API tools faq
paste
Guest User

Log files for mobius

a guest
Mar 24th, 2012
28
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 39.31 KB | None | 0 0
raw download clone embed print report
  1. 03/24/12 08:42:31 AM mobius-Inspiron-N5110 rsyslogd [origin software="rsyslogd" swVersion="4.6.4" x-pid="798" x-info="http://www.rsyslog.com"] rsyslogd was HUPed, type 'lightweight'.
  2. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] *** Caught Term-Signal
  3. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] Run time prior to being shutdown was 2047.325326 seconds
  4. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] ===============================================================================
  5. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] Packet Wire Totals:
  6. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] Received: 0
  7. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] Analyzed: 0 (0.000%)
  8. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] Dropped: 0 (0.000%)
  9. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] Outstanding: 0 (0.000%)
  10. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] ===============================================================================
  11. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] Breakdown by protocol (includes rebuilt packets):
  12. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] ETH: 0 (0.000%)
  13. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] ETHdisc: 0 (0.000%)
  14. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] VLAN: 0 (0.000%)
  15. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] IPV6: 0 (0.000%)
  16. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] IP6 EXT: 0 (0.000%)
  17. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] IP6opts: 0 (0.000%)
  18. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] IP6disc: 0 (0.000%)
  19. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] IP4: 0 (0.000%)
  20. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] IP4disc: 0 (0.000%)
  21. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] TCP 6: 0 (0.000%)
  22. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] UDP 6: 0 (0.000%)
  23. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] ICMP6: 0 (0.000%)
  24. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] ICMP-IP: 0 (0.000%)
  25. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] TCP: 0 (0.000%)
  26. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] UDP: 0 (0.000%)
  27. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] ICMP: 0 (0.000%)
  28. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] TCPdisc: 0 (0.000%)
  29. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] UDPdisc: 0 (0.000%)
  30. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] ICMPdis: 0 (0.000%)
  31. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] FRAG: 0 (0.000%)
  32. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] FRAG 6: 0 (0.000%)
  33. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] ARP: 0 (0.000%)
  34. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] EAPOL: 0 (0.000%)
  35. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] ETHLOOP: 0 (0.000%)
  36. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] IPX: 0 (0.000%)
  37. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] OTHER: 0 (0.000%)
  38. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] DISCARD: 0 (0.000%)
  39. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] InvChkSum: 0 (0.000%)
  40. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] S5 G 1: 0 (0.000%)
  41. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] S5 G 2: 0 (0.000%)
  42. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] Total: 0
  43. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] ===============================================================================
  44. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] Action Stats:
  45. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] ALERTS: 0
  46. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] LOGGED: 0
  47. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] PASSED: 0
  48. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] ===============================================================================
  49. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] Frag3 statistics:
  50. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] Total Fragments: 0
  51. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] Frags Reassembled: 0
  52. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] Discards: 0
  53. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] Memory Faults: 0
  54. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] Timeouts: 0
  55. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] Overlaps: 0
  56. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] Anomalies: 0
  57. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] Alerts: 0
  58. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] Drops: 0
  59. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] FragTrackers Added: 0
  60. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] FragTrackers Dumped: 0
  61. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] FragTrackers Auto Freed: 0
  62. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] Frag Nodes Inserted: 0
  63. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] Frag Nodes Deleted: 0
  64. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] ===============================================================================
  65. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] Stream5 statistics:
  66. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] Total sessions: 0
  67. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] TCP sessions: 0
  68. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] UDP sessions: 0
  69. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] ICMP sessions: 0
  70. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] TCP Prunes: 0
  71. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] UDP Prunes: 0
  72. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] ICMP Prunes: 0
  73. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] TCP StreamTrackers Created: 0
  74. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] TCP StreamTrackers Deleted: 0
  75. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] TCP Timeouts: 0
  76. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] TCP Overlaps: 0
  77. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] TCP Segments Queued: 0
  78. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] TCP Segments Released: 0
  79. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] TCP Rebuilt Packets: 0
  80. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] TCP Segments Used: 0
  81. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] TCP Discards: 0
  82. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] UDP Sessions Created: 0
  83. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] UDP Sessions Deleted: 0
  84. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] UDP Timeouts: 0
  85. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] UDP Discards: 0
  86. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] Events: 0
  87. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] Internal Events: 0
  88. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] TCP Port Filter
  89. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] Dropped: 0
  90. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] Inspected: 0
  91. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] Tracked: 0
  92. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] UDP Port Filter
  93. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] Dropped: 0
  94. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] Inspected: 0
  95. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] Tracked: 0
  96. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] ===============================================================================
  97. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] ===============================================================================
  98. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] dcerpc2 Preprocessor Statistics
  99. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] Total sessions: 0
  100. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] ===============================================================================
  101. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] ===============================================================================
  102. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] Could not remove pid file /var/run//snort_eth0.pid: Permission denied
  103. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[1606] Snort exiting
  104. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Running in IDS mode
  105. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478]
  106. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] --== Initializing Snort ==--
  107. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Initializing Output Plugins!
  108. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Initializing Preprocessors!
  109. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Initializing Plug-ins!
  110. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Parsing Rules file "/etc/snort/snort.conf"
  111. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] PortVar 'HTTP_PORTS' defined :
  112. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] [ 80 ]
  113. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478]
  114. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] PortVar 'SHELLCODE_PORTS' defined :
  115. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] [ 0:79 81:65535 ]
  116. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478]
  117. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] PortVar 'ORACLE_PORTS' defined :
  118. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] [ 1521 ]
  119. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478]
  120. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] PortVar 'FTP_PORTS' defined :
  121. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] [ 21 ]
  122. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478]
  123. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Tagged Packet Limit: 256
  124. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so...
  125. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] done
  126. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/...
  127. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so...
  128. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] done
  129. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so...
  130. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] done
  131. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so...
  132. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] done
  133. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so...
  134. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] done
  135. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dcerpc_preproc.so...
  136. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] done
  137. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so...
  138. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] done
  139. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so...
  140. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] done
  141. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//lib_sfdynamic_preprocessor_example.so...
  142. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] done
  143. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/
  144. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Log directory = /var/log/snort
  145. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Frag3 global config:
  146. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Max frags: 65536
  147. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Fragment memory cap: 4194304 bytes
  148. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Frag3 engine config:
  149. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Target-based policy: FIRST
  150. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Fragment timeout: 60 seconds
  151. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Fragment min_ttl: 1
  152. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Fragment Problems: 1
  153. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Overlap Limit: 10
  154. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Min fragment Length: 0
  155. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Stream5 global config:
  156. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Track TCP sessions: ACTIVE
  157. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Max TCP sessions: 8192
  158. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Memcap (for reassembly packet storage): 8388608
  159. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Track UDP sessions: INACTIVE
  160. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Track ICMP sessions: INACTIVE
  161. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Log info if session memory consumption exceeds 1048576
  162. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Stream5 TCP Policy config:
  163. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Reassembly Policy: FIRST
  164. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Timeout: 30 seconds
  165. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Min ttl: 1
  166. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Maximum number of bytes to queue per session: 1048576
  167. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Maximum number of segs to queue per session: 2621
  168. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Reassembly Ports:
  169. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] 21 client (Footprint)
  170. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] 23 client (Footprint)
  171. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] 25 client (Footprint)
  172. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] 42 client (Footprint)
  173. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] 53 client (Footprint)
  174. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] 80 client (Footprint)
  175. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] 110 client (Footprint)
  176. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] 111 client (Footprint)
  177. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] 135 client (Footprint)
  178. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] 136 client (Footprint)
  179. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] 137 client (Footprint)
  180. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] 139 client (Footprint)
  181. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] 143 client (Footprint)
  182. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] 445 client (Footprint)
  183. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] 513 client (Footprint)
  184. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] 514 client (Footprint)
  185. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] 1433 client (Footprint)
  186. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] 1521 client (Footprint)
  187. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] 2401 client (Footprint)
  188. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] 3306 client (Footprint)
  189. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] HttpInspect Config:
  190. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] GLOBAL CONFIG
  191. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Max Pipeline Requests: 0
  192. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Inspection Type: STATELESS
  193. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Detect Proxy Usage: NO
  194. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] IIS Unicode Map Filename: /etc/snort/unicode.map
  195. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] IIS Unicode Map Codepage: 1252
  196. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] DEFAULT SERVER CONFIG:
  197. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Server profile: All
  198. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Ports: 80 8080 8180
  199. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Server Flow Depth: 300
  200. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Client Flow Depth: 300
  201. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Max Chunk Length: 500000
  202. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Max Header Field Length: 0
  203. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Max Number Header Fields: 0
  204. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Inspect Pipeline Requests: YES
  205. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] URI Discovery Strict Mode: NO
  206. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Allow Proxy Usage: NO
  207. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Disable Alerting: NO
  208. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Oversize Dir Length: 500
  209. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Only inspect URI: NO
  210. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Normalize HTTP Headers: NO
  211. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Normalize HTTP Cookies: NO
  212. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Ascii: YES alert: NO
  213. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Double Decoding: YES alert: YES
  214. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] %U Encoding: YES alert: YES
  215. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Bare Byte: YES alert: YES
  216. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Base36: OFF
  217. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] UTF 8: OFF
  218. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] IIS Unicode: YES alert: YES
  219. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Multiple Slash: YES alert: NO
  220. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] IIS Backslash: YES alert: NO
  221. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Directory Traversal: YES alert: NO
  222. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Web Root Traversal: YES alert: YES
  223. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Apache WhiteSpace: YES alert: NO
  224. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] IIS Delimiter: YES alert: NO
  225. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
  226. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Non-RFC Compliant Characters: NONE
  227. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Whitespace Characters: 0x09 0x0b 0x0c 0x0d
  228. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] rpc_decode arguments:
  229. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Ports to decode RPC on: 111 32771
  230. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] alert_fragments: INACTIVE
  231. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] alert_large_fragments: ACTIVE
  232. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] alert_incomplete: ACTIVE
  233. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] alert_multiple_requests: ACTIVE
  234. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Portscan Detection Config:
  235. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Detect Protocols: TCP UDP ICMP IP
  236. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Detect Scan Type: portscan portsweep decoy_portscan distributed_portscan
  237. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Sensitivity Level: Low
  238. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Memcap (in bytes): 10000000
  239. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Number of Nodes: 36900
  240. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] FTPTelnet Config:
  241. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] GLOBAL CONFIG
  242. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Inspection Type: stateful
  243. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Check for Encrypted Traffic: YES alert: YES
  244. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Continue to check encrypted data: NO
  245. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] TELNET CONFIG:
  246. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Ports: 23
  247. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Are You There Threshold: 200
  248. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Normalize: YES
  249. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Detect Anomalies: NO
  250. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] FTP CONFIG:
  251. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] FTP Server: default
  252. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Ports: 21
  253. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Check for Telnet Cmds: YES alert: YES
  254. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Ignore Telnet Cmd Operations: OFF
  255. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Identify open data channels: YES
  256. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] FTP Client: default
  257. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Check for Bounce Attacks: YES alert: YES
  258. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Check for Telnet Cmds: YES alert: YES
  259. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Ignore Telnet Cmd Operations: OFF
  260. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Max Response Length: 256
  261. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] SMTP Config:
  262. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Ports: 25 587 691
  263. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Inspection Type: Stateful
  264. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Normalize: EXPN RCPT VRFY
  265. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Ignore Data: No
  266. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Ignore TLS Data: No
  267. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Ignore SMTP Alerts: No
  268. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Max Command Line Length: Unlimited
  269. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Max Specific Command Line Length:
  270. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] ETRN:500 EXPN:255 HELO:500 HELP:500 MAIL:260
  271. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] RCPT:300 VRFY:255
  272. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Max Header Line Length: Unlimited
  273. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Max Response Line Length: Unlimited
  274. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] X-Link2State Alert: Yes
  275. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Drop on X-Link2State Alert: No
  276. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Alert on commands: None
  277. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] SSH config:
  278. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Autodetection: DISABLED
  279. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Challenge-Response Overflow Alert: ENABLED
  280. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] SSH1 CRC32 Alert: ENABLED
  281. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Server Version String Overflow Alert: ENABLED
  282. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Protocol Mismatch Alert: ENABLED
  283. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Bad Message Direction Alert: DISABLED
  284. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Bad Payload Size Alert: DISABLED
  285. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Unrecognized Version Alert: DISABLED
  286. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Max Encrypted Packets: 20
  287. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Max Server Version String Length: 80 (Default)
  288. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] MaxClientBytes: 19600 (Default)
  289. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Ports:
  290. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] #01122
  291. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478]
  292. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] DCE/RPC 2 Preprocessor Configuration
  293. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Global Configuration
  294. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] DCE/RPC Defragmentation: Enabled
  295. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Memcap: 102400 KB
  296. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Events: none
  297. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Server Default Configuration
  298. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Policy: WinXP
  299. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Detect ports
  300. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] SMB: 139 445
  301. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] TCP: 135
  302. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] UDP: 135
  303. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] RPC over HTTP server: 593
  304. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] RPC over HTTP proxy: None
  305. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Autodetect ports
  306. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] SMB: None
  307. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] TCP: 1025-65535
  308. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] UDP: 1025-65535
  309. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] RPC over HTTP server: 1025-65535
  310. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] RPC over HTTP proxy: None
  311. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Maximum SMB command chaining: 3 commands
  312. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] DNS config:
  313. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] DNS Client rdata txt Overflow Alert: ACTIVE
  314. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Obsolete DNS RR Types Alert: INACTIVE
  315. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Experimental DNS RR Types Alert: INACTIVE
  316. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Ports:
  317. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] 53
  318. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478]
  319. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] SSLPP config:
  320. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Encrypted packets: not inspected
  321. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Ports:
  322. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] 443 465 563 636 989
  323. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] 992 993 994 995
  324. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Server side data is trusted
  325. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478]
  326. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] +++++++++++++++++++++++++++++++++++++++++++++++++++
  327. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Initializing rule chains...
  328. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] Warning: /etc/snort/rules/dos.rules(42) => threshold (in rule) is deprecated; use detection_filter instead.
  329. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] 3381 Snort rules read
  330. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] 3381 detection rules
  331. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] 0 decoder rules
  332. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] 0 preprocessor rules
  333. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] 3381 Option Chains linked into 280 Chain Headers
  334. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] 0 Dynamic rules
  335. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478] +++++++++++++++++++++++++++++++++++++++++++++++++++
  336. 03/24/12 08:42:32 AM mobius-Inspiron-N5110 snort[2478]
  337. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] +-------------------[Rule Port Counts]---------------------------------------
  338. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] | tcp udp icmp ip
  339. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] | src 121 19 0 0
  340. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] | dst 2921 130 0 0
  341. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] | any 115 53 56 27
  342. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] | nc 31 10 15 20
  343. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] | s+d 12 6 0 0
  344. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] +----------------------------------------------------------------------------
  345. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478]
  346. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] +-----------------------[detection-filter-config]------------------------------
  347. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] | memory-cap : 1048576 bytes
  348. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] +-----------------------[detection-filter-rules]-------------------------------
  349. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] | none
  350. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] -------------------------------------------------------------------------------
  351. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478]
  352. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] +-----------------------[rate-filter-config]-----------------------------------
  353. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] | memory-cap : 1048576 bytes
  354. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] +-----------------------[rate-filter-rules]------------------------------------
  355. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] | none
  356. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] -------------------------------------------------------------------------------
  357. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478]
  358. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] +-----------------------[event-filter-config]----------------------------------
  359. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] | memory-cap : 1048576 bytes
  360. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] +-----------------------[event-filter-global]----------------------------------
  361. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] | none
  362. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] +-----------------------[event-filter-local]-----------------------------------
  363. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] | gen-id=1 sig-id=2523 type=Both tracking=dst count=10 seconds=10
  364. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] | gen-id=1 sig-id=2275 type=Threshold tracking=dst count=5 seconds=60
  365. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] | gen-id=1 sig-id=100000312 type=Limit tracking=src count=1 seconds=360
  366. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] | gen-id=1 sig-id=100000158 type=Both tracking=src count=100 seconds=60
  367. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] | gen-id=1 sig-id=100000923 type=Threshold tracking=dst count=200 seconds=60
  368. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] | gen-id=1 sig-id=100000160 type=Both tracking=src count=300 seconds=60
  369. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] | gen-id=1 sig-id=2923 type=Threshold tracking=dst count=10 seconds=60
  370. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] | gen-id=1 sig-id=100000163 type=Both tracking=src count=100 seconds=60
  371. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] | gen-id=1 sig-id=2924 type=Threshold tracking=dst count=10 seconds=60
  372. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] | gen-id=1 sig-id=2494 type=Both tracking=dst count=20 seconds=60
  373. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] | gen-id=1 sig-id=100000310 type=Limit tracking=src count=1 seconds=360
  374. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] | gen-id=1 sig-id=100000159 type=Both tracking=src count=100 seconds=60
  375. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] | gen-id=1 sig-id=100000161 type=Both tracking=dst count=100 seconds=60
  376. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] | gen-id=1 sig-id=3273 type=Threshold tracking=src count=5 seconds=2
  377. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] | gen-id=1 sig-id=3152 type=Threshold tracking=src count=5 seconds=2
  378. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] | gen-id=1 sig-id=100000311 type=Limit tracking=src count=1 seconds=360
  379. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] | gen-id=1 sig-id=2496 type=Both tracking=dst count=20 seconds=60
  380. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] | gen-id=1 sig-id=100000162 type=Both tracking=src count=100 seconds=60
  381. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] | gen-id=1 sig-id=2495 type=Both tracking=dst count=20 seconds=60
  382. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] +-----------------------[suppression]------------------------------------------
  383. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] | none
  384. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] -------------------------------------------------------------------------------
  385. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] Rule application order: activation->dynamic->pass->drop->alert->log
  386. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] Verifying Preprocessor Configurations!
  387. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] Warning: flowbits key 'ms_sql_seen_dns' is checked but not ever set.
  388. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] Warning: flowbits key 'realplayer.playlist' is checked but not ever set.
  389. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] Warning: flowbits key 'smb.tree.create.llsrpc' is set but not ever checked.
  390. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] Warning: flowbits key 'community_uri.size.1050' is set but not ever checked.
  391. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] 37 out of 512 flowbits in use.
  392. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] Initializing Network Interface eth0
  393. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] Initializing daemon mode
  394. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2478] Daemon parent exiting
  395. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2480] Daemon initialized, signaled parent pid: 2478
  396. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2480] Checking PID path...
  397. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2480] PID path stat checked out ok, PID path set to /var/run/
  398. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2480] Writing PID "2480" to file "/var/run//snort_eth0.pid"
  399. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2480] Decoding Ethernet on interface eth0
  400. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2480]
  401. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2480] [ Port Based Pattern Matching Memory ]
  402. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2480] +-[AC-BNFA Search Info Summary]------------------------------
  403. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2480] | Instances : 241
  404. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2480] | Patterns : 22048
  405. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2480] | Pattern Chars : 207212
  406. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2480] | Num States : 137800
  407. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2480] | Num Match States : 18343
  408. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2480] | Memory : 3.51Mbytes
  409. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2480] | Patterns : 0.70M
  410. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2480] | Match Lists : 0.96M
  411. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2480] | Transitions : 1.79M
  412. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2480] +-------------------------------------------------
  413. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2480]
  414. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2480] --== Initialization Complete ==--
  415. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2480] Snort initialization completed successfully (pid=2480)
  416. 03/24/12 08:42:33 AM mobius-Inspiron-N5110 snort[2480] Not Using PCAP_FRAMES
  417. 03/24/12 08:42:50 AM mobius-Inspiron-N5110 anacron[1082] Job `cron.daily' terminated (exit status: 1) (mailing output)
  418. 03/24/12 08:42:50 AM mobius-Inspiron-N5110 anacron[1082] Tried to mail output of job `cron.daily', but mailer process (/usr/sbin/sendmail) exited with ststus 255
  419. 03/24/12 08:42:50 AM mobius-Inspiron-N5110 anacron[1082] Normal exit (1 job run)
  420. 03/24/12 09:17:01 AM mobius-Inspiron-N5110 CRON[2554] (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
  421. 03/24/12 09:42:03 AM mobius-Inspiron-N5110 NetworkManager[889] <info> (wlan0): supplicant connection state: completed -> group handshake
  422. 03/24/12 09:42:03 AM mobius-Inspiron-N5110 wpa_supplicant[977] WPA: Group rekeying completed with a0:21:b7:b0:b4:5e [GTK=TKIP]
  423. 03/24/12 09:42:03 AM mobius-Inspiron-N5110 NetworkManager[889] <info> (wlan0): supplicant connection state: group handshake -> completed
  424. 03/24/12 10:17:01 AM mobius-Inspiron-N5110 CRON[2609] (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
  425. 03/24/12 10:42:04 AM mobius-Inspiron-N5110 NetworkManager[889] <info> (wlan0): supplicant connection state: completed -> group handshake
  426. 03/24/12 10:42:04 AM mobius-Inspiron-N5110 wpa_supplicant[977] WPA: Group rekeying completed with a0:21:b7:b0:b4:5e [GTK=TKIP]
  427. 03/24/12 10:42:04 AM mobius-Inspiron-N5110 NetworkManager[889] <info> (wlan0): supplicant connection state: group handshake -> completed
  428. 03/24/12 10:56:29 AM mobius-Inspiron-N5110 kernel [10112.861196] device wlan0 entered promiscuous mode
  429. 03/24/12 11:17:01 AM mobius-Inspiron-N5110 CRON[3238] (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!