Guest User

Untitled

a guest
Jan 18th, 2019
126
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. [root@sunflower student]# /usr/local/bin/snort -r hp0_130.pcap -c /etc/snort/snort.conf
  2. Running in IDS mode
  3.  
  4. --== Initializing Snort ==--
  5. Initializing Output Plugins!
  6. Initializing Preprocessors!
  7. Initializing Plug-ins!
  8. Parsing Rules file /etc/snort/snort.conf
  9.  
  10. +++++++++++++++++++++++++++++++++++++++++++++++++++
  11. Initializing rule chains...
  12. Var 'EXTERNAL_NET' defined, value len = 3 chars, value = any
  13. Var 'DNS_SERVERS' defined, value len = 3 chars, value = any
  14. Var 'SMTP_SERVERS' defined, value len = 3 chars, value = any
  15. Var 'HTTP_SERVERS' defined, value len = 3 chars, value = any
  16. Var 'SQL_SERVERS' defined, value len = 3 chars, value = any
  17. Var 'TELNET_SERVERS' defined, value len = 3 chars, value = any
  18. Var 'SNMP_SERVERS' defined, value len = 3 chars, value = any
  19. Var 'HTTP_PORTS' defined, value len = 2 chars, value = 80
  20. Var 'SHELLCODE_PORTS' defined, value len = 3 chars, value = !80
  21. Var 'ORACLE_PORTS' defined, value len = 4 chars, value = 1521
  22. Var 'AIM_SERVERS' defined, value len = 185 chars
  23. [64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9
  24. .0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24]
  25. Var 'RULE_PATH' defined, value len = 16 chars, value = /etc/snort/rules
  26. Detection:
  27. Search-Method = Low-Mem
  28. ,-----------[Flow Config]----------------------
  29. | Stats Interval: 0
  30. | Hash Method: 2
  31. | Memcap: 10485760
  32. | Rows : 4099
  33. | Overhead Bytes: 16400(%0.16)
  34. `----------------------------------------------
  35. Frag3 global config:
  36. Max frags: 65536
  37. Fragment memory cap: 4194304 bytes
  38. Frag3 engine config:
  39. Target-based policy: FIRST
  40. Fragment timeout: 60 seconds
  41. Fragment min_ttl: 1
  42. Fragment ttl_limit: 5
  43. Fragment Problems: 1
  44. Bound Addresses: 0.0.0.0/0.0.0.0
  45. Stream4 config:
  46. Stateful inspection: ACTIVE
  47. Session statistics: INACTIVE
  48. Session timeout: 30 seconds
  49. Session memory cap: 8388608 bytes
  50. Session count max: 8192 sessions
  51. Session cleanup count: 5
  52. State alerts: INACTIVE
  53. Evasion alerts: INACTIVE
  54. Scan alerts: INACTIVE
  55. Log Flushed Streams: INACTIVE
  56. MinTTL: 1
  57. TTL Limit: 5
  58. Async Link: 0
  59. State Protection: 0
  60. Self preservation threshold: 50
  61. Self preservation period: 90
  62. Suspend threshold: 200
  63. Suspend period: 30
  64. Enforce TCP State: INACTIVE
  65. Midstream Drop Alerts: INACTIVE
  66. Allow Blocking of TCP Sessions in Inline: ACTIVE
  67. Server Data Inspection Limit: -1
  68. WARNING /etc/snort/snort.conf(408) => flush_behavior set in config file, using old static flushpoints (0)
  69. Stream4_reassemble config:
  70. Server reassembly: INACTIVE
  71. Client reassembly: ACTIVE
  72. Reassembler alerts: ACTIVE
  73. Zero out flushed packets: INACTIVE
  74. Flush stream on alert: INACTIVE
  75. flush_data_diff_size: 500
  76. Reassembler Packet Preferance : Favor Old
  77. Packet Sequence Overlap Limit: -1
  78. Flush behavior: Small (<255 bytes)
  79. Ports: 21 23 25 42 53 80 110 111 135 136 137 139 143 445 513 1433 1521 3306
  80. Emergency Ports: 21 23 25 42 53 80 110 111 135 136 137 139 143 445 513 1433 1521 3306
  81. HttpInspect Config:
  82. GLOBAL CONFIG
  83. Max Pipeline Requests: 0
  84. Inspection Type: STATELESS
  85. Detect Proxy Usage: NO
  86. IIS Unicode Map Filename: /etc/snort/unicode.map
  87. IIS Unicode Map Codepage: 1252
  88. DEFAULT SERVER CONFIG:
  89. Server profile: All
  90. Ports: 80 8080 8180
  91. Flow Depth: 300
  92. Max Chunk Length: 500000
  93. Inspect Pipeline Requests: YES
  94. URI Discovery Strict Mode: NO
  95. Allow Proxy Usage: NO
  96. Disable Alerting: NO
  97. Oversize Dir Length: 500
  98. Only inspect URI: NO
  99. Ascii: YES alert: NO
  100. Double Decoding: YES alert: YES
  101. %U Encoding: YES alert: YES
  102. Bare Byte: YES alert: YES
  103. Base36: OFF
  104. UTF 8: OFF
  105. IIS Unicode: YES alert: YES
  106. Multiple Slash: YES alert: NO
  107. IIS Backslash: YES alert: NO
  108. Directory Traversal: YES alert: NO
  109. Web Root Traversal: YES alert: YES
  110. Apache WhiteSpace: YES alert: NO
  111. IIS Delimiter: YES alert: NO
  112. IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
  113. Non-RFC Compliant Characters: NONE
  114. Whitespace Characters: 0x09 0x0b 0x0c 0x0d
  115. rpc_decode arguments:
  116. Ports to decode RPC on: 111 32771
  117. alert_fragments: INACTIVE
  118. alert_large_fragments: ACTIVE
  119. alert_incomplete: ACTIVE
  120. alert_multiple_requests: ACTIVE
  121. Portscan Detection Config:
  122. Detect Protocols: TCP UDP ICMP IP
  123. Detect Scan Type: portscan portsweep decoy_portscan distributed_portscan
  124. Sensitivity Level: Low
  125. Memcap (in bytes): 10000000
  126. Number of Nodes: 36900
  127.  
  128. 7211 Snort rules read...
  129. 7211 Option Chains linked into 250 Chain Headers
  130. 0 Dynamic rules
  131. +++++++++++++++++++++++++++++++++++++++++++++++++++
  132.  
  133. Tagged Packet Limit: 256
  134.  
  135. +-----------------------[thresholding-config]----------------------------------
  136. | memory-cap : 1048576 bytes
  137. +-----------------------[thresholding-global]----------------------------------
  138. | none
  139. +-----------------------[thresholding-local]-----------------------------------
  140. | gen-id=1 sig-id=3527 type=Limit tracking=dst count=5 seconds=60
  141. | gen-id=1 sig-id=3273 type=Threshold tracking=src count=5 seconds=2
  142. | gen-id=1 sig-id=2523 type=Both tracking=dst count=10 seconds=10
  143. | gen-id=1 sig-id=2924 type=Threshold tracking=dst count=10 seconds=60
  144. | gen-id=1 sig-id=3152 type=Threshold tracking=src count=5 seconds=2
  145. | gen-id=1 sig-id=3542 type=Threshold tracking=src count=5 seconds=2
  146. | gen-id=1 sig-id=2275 type=Threshold tracking=dst count=5 seconds=60
  147. | gen-id=1 sig-id=2923 type=Threshold tracking=dst count=10 seconds=60
  148. | gen-id=1 sig-id=3543 type=Threshold tracking=src count=5 seconds=2
  149. | gen-id=1 sig-id=4984 type=Threshold tracking=src count=5 seconds=2
  150. +-----------------------[suppression]------------------------------------------
  151. | none
  152. -------------------------------------------------------------------------------
  153. Rule application order: ->activation->dynamic->pass->drop->alert->log
  154. Log directory = /var/log/snort
  155. Loading dynamic engine /usr/local/lib/snort_dynamicengine/libsf_engine.so... done
  156. Loading all dynamic preprocessor libs from /usr/local/lib/snort_dynamicpreprocessor/...
  157. Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so... done
  158. Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_dcerpc_preproc.so... done
  159. Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so... done
  160. Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so... done
  161. Loading dynamic preprocessor library /usr/local/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so... done
  162. Finished Loading all dynamic preprocessor libs from /usr/local/lib/snort_dynamicpreprocessor/
  163. FTPTelnet Config:
  164. GLOBAL CONFIG
  165. Inspection Type: stateful
  166. Check for Encrypted Traffic: YES alert: YES
  167. Continue to check encrypted data: NO
  168. TELNET CONFIG:
  169. Ports: 23
  170. Are You There Threshold: 200
  171. Normalize: YES
  172. Detect Anomalies: NO
  173. FTP CONFIG:
  174. FTP Server: default
  175. Ports: 21
  176. Check for Telnet Cmds: YES alert: YES
  177. Identify open data channels: YES
  178. FTP Client: default
  179. Check for Bounce Attacks: YES alert: YES
  180. Check for Telnet Cmds: YES alert: YES
  181. Max Response Length: 256
  182. SMTP Config:
  183. Ports: 25
  184. Inspection Type: STATEFUL
  185. Normalize Spaces: YES
  186. Ignore Data: NO
  187. Ignore TLS Data: NO
  188. Ignore Alerts: NO
  189. Max Command Length: 0
  190. Max Header Line Length: 0
  191. Max Response Line Length: 0
  192. X-Link2State Alert: YES
  193. Drop on X-Link2State Alert: NO
  194. DNS config:
  195. DNS Client rdata txt Overflow Alert: ACTIVE
  196. Obsolete DNS RR Types Alert: INACTIVE
  197. Experimental DNS RR Types Alert: INACTIVE
  198. Ports: 53
  199. Verifying Preprocessor Configurations!
  200. Warning: flowbits key 'mspub_header' is set but not ever checked.
  201. Warning: flowbits key 'mssearch_file.request' is set but not ever checked.
  202. Warning: flowbits key 'sylk.download' is set but not ever checked.
  203. Warning: flowbits key 'access.download' is set but not ever checked.
  204. Warning: flowbits key 'emf.request' is set but not ever checked.
  205. Warning: flowbits key 'works.download' is set but not ever checked.
  206. Warning: flowbits key 'dce.mqqm.bind' is set but not ever checked.
  207. 59 out of 512 flowbits in use.
  208. TCPDUMP file reading mode.
  209. Reading network traffic from "hp0_130.pcap" file.
  210. snaplen = 65535
  211. database: compiled support for ( mysql )
  212. database: configured to use mysql
  213. database: user = root
  214. database: password is set
  215. database: database name = db
  216. database: host = localhost
  217. database: sensor name = sunflower:[reading from a file]
  218. ERROR: database: mysql_error: Access denied for user 'root'@'localhost' (using password: YES)
  219. Fatal Error, Quitting..
RAW Paste Data