Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Oct 20 00:27:58 ubuntu snort[3038]: Running in IDS mode
- Oct 20 00:27:58 ubuntu snort[3038]:
- Oct 20 00:27:58 ubuntu snort[3038]: --== Initializing Snort ==--
- Oct 20 00:27:58 ubuntu snort[3038]: Initializing Output Plugins!
- Oct 20 00:27:58 ubuntu snort[3038]: Initializing Preprocessors!
- Oct 20 00:27:58 ubuntu snort[3038]: Initializing Plug-ins!
- Oct 20 00:27:58 ubuntu snort[3038]: Parsing Rules file "/usr/local/snort/etc/snort.conf"
- Oct 20 00:27:58 ubuntu snort[3038]: PortVar 'HTTP_PORTS' defined :
- Oct 20 00:27:58 ubuntu snort[3038]: [ 80:81 311 591 593 901 1220 1414 1741 1830 2301 2381 2809 3128 3702 4343 4848 5250 7001 7145 7510 7777 7779 8000 8008 8014 8028 8080 8088 8090 8118 8123 8180:8181 8243 8280 8800 8888 8899 9000 9080 9090:9091 9443 9999 11371 55555 ]
- Oct 20 00:27:58 ubuntu snort[3038]:
- Oct 20 00:27:58 ubuntu snort[3038]: PortVar 'SHELLCODE_PORTS' defined :
- Oct 20 00:27:58 ubuntu snort[3038]: [ 0:79 81:65535 ]
- Oct 20 00:27:58 ubuntu snort[3038]:
- Oct 20 00:27:58 ubuntu snort[3038]: PortVar 'ORACLE_PORTS' defined :
- Oct 20 00:27:58 ubuntu snort[3038]: [ 1024:65535 ]
- Oct 20 00:27:58 ubuntu snort[3038]:
- Oct 20 00:27:58 ubuntu snort[3038]: PortVar 'SSH_PORTS' defined :
- Oct 20 00:27:58 ubuntu snort[3038]: [ 22 ]
- Oct 20 00:27:58 ubuntu snort[3038]:
- Oct 20 00:27:58 ubuntu snort[3038]: PortVar 'FTP_PORTS' defined :
- Oct 20 00:27:58 ubuntu snort[3038]: [ 21 2100 3535 ]
- Oct 20 00:27:58 ubuntu snort[3038]:
- Oct 20 00:27:58 ubuntu snort[3038]: PortVar 'SIP_PORTS' defined :
- Oct 20 00:27:58 ubuntu snort[3038]: [ 5060:5061 5600 ]
- Oct 20 00:27:58 ubuntu snort[3038]:
- Oct 20 00:27:58 ubuntu snort[3038]: PortVar 'FILE_DATA_PORTS' defined :
- Oct 20 00:27:58 ubuntu snort[3038]: [ 80:81 110 143 311 591 593 901 1220 1414 1741 1830 2301 2381 2809 3128 3702 4343 4848 5250 7001 7145 7510 7777 7779 8000 8008 8014 8028 8080 8088 8090 8118 8123 8180:8181 8243 8280 8800 8888 8899 9000 9080 9090:9091 9443 9999 11371 55555 ]
- Oct 20 00:27:58 ubuntu snort[3038]:
- Oct 20 00:27:58 ubuntu snort[3038]: PortVar 'GTP_PORTS' defined :
- Oct 20 00:27:58 ubuntu snort[3038]: [ 2123 2152 3386 ]
- Oct 20 00:27:58 ubuntu snort[3038]:
- Oct 20 00:27:58 ubuntu snort[3038]: Detection:
- Oct 20 00:27:58 ubuntu snort[3038]: Search-Method = AC-Full-Q
- Oct 20 00:27:58 ubuntu snort[3038]: Split Any/Any group = enabled
- Oct 20 00:27:58 ubuntu snort[3038]: Search-Method-Optimizations = enabled
- Oct 20 00:27:58 ubuntu snort[3038]: Maximum pattern length = 20
- Oct 20 00:27:58 ubuntu snort[3038]: Tagged Packet Limit: 256
- Oct 20 00:27:58 ubuntu snort[3038]: Loading dynamic engine /usr/local/snort/lib/snort_dynamicengine/libsf_engine.so...
- Oct 20 00:27:58 ubuntu snort[3038]: done
- Oct 20 00:27:58 ubuntu snort[3038]: Loading all dynamic detection libs from /usr/local/snort/lib/snort_dynamicrules...
- Oct 20 00:27:58 ubuntu snort[3038]: Loading dynamic detection library /usr/local/snort/lib/snort_dynamicrules/web-activex.so...
- Oct 20 00:27:58 ubuntu snort[3038]: done
- Oct 20 00:27:58 ubuntu snort[3038]: Loading dynamic detection library /usr/local/snort/lib/snort_dynamicrules/bad-traffic.so...
- Oct 20 00:27:58 ubuntu snort[3038]: done
- Oct 20 00:27:58 ubuntu snort[3038]: Loading dynamic detection library /usr/local/snort/lib/snort_dynamicrules/misc.so...
- Oct 20 00:27:58 ubuntu snort[3038]: done
- Oct 20 00:27:58 ubuntu snort[3038]: Loading dynamic detection library /usr/local/snort/lib/snort_dynamicrules/nntp.so...
- Oct 20 00:27:58 ubuntu snort[3038]: done
- Oct 20 00:27:58 ubuntu snort[3038]: Loading dynamic detection library /usr/local/snort/lib/snort_dynamicrules/icmp.so...
- Oct 20 00:27:58 ubuntu snort[3038]: done
- Oct 20 00:27:58 ubuntu snort[3038]: Loading dynamic detection library /usr/local/snort/lib/snort_dynamicrules/exploit.so...
- Oct 20 00:27:58 ubuntu snort[3038]: done
- Oct 20 00:27:58 ubuntu snort[3038]: Loading dynamic detection library /usr/local/snort/lib/snort_dynamicrules/p2p.so...
- Oct 20 00:27:58 ubuntu snort[3038]: done
- Oct 20 00:27:58 ubuntu snort[3038]: Loading dynamic detection library /usr/local/snort/lib/snort_dynamicrules/netbios.so...
- Oct 20 00:27:58 ubuntu snort[3038]: done
- Oct 20 00:27:58 ubuntu snort[3038]: Loading dynamic detection library /usr/local/snort/lib/snort_dynamicrules/web-misc.so...
- Oct 20 00:27:58 ubuntu snort[3038]: done
- Oct 20 00:27:58 ubuntu snort[3038]: Loading dynamic detection library /usr/local/snort/lib/snort_dynamicrules/chat.so...
- Oct 20 00:27:58 ubuntu snort[3038]: done
- Oct 20 00:27:58 ubuntu snort[3038]: Loading dynamic detection library /usr/local/snort/lib/snort_dynamicrules/multimedia.so...
- Oct 20 00:27:58 ubuntu snort[3038]: done
- Oct 20 00:27:58 ubuntu snort[3038]: Loading dynamic detection library /usr/local/snort/lib/snort_dynamicrules/imap.so...
- Oct 20 00:27:58 ubuntu snort[3038]: done
- Oct 20 00:27:58 ubuntu snort[3038]: Loading dynamic detection library /usr/local/snort/lib/snort_dynamicrules/dos.so...
- Oct 20 00:27:58 ubuntu snort[3038]: done
- Oct 20 00:27:58 ubuntu snort[3038]: Loading dynamic detection library /usr/local/snort/lib/snort_dynamicrules/snmp.so...
- Oct 20 00:27:58 ubuntu snort[3038]: done
- Oct 20 00:27:58 ubuntu snort[3038]: Loading dynamic detection library /usr/local/snort/lib/snort_dynamicrules/web-iis.so...
- Oct 20 00:27:58 ubuntu snort[3038]: done
- Oct 20 00:27:58 ubuntu snort[3038]: Loading dynamic detection library /usr/local/snort/lib/snort_dynamicrules/smtp.so...
- Oct 20 00:27:58 ubuntu snort[3038]: done
- Oct 20 00:27:58 ubuntu snort[3038]: Loading dynamic detection library /usr/local/snort/lib/snort_dynamicrules/specific-threats.so...
- Oct 20 00:27:58 ubuntu snort[3038]: done
- Oct 20 00:27:58 ubuntu snort[3038]: Loading dynamic detection library /usr/local/snort/lib/snort_dynamicrules/web-client.so...
- Oct 20 00:27:58 ubuntu snort[3038]: done
- Oct 20 00:27:58 ubuntu snort[3038]: Finished Loading all dynamic detection libs from /usr/local/snort/lib/snort_dynamicrules
- Oct 20 00:27:58 ubuntu snort[3038]: Loading all dynamic preprocessor libs from /usr/local/snort/lib/snort_dynamicpreprocessor/...
- Oct 20 00:27:58 ubuntu snort[3038]: Loading dynamic preprocessor library /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so...
- Oct 20 00:27:58 ubuntu snort[3038]: done
- Oct 20 00:27:58 ubuntu snort[3038]: Loading dynamic preprocessor library /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_reputation_preproc.so...
- Oct 20 00:27:58 ubuntu snort[3038]: done
- Oct 20 00:27:58 ubuntu snort[3038]: Loading dynamic preprocessor library /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_imap_preproc.so...
- Oct 20 00:27:58 ubuntu snort[3038]: done
- Oct 20 00:27:58 ubuntu snort[3038]: Loading dynamic preprocessor library /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_modbus_preproc.so...
- Oct 20 00:27:58 ubuntu snort[3038]: done
- Oct 20 00:27:58 ubuntu snort[3038]: Loading dynamic preprocessor library /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so...
- Oct 20 00:27:58 ubuntu snort[3038]: done
- Oct 20 00:27:58 ubuntu snort[3038]: Loading dynamic preprocessor library /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so...
- Oct 20 00:27:58 ubuntu snort[3038]: done
- Oct 20 00:27:58 ubuntu snort[3038]: Loading dynamic preprocessor library /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_sip_preproc.so...
- Oct 20 00:27:58 ubuntu snort[3038]: done
- Oct 20 00:27:58 ubuntu snort[3038]: Loading dynamic preprocessor library /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_dnp3_preproc.so...
- Oct 20 00:27:58 ubuntu snort[3038]: done
- Oct 20 00:27:58 ubuntu snort[3038]: Loading dynamic preprocessor library /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_gtp_preproc.so...
- Oct 20 00:27:58 ubuntu snort[3038]: done
- Oct 20 00:27:58 ubuntu snort[3038]: Loading dynamic preprocessor library /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so...
- Oct 20 00:27:58 ubuntu snort[3038]: done
- Oct 20 00:27:58 ubuntu snort[3038]: Loading dynamic preprocessor library /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so...
- Oct 20 00:27:58 ubuntu snort[3038]: done
- Oct 20 00:27:58 ubuntu snort[3038]: Loading dynamic preprocessor library /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so...
- Oct 20 00:27:58 ubuntu snort[3038]: done
- Oct 20 00:27:58 ubuntu snort[3038]: Loading dynamic preprocessor library /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_pop_preproc.so...
- Oct 20 00:27:58 ubuntu snort[3038]: done
- Oct 20 00:27:58 ubuntu snort[3038]: Loading dynamic preprocessor library /usr/local/snort/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so...
- Oct 20 00:27:58 ubuntu snort[3038]: done
- Oct 20 00:27:58 ubuntu snort[3038]: Finished Loading all dynamic preprocessor libs from /usr/local/snort/lib/snort_dynamicpreprocessor/
- Oct 20 00:27:58 ubuntu snort[3038]: Log directory = /var/log/snort
- Oct 20 00:27:58 ubuntu snort[3038]: WARNING: ip4 normalizations disabled because not inline.
- Oct 20 00:27:58 ubuntu snort[3038]: WARNING: tcp normalizations disabled because not inline.
- Oct 20 00:27:58 ubuntu snort[3038]: WARNING: icmp4 normalizations disabled because not inline.
- Oct 20 00:27:58 ubuntu snort[3038]: WARNING: ip6 normalizations disabled because not inline.
- Oct 20 00:27:58 ubuntu snort[3038]: WARNING: icmp6 normalizations disabled because not inline.
- Oct 20 00:27:58 ubuntu snort[3038]: Frag3 global config:
- Oct 20 00:27:58 ubuntu snort[3038]: Max frags: 65536
- Oct 20 00:27:58 ubuntu snort[3038]: Fragment memory cap: 4194304 bytes
- Oct 20 00:27:58 ubuntu snort[3038]: Frag3 engine config:
- Oct 20 00:27:58 ubuntu snort[3038]: Bound Address: default
- Oct 20 00:27:58 ubuntu snort[3038]: Target-based policy: WINDOWS
- Oct 20 00:27:58 ubuntu snort[3038]: Fragment timeout: 180 seconds
- Oct 20 00:27:58 ubuntu snort[3038]: Fragment min_ttl: 1
- Oct 20 00:27:58 ubuntu snort[3038]: Fragment Anomalies: Alert
- Oct 20 00:27:58 ubuntu snort[3038]: Overlap Limit: 10
- Oct 20 00:27:58 ubuntu snort[3038]: Min fragment Length: 100
- Oct 20 00:27:58 ubuntu snort[3038]: Stream5 global config:
- Oct 20 00:27:58 ubuntu snort[3038]: Track TCP sessions: ACTIVE
- Oct 20 00:27:58 ubuntu snort[3038]: Max TCP sessions: 262144
- Oct 20 00:27:58 ubuntu snort[3038]: Memcap (for reassembly packet storage): 8388608
- Oct 20 00:27:58 ubuntu snort[3038]: Track UDP sessions: ACTIVE
- Oct 20 00:27:58 ubuntu snort[3038]: Max UDP sessions: 131072
- Oct 20 00:27:58 ubuntu snort[3038]: Track ICMP sessions: INACTIVE
- Oct 20 00:27:58 ubuntu snort[3038]: Track IP sessions: INACTIVE
- Oct 20 00:27:58 ubuntu snort[3038]: Log info if session memory consumption exceeds 1048576
- Oct 20 00:27:58 ubuntu snort[3038]: Send up to 2 active responses
- Oct 20 00:27:58 ubuntu snort[3038]: Wait at least 5 seconds between responses
- Oct 20 00:27:58 ubuntu snort[3038]: Protocol Aware Flushing: ACTIVE
- Oct 20 00:27:58 ubuntu snort[3038]: Maximum Flush Point: 16000
- Oct 20 00:27:58 ubuntu snort[3038]: Stream5 TCP Policy config:
- Oct 20 00:27:58 ubuntu snort[3038]: Bound Address: default
- Oct 20 00:27:58 ubuntu snort[3038]: Reassembly Policy: WINDOWS
- Oct 20 00:27:58 ubuntu snort[3038]: Timeout: 180 seconds
- Oct 20 00:27:58 ubuntu snort[3038]: Limit on TCP Overlaps: 10
- Oct 20 00:27:58 ubuntu snort[3038]: Maximum number of bytes to queue per session: 1048576
- Oct 20 00:27:58 ubuntu snort[3038]: Maximum number of segs to queue per session: 2621
- Oct 20 00:27:58 ubuntu snort[3038]: Options:
- Oct 20 00:27:58 ubuntu snort[3038]: Require 3-Way Handshake: YES
- Oct 20 00:27:58 ubuntu snort[3038]: 3-Way Handshake Timeout: 180
- Oct 20 00:27:58 ubuntu snort[3038]: Detect Anomalies: YES
- Oct 20 00:27:58 ubuntu snort[3038]: Reassembly Ports:
- Oct 20 00:27:58 ubuntu snort[3038]: 21 client (Footprint)
- Oct 20 00:27:58 ubuntu snort[3038]: 22 client (Footprint)
- Oct 20 00:27:58 ubuntu snort[3038]: 23 client (Footprint)
- Oct 20 00:27:58 ubuntu snort[3038]: 25 client (Footprint)
- Oct 20 00:27:58 ubuntu snort[3038]: 42 client (Footprint)
- Oct 20 00:27:58 ubuntu snort[3038]: 53 client (Footprint)
- Oct 20 00:27:58 ubuntu snort[3038]: 79 client (Footprint)
- Oct 20 00:27:58 ubuntu snort[3038]: 80 client (Footprint) server (Footprint)
- Oct 20 00:27:58 ubuntu snort[3038]: 81 client (Footprint) server (Footprint)
- Oct 20 00:27:58 ubuntu snort[3038]: 109 client (Footprint)
- Oct 20 00:27:58 ubuntu snort[3038]: 110 client (Footprint)
- Oct 20 00:27:58 ubuntu snort[3038]: 111 client (Footprint)
- Oct 20 00:27:58 ubuntu snort[3038]: 113 client (Footprint)
- Oct 20 00:27:58 ubuntu snort[3038]: 119 client (Footprint)
- Oct 20 00:27:58 ubuntu snort[3038]: 135 client (Footprint)
- Oct 20 00:27:58 ubuntu snort[3038]: 136 client (Footprint)
- Oct 20 00:27:58 ubuntu snort[3038]: 137 client (Footprint)
- Oct 20 00:27:58 ubuntu snort[3038]: 139 client (Footprint)
- Oct 20 00:27:58 ubuntu snort[3038]: 143 client (Footprint)
- Oct 20 00:27:58 ubuntu snort[3038]: 161 client (Footprint)
- Oct 20 00:27:58 ubuntu snort[3038]: additional ports configured but not printed.
- Oct 20 00:27:58 ubuntu snort[3038]: Stream5 UDP Policy config:
- Oct 20 00:27:58 ubuntu snort[3038]: Timeout: 180 seconds
- Oct 20 00:27:58 ubuntu snort[3038]: HttpInspect Config:
- Oct 20 00:27:58 ubuntu snort[3038]: GLOBAL CONFIG
- Oct 20 00:27:58 ubuntu snort[3038]: Max Pipeline Requests: 0
- Oct 20 00:27:58 ubuntu snort[3038]: Inspection Type: STATELESS
- Oct 20 00:27:58 ubuntu snort[3038]: Detect Proxy Usage: NO
- Oct 20 00:27:58 ubuntu snort[3038]: IIS Unicode Map Filename: /usr/local/snort/etc/unicode.map
- Oct 20 00:27:58 ubuntu snort[3038]: IIS Unicode Map Codepage: 1252
- Oct 20 00:27:58 ubuntu snort[3038]: Memcap used for logging URI and Hostname: 150994944
- Oct 20 00:27:58 ubuntu snort[3038]: Max Gzip Memory: 838860
- Oct 20 00:27:58 ubuntu snort[3038]: Max Gzip Sessions: 9532
- Oct 20 00:27:58 ubuntu snort[3038]: Gzip Compress Depth: 65535
- Oct 20 00:27:58 ubuntu snort[3038]: Gzip Decompress Depth: 65535
- Oct 20 00:27:58 ubuntu snort[3038]: DEFAULT SERVER CONFIG:
- Oct 20 00:27:58 ubuntu snort[3038]: Server profile: All
- Oct 20 00:27:58 ubuntu snort[3038]: Ports (PAF): 80 81 311 591 593 901 1220 1414 1741 1830 2301 2381 2809 3128 3702 4343 4848 5250 7001 7145 7510 7777 7779 8000 8008 8014 8028 8080 8088 8090 8118 8123 8180 8181 8243 8280 8800 8888 8899 9000 9080 9090 9091 9443 9999 11371 55555
- Oct 20 00:27:58 ubuntu snort[3038]: Server Flow Depth: 0
- Oct 20 00:27:58 ubuntu snort[3038]: Client Flow Depth: 0
- Oct 20 00:27:58 ubuntu snort[3038]: Max Chunk Length: 500000
- Oct 20 00:27:58 ubuntu snort[3038]: Small Chunk Length Evasion: chunk size <= 10, threshold >= 5 times
- Oct 20 00:27:58 ubuntu snort[3038]: Max Header Field Length: 750
- Oct 20 00:27:58 ubuntu snort[3038]: Max Number Header Fields: 100
- Oct 20 00:27:58 ubuntu snort[3038]: Max Number of WhiteSpaces allowed with header folding: 200
- Oct 20 00:27:58 ubuntu snort[3038]: Inspect Pipeline Requests: YES
- Oct 20 00:27:58 ubuntu snort[3038]: URI Discovery Strict Mode: NO
- Oct 20 00:27:58 ubuntu snort[3038]: Allow Proxy Usage: NO
- Oct 20 00:27:58 ubuntu snort[3038]: Disable Alerting: NO
- Oct 20 00:27:58 ubuntu snort[3038]: Oversize Dir Length: 500
- Oct 20 00:27:58 ubuntu snort[3038]: Only inspect URI: NO
- Oct 20 00:27:58 ubuntu rsyslogd-2177: imuxsock begins to drop messages from pid 3038 due to rate-limiting
- Oct 20 00:28:04 ubuntu rsyslogd-2177: imuxsock lost 401 messages from pid 3038 due to rate-limiting
- Oct 20 00:28:04 ubuntu snort[3038]: pcap DAQ configured to passive.
- Oct 20 00:28:04 ubuntu snort[3038]: Acquiring network traffic from "eth0".
- Oct 20 00:28:04 ubuntu snort[3038]: Initializing daemon mode
- Oct 20 00:28:04 ubuntu snort[3039]: Daemon initialized, signaled parent pid: 3038
- Oct 20 00:28:04 ubuntu snort[3039]: Reload thread starting...
- Oct 20 00:28:04 ubuntu snort[3039]: Reload thread started, thread 0xa66a6b40 (3039)
- Oct 20 00:28:04 ubuntu kernel: [ 2701.773992] device eth0 entered promiscuous mode
- Oct 20 00:28:04 ubuntu kernel: [ 2701.773996] eth0: Promiscuous mode enabled.
- Oct 20 00:28:04 ubuntu snort[3039]: Decoding Ethernet
- Oct 20 00:28:04 ubuntu snort[3039]: Checking PID path...
- Oct 20 00:28:04 ubuntu snort[3039]: PID path stat checked out ok, PID path set to /var/run/
- Oct 20 00:28:04 ubuntu snort[3039]: Writing PID "3039" to file "/var/run//snort_eth0.pid"
- Oct 20 00:28:04 ubuntu snort[3039]:
- Oct 20 00:28:04 ubuntu snort[3039]: --== Initialization Complete ==--
- Oct 20 00:28:04 ubuntu snort[3039]: Commencing packet processing (pid=3039)
- Oct 20 00:29:26 ubuntu pure-ftpd: (?@science) [INFO] New connection from science
- Oct 20 00:29:26 ubuntu pure-ftpd: (?@science) [INFO] Logout.
- Oct 20 00:29:43 ubuntu pure-ftpd: (?@science) [INFO] New connection from science
- Oct 20 00:29:44 ubuntu pure-ftpd: (?@science) [INFO] New connection from science
- Oct 20 00:29:44 ubuntu pure-ftpd: (?@science) [INFO] PAM_RHOST enabled. Getting the peer address
- Oct 20 00:29:44 ubuntu pure-ftpd: (?@science) [INFO] PAM_RHOST enabled. Getting the peer address
- Oct 20 00:29:50 ubuntu pure-ftpd: (?@science) [WARNING] Authentication failed for user [anonymous]
- Oct 20 00:29:50 ubuntu pure-ftpd: (?@science) [INFO] Logout.
- Oct 20 00:29:52 ubuntu pure-ftpd: (?@science) [WARNING] Authentication failed for user [anonymous]
- Oct 20 00:29:52 ubuntu pure-ftpd: (?@science) [INFO] Logout.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement