Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- snort -c /data/IDS/snort-2.9.6.1/etc/snort.conf -i eth0
- Running in IDS mode
- --== Initializing Snort ==--
- Initializing Output Plugins!
- Initializing Preprocessors!
- Initializing Plug-ins!
- Parsing Rules file "/data/IDS/snort-2.9.6.1/etc/snort.conf"
- PortVar 'HTTP_PORTS' defined : [ 36 80:90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 2231 2301 2381 2809 3029 3037 3057 3128 3443 3702 4000 4343 4848 5117 5250 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777 7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8500 8509 8800 8888 8899 9000 9060 9080 9090:9091 9111 9443 9999:10000 11371 12601 15489 29991 33300 34412 34443:34444 41080 44449 50000 50002 51423 53331 55252 55555 56712 ]
- PortVar 'SHELLCODE_PORTS' defined : [ 0:79 81:65535 ]
- PortVar 'ORACLE_PORTS' defined : [ 1024:65535 ]
- PortVar 'SSH_PORTS' defined : [ 22 ]
- PortVar 'FTP_PORTS' defined : [ 21 2100 3535 ]
- PortVar 'SIP_PORTS' defined : [ 5060:5061 5600 ]
- PortVar 'FILE_DATA_PORTS' defined : [ 36 80:90 110 143 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 2231 2301 2381 2809 3029 3037 3057 3128 3443 3702 4000 4343 4848 5117 5250 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777 7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8500 8509 8800 8888 8899 9000 9060 9080 9090:9091 9111 9443 9999:10000 11371 12601 15489 29991 33300 34412 34443:34444 41080 44449 50000 50002 51423 53331 55252 55555 56712 ]
- PortVar 'GTP_PORTS' defined : [ 2123 2152 3386 ]
- Detection:
- Search-Method = AC-Full-Q
- Split Any/Any group = enabled
- Search-Method-Optimizations = enabled
- Maximum pattern length = 20
- Found profile_preprocs config directive (print all, sort avg_ticks)
- Found profile_rules config directive (print all, sort avg_ticks)
- Tagged Packet Limit: 256
- Log directory = /var/log/snort
- WARNING: ip4 normalizations disabled because not inline.
- WARNING: tcp normalizations disabled because not inline.
- WARNING: icmp4 normalizations disabled because not inline.
- Frag3 global config:
- Max frags: 65536
- Fragment memory cap: 4194304 bytes
- Frag3 engine config:
- Bound Address: default
- Target-based policy: WINDOWS
- Fragment timeout: 180 seconds
- Fragment min_ttl: 1
- Fragment Anomalies: Alert
- Overlap Limit: 10
- Min fragment Length: 100
- Stream5 global config:
- Track TCP sessions: ACTIVE
- Max TCP sessions: 262144
- TCP cache pruning timeout: 30 seconds
- TCP cache nominal timeout: 3600 seconds
- Memcap (for reassembly packet storage): 8388608
- Track UDP sessions: ACTIVE
- Max UDP sessions: 131072
- UDP cache pruning timeout: 30 seconds
- UDP cache nominal timeout: 180 seconds
- Track ICMP sessions: INACTIVE
- Track IP sessions: INACTIVE
- Log info if session memory consumption exceeds 1048576
- Send up to 2 active responses
- Wait at least 5 seconds between responses
- Protocol Aware Flushing: ACTIVE
- Maximum Flush Point: 16000
- Max Expected Streams: 768
- Stream5 TCP Policy config:
- Bound Address: default
- Reassembly Policy: WINDOWS
- Timeout: 180 seconds
- Limit on TCP Overlaps: 10
- Maximum number of bytes to queue per session: 1048576
- Maximum number of segs to queue per session: 2621
- Options:
- Require 3-Way Handshake: YES
- 3-Way Handshake Timeout: 180
- Detect Anomalies: YES
- Reassembly Ports:
- 21 client (Footprint)
- 22 client (Footprint)
- 23 client (Footprint)
- 25 client (Footprint)
- 36 client (Footprint) server (Footprint)
- 42 client (Footprint)
- 53 client (Footprint)
- 70 client (Footprint)
- 79 client (Footprint)
- 80 client (Footprint) server (Footprint)
- 81 client (Footprint) server (Footprint)
- 82 client (Footprint) server (Footprint)
- 83 client (Footprint) server (Footprint)
- 84 client (Footprint) server (Footprint)
- 85 client (Footprint) server (Footprint)
- 86 client (Footprint) server (Footprint)
- 87 client (Footprint) server (Footprint)
- 88 client (Footprint) server (Footprint)
- 89 client (Footprint) server (Footprint)
- 90 client (Footprint) server (Footprint)
- additional ports configured but not printed.
- Stream5 UDP Policy config:
- Timeout: 180 seconds
- HttpInspect Config:
- GLOBAL CONFIG
- Max Pipeline Requests: 0
- Inspection Type: STATELESS
- Detect Proxy Usage: NO
- IIS Unicode Map Filename: /data/IDS/snort-2.9.6.1/etc/unicode.map
- IIS Unicode Map Codepage: 1252
- Memcap used for logging URI and Hostname: 150994944
- Max Gzip Memory: 838860
- Max Gzip Sessions: 9532
- Gzip Compress Depth: 65535
- Gzip Decompress Depth: 65535
- DEFAULT SERVER CONFIG:
- Server profile: All
- Ports (PAF): 36 80 81 82 83 84 85 86 87 88 89 90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1741 1830 2231 2301 2381 2809 3029 3037 3057 3128 3443 3702 4000 4343 4848 5117 5250 6080 6173 6988 7000 7001 7071 7144 7145 7510 7770 7777 7779 8000 8008 8014 8028 8080 8081 8082 8085 8088 8090 8118 8123 8180 8181 8222 8243 8280 8300 8500 8509 8800 8888 8899 9000 9060 9080 9090 9091 9111 9443 9999 10000 11371 12601 15489 29991 33300 34412 34443 34444 41080 44449 50000 50002 51423 53331 55252 55555 56712
- Server Flow Depth: 10
- Client Flow Depth: 10
- Max Chunk Length: 500000
- Small Chunk Length Evasion: chunk size <= 10, threshold >= 5 times
- Max Header Field Length: 750
- Max Number Header Fields: 100
- Max Number of WhiteSpaces allowed with header folding: 200
- Inspect Pipeline Requests: YES
- URI Discovery Strict Mode: NO
- Allow Proxy Usage: NO
- Disable Alerting: NO
- Oversize Dir Length: 500
- Only inspect URI: NO
- Normalize HTTP Headers: YES
- Inspect HTTP Cookies: NO
- Inspect HTTP Responses: YES
- Extract Gzip from responses: YES
- Unlimited decompression of gzip data from responses: YES
- Normalize Javascripts in HTTP Responses: YES
- Max Number of WhiteSpaces allowed with Javascript Obfuscation in HTTP responses: 200
- Normalize HTTP Cookies: NO
- Enable XFF and True Client IP: NO
- Log HTTP URI data: NO
- Log HTTP Hostname data: NO
- Extended ASCII code support in URI: NO
- Ascii: YES alert: NO
- Double Decoding: YES alert: NO
- %U Encoding: YES alert: YES
- Bare Byte: YES alert: NO
- UTF 8: YES alert: NO
- IIS Unicode: YES alert: NO
- Multiple Slash: YES alert: NO
- IIS Backslash: YES alert: NO
- Directory Traversal: YES alert: NO
- Web Root Traversal: YES alert: NO
- Apache WhiteSpace: YES alert: NO
- IIS Delimiter: YES alert: NO
- IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
- Non-RFC Compliant Characters: NONE
- Whitespace Characters: 0x09 0x0b 0x0c 0x0d
- +++++++++++++++++++++++++++++++++++++++++++++++++++
- Initializing rule chains...
- 0 Snort rules read
- 0 detection rules
- 0 decoder rules
- 0 preprocessor rules
- 0 Option Chains linked into 0 Chain Headers
- 0 Dynamic rules
- +++++++++++++++++++++++++++++++++++++++++++++++++++
- +-------------------[Rule Port Counts]---------------------------------------
- | tcp udp icmp ip
- | src 0 0 0 0
- | dst 0 0 0 0
- | any 0 0 0 0
- | nc 0 0 0 0
- | s+d 0 0 0 0
- +----------------------------------------------------------------------------
- +-----------------------[detection-filter-config]------------------------------
- | memory-cap : 1048576 bytes
- +-----------------------[detection-filter-rules]-------------------------------
- | none
- -------------------------------------------------------------------------------
- +-----------------------[rate-filter-config]-----------------------------------
- | memory-cap : 1048576 bytes
- +-----------------------[rate-filter-rules]------------------------------------
- | none
- -------------------------------------------------------------------------------
- +-----------------------[event-filter-config]----------------------------------
- | memory-cap : 1048576 bytes
- +-----------------------[event-filter-global]----------------------------------
- +-----------------------[event-filter-local]-----------------------------------
- | none
- +-----------------------[suppression]------------------------------------------
- | none
- -------------------------------------------------------------------------------
- Rule application order: activation->dynamic->pass->drop->sdrop->reject->alert->log
- Verifying Preprocessor Configurations!
- ICMP tracking disabled, no ICMP sessions allocated
- IP tracking disabled, no IP sessions allocated
- pcap DAQ configured to passive.
- Acquiring network traffic from "eth0".
- Reload thread starting...
- Reload thread started, thread 0xe7522b90 (18355)
- Decoding Ethernet
- --== Initialization Complete ==--
- ,,_ -*> Snort! <*-
- o" )~ Version 2.9.6.1 GRE (Build 56)
- '''' By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team
- Copyright (C) 2014 Cisco and/or its affiliates. All rights reserved.
- Copyright (C) 1998-2013 Sourcefire, Inc., et al.
- Using libpcap version 1.2.1
- Using PCRE version: 7.0 18-Dec-2006
- Using ZLIB version: 1.2.7
- Commencing packet processing (pid=18354)
- ^C*** Caught Int-Signal
- ===============================================================================
- Run time for packet processing was 9.1496 seconds
- Snort processed 10 packets.
- Snort ran for 0 days 0 hours 0 minutes 9 seconds
- Pkts/sec: 1
- Preprocessor Profile Statistics (all)
- ==========================================================
- Num Preprocessor Layer Checks Exits Microsecs Avg/Check Pct of Caller Pct of Total
- === ============ ===== ====== ===== ========= ========= ============= ============
- 1 s5 0 6 6 18 3.02 18.86 18.86
- 1 s5tcp 1 6 6 8 1.42 47.19 8.90
- 2 decode 0 10 10 27 2.75 28.59 28.59
- 3 eventq 0 20 20 4 0.23 4.69 4.69
- total total 0 10 10 96 9.60 0.00 0.00
- Rule Profile Statistics (all rules)
- ==========================================================
- No rules were profiled
- ===============================================================================
- Memory usage summary:
- Total non-mmapped bytes (arena): 2932736
- Bytes in mapped regions (hblkhd): 6873088
- Total allocated space (uordblks): 1193488
- Total free space (fordblks): 1739248
- Topmost releasable block (keepcost): 720
- ===============================================================================
- Packet I/O Totals:
- Received: 10
- Analyzed: 10 (100.000%)
- Dropped: 0 ( 0.000%)
- Filtered: 0 ( 0.000%)
- Outstanding: 0 ( 0.000%)
- Injected: 0
- ===============================================================================
- Breakdown by protocol (includes rebuilt packets):
- Eth: 10 (100.000%)
- VLAN: 0 ( 0.000%)
- IP4: 6 ( 60.000%)
- Frag: 0 ( 0.000%)
- ICMP: 0 ( 0.000%)
- UDP: 0 ( 0.000%)
- TCP: 6 ( 60.000%)
- IP6: 0 ( 0.000%)
- IP6 Ext: 0 ( 0.000%)
- IP6 Opts: 0 ( 0.000%)
- Frag6: 0 ( 0.000%)
- ICMP6: 0 ( 0.000%)
- UDP6: 0 ( 0.000%)
- TCP6: 0 ( 0.000%)
- Teredo: 0 ( 0.000%)
- ICMP-IP: 0 ( 0.000%)
- EAPOL: 0 ( 0.000%)
- IP4/IP4: 0 ( 0.000%)
- IP4/IP6: 0 ( 0.000%)
- IP6/IP4: 0 ( 0.000%)
- IP6/IP6: 0 ( 0.000%)
- GRE: 0 ( 0.000%)
- GRE Eth: 0 ( 0.000%)
- GRE VLAN: 0 ( 0.000%)
- GRE IP4: 0 ( 0.000%)
- GRE IP6: 0 ( 0.000%)
- GRE IP6 Ext: 0 ( 0.000%)
- GRE PPTP: 0 ( 0.000%)
- GRE ARP: 0 ( 0.000%)
- GRE IPX: 0 ( 0.000%)
- GRE Loop: 0 ( 0.000%)
- MPLS: 0 ( 0.000%)
- ARP: 0 ( 0.000%)
- IPX: 0 ( 0.000%)
- Eth Loop: 0 ( 0.000%)
- Eth Disc: 0 ( 0.000%)
- IP4 Disc: 0 ( 0.000%)
- IP6 Disc: 0 ( 0.000%)
- TCP Disc: 0 ( 0.000%)
- UDP Disc: 0 ( 0.000%)
- ICMP Disc: 0 ( 0.000%)
- All Discard: 0 ( 0.000%)
- Other: 4 ( 40.000%)
- Bad Chk Sum: 0 ( 0.000%)
- Bad TTL: 0 ( 0.000%)
- S5 G 1: 0 ( 0.000%)
- S5 G 2: 0 ( 0.000%)
- Total: 10
- ===============================================================================
- Action Stats:
- Alerts: 0 ( 0.000%)
- Logged: 0 ( 0.000%)
- Passed: 0 ( 0.000%)
- Limits:
- Match: 0
- Queue: 0
- Log: 0
- Event: 0
- Alert: 0
- Verdicts:
- Allow: 10 (100.000%)
- Block: 0 ( 0.000%)
- Replace: 0 ( 0.000%)
- Whitelist: 0 ( 0.000%)
- Blacklist: 0 ( 0.000%)
- Ignore: 0 ( 0.000%)
- ===============================================================================
- Frag3 statistics:
- Total Fragments: 0
- Frags Reassembled: 0
- Discards: 0
- Memory Faults: 0
- Timeouts: 0
- Overlaps: 0
- Anomalies: 0
- Alerts: 0
- Drops: 0
- FragTrackers Added: 0
- FragTrackers Dumped: 0
- FragTrackers Auto Freed: 0
- Frag Nodes Inserted: 0
- Frag Nodes Deleted: 0
- ===============================================================================
- Stream5 statistics:
- Total sessions: 0
- TCP sessions: 0
- UDP sessions: 0
- ICMP sessions: 0
- IP sessions: 0
- TCP Prunes: 0
- UDP Prunes: 0
- ICMP Prunes: 0
- IP Prunes: 0
- TCP StreamTrackers Created: 0
- TCP StreamTrackers Deleted: 0
- TCP Timeouts: 0
- TCP Overlaps: 0
- TCP Segments Queued: 0
- TCP Segments Released: 0
- TCP Rebuilt Packets: 0
- TCP Segments Used: 0
- TCP Discards: 0
- TCP Gaps: 0
- UDP Sessions Created: 0
- UDP Sessions Deleted: 0
- UDP Timeouts: 0
- UDP Discards: 0
- Events: 0
- Internal Events: 0
- TCP Port Filter
- Filtered: 0
- Inspected: 0
- Tracked: 6
- UDP Port Filter
- Filtered: 0
- Inspected: 0
- Tracked: 0
- ===============================================================================
- ===============================================================================
- Snort exiting
- [root@192.168.1.1] #
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement