Public Pastes
daily pastebin goal
57%
SHARE
TWEET

Log files for mobius

a guest Mar 24th, 2012 15 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 03/24/12 08:42:31 AM    mobius-Inspiron-N5110   rsyslogd        [origin software="rsyslogd" swVersion="4.6.4" x-pid="798" x-info="http://www.rsyslog.com"] rsyslogd was HUPed, type 'lightweight'.
  2. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]     *** Caught Term-Signal
  3. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]     Run time prior to being shutdown was 2047.325326 seconds
  4. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]     ===============================================================================
  5. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]     Packet Wire Totals:
  6. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]        Received:            0
  7. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]        Analyzed:            0 (0.000%)
  8. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]         Dropped:            0 (0.000%)
  9. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]     Outstanding:            0 (0.000%)
  10. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]     ===============================================================================
  11. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]     Breakdown by protocol (includes rebuilt packets):
  12. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]           ETH: 0          (0.000%)
  13. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]       ETHdisc: 0          (0.000%)
  14. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]          VLAN: 0          (0.000%)
  15. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]          IPV6: 0          (0.000%)
  16. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]       IP6 EXT: 0          (0.000%)
  17. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]       IP6opts: 0          (0.000%)
  18. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]       IP6disc: 0          (0.000%)
  19. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]           IP4: 0          (0.000%)
  20. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]       IP4disc: 0          (0.000%)
  21. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]         TCP 6: 0          (0.000%)
  22. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]         UDP 6: 0          (0.000%)
  23. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]         ICMP6: 0          (0.000%)
  24. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]       ICMP-IP: 0          (0.000%)
  25. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]           TCP: 0          (0.000%)
  26. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]           UDP: 0          (0.000%)
  27. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]          ICMP: 0          (0.000%)
  28. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]       TCPdisc: 0          (0.000%)
  29. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]       UDPdisc: 0          (0.000%)
  30. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]       ICMPdis: 0          (0.000%)
  31. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]          FRAG: 0          (0.000%)
  32. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]        FRAG 6: 0          (0.000%)
  33. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]           ARP: 0          (0.000%)
  34. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]         EAPOL: 0          (0.000%)
  35. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]       ETHLOOP: 0          (0.000%)
  36. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]           IPX: 0          (0.000%)
  37. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]         OTHER: 0          (0.000%)
  38. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]       DISCARD: 0          (0.000%)
  39. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]     InvChkSum: 0          (0.000%)
  40. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]        S5 G 1: 0          (0.000%)
  41. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]        S5 G 2: 0          (0.000%)
  42. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]         Total: 0        
  43. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]     ===============================================================================
  44. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]     Action Stats:
  45. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]     ALERTS: 0
  46. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]     LOGGED: 0
  47. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]     PASSED: 0
  48. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]     ===============================================================================
  49. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]     Frag3 statistics:
  50. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]             Total Fragments: 0
  51. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]           Frags Reassembled: 0
  52. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]                    Discards: 0
  53. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]               Memory Faults: 0
  54. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]                    Timeouts: 0
  55. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]                    Overlaps: 0
  56. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]                   Anomalies: 0
  57. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]                      Alerts: 0
  58. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]                       Drops: 0
  59. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]          FragTrackers Added: 0
  60. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]         FragTrackers Dumped: 0
  61. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]     FragTrackers Auto Freed: 0
  62. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]         Frag Nodes Inserted: 0
  63. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]          Frag Nodes Deleted: 0
  64. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]     ===============================================================================
  65. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]     Stream5 statistics:
  66. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]                 Total sessions: 0
  67. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]                   TCP sessions: 0
  68. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]                   UDP sessions: 0
  69. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]                  ICMP sessions: 0
  70. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]                     TCP Prunes: 0
  71. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]                     UDP Prunes: 0
  72. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]                    ICMP Prunes: 0
  73. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]     TCP StreamTrackers Created: 0
  74. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]     TCP StreamTrackers Deleted: 0
  75. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]                   TCP Timeouts: 0
  76. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]                   TCP Overlaps: 0
  77. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]            TCP Segments Queued: 0
  78. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]          TCP Segments Released: 0
  79. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]            TCP Rebuilt Packets: 0
  80. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]              TCP Segments Used: 0
  81. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]                   TCP Discards: 0
  82. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]           UDP Sessions Created: 0
  83. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]           UDP Sessions Deleted: 0
  84. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]                   UDP Timeouts: 0
  85. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]                   UDP Discards: 0
  86. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]                         Events: 0
  87. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]                Internal Events: 0
  88. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]                TCP Port Filter
  89. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]                        Dropped: 0
  90. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]                      Inspected: 0
  91. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]                        Tracked: 0
  92. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]                UDP Port Filter
  93. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]                        Dropped: 0
  94. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]                      Inspected: 0
  95. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]                        Tracked: 0
  96. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]     ===============================================================================
  97. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]     ===============================================================================
  98. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]     dcerpc2 Preprocessor Statistics
  99. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]       Total sessions: 0
  100. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]     ===============================================================================
  101. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]     ===============================================================================
  102. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]     Could not remove pid file /var/run//snort_eth0.pid: Permission denied
  103. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[1606]     Snort exiting
  104. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]     Running in IDS mode
  105. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]    
  106. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]             --== Initializing Snort ==--
  107. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]     Initializing Output Plugins!
  108. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]     Initializing Preprocessors!
  109. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]     Initializing Plug-ins!
  110. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]     Parsing Rules file "/etc/snort/snort.conf"
  111. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]     PortVar 'HTTP_PORTS' defined :
  112. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]      [ 80 ]
  113. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]    
  114. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]     PortVar 'SHELLCODE_PORTS' defined :
  115. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]      [ 0:79 81:65535 ]
  116. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]    
  117. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]     PortVar 'ORACLE_PORTS' defined :
  118. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]      [ 1521 ]
  119. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]    
  120. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]     PortVar 'FTP_PORTS' defined :
  121. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]      [ 21 ]
  122. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]    
  123. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]     Tagged Packet Limit: 256
  124. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]     Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so...
  125. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]     done
  126. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]     Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/...
  127. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]       Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so...
  128. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]     done
  129. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]       Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so...
  130. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]     done
  131. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]       Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so...
  132. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]     done
  133. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]       Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so...
  134. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]     done
  135. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]       Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dcerpc_preproc.so...
  136. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]     done
  137. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]       Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so...
  138. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]     done
  139. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]       Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so...
  140. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]     done
  141. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]       Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//lib_sfdynamic_preprocessor_example.so...
  142. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]     done
  143. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]       Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/
  144. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]     Log directory = /var/log/snort
  145. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]     Frag3 global config:
  146. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Max frags: 65536
  147. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Fragment memory cap: 4194304 bytes
  148. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]     Frag3 engine config:
  149. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Target-based policy: FIRST
  150. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Fragment timeout: 60 seconds
  151. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Fragment min_ttl:   1
  152. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Fragment Problems: 1
  153. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Overlap Limit:     10
  154. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Min fragment Length:     0
  155. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]     Stream5 global config:
  156. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Track TCP sessions: ACTIVE
  157. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Max TCP sessions: 8192
  158. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Memcap (for reassembly packet storage): 8388608
  159. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Track UDP sessions: INACTIVE
  160. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Track ICMP sessions: INACTIVE
  161. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Log info if session memory consumption exceeds 1048576
  162. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]     Stream5 TCP Policy config:
  163. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Reassembly Policy: FIRST
  164. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Timeout: 30 seconds
  165. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Min ttl:  1
  166. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Maximum number of bytes to queue per session: 1048576
  167. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Maximum number of segs to queue per session: 2621
  168. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Reassembly Ports:
  169. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           21 client (Footprint)
  170. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           23 client (Footprint)
  171. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           25 client (Footprint)
  172. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           42 client (Footprint)
  173. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           53 client (Footprint)
  174. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           80 client (Footprint)
  175. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           110 client (Footprint)
  176. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           111 client (Footprint)
  177. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           135 client (Footprint)
  178. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           136 client (Footprint)
  179. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           137 client (Footprint)
  180. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           139 client (Footprint)
  181. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           143 client (Footprint)
  182. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           445 client (Footprint)
  183. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           513 client (Footprint)
  184. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           514 client (Footprint)
  185. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           1433 client (Footprint)
  186. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           1521 client (Footprint)
  187. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           2401 client (Footprint)
  188. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           3306 client (Footprint)
  189. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]     HttpInspect Config:
  190. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         GLOBAL CONFIG
  191. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           Max Pipeline Requests:    0
  192. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           Inspection Type:          STATELESS
  193. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           Detect Proxy Usage:       NO
  194. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           IIS Unicode Map Filename: /etc/snort/unicode.map
  195. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           IIS Unicode Map Codepage: 1252
  196. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         DEFAULT SERVER CONFIG:
  197. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           Server profile: All
  198. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           Ports: 80 8080 8180
  199. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           Server Flow Depth: 300
  200. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           Client Flow Depth: 300
  201. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           Max Chunk Length: 500000
  202. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           Max Header Field Length: 0
  203. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           Max Number Header Fields: 0
  204. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           Inspect Pipeline Requests: YES
  205. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           URI Discovery Strict Mode: NO
  206. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           Allow Proxy Usage: NO
  207. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           Disable Alerting: NO
  208. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           Oversize Dir Length: 500
  209. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           Only inspect URI: NO
  210. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           Normalize HTTP Headers: NO
  211. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           Normalize HTTP Cookies: NO
  212. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           Ascii: YES alert: NO
  213. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           Double Decoding: YES alert: YES
  214. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           %U Encoding: YES alert: YES
  215. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           Bare Byte: YES alert: YES
  216. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           Base36: OFF
  217. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           UTF 8: OFF
  218. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           IIS Unicode: YES alert: YES
  219. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           Multiple Slash: YES alert: NO
  220. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           IIS Backslash: YES alert: NO
  221. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           Directory Traversal: YES alert: NO
  222. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           Web Root Traversal: YES alert: YES
  223. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           Apache WhiteSpace: YES alert: NO
  224. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           IIS Delimiter: YES alert: NO
  225. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
  226. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           Non-RFC Compliant Characters: NONE
  227. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           Whitespace Characters: 0x09 0x0b 0x0c 0x0d
  228. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]     rpc_decode arguments:
  229. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Ports to decode RPC on: 111 32771
  230. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         alert_fragments: INACTIVE
  231. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         alert_large_fragments: ACTIVE
  232. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         alert_incomplete: ACTIVE
  233. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         alert_multiple_requests: ACTIVE
  234. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]     Portscan Detection Config:
  235. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Detect Protocols:  TCP UDP ICMP IP
  236. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Detect Scan Type:  portscan portsweep decoy_portscan distributed_portscan
  237. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Sensitivity Level: Low
  238. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Memcap (in bytes): 10000000
  239. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Number of Nodes:   36900
  240. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]     FTPTelnet Config:
  241. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         GLOBAL CONFIG
  242. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           Inspection Type: stateful
  243. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           Check for Encrypted Traffic: YES alert: YES
  244. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           Continue to check encrypted data: NO
  245. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         TELNET CONFIG:
  246. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           Ports: 23
  247. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           Are You There Threshold: 200
  248. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           Normalize: YES
  249. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           Detect Anomalies: NO
  250. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         FTP CONFIG:
  251. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           FTP Server: default
  252. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]             Ports: 21
  253. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]             Check for Telnet Cmds: YES alert: YES
  254. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]             Ignore Telnet Cmd Operations: OFF
  255. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]             Identify open data channels: YES
  256. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           FTP Client: default
  257. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]             Check for Bounce Attacks: YES alert: YES
  258. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]             Check for Telnet Cmds: YES alert: YES
  259. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]             Ignore Telnet Cmd Operations: OFF
  260. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]             Max Response Length: 256
  261. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]     SMTP Config:
  262. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Ports: 25 587 691
  263. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Inspection Type: Stateful
  264. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Normalize: EXPN RCPT VRFY
  265. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Ignore Data: No
  266. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Ignore TLS Data: No
  267. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Ignore SMTP Alerts: No
  268. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Max Command Line Length: Unlimited
  269. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Max Specific Command Line Length:
  270. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]            ETRN:500 EXPN:255 HELO:500 HELP:500 MAIL:260
  271. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]            RCPT:300 VRFY:255
  272. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Max Header Line Length: Unlimited
  273. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Max Response Line Length: Unlimited
  274. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         X-Link2State Alert: Yes
  275. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Drop on X-Link2State Alert: No
  276. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Alert on commands: None
  277. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]     SSH config:
  278. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Autodetection: DISABLED
  279. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Challenge-Response Overflow Alert: ENABLED
  280. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         SSH1 CRC32 Alert: ENABLED
  281. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Server Version String Overflow Alert: ENABLED
  282. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Protocol Mismatch Alert: ENABLED
  283. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Bad Message Direction Alert: DISABLED
  284. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Bad Payload Size Alert: DISABLED
  285. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Unrecognized Version Alert: DISABLED
  286. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Max Encrypted Packets: 20  
  287. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Max Server Version String Length: 80 (Default)
  288. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         MaxClientBytes: 19600 (Default)
  289. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Ports:
  290. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]     #01122
  291. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]    
  292. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]     DCE/RPC 2 Preprocessor Configuration
  293. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]       Global Configuration
  294. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         DCE/RPC Defragmentation: Enabled
  295. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Memcap: 102400 KB
  296. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Events: none
  297. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]       Server Default Configuration
  298. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Policy: WinXP
  299. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Detect ports
  300. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           SMB: 139 445
  301. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           TCP: 135
  302. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           UDP: 135
  303. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           RPC over HTTP server: 593
  304. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           RPC over HTTP proxy: None
  305. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Autodetect ports
  306. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           SMB: None
  307. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           TCP: 1025-65535
  308. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           UDP: 1025-65535
  309. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           RPC over HTTP server: 1025-65535
  310. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           RPC over HTTP proxy: None
  311. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Maximum SMB command chaining: 3 commands
  312. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]     DNS config:
  313. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         DNS Client rdata txt Overflow Alert: ACTIVE
  314. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Obsolete DNS RR Types Alert: INACTIVE
  315. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Experimental DNS RR Types Alert: INACTIVE
  316. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Ports:
  317. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]      53
  318. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]    
  319. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]     SSLPP config:
  320. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Encrypted packets: not inspected
  321. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Ports:
  322. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           443      465      563      636      989
  323. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]           992      993      994      995
  324. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         Server side data is trusted
  325. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]    
  326. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]     +++++++++++++++++++++++++++++++++++++++++++++++++++
  327. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]     Initializing rule chains...
  328. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]     Warning: /etc/snort/rules/dos.rules(42) => threshold (in rule) is deprecated; use detection_filter instead.
  329. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]     3381 Snort rules read
  330. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         3381 detection rules
  331. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         0 decoder rules
  332. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]         0 preprocessor rules
  333. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]     3381 Option Chains linked into 280 Chain Headers
  334. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]     0 Dynamic rules
  335. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]     +++++++++++++++++++++++++++++++++++++++++++++++++++
  336. 03/24/12 08:42:32 AM    mobius-Inspiron-N5110   snort[2478]    
  337. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     +-------------------[Rule Port Counts]---------------------------------------
  338. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     |             tcp     udp    icmp      ip
  339. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     |     src     121      19       0       0
  340. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     |     dst    2921     130       0       0
  341. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     |     any     115      53      56      27
  342. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     |      nc      31      10      15      20
  343. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     |     s+d      12       6       0       0
  344. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     +----------------------------------------------------------------------------
  345. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]    
  346. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     +-----------------------[detection-filter-config]------------------------------
  347. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     | memory-cap : 1048576 bytes
  348. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     +-----------------------[detection-filter-rules]-------------------------------
  349. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     | none
  350. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     -------------------------------------------------------------------------------
  351. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]    
  352. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     +-----------------------[rate-filter-config]-----------------------------------
  353. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     | memory-cap : 1048576 bytes
  354. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     +-----------------------[rate-filter-rules]------------------------------------
  355. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     | none
  356. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     -------------------------------------------------------------------------------
  357. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]    
  358. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     +-----------------------[event-filter-config]----------------------------------
  359. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     | memory-cap : 1048576 bytes
  360. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     +-----------------------[event-filter-global]----------------------------------
  361. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     | none
  362. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     +-----------------------[event-filter-local]-----------------------------------
  363. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     | gen-id=1      sig-id=2523       type=Both      tracking=dst count=10  seconds=10
  364. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     | gen-id=1      sig-id=2275       type=Threshold tracking=dst count=5   seconds=60
  365. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     | gen-id=1      sig-id=100000312  type=Limit     tracking=src count=1   seconds=360
  366. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     | gen-id=1      sig-id=100000158  type=Both      tracking=src count=100 seconds=60
  367. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     | gen-id=1      sig-id=100000923  type=Threshold tracking=dst count=200 seconds=60
  368. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     | gen-id=1      sig-id=100000160  type=Both      tracking=src count=300 seconds=60
  369. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     | gen-id=1      sig-id=2923       type=Threshold tracking=dst count=10  seconds=60
  370. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     | gen-id=1      sig-id=100000163  type=Both      tracking=src count=100 seconds=60
  371. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     | gen-id=1      sig-id=2924       type=Threshold tracking=dst count=10  seconds=60
  372. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     | gen-id=1      sig-id=2494       type=Both      tracking=dst count=20  seconds=60
  373. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     | gen-id=1      sig-id=100000310  type=Limit     tracking=src count=1   seconds=360
  374. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     | gen-id=1      sig-id=100000159  type=Both      tracking=src count=100 seconds=60
  375. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     | gen-id=1      sig-id=100000161  type=Both      tracking=dst count=100 seconds=60
  376. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     | gen-id=1      sig-id=3273       type=Threshold tracking=src count=5   seconds=2  
  377. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     | gen-id=1      sig-id=3152       type=Threshold tracking=src count=5   seconds=2  
  378. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     | gen-id=1      sig-id=100000311  type=Limit     tracking=src count=1   seconds=360
  379. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     | gen-id=1      sig-id=2496       type=Both      tracking=dst count=20  seconds=60
  380. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     | gen-id=1      sig-id=100000162  type=Both      tracking=src count=100 seconds=60
  381. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     | gen-id=1      sig-id=2495       type=Both      tracking=dst count=20  seconds=60
  382. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     +-----------------------[suppression]------------------------------------------
  383. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     | none
  384. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     -------------------------------------------------------------------------------
  385. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     Rule application order: activation->dynamic->pass->drop->alert->log
  386. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     Verifying Preprocessor Configurations!
  387. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     Warning: flowbits key 'ms_sql_seen_dns' is checked but not ever set.
  388. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     Warning: flowbits key 'realplayer.playlist' is checked but not ever set.
  389. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     Warning: flowbits key 'smb.tree.create.llsrpc' is set but not ever checked.
  390. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     Warning: flowbits key 'community_uri.size.1050' is set but not ever checked.
  391. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     37 out of 512 flowbits in use.
  392. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     Initializing Network Interface eth0
  393. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     Initializing daemon mode
  394. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2478]     Daemon parent exiting
  395. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2480]     Daemon initialized, signaled parent pid: 2478
  396. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2480]     Checking PID path...
  397. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2480]     PID path stat checked out ok, PID path set to /var/run/
  398. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2480]     Writing PID "2480" to file "/var/run//snort_eth0.pid"
  399. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2480]     Decoding Ethernet on interface eth0
  400. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2480]    
  401. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2480]     [ Port Based Pattern Matching Memory ]
  402. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2480]     +-[AC-BNFA Search Info Summary]------------------------------
  403. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2480]     | Instances        : 241
  404. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2480]     | Patterns         : 22048
  405. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2480]     | Pattern Chars    : 207212
  406. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2480]     | Num States       : 137800
  407. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2480]     | Num Match States : 18343
  408. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2480]     | Memory           :   3.51Mbytes
  409. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2480]     |   Patterns       :   0.70M
  410. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2480]     |   Match Lists    :   0.96M
  411. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2480]     |   Transitions    :   1.79M
  412. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2480]     +-------------------------------------------------
  413. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2480]    
  414. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2480]             --== Initialization Complete ==--
  415. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2480]     Snort initialization completed successfully (pid=2480)
  416. 03/24/12 08:42:33 AM    mobius-Inspiron-N5110   snort[2480]     Not Using PCAP_FRAMES
  417. 03/24/12 08:42:50 AM    mobius-Inspiron-N5110   anacron[1082]   Job `cron.daily' terminated (exit status: 1) (mailing output)
  418. 03/24/12 08:42:50 AM    mobius-Inspiron-N5110   anacron[1082]   Tried to mail output of job `cron.daily', but mailer process (/usr/sbin/sendmail) exited with ststus 255
  419. 03/24/12 08:42:50 AM    mobius-Inspiron-N5110   anacron[1082]   Normal exit (1 job run)
  420. 03/24/12 09:17:01 AM    mobius-Inspiron-N5110   CRON[2554]      (root) CMD (   cd / && run-parts --report /etc/cron.hourly)
  421. 03/24/12 09:42:03 AM    mobius-Inspiron-N5110   NetworkManager[889]     <info> (wlan0): supplicant connection state:  completed -> group handshake
  422. 03/24/12 09:42:03 AM    mobius-Inspiron-N5110   wpa_supplicant[977]     WPA: Group rekeying completed with a0:21:b7:b0:b4:5e [GTK=TKIP]
  423. 03/24/12 09:42:03 AM    mobius-Inspiron-N5110   NetworkManager[889]     <info> (wlan0): supplicant connection state:  group handshake -> completed
  424. 03/24/12 10:17:01 AM    mobius-Inspiron-N5110   CRON[2609]      (root) CMD (   cd / && run-parts --report /etc/cron.hourly)
  425. 03/24/12 10:42:04 AM    mobius-Inspiron-N5110   NetworkManager[889]     <info> (wlan0): supplicant connection state:  completed -> group handshake
  426. 03/24/12 10:42:04 AM    mobius-Inspiron-N5110   wpa_supplicant[977]     WPA: Group rekeying completed with a0:21:b7:b0:b4:5e [GTK=TKIP]
  427. 03/24/12 10:42:04 AM    mobius-Inspiron-N5110   NetworkManager[889]     <info> (wlan0): supplicant connection state:  group handshake -> completed
  428. 03/24/12 10:56:29 AM    mobius-Inspiron-N5110   kernel  [10112.861196] device wlan0 entered promiscuous mode
  429. 03/24/12 11:17:01 AM    mobius-Inspiron-N5110   CRON[3238]      (root) CMD (   cd / && run-parts --report /etc/cron.hourly)
RAW Paste Data
Pastebin PRO WINTER Special!
Get 40% OFF Pastebin PRO accounts!
Top