Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Jul 29 16:33:46 ipfire suricata: [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3(s) support is not enabled
- Jul 29 16:33:46 ipfire suricata: [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET JA3 Hash - Suspected Cobalt Strike Malleable C2 (ja3s) M1"; flow:established,from_server; ja3s.hash; content:"649d6810e8392f63dc311eecb6b7098b"; tls.cert_subject; content:!"servicebus.windows.net"; flowbits:isset,ET.cobaltstrike.ja3; metadata: former_category JA3; classtype:command-and-control; sid:2028832; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_10_15, malware_family Cobalt_Strike, updated_at 2019_10_15;)" from file /var/lib/suricata/emerging-ja3.rules at line 43
- Jul 29 16:33:47 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=136 TOS=0x00 PREC=0x00 TTL=63 ID=7239 DF PROTO=TCP SPT=34200 DPT=443 WINDOW=4976 RES=0x00 ACK PSH URGP=0
- Jul 29 16:33:52 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=136 TOS=0x00 PREC=0x00 TTL=63 ID=7240 DF PROTO=TCP SPT=34200 DPT=443 WINDOW=4976 RES=0x00 ACK PSH URGP=0
- Jul 29 16:34:01 ipfire unbound: [9800:0] error: SERVFAIL <google.com. A IN>: all the configured stub or forward servers failed, at zone .
- Jul 29 16:34:01 ipfire unbound: [9800:0] error: SERVFAIL <google.com.home. A IN>: all the configured stub or forward servers failed, at zone .
- Jul 29 16:34:01 ipfire dhcpcd[24539]: sending signal ALRM to pid 23749
- Jul 29 16:34:01 ipfire dhcpcd[24539]: waiting for pid 23749 to exit
- Jul 29 16:34:01 ipfire dhcpcd[23749]: received SIGALRM, releasing
- Jul 29 16:34:01 ipfire dhcpcd[23749]: red0: removing interface
- Jul 29 16:34:01 ipfire dhcpcd[23749]: red0: releasing lease of 192.168.1.2
- Jul 29 16:34:01 ipfire dhcpcd[23749]: red0: deleting route to 192.168.1.0/24
- Jul 29 16:34:01 ipfire dhcpcd[23749]: red0: deleting default route via 192.168.1.1
- Jul 29 16:34:01 ipfire kernel: red0 ate my IP address
- Jul 29 16:34:01 ipfire dhcpcd.exe[24540]: red0 has been brought down (STOP)
- Jul 29 16:34:01 ipfire dhcpcd[23749]: dhcpcd exited
- Jul 29 16:34:03 ipfire kernel: 8021q: adding VLAN 0 to HW filter on device red0
- Jul 29 16:34:03 ipfire dhcpcd[24817]: dhcpcd-9.1.2 starting
- Jul 29 16:34:03 ipfire dhcpcd[24819]: DUID 00:04:50:fd:87:0c:e4:4d:4b:19:8b:bf:03:6d:e8:bc:e8:df
- Jul 29 16:34:03 ipfire dhcpcd[24819]: red0: waiting for carrier
- Jul 29 16:34:04 ipfire ntpd[2552]: Deleting interface #180 red0, 192.168.1.2#123, interface stats: received=0, sent=0, dropped=0, active_time=46 secs
- Jul 29 16:34:06 ipfire dhcpcd[24819]: red0: carrier acquired
- Jul 29 16:34:06 ipfire kernel: igb 0000:04:00.1 red0: igb: red0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX
- Jul 29 16:34:06 ipfire dhcpcd[24819]: red0: IAID ed:88:32:68
- Jul 29 16:34:06 ipfire dhcpcd[24819]: red0: adding address fe80::2e0:edff:fe88:3268
- Jul 29 16:34:06 ipfire dhcpcd[24819]: ipv6_addaddr1: Permission denied
- Jul 29 16:34:06 ipfire dhcpcd[24819]: red0: soliciting an IPv6 router
- Jul 29 16:34:07 ipfire dhcpcd[24819]: red0: soliciting a DHCP lease
- Jul 29 16:34:07 ipfire dhcpcd[24819]: red0: offered 192.168.1.2 from 192.168.1.1
- Jul 29 16:34:07 ipfire dhcpcd[24819]: red0: probing address 192.168.1.2/24
- Jul 29 16:34:12 ipfire dhcpcd[24819]: red0: leased 192.168.1.2 for 3600 seconds
- Jul 29 16:34:12 ipfire dhcpcd[24819]: red0: adding route to 192.168.1.0/24
- Jul 29 16:34:12 ipfire dhcpcd[24819]: red0: adding default route via 192.168.1.1
- Jul 29 16:34:12 ipfire dhcpcd.exe[24858]: red0 has been (re)configured with IP=192.168.1.2
- Jul 29 16:34:14 ipfire ntpd[2552]: Listen normally on 181 red0 192.168.1.2:123
- Jul 29 16:34:14 ipfire ntpd[2552]: new interface(s) found: waking up resolver
- Jul 29 16:34:17 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.1.195 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=24928 DF PROTO=TCP SPT=50552 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
- Jul 29 16:34:23 ipfire suricata: This is Suricata version 5.0.3 RELEASE running in SYSTEM mode
- Jul 29 16:34:23 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.12.157 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=48716 DF PROTO=TCP SPT=56394 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
- Jul 29 16:34:23 ipfire suricata: [ERRCODE: SC_WARN_NO_STATS_LOGGERS(261)] - stats are enabled but no loggers are active
- Jul 29 16:34:23 ipfire suricata: all 8 packet processing threads, 2 management threads initialized, engine started.
- Jul 29 16:34:23 ipfire suricata: rule reload starting
- Jul 29 16:34:24 ipfire unbound: [9800:0] info: service stopped (unbound 1.10.1).
- Jul 29 16:34:24 ipfire unbound: [9800:0] info: server stats for thread 0: 30 queries, 21 answers from cache, 9 recursions, 0 prefetch, 0 rejected by ip ratelimiting
- Jul 29 16:34:24 ipfire unbound: [9800:0] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
- Jul 29 16:34:24 ipfire unbound: [9800:0] info: average recursion processing time 0.000000 sec
- Jul 29 16:34:24 ipfire unbound: [9800:0] info: histogram of recursion processing times
- Jul 29 16:34:24 ipfire unbound: [9800:0] info: [25%]=2.5e-07 median[50%]=5e-07 [75%]=7.5e-07
- Jul 29 16:34:24 ipfire unbound: [9800:0] info: lower(secs) upper(secs) recursions
- Jul 29 16:34:24 ipfire unbound: [9800:0] info: 0.000000 0.000001 9
- Jul 29 16:34:24 ipfire unbound: [9800:0] notice: Restart of unbound 1.10.1.
- Jul 29 16:34:24 ipfire unbound: [9800:0] notice: init module 0: validator
- Jul 29 16:34:24 ipfire unbound: [9800:0] notice: init module 1: iterator
- Jul 29 16:34:24 ipfire unbound: [9800:0] info: start of service (unbound 1.10.1).
- Jul 29 16:34:24 ipfire unbound: [9800:0] error: SERVFAIL <ping.ipfire.org. A IN>: all the configured stub or forward servers failed, at zone .
- Jul 29 16:34:29 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=5.255.255.55 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=40055 DF PROTO=TCP SPT=35754 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
- Jul 29 16:34:30 ipfire ntpdate[25138]: adjust time server 81.3.27.46 offset +0.018871 sec
- Jul 29 16:34:30 ipfire ipfire: NTP synchronisation
- Jul 29 16:34:33 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=01:00:5e:00:00:01:0c:b6:d2:e7:6e:69:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
- Jul 29 16:34:38 ipfire pakfire: PAKFIRE INFO: IPFire Pakfire 2.25.1 started!
- Jul 29 16:34:38 ipfire pakfire: MIRROR INFO: server-list.db is 6722 seconds old. - DEBUG: force
- Jul 29 16:34:38 ipfire pakfire: DOWNLOAD STARTED: 2.25.1/lists/server-list.db
- Jul 29 16:34:38 ipfire pakfire: DOWNLOAD INFO: Host: pakfire.ipfire.org (HTTPS) - File: 2.25.1/lists/server-list.db
- Jul 29 16:34:39 ipfire unbound: [9800:0] error: SERVFAIL <pakfire.ipfire.org. A IN>: all the configured stub or forward servers failed, at zone .
- Jul 29 16:34:39 ipfire unbound: [9800:0] error: SERVFAIL <pakfire.ipfire.org.home. A IN>: all the configured stub or forward servers failed, at zone .
- Jul 29 16:34:39 ipfire pakfire: DOWNLOAD INFO: 2.25.1/lists/server-list.db has size of bytes
- Jul 29 16:34:39 ipfire pakfire: DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't connect to pakfire.ipfire.org:443 (Name or service not known)
- Jul 29 16:34:39 ipfire pakfire: Giving up: There was no chance to get the file 2.25.1/lists/server-list.db from any available server. There was an error on the way. Please fix it.
- Jul 29 16:34:39 ipfire pakfire: DB INFO: packages_list.db is 6722 seconds old. - DEBUG: force
- Jul 29 16:34:39 ipfire pakfire: DOWNLOAD STARTED: lists/packages_list.db
- Jul 29 16:34:39 ipfire pakfire: MIRROR INFO: 2 servers found in list
- Jul 29 16:34:39 ipfire pakfire: DOWNLOAD INFO: Host: ipfire.earl-net.com (HTTPS) - File: pakfire2/2.25.1/lists/packages_list.db
- Jul 29 16:34:39 ipfire unbound: [9800:0] error: SERVFAIL <ipfire.earl-net.com. A IN>: all the configured stub or forward servers failed, at zone .
- Jul 29 16:34:39 ipfire unbound: [9800:0] error: SERVFAIL <ipfire.earl-net.com.home. A IN>: all the configured stub or forward servers failed, at zone .
- Jul 29 16:34:39 ipfire pakfire: DOWNLOAD INFO: pakfire2/2.25.1/lists/packages_list.db has size of bytes
- Jul 29 16:34:39 ipfire pakfire: DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't connect to ipfire.earl-net.com:443 (Name or service not known)
- Jul 29 16:34:39 ipfire pakfire: Giving up: There was no chance to get the file lists/packages_list.db from any available server. There was an error on the way. Please fix it.
- Jul 29 16:34:39 ipfire pakfire: CORE INFO: core-list.db is 6720 seconds old. - DEBUG: force
- Jul 29 16:34:39 ipfire pakfire: DOWNLOAD STARTED: lists/core-list.db
- Jul 29 16:34:39 ipfire pakfire: MIRROR INFO: 2 servers found in list
- Jul 29 16:34:39 ipfire pakfire: DOWNLOAD INFO: Host: mirror1.ipfire.org (HTTPS) - File: pakfire2/2.25.1/lists/core-list.db
- Jul 29 16:34:39 ipfire unbound: [9800:0] error: SERVFAIL <mirror1.ipfire.org. A IN>: all the configured stub or forward servers failed, at zone .
- Jul 29 16:34:39 ipfire unbound: [9800:0] error: SERVFAIL <mirror1.ipfire.org.home. A IN>: all the configured stub or forward servers failed, at zone .
- Jul 29 16:34:39 ipfire pakfire: DOWNLOAD INFO: pakfire2/2.25.1/lists/core-list.db has size of bytes
- Jul 29 16:34:39 ipfire pakfire: DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't connect to mirror1.ipfire.org:443 (Name or service not known)
- Jul 29 16:34:39 ipfire pakfire: Giving up: There was no chance to get the file lists/core-list.db from any available server. There was an error on the way. Please fix it.
- Jul 29 16:34:39 ipfire pakfire: PAKFIRE INFO: Pakfire has finished. Closing.
- Jul 29 16:34:40 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=48070 DF PROTO=TCP SPT=34602 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
- Jul 29 16:34:42 ipfire suricata: [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3 support is not enabled
- Jul 29 16:34:42 ipfire suricata: [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET JA3 Hash - Suspected Cobalt Strike Malleable C2 M1 (set)"; flow:established,to_server; ja3.hash; content:"eb88d0b3e1961a0562f006e5ce2a0b87"; ja3.string; content:"771,49192-49191-49172-49171"; flowbits:set,ET.cobaltstrike.ja3; flowbits:noalert; metadata: former_category JA3; classtype:command-and-control; sid:2028831; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_10_15, malware_family Cobalt_Strike, updated_at 2019_10_15;)" from file /var/lib/suricata/emerging-ja3.rules at line 41
- Jul 29 16:34:42 ipfire suricata: [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3(s) support is not enabled
- Jul 29 16:34:42 ipfire suricata: [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET JA3 Hash - Suspected Cobalt Strike Malleable C2 (ja3s) M1"; flow:established,from_server; ja3s.hash; content:"649d6810e8392f63dc311eecb6b7098b"; tls.cert_subject; content:!"servicebus.windows.net"; flowbits:isset,ET.cobaltstrike.ja3; metadata: former_category JA3; classtype:command-and-control; sid:2028832; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_10_15, malware_family Cobalt_Strike, updated_at 2019_10_15;)" from file /var/lib/suricata/emerging-ja3.rules at line 43
- Jul 29 16:35:01 ipfire unbound: [9800:0] error: SERVFAIL <google.com. A IN>: all the configured stub or forward servers failed, at zone .
- Jul 29 16:35:01 ipfire unbound: [9800:0] error: SERVFAIL <google.com.home. A IN>: all the configured stub or forward servers failed, at zone .
- Jul 29 16:35:01 ipfire dhcpcd[25644]: sending signal ALRM to pid 24819
- Jul 29 16:35:01 ipfire dhcpcd[25644]: waiting for pid 24819 to exit
- Jul 29 16:35:01 ipfire dhcpcd[24819]: received SIGALRM, releasing
- Jul 29 16:35:01 ipfire dhcpcd[24819]: red0: removing interface
- Jul 29 16:35:01 ipfire dhcpcd[24819]: red0: releasing lease of 192.168.1.2
- Jul 29 16:35:01 ipfire kernel: red0 ate my IP address
- Jul 29 16:35:01 ipfire dhcpcd[24819]: red0: deleting route to 192.168.1.0/24
- Jul 29 16:35:01 ipfire dhcpcd[24819]: red0: deleting default route via 192.168.1.1
- Jul 29 16:35:01 ipfire dhcpcd.exe[25645]: red0 has been brought down (STOP)
- Jul 29 16:35:01 ipfire dhcpcd[24819]: dhcpcd exited
- Jul 29 16:35:03 ipfire kernel: 8021q: adding VLAN 0 to HW filter on device red0
- Jul 29 16:35:03 ipfire dhcpcd[25946]: dhcpcd-9.1.2 starting
- Jul 29 16:35:03 ipfire dhcpcd[25948]: DUID 00:04:50:fd:87:0c:e4:4d:4b:19:8b:bf:03:6d:e8:bc:e8:df
- Jul 29 16:35:03 ipfire dhcpcd[25948]: red0: waiting for carrier
- Jul 29 16:35:04 ipfire ntpd[2552]: Deleting interface #181 red0, 192.168.1.2#123, interface stats: received=0, sent=0, dropped=0, active_time=50 secs
- Jul 29 16:35:06 ipfire dhcpcd[25948]: red0: carrier acquired
- Jul 29 16:35:06 ipfire kernel: igb 0000:04:00.1 red0: igb: red0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX
- Jul 29 16:35:06 ipfire dhcpcd[25948]: red0: IAID ed:88:32:68
- Jul 29 16:35:06 ipfire dhcpcd[25948]: red0: adding address fe80::2e0:edff:fe88:3268
- Jul 29 16:35:06 ipfire dhcpcd[25948]: ipv6_addaddr1: Permission denied
- Jul 29 16:35:06 ipfire dhcpcd[25948]: red0: soliciting an IPv6 router
- Jul 29 16:35:06 ipfire dhcpcd[25948]: red0: soliciting a DHCP lease
- Jul 29 16:35:10 ipfire dhcpcd[25948]: red0: offered 192.168.1.2 from 192.168.1.1
- Jul 29 16:35:10 ipfire dhcpcd[25948]: red0: probing address 192.168.1.2/24
- Jul 29 16:35:15 ipfire dhcpcd[25948]: red0: leased 192.168.1.2 for 3600 seconds
- Jul 29 16:35:15 ipfire dhcpcd[25948]: red0: adding route to 192.168.1.0/24
- Jul 29 16:35:15 ipfire dhcpcd[25948]: red0: adding default route via 192.168.1.1
- Jul 29 16:35:15 ipfire dhcpcd.exe[25987]: red0 has been (re)configured with IP=192.168.1.2
- Jul 29 16:35:16 ipfire ntpd[2552]: Listen normally on 182 red0 192.168.1.2:123
- Jul 29 16:35:16 ipfire ntpd[2552]: new interface(s) found: waking up resolver
- Jul 29 16:35:25 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=48071 DF PROTO=TCP SPT=34602 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
- Jul 29 16:35:26 ipfire suricata: This is Suricata version 5.0.3 RELEASE running in SYSTEM mode
- Jul 29 16:35:26 ipfire suricata: [ERRCODE: SC_WARN_NO_STATS_LOGGERS(261)] - stats are enabled but no loggers are active
- Jul 29 16:35:26 ipfire suricata: all 8 packet processing threads, 2 management threads initialized, engine started.
- Jul 29 16:35:26 ipfire suricata: rule reload starting
- Jul 29 16:35:26 ipfire unbound: [9800:0] info: service stopped (unbound 1.10.1).
- Jul 29 16:35:26 ipfire unbound: [9800:0] info: server stats for thread 0: 30 queries, 21 answers from cache, 9 recursions, 0 prefetch, 0 rejected by ip ratelimiting
- Jul 29 16:35:26 ipfire unbound: [9800:0] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
- Jul 29 16:35:26 ipfire unbound: [9800:0] info: average recursion processing time 0.000000 sec
- Jul 29 16:35:26 ipfire unbound: [9800:0] info: histogram of recursion processing times
- Jul 29 16:35:26 ipfire unbound: [9800:0] info: [25%]=2.5e-07 median[50%]=5e-07 [75%]=7.5e-07
- Jul 29 16:35:26 ipfire unbound: [9800:0] info: lower(secs) upper(secs) recursions
- Jul 29 16:35:26 ipfire unbound: [9800:0] info: 0.000000 0.000001 9
- Jul 29 16:35:26 ipfire unbound: [9800:0] notice: Restart of unbound 1.10.1.
- Jul 29 16:35:26 ipfire unbound: [9800:0] notice: init module 0: validator
- Jul 29 16:35:26 ipfire unbound: [9800:0] notice: init module 1: iterator
- Jul 29 16:35:26 ipfire unbound: [9800:0] info: start of service (unbound 1.10.1).
- Jul 29 16:35:42 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.1.195 LEN=210 TOS=0x00 PREC=0x00 TTL=63 ID=24930 DF PROTO=TCP SPT=50552 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
- Jul 29 16:35:42 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.1.195 LEN=98 TOS=0x00 PREC=0x00 TTL=63 ID=24931 DF PROTO=TCP SPT=50552 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
- Jul 29 16:35:42 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.1.195 LEN=98 TOS=0x00 PREC=0x00 TTL=63 ID=24932 DF PROTO=TCP SPT=50552 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
- Jul 29 16:35:42 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.1.195 LEN=256 TOS=0x00 PREC=0x00 TTL=63 ID=24933 DF PROTO=TCP SPT=50552 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
- Jul 29 16:35:43 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.1.195 LEN=256 TOS=0x00 PREC=0x00 TTL=63 ID=24934 DF PROTO=TCP SPT=50552 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
- Jul 29 16:35:44 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.1.195 LEN=256 TOS=0x00 PREC=0x00 TTL=63 ID=24935 DF PROTO=TCP SPT=50552 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
- Jul 29 16:35:45 ipfire suricata: [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3 support is not enabled
- Jul 29 16:35:45 ipfire suricata: [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET JA3 Hash - Suspected Cobalt Strike Malleable C2 M1 (set)"; flow:established,to_server; ja3.hash; content:"eb88d0b3e1961a0562f006e5ce2a0b87"; ja3.string; content:"771,49192-49191-49172-49171"; flowbits:set,ET.cobaltstrike.ja3; flowbits:noalert; metadata: former_category JA3; classtype:command-and-control; sid:2028831; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_10_15, malware_family Cobalt_Strike, updated_at 2019_10_15;)" from file /var/lib/suricata/emerging-ja3.rules at line 41
- Jul 29 16:35:45 ipfire suricata: [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3(s) support is not enabled
- Jul 29 16:35:45 ipfire suricata: [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET JA3 Hash - Suspected Cobalt Strike Malleable C2 (ja3s) M1"; flow:established,from_server; ja3s.hash; content:"649d6810e8392f63dc311eecb6b7098b"; tls.cert_subject; content:!"servicebus.windows.net"; flowbits:isset,ET.cobaltstrike.ja3; metadata: former_category JA3; classtype:command-and-control; sid:2028832; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_10_15, malware_family Cobalt_Strike, updated_at 2019_10_15;)" from file /var/lib/suricata/emerging-ja3.rules at line 43
- Jul 29 16:35:46 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.1.195 LEN=256 TOS=0x00 PREC=0x00 TTL=63 ID=24936 DF PROTO=TCP SPT=50552 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
- Jul 29 16:35:51 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.1.195 LEN=256 TOS=0x00 PREC=0x00 TTL=63 ID=24937 DF PROTO=TCP SPT=50552 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
- Jul 29 16:35:53 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.12.157 LEN=121 TOS=0x00 PREC=0x00 TTL=63 ID=48718 DF PROTO=TCP SPT=56394 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
- Jul 29 16:35:53 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.12.157 LEN=98 TOS=0x00 PREC=0x00 TTL=63 ID=48719 DF PROTO=TCP SPT=56394 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
- Jul 29 16:35:53 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.12.157 LEN=98 TOS=0x00 PREC=0x00 TTL=63 ID=48720 DF PROTO=TCP SPT=56394 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
- Jul 29 16:35:53 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.12.157 LEN=167 TOS=0x00 PREC=0x00 TTL=63 ID=48721 DF PROTO=TCP SPT=56394 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
- Jul 29 16:35:54 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.12.157 LEN=167 TOS=0x00 PREC=0x00 TTL=63 ID=48722 DF PROTO=TCP SPT=56394 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
- Jul 29 16:35:55 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.12.157 LEN=167 TOS=0x00 PREC=0x00 TTL=63 ID=48723 DF PROTO=TCP SPT=56394 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
- Jul 29 16:35:58 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.12.157 LEN=167 TOS=0x00 PREC=0x00 TTL=63 ID=48724 DF PROTO=TCP SPT=56394 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
- Jul 29 16:36:00 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=5.255.255.55 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=40057 DF PROTO=TCP SPT=35754 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
- Jul 29 16:36:03 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.12.157 LEN=167 TOS=0x00 PREC=0x00 TTL=63 ID=48725 DF PROTO=TCP SPT=56394 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
- Jul 29 16:36:04 ipfire pakfire: PAKFIRE INFO: IPFire Pakfire 2.25.1 started!
- Jul 29 16:36:04 ipfire pakfire: MIRROR INFO: server-list.db is 6808 seconds old. - DEBUG: force
- Jul 29 16:36:04 ipfire pakfire: DOWNLOAD STARTED: 2.25.1/lists/server-list.db
- Jul 29 16:36:04 ipfire pakfire: DOWNLOAD INFO: Host: pakfire.ipfire.org (HTTPS) - File: 2.25.1/lists/server-list.db
- Jul 29 16:36:10 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=48072 DF PROTO=TCP SPT=34602 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
- Jul 29 16:36:14 ipfire unbound: [9800:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
- Jul 29 16:36:24 ipfire pakfire: DOWNLOAD INFO: 2.25.1/lists/server-list.db has size of bytes
- Jul 29 16:36:34 ipfire pakfire: DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't connect to pakfire.ipfire.org:443 (Name or service not known)
- Jul 29 16:36:34 ipfire pakfire: Giving up: There was no chance to get the file 2.25.1/lists/server-list.db from any available server. There was an error on the way. Please fix it.
- Jul 29 16:36:34 ipfire pakfire: DB INFO: packages_list.db is 6837 seconds old. - DEBUG: force
- Jul 29 16:36:34 ipfire pakfire: DOWNLOAD STARTED: lists/packages_list.db
- Jul 29 16:36:34 ipfire pakfire: MIRROR INFO: 2 servers found in list
- Jul 29 16:36:34 ipfire pakfire: DOWNLOAD INFO: Host: mirror1.ipfire.org (HTTPS) - File: pakfire2/2.25.1/lists/packages_list.db
- Jul 29 16:36:38 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=01:00:5e:00:00:01:0c:b6:d2:e7:6e:69:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
- Jul 29 16:36:44 ipfire pakfire: DOWNLOAD INFO: pakfire2/2.25.1/lists/packages_list.db has size of bytes
- Jul 29 16:36:45 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=5.255.255.55 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=40058 DF PROTO=TCP SPT=35754 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
- Jul 29 16:36:52 ipfire pakfire: DOWNLOAD INFO: HTTP-Status-Code: 200 - 200 OK
- Jul 29 16:36:52 ipfire pakfire: DOWNLOAD INFO: File received. Start checking signature...
- Jul 29 16:36:52 ipfire pakfire: DOWNLOAD ERROR: The downloaded file (pakfire2/2.25.1/lists/packages_list.db) wasn't verified by IPFire.org. Sorry - Exiting...
- Jul 29 16:36:53 ipfire pakfire: TIME INFO: Time Server 213.172.105.106 has -0.004369 sec offset to localtime.
- Jul 29 16:36:55 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=48073 DF PROTO=TCP SPT=34602 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
- Jul 29 16:37:25 ipfire suricata: rule reload complete
- Jul 29 16:37:25 ipfire suricata: Signature(s) loaded, Detect thread(s) activated.
- Jul 29 16:37:40 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=48074 DF PROTO=TCP SPT=34602 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
- Jul 29 16:38:25 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=48075 DF PROTO=TCP SPT=34602 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
- Jul 29 16:38:43 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=01:00:5e:00:00:01:0c:b6:d2:e7:6e:69:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
- Jul 29 16:39:10 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=48076 DF PROTO=TCP SPT=34602 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
- Jul 29 16:39:55 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=48077 DF PROTO=TCP SPT=34602 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
- Jul 29 16:40:33 ipfire kernel: DROP_NEWNOTSYN IN=red0 OUT= MAC=00:e0:ed:88:32:68:0c:b6:d2:e7:6e:69:08:00 SRC=104.26.12.18 DST=192.168.1.2 LEN=79 TOS=0x00 PREC=0x80 TTL=57 ID=32148 DF PROTO=TCP SPT=443 DPT=34602 WINDOW=67 RES=0x00 ACK PSH URGP=0
- Jul 29 16:40:33 ipfire kernel: DROP_NEWNOTSYN IN=red0 OUT= MAC=00:e0:ed:88:32:68:0c:b6:d2:e7:6e:69:08:00 SRC=104.26.12.18 DST=192.168.1.2 LEN=64 TOS=0x00 PREC=0x80 TTL=57 ID=32149 DF PROTO=TCP SPT=443 DPT=34602 WINDOW=67 RES=0x00 ACK PSH URGP=0
- Jul 29 16:40:40 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=48078 DF PROTO=TCP SPT=34602 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
- Jul 29 16:40:48 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=01:00:5e:00:00:01:0c:b6:d2:e7:6e:69:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
- Jul 29 16:42:53 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=01:00:5e:00:00:01:0c:b6:d2:e7:6e:69:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
- Jul 29 16:44:04 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=ff:ff:ff:ff:ff:ff:d4:5e:ec:6e:43:82:08:00 SRC=192.168.1.6 DST=192.168.1.255 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=48229 DF PROTO=UDP SPT=59292 DPT=65001 LEN=28
- Jul 29 16:44:04 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=ff:ff:ff:ff:ff:ff:d4:5e:ec:6e:43:82:08:00 SRC=192.168.1.6 DST=192.168.1.255 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=48304 DF PROTO=UDP SPT=59292 DPT=65001 LEN=28
- Jul 29 16:44:58 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=01:00:5e:00:00:01:0c:b6:d2:e7:6e:69:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
- Jul 29 16:46:39 ipfire sshd[26992]: Accepted password for root from 10.0.0.2 port 39083 ssh2
- Jul 29 16:47:03 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=01:00:5e:00:00:01:0c:b6:d2:e7:6e:69:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
- Jul 29 16:32:53 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.12.157 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=48714 DF PROTO=TCP SPT=56394 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
- Jul 29 16:32:59 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=5.255.255.55 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=40053 DF PROTO=TCP SPT=35754 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
- Jul 29 16:33:01 ipfire unbound: [9800:0] error: SERVFAIL <google.com. A IN>: all the configured stub or forward servers failed, at zone .
- Jul 29 16:33:01 ipfire unbound: [9800:0] error: SERVFAIL <google.com.home. A IN>: all the configured stub or forward servers failed, at zone .
- Jul 29 16:33:01 ipfire dhcpcd[23469]: sending signal ALRM to pid 22680
- Jul 29 16:33:01 ipfire dhcpcd[23469]: waiting for pid 22680 to exit
- Jul 29 16:33:01 ipfire dhcpcd[22680]: received SIGALRM, releasing
- Jul 29 16:33:01 ipfire dhcpcd[22680]: red0: removing interface
- Jul 29 16:33:01 ipfire dhcpcd[22680]: red0: releasing lease of 192.168.1.2
- Jul 29 16:33:01 ipfire dhcpcd[22680]: red0: deleting route to 192.168.1.0/24
- Jul 29 16:33:01 ipfire dhcpcd[22680]: red0: deleting default route via 192.168.1.1
- Jul 29 16:33:01 ipfire kernel: red0 ate my IP address
- Jul 29 16:33:01 ipfire dhcpcd.exe[23470]: red0 has been brought down (STOP)
- Jul 29 16:33:01 ipfire dhcpcd[22680]: dhcpcd exited
- Jul 29 16:33:03 ipfire dhcpd: reuse_lease: lease age 182 (secs) under 25% threshold, reply with unaltered, existing lease for 10.0.0.2
- Jul 29 16:33:03 ipfire dhcpd: DHCPREQUEST for 10.0.0.2 from 80:e8:2c:73:ac:2b (stas-HP-Laptop) via green0
- Jul 29 16:33:03 ipfire dhcpd: DHCPACK on 10.0.0.2 to 80:e8:2c:73:ac:2b (stas-HP-Laptop) via green0
- Jul 29 16:33:03 ipfire unbound: [9800:0] error: SERVFAIL <home. NS IN>: all the configured stub or forward servers failed, at zone .
- Jul 29 16:33:03 ipfire kernel: 8021q: adding VLAN 0 to HW filter on device red0
- Jul 29 16:33:03 ipfire dhcpcd[23747]: dhcpcd-9.1.2 starting
- Jul 29 16:33:03 ipfire dhcpcd[23749]: DUID 00:04:50:fd:87:0c:e4:4d:4b:19:8b:bf:03:6d:e8:bc:e8:df
- Jul 29 16:33:03 ipfire dhcpcd[23749]: red0: waiting for carrier
- Jul 29 16:33:04 ipfire ntpd[2552]: Deleting interface #179 red0, 192.168.1.2#123, interface stats: received=0, sent=0, dropped=0, active_time=47 secs
- Jul 29 16:33:06 ipfire dhcpcd[23749]: red0: carrier acquired
- Jul 29 16:33:06 ipfire kernel: igb 0000:04:00.1 red0: igb: red0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX
- Jul 29 16:33:06 ipfire dhcpcd[23749]: red0: IAID ed:88:32:68
- Jul 29 16:33:06 ipfire dhcpcd[23749]: red0: adding address fe80::2e0:edff:fe88:3268
- Jul 29 16:33:06 ipfire dhcpcd[23749]: ipv6_addaddr1: Permission denied
- Jul 29 16:33:06 ipfire dhcpcd[23749]: red0: soliciting an IPv6 router
- Jul 29 16:33:07 ipfire dhcpcd[23749]: red0: soliciting a DHCP lease
- Jul 29 16:33:11 ipfire dhcpcd[23749]: red0: offered 192.168.1.2 from 192.168.1.1
- Jul 29 16:33:11 ipfire dhcpcd[23749]: red0: probing address 192.168.1.2/24
- Jul 29 16:33:17 ipfire dhcpcd[23749]: red0: leased 192.168.1.2 for 3600 seconds
- Jul 29 16:33:17 ipfire dhcpcd[23749]: red0: adding route to 192.168.1.0/24
- Jul 29 16:33:17 ipfire dhcpcd[23749]: red0: adding default route via 192.168.1.1
- Jul 29 16:33:17 ipfire dhcpcd.exe[23788]: red0 has been (re)configured with IP=192.168.1.2
- Jul 29 16:33:18 ipfire ntpd[2552]: Listen normally on 180 red0 192.168.1.2:123
- Jul 29 16:33:18 ipfire ntpd[2552]: new interface(s) found: waking up resolver
- Jul 29 16:33:28 ipfire suricata: This is Suricata version 5.0.3 RELEASE running in SYSTEM mode
- Jul 29 16:33:28 ipfire suricata: [ERRCODE: SC_WARN_NO_STATS_LOGGERS(261)] - stats are enabled but no loggers are active
- Jul 29 16:33:28 ipfire suricata: all 8 packet processing threads, 2 management threads initialized, engine started.
- Jul 29 16:33:28 ipfire suricata: rule reload starting
- Jul 29 16:33:28 ipfire unbound: [9800:0] info: service stopped (unbound 1.10.1).
- Jul 29 16:33:28 ipfire unbound: [9800:0] info: server stats for thread 0: 32 queries, 22 answers from cache, 10 recursions, 0 prefetch, 0 rejected by ip ratelimiting
- Jul 29 16:33:28 ipfire unbound: [9800:0] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
- Jul 29 16:33:28 ipfire unbound: [9800:0] info: average recursion processing time 0.000000 sec
- Jul 29 16:33:28 ipfire unbound: [9800:0] info: histogram of recursion processing times
- Jul 29 16:33:28 ipfire unbound: [9800:0] info: [25%]=2.5e-07 median[50%]=5e-07 [75%]=7.5e-07
- Jul 29 16:33:28 ipfire unbound: [9800:0] info: lower(secs) upper(secs) recursions
- Jul 29 16:33:28 ipfire unbound: [9800:0] info: 0.000000 0.000001 10
- Jul 29 16:33:28 ipfire unbound: [9800:0] notice: Restart of unbound 1.10.1.
- Jul 29 16:33:28 ipfire unbound: [9800:0] notice: init module 0: validator
- Jul 29 16:33:28 ipfire unbound: [9800:0] notice: init module 1: iterator
- Jul 29 16:33:28 ipfire unbound: [9800:0] info: start of service (unbound 1.10.1).
- Jul 29 16:33:28 ipfire unbound: [9800:0] error: SERVFAIL <ping.ipfire.org. A IN>: all the configured stub or forward servers failed, at zone .
- Jul 29 16:33:32 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.1.195 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=24927 DF PROTO=TCP SPT=50552 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
- Jul 29 16:33:32 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=7232 DF PROTO=TCP SPT=34200 DPT=443 WINDOW=4976 RES=0x00 ACK URGP=0
- Jul 29 16:33:34 ipfire ntpdate[24068]: adjust time server 81.3.27.46 offset +0.040222 sec
- Jul 29 16:33:34 ipfire ipfire: NTP synchronisation
- Jul 29 16:33:38 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.12.157 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=48715 DF PROTO=TCP SPT=56394 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
- Jul 29 16:33:42 ipfire pakfire: PAKFIRE INFO: IPFire Pakfire 2.25.1 started!
- Jul 29 16:33:42 ipfire pakfire: MIRROR INFO: server-list.db is 6666 seconds old. - DEBUG: force
- Jul 29 16:33:42 ipfire pakfire: DOWNLOAD STARTED: 2.25.1/lists/server-list.db
- Jul 29 16:33:42 ipfire pakfire: DOWNLOAD INFO: Host: pakfire.ipfire.org (HTTPS) - File: 2.25.1/lists/server-list.db
- Jul 29 16:33:43 ipfire unbound: [9800:0] error: SERVFAIL <pakfire.ipfire.org. A IN>: all the configured stub or forward servers failed, at zone .
- Jul 29 16:33:43 ipfire unbound: [9800:0] error: SERVFAIL <pakfire.ipfire.org.home. A IN>: all the configured stub or forward servers failed, at zone .
- Jul 29 16:33:43 ipfire pakfire: DOWNLOAD INFO: 2.25.1/lists/server-list.db has size of bytes
- Jul 29 16:33:43 ipfire pakfire: DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't connect to pakfire.ipfire.org:443 (Name or service not known)
- Jul 29 16:33:43 ipfire pakfire: Giving up: There was no chance to get the file 2.25.1/lists/server-list.db from any available server. There was an error on the way. Please fix it.
- Jul 29 16:33:43 ipfire pakfire: DB INFO: packages_list.db is 6666 seconds old. - DEBUG: force
- Jul 29 16:33:43 ipfire pakfire: DOWNLOAD STARTED: lists/packages_list.db
- Jul 29 16:33:43 ipfire pakfire: MIRROR INFO: 2 servers found in list
- Jul 29 16:33:43 ipfire pakfire: DOWNLOAD INFO: Host: mirror1.ipfire.org (HTTPS) - File: pakfire2/2.25.1/lists/packages_list.db
- Jul 29 16:33:43 ipfire unbound: [9800:0] error: SERVFAIL <mirror1.ipfire.org. A IN>: all the configured stub or forward servers failed, at zone .
- Jul 29 16:33:43 ipfire unbound: [9800:0] error: SERVFAIL <mirror1.ipfire.org.home. A IN>: all the configured stub or forward servers failed, at zone .
- Jul 29 16:33:43 ipfire pakfire: DOWNLOAD INFO: pakfire2/2.25.1/lists/packages_list.db has size of bytes
- Jul 29 16:33:43 ipfire pakfire: DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't connect to mirror1.ipfire.org:443 (Name or service not known)
- Jul 29 16:33:43 ipfire pakfire: Giving up: There was no chance to get the file lists/packages_list.db from any available server. There was an error on the way. Please fix it.
- Jul 29 16:33:43 ipfire pakfire: CORE INFO: core-list.db is 6664 seconds old. - DEBUG: force
- Jul 29 16:33:43 ipfire pakfire: DOWNLOAD STARTED: lists/core-list.db
- Jul 29 16:33:43 ipfire pakfire: MIRROR INFO: 2 servers found in list
- Jul 29 16:33:43 ipfire pakfire: DOWNLOAD INFO: Host: ipfire.earl-net.com (HTTPS) - File: pakfire2/2.25.1/lists/core-list.db
- Jul 29 16:33:43 ipfire unbound: [9800:0] error: SERVFAIL <ipfire.earl-net.com. A IN>: all the configured stub or forward servers failed, at zone .
- Jul 29 16:33:43 ipfire unbound: [9800:0] error: SERVFAIL <ipfire.earl-net.com.home. A IN>: all the configured stub or forward servers failed, at zone .
- Jul 29 16:33:43 ipfire pakfire: DOWNLOAD INFO: pakfire2/2.25.1/lists/core-list.db has size of bytes
- Jul 29 16:33:43 ipfire pakfire: DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't connect to ipfire.earl-net.com:443 (Name or service not known)
- Jul 29 16:33:43 ipfire pakfire: Giving up: There was no chance to get the file lists/core-list.db from any available server. There was an error on the way. Please fix it.
- Jul 29 16:33:43 ipfire pakfire: PAKFIRE INFO: Pakfire has finished. Closing.
- Jul 29 16:33:43 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=97 TOS=0x00 PREC=0x00 TTL=63 ID=7233 DF PROTO=TCP SPT=34200 DPT=443 WINDOW=4976 RES=0x00 ACK PSH URGP=0
- Jul 29 16:33:43 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=79 TOS=0x00 PREC=0x00 TTL=63 ID=7234 DF PROTO=TCP SPT=34200 DPT=443 WINDOW=4976 RES=0x00 ACK PSH URGP=0
- Jul 29 16:33:43 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=79 TOS=0x00 PREC=0x00 TTL=63 ID=7235 DF PROTO=TCP SPT=34200 DPT=443 WINDOW=4976 RES=0x00 ACK PSH URGP=0
- Jul 29 16:33:43 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=136 TOS=0x00 PREC=0x00 TTL=63 ID=7236 DF PROTO=TCP SPT=34200 DPT=443 WINDOW=4976 RES=0x00 ACK PSH URGP=0
- Jul 29 16:33:44 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=136 TOS=0x00 PREC=0x00 TTL=63 ID=7237 DF PROTO=TCP SPT=34200 DPT=443 WINDOW=4976 RES=0x00 ACK PSH URGP=0
- Jul 29 16:33:44 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=5.255.255.55 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=40054 DF PROTO=TCP SPT=35754 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
- Jul 29 16:33:45 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=136 TOS=0x00 PREC=0x00 TTL=63 ID=7238 DF PROTO=TCP SPT=34200 DPT=443 WINDOW=4976 RES=0x00 ACK PSH URGP=0
- Jul 29 16:33:46 ipfire suricata: [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3 support is not enabled
- Jul 29 16:33:46 ipfire suricata: [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET JA3 Hash - Suspected Cobalt Strike Malleable C2 M1 (set)"; flow:established,to_server; ja3.hash; content:"eb88d0b3e1961a0562f006e5ce2a0b87"; ja3.string; content:"771,49192-49191-49172-49171"; flowbits:set,ET.cobaltstrike.ja3; flowbits:noalert; metadata: former_category JA3; classtype:command-and-control; sid:2028831; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_10_15, malware_family Cobalt_Strike, updated_at 2019_10_15;)" from file /var/lib/suricata/emerging-ja3.rules at line 41
- Jul 29 16:33:46 ipfire suricata: [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3(s) support is not enabled
- Jul 29 16:33:46 ipfire suricata: [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET JA3 Hash - Suspected Cobalt Strike Malleable C2 (ja3s) M1"; flow:established,from_server; ja3s.hash; content:"649d6810e8392f63dc311eecb6b7098b"; tls.cert_subject; content:!"servicebus.windows.net"; flowbits:isset,ET.cobaltstrike.ja3; metadata: former_category JA3; classtype:command-and-control; sid:2028832; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_10_15, malware_family Cobalt_Strike, updated_at 2019_10_15;)" from file /var/lib/suricata/emerging-ja3.rules at line 43
- Jul 29 16:33:47 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=136 TOS=0x00 PREC=0x00 TTL=63 ID=7239 DF PROTO=TCP SPT=34200 DPT=443 WINDOW=4976 RES=0x00 ACK PSH URGP=0
- Jul 29 16:33:52 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=136 TOS=0x00 PREC=0x00 TTL=63 ID=7240 DF PROTO=TCP SPT=34200 DPT=443 WINDOW=4976 RES=0x00 ACK PSH URGP=0
- Jul 29 16:34:01 ipfire unbound: [9800:0] error: SERVFAIL <google.com. A IN>: all the configured stub or forward servers failed, at zone .
- Jul 29 16:34:01 ipfire unbound: [9800:0] error: SERVFAIL <google.com.home. A IN>: all the configured stub or forward servers failed, at zone .
- Jul 29 16:34:01 ipfire dhcpcd[24539]: sending signal ALRM to pid 23749
- Jul 29 16:34:01 ipfire dhcpcd[24539]: waiting for pid 23749 to exit
- Jul 29 16:34:01 ipfire dhcpcd[23749]: received SIGALRM, releasing
- Jul 29 16:34:01 ipfire dhcpcd[23749]: red0: removing interface
- Jul 29 16:34:01 ipfire dhcpcd[23749]: red0: releasing lease of 192.168.1.2
- Jul 29 16:34:01 ipfire dhcpcd[23749]: red0: deleting route to 192.168.1.0/24
- Jul 29 16:34:01 ipfire dhcpcd[23749]: red0: deleting default route via 192.168.1.1
- Jul 29 16:34:01 ipfire kernel: red0 ate my IP address
- Jul 29 16:34:01 ipfire dhcpcd.exe[24540]: red0 has been brought down (STOP)
- Jul 29 16:34:01 ipfire dhcpcd[23749]: dhcpcd exited
- Jul 29 16:34:03 ipfire kernel: 8021q: adding VLAN 0 to HW filter on device red0
- Jul 29 16:34:03 ipfire dhcpcd[24817]: dhcpcd-9.1.2 starting
- Jul 29 16:34:03 ipfire dhcpcd[24819]: DUID 00:04:50:fd:87:0c:e4:4d:4b:19:8b:bf:03:6d:e8:bc:e8:df
- Jul 29 16:34:03 ipfire dhcpcd[24819]: red0: waiting for carrier
- Jul 29 16:34:04 ipfire ntpd[2552]: Deleting interface #180 red0, 192.168.1.2#123, interface stats: received=0, sent=0, dropped=0, active_time=46 secs
- Jul 29 16:34:06 ipfire dhcpcd[24819]: red0: carrier acquired
- Jul 29 16:34:06 ipfire kernel: igb 0000:04:00.1 red0: igb: red0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX
- Jul 29 16:34:06 ipfire dhcpcd[24819]: red0: IAID ed:88:32:68
- Jul 29 16:34:06 ipfire dhcpcd[24819]: red0: adding address fe80::2e0:edff:fe88:3268
- Jul 29 16:34:06 ipfire dhcpcd[24819]: ipv6_addaddr1: Permission denied
- Jul 29 16:34:06 ipfire dhcpcd[24819]: red0: soliciting an IPv6 router
- Jul 29 16:34:07 ipfire dhcpcd[24819]: red0: soliciting a DHCP lease
- Jul 29 16:34:07 ipfire dhcpcd[24819]: red0: offered 192.168.1.2 from 192.168.1.1
- Jul 29 16:34:07 ipfire dhcpcd[24819]: red0: probing address 192.168.1.2/24
- Jul 29 16:34:12 ipfire dhcpcd[24819]: red0: leased 192.168.1.2 for 3600 seconds
- Jul 29 16:34:12 ipfire dhcpcd[24819]: red0: adding route to 192.168.1.0/24
- Jul 29 16:34:12 ipfire dhcpcd[24819]: red0: adding default route via 192.168.1.1
- Jul 29 16:34:12 ipfire dhcpcd.exe[24858]: red0 has been (re)configured with IP=192.168.1.2
- Jul 29 16:34:14 ipfire ntpd[2552]: Listen normally on 181 red0 192.168.1.2:123
- Jul 29 16:34:14 ipfire ntpd[2552]: new interface(s) found: waking up resolver
- Jul 29 16:34:17 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.1.195 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=24928 DF PROTO=TCP SPT=50552 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
- Jul 29 16:34:23 ipfire suricata: This is Suricata version 5.0.3 RELEASE running in SYSTEM mode
- Jul 29 16:34:23 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.12.157 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=48716 DF PROTO=TCP SPT=56394 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
- Jul 29 16:34:23 ipfire suricata: [ERRCODE: SC_WARN_NO_STATS_LOGGERS(261)] - stats are enabled but no loggers are active
- Jul 29 16:34:23 ipfire suricata: all 8 packet processing threads, 2 management threads initialized, engine started.
- Jul 29 16:34:23 ipfire suricata: rule reload starting
- Jul 29 16:34:24 ipfire unbound: [9800:0] info: service stopped (unbound 1.10.1).
- Jul 29 16:34:24 ipfire unbound: [9800:0] info: server stats for thread 0: 30 queries, 21 answers from cache, 9 recursions, 0 prefetch, 0 rejected by ip ratelimiting
- Jul 29 16:34:24 ipfire unbound: [9800:0] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
- Jul 29 16:34:24 ipfire unbound: [9800:0] info: average recursion processing time 0.000000 sec
- Jul 29 16:34:24 ipfire unbound: [9800:0] info: histogram of recursion processing times
- Jul 29 16:34:24 ipfire unbound: [9800:0] info: [25%]=2.5e-07 median[50%]=5e-07 [75%]=7.5e-07
- Jul 29 16:34:24 ipfire unbound: [9800:0] info: lower(secs) upper(secs) recursions
- Jul 29 16:34:24 ipfire unbound: [9800:0] info: 0.000000 0.000001 9
- Jul 29 16:34:24 ipfire unbound: [9800:0] notice: Restart of unbound 1.10.1.
- Jul 29 16:34:24 ipfire unbound: [9800:0] notice: init module 0: validator
- Jul 29 16:34:24 ipfire unbound: [9800:0] notice: init module 1: iterator
- Jul 29 16:34:24 ipfire unbound: [9800:0] info: start of service (unbound 1.10.1).
- Jul 29 16:34:24 ipfire unbound: [9800:0] error: SERVFAIL <ping.ipfire.org. A IN>: all the configured stub or forward servers failed, at zone .
- Jul 29 16:34:29 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=5.255.255.55 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=40055 DF PROTO=TCP SPT=35754 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
- Jul 29 16:34:30 ipfire ntpdate[25138]: adjust time server 81.3.27.46 offset +0.018871 sec
- Jul 29 16:34:30 ipfire ipfire: NTP synchronisation
- Jul 29 16:34:33 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=01:00:5e:00:00:01:0c:b6:d2:e7:6e:69:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
- Jul 29 16:34:38 ipfire pakfire: PAKFIRE INFO: IPFire Pakfire 2.25.1 started!
- Jul 29 16:34:38 ipfire pakfire: MIRROR INFO: server-list.db is 6722 seconds old. - DEBUG: force
- Jul 29 16:34:38 ipfire pakfire: DOWNLOAD STARTED: 2.25.1/lists/server-list.db
- Jul 29 16:34:38 ipfire pakfire: DOWNLOAD INFO: Host: pakfire.ipfire.org (HTTPS) - File: 2.25.1/lists/server-list.db
- Jul 29 16:34:39 ipfire unbound: [9800:0] error: SERVFAIL <pakfire.ipfire.org. A IN>: all the configured stub or forward servers failed, at zone .
- Jul 29 16:34:39 ipfire unbound: [9800:0] error: SERVFAIL <pakfire.ipfire.org.home. A IN>: all the configured stub or forward servers failed, at zone .
- Jul 29 16:34:39 ipfire pakfire: DOWNLOAD INFO: 2.25.1/lists/server-list.db has size of bytes
- Jul 29 16:34:39 ipfire pakfire: DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't connect to pakfire.ipfire.org:443 (Name or service not known)
- Jul 29 16:34:39 ipfire pakfire: Giving up: There was no chance to get the file 2.25.1/lists/server-list.db from any available server. There was an error on the way. Please fix it.
- Jul 29 16:34:39 ipfire pakfire: DB INFO: packages_list.db is 6722 seconds old. - DEBUG: force
- Jul 29 16:34:39 ipfire pakfire: DOWNLOAD STARTED: lists/packages_list.db
- Jul 29 16:34:39 ipfire pakfire: MIRROR INFO: 2 servers found in list
- Jul 29 16:34:39 ipfire pakfire: DOWNLOAD INFO: Host: ipfire.earl-net.com (HTTPS) - File: pakfire2/2.25.1/lists/packages_list.db
- Jul 29 16:34:39 ipfire unbound: [9800:0] error: SERVFAIL <ipfire.earl-net.com. A IN>: all the configured stub or forward servers failed, at zone .
- Jul 29 16:34:39 ipfire unbound: [9800:0] error: SERVFAIL <ipfire.earl-net.com.home. A IN>: all the configured stub or forward servers failed, at zone .
- Jul 29 16:34:39 ipfire pakfire: DOWNLOAD INFO: pakfire2/2.25.1/lists/packages_list.db has size of bytes
- Jul 29 16:34:39 ipfire pakfire: DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't connect to ipfire.earl-net.com:443 (Name or service not known)
- Jul 29 16:34:39 ipfire pakfire: Giving up: There was no chance to get the file lists/packages_list.db from any available server. There was an error on the way. Please fix it.
- Jul 29 16:34:39 ipfire pakfire: CORE INFO: core-list.db is 6720 seconds old. - DEBUG: force
- Jul 29 16:34:39 ipfire pakfire: DOWNLOAD STARTED: lists/core-list.db
- Jul 29 16:34:39 ipfire pakfire: MIRROR INFO: 2 servers found in list
- Jul 29 16:34:39 ipfire pakfire: DOWNLOAD INFO: Host: mirror1.ipfire.org (HTTPS) - File: pakfire2/2.25.1/lists/core-list.db
- Jul 29 16:34:39 ipfire unbound: [9800:0] error: SERVFAIL <mirror1.ipfire.org. A IN>: all the configured stub or forward servers failed, at zone .
- Jul 29 16:34:39 ipfire unbound: [9800:0] error: SERVFAIL <mirror1.ipfire.org.home. A IN>: all the configured stub or forward servers failed, at zone .
- Jul 29 16:34:39 ipfire pakfire: DOWNLOAD INFO: pakfire2/2.25.1/lists/core-list.db has size of bytes
- Jul 29 16:34:39 ipfire pakfire: DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't connect to mirror1.ipfire.org:443 (Name or service not known)
- Jul 29 16:34:39 ipfire pakfire: Giving up: There was no chance to get the file lists/core-list.db from any available server. There was an error on the way. Please fix it.
- Jul 29 16:34:39 ipfire pakfire: PAKFIRE INFO: Pakfire has finished. Closing.
- Jul 29 16:34:40 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=48070 DF PROTO=TCP SPT=34602 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
- Jul 29 16:34:42 ipfire suricata: [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3 support is not enabled
- Jul 29 16:34:42 ipfire suricata: [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET JA3 Hash - Suspected Cobalt Strike Malleable C2 M1 (set)"; flow:established,to_server; ja3.hash; content:"eb88d0b3e1961a0562f006e5ce2a0b87"; ja3.string; content:"771,49192-49191-49172-49171"; flowbits:set,ET.cobaltstrike.ja3; flowbits:noalert; metadata: former_category JA3; classtype:command-and-control; sid:2028831; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_10_15, malware_family Cobalt_Strike, updated_at 2019_10_15;)" from file /var/lib/suricata/emerging-ja3.rules at line 41
- Jul 29 16:34:42 ipfire suricata: [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3(s) support is not enabled
- Jul 29 16:34:42 ipfire suricata: [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET JA3 Hash - Suspected Cobalt Strike Malleable C2 (ja3s) M1"; flow:established,from_server; ja3s.hash; content:"649d6810e8392f63dc311eecb6b7098b"; tls.cert_subject; content:!"servicebus.windows.net"; flowbits:isset,ET.cobaltstrike.ja3; metadata: former_category JA3; classtype:command-and-control; sid:2028832; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_10_15, malware_family Cobalt_Strike, updated_at 2019_10_15;)" from file /var/lib/suricata/emerging-ja3.rules at line 43
- Jul 29 16:35:01 ipfire unbound: [9800:0] error: SERVFAIL <google.com. A IN>: all the configured stub or forward servers failed, at zone .
- Jul 29 16:35:01 ipfire unbound: [9800:0] error: SERVFAIL <google.com.home. A IN>: all the configured stub or forward servers failed, at zone .
- Jul 29 16:35:01 ipfire dhcpcd[25644]: sending signal ALRM to pid 24819
- Jul 29 16:35:01 ipfire dhcpcd[25644]: waiting for pid 24819 to exit
- Jul 29 16:35:01 ipfire dhcpcd[24819]: received SIGALRM, releasing
- Jul 29 16:35:01 ipfire dhcpcd[24819]: red0: removing interface
- Jul 29 16:35:01 ipfire dhcpcd[24819]: red0: releasing lease of 192.168.1.2
- Jul 29 16:35:01 ipfire kernel: red0 ate my IP address
- Jul 29 16:35:01 ipfire dhcpcd[24819]: red0: deleting route to 192.168.1.0/24
- Jul 29 16:35:01 ipfire dhcpcd[24819]: red0: deleting default route via 192.168.1.1
- Jul 29 16:35:01 ipfire dhcpcd.exe[25645]: red0 has been brought down (STOP)
- Jul 29 16:35:01 ipfire dhcpcd[24819]: dhcpcd exited
- Jul 29 16:35:03 ipfire kernel: 8021q: adding VLAN 0 to HW filter on device red0
- Jul 29 16:35:03 ipfire dhcpcd[25946]: dhcpcd-9.1.2 starting
- Jul 29 16:35:03 ipfire dhcpcd[25948]: DUID 00:04:50:fd:87:0c:e4:4d:4b:19:8b:bf:03:6d:e8:bc:e8:df
- Jul 29 16:35:03 ipfire dhcpcd[25948]: red0: waiting for carrier
- Jul 29 16:35:04 ipfire ntpd[2552]: Deleting interface #181 red0, 192.168.1.2#123, interface stats: received=0, sent=0, dropped=0, active_time=50 secs
- Jul 29 16:35:06 ipfire dhcpcd[25948]: red0: carrier acquired
- Jul 29 16:35:06 ipfire kernel: igb 0000:04:00.1 red0: igb: red0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX
- Jul 29 16:35:06 ipfire dhcpcd[25948]: red0: IAID ed:88:32:68
- Jul 29 16:35:06 ipfire dhcpcd[25948]: red0: adding address fe80::2e0:edff:fe88:3268
- Jul 29 16:35:06 ipfire dhcpcd[25948]: ipv6_addaddr1: Permission denied
- Jul 29 16:35:06 ipfire dhcpcd[25948]: red0: soliciting an IPv6 router
- Jul 29 16:35:06 ipfire dhcpcd[25948]: red0: soliciting a DHCP lease
- Jul 29 16:35:10 ipfire dhcpcd[25948]: red0: offered 192.168.1.2 from 192.168.1.1
- Jul 29 16:35:10 ipfire dhcpcd[25948]: red0: probing address 192.168.1.2/24
- Jul 29 16:35:15 ipfire dhcpcd[25948]: red0: leased 192.168.1.2 for 3600 seconds
- Jul 29 16:35:15 ipfire dhcpcd[25948]: red0: adding route to 192.168.1.0/24
- Jul 29 16:35:15 ipfire dhcpcd[25948]: red0: adding default route via 192.168.1.1
- Jul 29 16:35:15 ipfire dhcpcd.exe[25987]: red0 has been (re)configured with IP=192.168.1.2
- Jul 29 16:35:16 ipfire ntpd[2552]: Listen normally on 182 red0 192.168.1.2:123
- Jul 29 16:35:16 ipfire ntpd[2552]: new interface(s) found: waking up resolver
- Jul 29 16:35:25 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=48071 DF PROTO=TCP SPT=34602 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
- Jul 29 16:35:26 ipfire suricata: This is Suricata version 5.0.3 RELEASE running in SYSTEM mode
- Jul 29 16:35:26 ipfire suricata: [ERRCODE: SC_WARN_NO_STATS_LOGGERS(261)] - stats are enabled but no loggers are active
- Jul 29 16:35:26 ipfire suricata: all 8 packet processing threads, 2 management threads initialized, engine started.
- Jul 29 16:35:26 ipfire suricata: rule reload starting
- Jul 29 16:35:26 ipfire unbound: [9800:0] info: service stopped (unbound 1.10.1).
- Jul 29 16:35:26 ipfire unbound: [9800:0] info: server stats for thread 0: 30 queries, 21 answers from cache, 9 recursions, 0 prefetch, 0 rejected by ip ratelimiting
- Jul 29 16:35:26 ipfire unbound: [9800:0] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
- Jul 29 16:35:26 ipfire unbound: [9800:0] info: average recursion processing time 0.000000 sec
- Jul 29 16:35:26 ipfire unbound: [9800:0] info: histogram of recursion processing times
- Jul 29 16:35:26 ipfire unbound: [9800:0] info: [25%]=2.5e-07 median[50%]=5e-07 [75%]=7.5e-07
- Jul 29 16:35:26 ipfire unbound: [9800:0] info: lower(secs) upper(secs) recursions
- Jul 29 16:35:26 ipfire unbound: [9800:0] info: 0.000000 0.000001 9
- Jul 29 16:35:26 ipfire unbound: [9800:0] notice: Restart of unbound 1.10.1.
- Jul 29 16:35:26 ipfire unbound: [9800:0] notice: init module 0: validator
- Jul 29 16:35:26 ipfire unbound: [9800:0] notice: init module 1: iterator
- Jul 29 16:35:26 ipfire unbound: [9800:0] info: start of service (unbound 1.10.1).
