Public Pastes
SHARE
TWEET

Untitled

a guest Jan 18th, 2019 112 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. [root@sunflower student]# /usr/local/bin/snort -r hp0_130.pcap -c /etc/snort/snort.conf
  2. Running in IDS mode
  3.  
  4.         --== Initializing Snort ==--
  5. Initializing Output Plugins!
  6. Initializing Preprocessors!
  7. Initializing Plug-ins!
  8. Parsing Rules file /etc/snort/snort.conf
  9.  
  10. +++++++++++++++++++++++++++++++++++++++++++++++++++
  11. Initializing rule chains...
  12. Var 'EXTERNAL_NET' defined, value len = 3 chars, value = any
  13. Var 'DNS_SERVERS' defined, value len = 3 chars, value = any
  14. Var 'SMTP_SERVERS' defined, value len = 3 chars, value = any
  15. Var 'HTTP_SERVERS' defined, value len = 3 chars, value = any
  16. Var 'SQL_SERVERS' defined, value len = 3 chars, value = any
  17. Var 'TELNET_SERVERS' defined, value len = 3 chars, value = any
  18. Var 'SNMP_SERVERS' defined, value len = 3 chars, value = any
  19. Var 'HTTP_PORTS' defined, value len = 2 chars, value = 80
  20. Var 'SHELLCODE_PORTS' defined, value len = 3 chars, value = !80
  21. Var 'ORACLE_PORTS' defined, value len = 4 chars, value = 1521
  22. Var 'AIM_SERVERS' defined, value len = 185 chars
  23.    [64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9
  24.    .0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24]
  25. Var 'RULE_PATH' defined, value len = 16 chars, value = /etc/snort/rules
  26. Detection:
  27.    Search-Method = Low-Mem
  28. ,-----------[Flow Config]----------------------
  29. | Stats Interval:  0
  30. | Hash Method:     2
  31. | Memcap:          10485760
  32. | Rows  :          4099
  33. | Overhead Bytes:  16400(%0.16)
  34. `----------------------------------------------
  35. Frag3 global config:
  36.     Max frags: 65536
  37.     Fragment memory cap: 4194304 bytes
  38. Frag3 engine config:
  39.     Target-based policy: FIRST
  40.     Fragment timeout: 60 seconds
  41.     Fragment min_ttl:   1
  42.     Fragment ttl_limit: 5
  43.     Fragment Problems: 1
  44.     Bound Addresses: 0.0.0.0/0.0.0.0
  45. Stream4 config:
  46.     Stateful inspection: ACTIVE
  47.     Session statistics: INACTIVE
  48.     Session timeout: 30 seconds
  49.     Session memory cap: 8388608 bytes
  50.     Session count max: 8192 sessions
  51.     Session cleanup count: 5
  52.     State alerts: INACTIVE
  53.     Evasion alerts: INACTIVE
  54.     Scan alerts: INACTIVE
  55.     Log Flushed Streams: INACTIVE
  56.     MinTTL: 1
  57.     TTL Limit: 5
  58.     Async Link: 0
  59.     State Protection: 0
  60.     Self preservation threshold: 50
  61.     Self preservation period: 90
  62.     Suspend threshold: 200
  63.     Suspend period: 30
  64.     Enforce TCP State: INACTIVE  
  65.     Midstream Drop Alerts: INACTIVE
  66.     Allow Blocking of TCP Sessions in Inline: ACTIVE
  67.     Server Data Inspection Limit: -1
  68. WARNING /etc/snort/snort.conf(408) => flush_behavior set in config file, using old static flushpoints (0)
  69. Stream4_reassemble config:
  70.     Server reassembly: INACTIVE
  71.     Client reassembly: ACTIVE
  72.     Reassembler alerts: ACTIVE
  73.     Zero out flushed packets: INACTIVE
  74.     Flush stream on alert: INACTIVE
  75.     flush_data_diff_size: 500
  76.     Reassembler Packet Preferance : Favor Old
  77.     Packet Sequence Overlap Limit: -1
  78.     Flush behavior: Small (<255 bytes)
  79.     Ports: 21 23 25 42 53 80 110 111 135 136 137 139 143 445 513 1433 1521 3306
  80.     Emergency Ports: 21 23 25 42 53 80 110 111 135 136 137 139 143 445 513 1433 1521 3306
  81. HttpInspect Config:
  82.     GLOBAL CONFIG
  83.       Max Pipeline Requests:    0
  84.       Inspection Type:          STATELESS
  85.       Detect Proxy Usage:       NO
  86.       IIS Unicode Map Filename: /etc/snort/unicode.map
  87.       IIS Unicode Map Codepage: 1252
  88.     DEFAULT SERVER CONFIG:
  89.       Server profile: All
  90.       Ports: 80 8080 8180
  91.       Flow Depth: 300
  92.       Max Chunk Length: 500000
  93.       Inspect Pipeline Requests: YES
  94.       URI Discovery Strict Mode: NO
  95.       Allow Proxy Usage: NO
  96.       Disable Alerting: NO
  97.       Oversize Dir Length: 500
  98.       Only inspect URI: NO
  99.       Ascii: YES alert: NO
  100.       Double Decoding: YES alert: YES
  101.       %U Encoding: YES alert: YES
  102.       Bare Byte: YES alert: YES
  103.       Base36: OFF
  104.       UTF 8: OFF
  105.       IIS Unicode: YES alert: YES
  106.       Multiple Slash: YES alert: NO
  107.       IIS Backslash: YES alert: NO
  108.       Directory Traversal: YES alert: NO
  109.       Web Root Traversal: YES alert: YES
  110.       Apache WhiteSpace: YES alert: NO
  111.       IIS Delimiter: YES alert: NO
  112.       IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
  113.       Non-RFC Compliant Characters: NONE
  114.       Whitespace Characters: 0x09 0x0b 0x0c 0x0d
  115. rpc_decode arguments:
  116.     Ports to decode RPC on: 111 32771
  117.     alert_fragments: INACTIVE
  118.     alert_large_fragments: ACTIVE
  119.     alert_incomplete: ACTIVE
  120.     alert_multiple_requests: ACTIVE
  121. Portscan Detection Config:
  122.     Detect Protocols:  TCP UDP ICMP IP
  123.     Detect Scan Type:  portscan portsweep decoy_portscan distributed_portscan
  124.     Sensitivity Level: Low
  125.     Memcap (in bytes): 10000000
  126.     Number of Nodes:   36900
  127.  
  128. 7211 Snort rules read...
  129. 7211 Option Chains linked into 250 Chain Headers
  130. 0 Dynamic rules
  131. +++++++++++++++++++++++++++++++++++++++++++++++++++
  132.  
  133. Tagged Packet Limit: 256
  134.  
  135. +-----------------------[thresholding-config]----------------------------------
  136. | memory-cap : 1048576 bytes
  137. +-----------------------[thresholding-global]----------------------------------
  138. | none
  139. +-----------------------[thresholding-local]-----------------------------------
  140. | gen-id=1      sig-id=3527       type=Limit     tracking=dst count=5   seconds=60
  141. | gen-id=1      sig-id=3273       type=Threshold tracking=src count=5   seconds=2  
  142. | gen-id=1      sig-id=2523       type=Both      tracking=dst count=10  seconds=10
  143. | gen-id=1      sig-id=2924       type=Threshold tracking=dst count=10  seconds=60
  144. | gen-id=1      sig-id=3152       type=Threshold tracking=src count=5   seconds=2  
  145. | gen-id=1      sig-id=3542       type=Threshold tracking=src count=5   seconds=2  
  146. | gen-id=1      sig-id=2275       type=Threshold tracking=dst count=5   seconds=60
  147. | gen-id=1      sig-id=2923       type=Threshold tracking=dst count=10  seconds=60
  148. | gen-id=1      sig-id=3543       type=Threshold tracking=src count=5   seconds=2  
  149. | gen-id=1      sig-id=4984       type=Threshold tracking=src count=5   seconds=2  
  150. +-----------------------[suppression]------------------------------------------
  151. | none
  152. -------------------------------------------------------------------------------
  153. Rule application order: ->activation->dynamic->pass->drop->alert->log
  154. Log directory = /var/log/snort
  155. Loading dynamic engine /usr/local/lib/snort_dynamicengine/libsf_engine.so... done
  156. Loading all dynamic preprocessor libs from /usr/local/lib/snort_dynamicpreprocessor/...
  157.   Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so... done
  158.   Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_dcerpc_preproc.so... done
  159.   Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so... done
  160.   Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so... done
  161.   Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so... done
  162.   Finished Loading all dynamic preprocessor libs from /usr/local/lib/snort_dynamicpreprocessor/
  163. FTPTelnet Config:
  164.     GLOBAL CONFIG
  165.       Inspection Type: stateful
  166.       Check for Encrypted Traffic: YES alert: YES
  167.       Continue to check encrypted data: NO
  168.     TELNET CONFIG:
  169.       Ports: 23
  170.       Are You There Threshold: 200
  171.       Normalize: YES
  172.       Detect Anomalies: NO
  173.     FTP CONFIG:
  174.       FTP Server: default
  175.         Ports: 21
  176.         Check for Telnet Cmds: YES alert: YES
  177.         Identify open data channels: YES
  178.       FTP Client: default
  179.         Check for Bounce Attacks: YES alert: YES
  180.         Check for Telnet Cmds: YES alert: YES
  181.         Max Response Length: 256
  182. SMTP Config:
  183.       Ports: 25
  184.       Inspection Type:            STATEFUL
  185.       Normalize Spaces:           YES
  186.       Ignore Data:                NO
  187.       Ignore TLS Data:            NO
  188.       Ignore Alerts:              NO
  189.       Max Command Length:         0
  190.       Max Header Line Length:     0
  191.       Max Response Line Length:   0
  192.       X-Link2State Alert:         YES
  193.       Drop on X-Link2State Alert: NO
  194. DNS config:
  195.     DNS Client rdata txt Overflow Alert: ACTIVE
  196.     Obsolete DNS RR Types Alert: INACTIVE
  197.     Experimental DNS RR Types Alert: INACTIVE
  198.     Ports: 53
  199. Verifying Preprocessor Configurations!
  200. Warning: flowbits key 'mspub_header' is set but not ever checked.
  201. Warning: flowbits key 'mssearch_file.request' is set but not ever checked.
  202. Warning: flowbits key 'sylk.download' is set but not ever checked.
  203. Warning: flowbits key 'access.download' is set but not ever checked.
  204. Warning: flowbits key 'emf.request' is set but not ever checked.
  205. Warning: flowbits key 'works.download' is set but not ever checked.
  206. Warning: flowbits key 'dce.mqqm.bind' is set but not ever checked.
  207. 59 out of 512 flowbits in use.
  208. TCPDUMP file reading mode.
  209. Reading network traffic from "hp0_130.pcap" file.
  210. snaplen = 65535
  211. database: compiled support for ( mysql )
  212. database: configured to use mysql
  213. database:          user = root
  214. database: password is set
  215. database: database name = db
  216. database:          host = localhost
  217. database:   sensor name = sunflower:[reading from a file]
  218. ERROR: database: mysql_error: Access denied for user 'root'@'localhost' (using password: YES)
  219. Fatal Error, Quitting..
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top