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Check for Telnet Cmds: OFF
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Max Response Length: 100
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] SMTP Config:
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Ports:
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] 25
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074]
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Inspection Type: STATEFUL
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Normalize Spaces: YES
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Ignore Data: NO
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Ignore TLS Data: NO
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Ignore Alerts: NO
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Max Command Length: 0
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Max Header Line Length: 0
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Max Response Line Length: 0
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] X-Link2State Alert: YES
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Drop on X-Link2State Alert: NO
10.6.30.254 04/05/08 19:48:34 04/05/08 19:48:31 system Error routed[934] Send mcast sendto(rl0, 224.0.0.9.520): Network is unreachable
10.6.30.254 04/05/08 19:48:34 04/05/08 19:48:31 system Error routed[934] Send mcast sendto(fxp1, 224.0.0.9.520): Network is unreachable
10.6.30.254 04/05/08 19:48:36 04/05/08 19:48:33 system Info mpd [pppoe] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:48:36 04/05/08 19:48:33 system Info mpd [pppoe] pausing 1 seconds before open
10.6.30.254 04/05/08 19:48:36 04/05/08 19:48:33 system Info mpd [pppoe] device is now in state DOWN
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:34 system Info mpd [pppoe] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:34 system Info mpd [pppoe] device is now in state OPENING
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:34 system Info mpd [pppoe] rec'd ACNAME "far-br1"
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:34 system Info mpd [pppoe] PPPoE connection successful
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:34 system Info mpd [pppoe] device: UP event in state OPENING
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:34 system Info mpd [pppoe] device is now in state UP
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:34 system Info mpd [pppoe] link: UP event
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:34 system Info mpd [pppoe] link: origination is local
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:34 system Info mpd [pppoe] LCP: Up event
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:34 system Info mpd [pppoe] LCP: state change Starting –> Req-Sent
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:34 system Info mpd [pppoe] LCP: phase shift DEAD –> ESTABLISH
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:34 system Info mpd [pppoe] LCP: SendConfigReq #2
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:34 system Info mpd MRU 1492
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:34 system Info mpd MAGICNUM ba7fe929
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd [pppoe] LCP: rec'd Configure Request #202 link 0 (Req-Sent)
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd MRU 1492
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd AUTHPROTO PAP
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd MAGICNUM 4d0c018b
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd [pppoe] LCP: SendConfigAck #202
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd MRU 1492
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd AUTHPROTO PAP
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd MAGICNUM 4d0c018b
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd [pppoe] LCP: state change Req-Sent –> Ack-Sent
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd [pppoe] LCP: rec'd Configure Ack #2 link 0 (Ack-Sent)
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd MRU 1492
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd MAGICNUM ba7fe929
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd [pppoe] LCP: state change Ack-Sent –> Opened
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd [pppoe] LCP: phase shift ESTABLISH –> AUTHENTICATE
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd [pppoe] LCP: auth: peer wants PAP, I want nothing
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd [pppoe] PAP: using authname ""
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd mpd: empty auth name
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd Warning: no secret for "" found
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd [pppoe] PAP: sending REQUEST
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd [pppoe] LCP: LayerUp
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Error snort[1074] OpenPcap() device fxp0 network lookup: fxp0: no IPv4 address assigned
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Error snort[1075] OpenPcap() device fxp0 network lookup: fxp0: no IPv4 address assigned
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074]
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] +–---------------------[thresholding-config]–--------------------------------
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | memory-cap : 1048576 bytes
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] +–---------------------[thresholding-global]–--------------------------------
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | none
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] +–---------------------[thresholding-local]–---------------------------------
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1 sig-id=10183 type=Limit tracking=src count=1 seconds=300
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1 sig-id=6128 type=Limit tracking=src count=1 seconds=600
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1 sig-id=9839 type=Limit tracking=src count=1 seconds=600
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1 sig-id=6223 type=Limit tracking=src count=1 seconds=300
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1 sig-id=6489 type=Limit tracking=src count=1 seconds=300
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1 sig-id=5990 type=Limit tracking=src count=1 seconds=600
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1 sig-id=6336 type=Limit tracking=src count=1 seconds=300
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1 sig-id=5835 type=Limit tracking=src count=1 seconds=600
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1 sig-id=6241 type=Limit tracking=src count=1 seconds=300
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1 sig-id=7646 type=Limit tracking=src count=1 seconds=300
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1 sig-id=5978 type=Limit tracking=src count=1 seconds=300
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1 sig-id=6324 type=Limit tracking=src count=1 seconds=300
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1 sig-id=7547 type=Limit tracking=src count=1 seconds=600
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1 sig-id=7535 type=Limit tracking=src count=1 seconds=300
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1 sig-id=6122 type=Limit tracking=src count=1 seconds=600
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1 sig-id=6271 type=Limit tracking=src count=1 seconds=300
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1 sig-id=7142 type=Limit tracking=src count=1 seconds=600
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1 sig-id=6176 type=Limit tracking=src count=1 seconds=300
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1 sig-id=12693 type=Limit tracking=src count=1 seconds=300
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1 sig-id=12485 type=Limit tracking=src count=1 seconds=300
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1 sig-id=12679 type=Limit tracking=src count=1 seconds=300
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1 sig-id=5945 type=Limit tracking=src count=1 seconds=300
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1 sig-id=6483 type=Limit tracking=src count=1 seconds=300
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1 sig-id=6365 type=Limit tracking=src count=1 seconds=600
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1 sig-id=7732 type=Limit tracking=src count=1 seconds=300
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1 sig-id=7739 type=Limit tracking=src count=1 seconds=300
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1 sig-id=8073 &