- Jul 29 16:35:42 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.1.195 LEN=210 TOS=0x00 PREC=0x00 TTL=63 ID=24930 DF PROTO=TCP SPT=50552 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
- Jul 29 16:35:42 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.1.195 LEN=98 TOS=0x00 PREC=0x00 TTL=63 ID=24931 DF PROTO=TCP SPT=50552 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
- Jul 29 16:35:42 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.1.195 LEN=98 TOS=0x00 PREC=0x00 TTL=63 ID=24932 DF PROTO=TCP SPT=50552 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
- Jul 29 16:35:42 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.1.195 LEN=256 TOS=0x00 PREC=0x00 TTL=63 ID=24933 DF PROTO=TCP SPT=50552 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
- Jul 29 16:35:43 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.1.195 LEN=256 TOS=0x00 PREC=0x00 TTL=63 ID=24934 DF PROTO=TCP SPT=50552 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
- Jul 29 16:35:44 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.1.195 LEN=256 TOS=0x00 PREC=0x00 TTL=63 ID=24935 DF PROTO=TCP SPT=50552 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
- Jul 29 16:35:45 ipfire suricata: [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3 support is not enabled
- Jul 29 16:35:45 ipfire suricata: [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET JA3 Hash - Suspected Cobalt Strike Malleable C2 M1 (set)"; flow:established,to_server; ja3.hash; content:"eb88d0b3e1961a0562f006e5ce2a0b87"; ja3.string; content:"771,49192-49191-49172-49171"; flowbits:set,ET.cobaltstrike.ja3; flowbits:noalert; metadata: former_category JA3; classtype:command-and-control; sid:2028831; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_10_15, malware_family Cobalt_Strike, updated_at 2019_10_15;)" from file /var/lib/suricata/emerging-ja3.rules at line 41
- Jul 29 16:35:45 ipfire suricata: [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3(s) support is not enabled
- Jul 29 16:35:45 ipfire suricata: [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET JA3 Hash - Suspected Cobalt Strike Malleable C2 (ja3s) M1"; flow:established,from_server; ja3s.hash; content:"649d6810e8392f63dc311eecb6b7098b"; tls.cert_subject; content:!"servicebus.windows.net"; flowbits:isset,ET.cobaltstrike.ja3; metadata: former_category JA3; classtype:command-and-control; sid:2028832; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_10_15, malware_family Cobalt_Strike, updated_at 2019_10_15;)" from file /var/lib/suricata/emerging-ja3.rules at line 43
- Jul 29 16:35:46 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.1.195 LEN=256 TOS=0x00 PREC=0x00 TTL=63 ID=24936 DF PROTO=TCP SPT=50552 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
- Jul 29 16:35:51 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.1.195 LEN=256 TOS=0x00 PREC=0x00 TTL=63 ID=24937 DF PROTO=TCP SPT=50552 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
- Jul 29 16:35:53 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.12.157 LEN=121 TOS=0x00 PREC=0x00 TTL=63 ID=48718 DF PROTO=TCP SPT=56394 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
- Jul 29 16:35:53 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.12.157 LEN=98 TOS=0x00 PREC=0x00 TTL=63 ID=48719 DF PROTO=TCP SPT=56394 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
- Jul 29 16:35:53 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.12.157 LEN=98 TOS=0x00 PREC=0x00 TTL=63 ID=48720 DF PROTO=TCP SPT=56394 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
- Jul 29 16:35:53 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.12.157 LEN=167 TOS=0x00 PREC=0x00 TTL=63 ID=48721 DF PROTO=TCP SPT=56394 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
- Jul 29 16:35:54 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.12.157 LEN=167 TOS=0x00 PREC=0x00 TTL=63 ID=48722 DF PROTO=TCP SPT=56394 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
- Jul 29 16:35:55 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.12.157 LEN=167 TOS=0x00 PREC=0x00 TTL=63 ID=48723 DF PROTO=TCP SPT=56394 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
- Jul 29 16:35:58 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.12.157 LEN=167 TOS=0x00 PREC=0x00 TTL=63 ID=48724 DF PROTO=TCP SPT=56394 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
- Jul 29 16:36:00 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=5.255.255.55 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=40057 DF PROTO=TCP SPT=35754 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
- Jul 29 16:36:03 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.12.157 LEN=167 TOS=0x00 PREC=0x00 TTL=63 ID=48725 DF PROTO=TCP SPT=56394 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
- Jul 29 16:36:04 ipfire pakfire: PAKFIRE INFO: IPFire Pakfire 2.25.1 started!
- Jul 29 16:36:04 ipfire pakfire: MIRROR INFO: server-list.db is 6808 seconds old. - DEBUG: force
- Jul 29 16:36:04 ipfire pakfire: DOWNLOAD STARTED: 2.25.1/lists/server-list.db
- Jul 29 16:36:04 ipfire pakfire: DOWNLOAD INFO: Host: pakfire.ipfire.org (HTTPS) - File: 2.25.1/lists/server-list.db
- Jul 29 16:36:10 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=48072 DF PROTO=TCP SPT=34602 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
- Jul 29 16:36:14 ipfire unbound: [9800:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
- Jul 29 16:36:24 ipfire pakfire: DOWNLOAD INFO: 2.25.1/lists/server-list.db has size of bytes
- Jul 29 16:36:34 ipfire pakfire: DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't connect to pakfire.ipfire.org:443 (Name or service not known)
- Jul 29 16:36:34 ipfire pakfire: Giving up: There was no chance to get the file 2.25.1/lists/server-list.db from any available server. There was an error on the way. Please fix it.
- Jul 29 16:36:34 ipfire pakfire: DB INFO: packages_list.db is 6837 seconds old. - DEBUG: force
- Jul 29 16:36:34 ipfire pakfire: DOWNLOAD STARTED: lists/packages_list.db
- Jul 29 16:36:34 ipfire pakfire: MIRROR INFO: 2 servers found in list
- Jul 29 16:36:34 ipfire pakfire: DOWNLOAD INFO: Host: mirror1.ipfire.org (HTTPS) - File: pakfire2/2.25.1/lists/packages_list.db
- Jul 29 16:36:38 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=01:00:5e:00:00:01:0c:b6:d2:e7:6e:69:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
- Jul 29 16:36:44 ipfire pakfire: DOWNLOAD INFO: pakfire2/2.25.1/lists/packages_list.db has size of bytes
- Jul 29 16:36:45 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=5.255.255.55 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=40058 DF PROTO=TCP SPT=35754 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
- Jul 29 16:36:52 ipfire pakfire: DOWNLOAD INFO: HTTP-Status-Code: 200 - 200 OK
- Jul 29 16:36:52 ipfire pakfire: DOWNLOAD INFO: File received. Start checking signature...
- Jul 29 16:36:52 ipfire pakfire: DOWNLOAD ERROR: The downloaded file (pakfire2/2.25.1/lists/packages_list.db) wasn't verified by IPFire.org. Sorry - Exiting...
- Jul 29 16:36:53 ipfire pakfire: TIME INFO: Time Server 213.172.105.106 has -0.004369 sec offset to localtime.
- Jul 29 16:36:55 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=48073 DF PROTO=TCP SPT=34602 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
- Jul 29 16:37:25 ipfire suricata: rule reload complete
- Jul 29 16:37:25 ipfire suricata: Signature(s) loaded, Detect thread(s) activated.
- Jul 29 16:37:40 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=48074 DF PROTO=TCP SPT=34602 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
- Jul 29 16:38:25 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=48075 DF PROTO=TCP SPT=34602 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
- Jul 29 16:38:43 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=01:00:5e:00:00:01:0c:b6:d2:e7:6e:69:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
- Jul 29 16:39:10 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=48076 DF PROTO=TCP SPT=34602 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
- Jul 29 16:39:55 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=48077 DF PROTO=TCP SPT=34602 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
- Jul 29 16:40:33 ipfire kernel: DROP_NEWNOTSYN IN=red0 OUT= MAC=00:e0:ed:88:32:68:0c:b6:d2:e7:6e:69:08:00 SRC=104.26.12.18 DST=192.168.1.2 LEN=79 TOS=0x00 PREC=0x80 TTL=57 ID=32148 DF PROTO=TCP SPT=443 DPT=34602 WINDOW=67 RES=0x00 ACK PSH URGP=0
- Jul 29 16:40:33 ipfire kernel: DROP_NEWNOTSYN IN=red0 OUT= MAC=00:e0:ed:88:32:68:0c:b6:d2:e7:6e:69:08:00 SRC=104.26.12.18 DST=192.168.1.2 LEN=64 TOS=0x00 PREC=0x80 TTL=57 ID=32149 DF PROTO=TCP SPT=443 DPT=34602 WINDOW=67 RES=0x00 ACK PSH URGP=0
- Jul 29 16:40:40 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=48078 DF PROTO=TCP SPT=34602 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
- Jul 29 16:40:48 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=01:00:5e:00:00:01:0c:b6:d2:e7:6e:69:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
- Jul 29 16:42:53 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=01:00:5e:00:00:01:0c:b6:d2:e7:6e:69:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
- Jul 29 16:44:04 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=ff:ff:ff:ff:ff:ff:d4:5e:ec:6e:43:82:08:00 SRC=192.168.1.6 DST=192.168.1.255 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=48229 DF PROTO=UDP SPT=59292 DPT=65001 LEN=28
- Jul 29 16:44:04 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=ff:ff:ff:ff:ff:ff:d4:5e:ec:6e:43:82:08:00 SRC=192.168.1.6 DST=192.168.1.255 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=48304 DF PROTO=UDP SPT=59292 DPT=65001 LEN=28
- Jul 29 16:44:58 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=01:00:5e:00:00:01:0c:b6:d2:e7:6e:69:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
- Jul 29 16:46:39 ipfire sshd[26992]: Accepted password for root from 10.0.0.2 port 39083 ssh2
- Jul 29 16:47:03 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=01:00:5e:00:00:01:0c:b6:d2:e7:6e:69:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
- Jul 29 16:49:08 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=01:00:5e:00:00:01:0c:b6:d2:e7:6e:69:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
- Jul 29 16:51:13 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=01:00:5e:00:00:01:0c:b6:d2:e7:6e:69:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
- Jul 29 16:53:18 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=01:00:5e:00:00:01:0c:b6:d2:e7:6e:69:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement