API tools faq
paste
Advertisement
Guest User

log

a guest
Jul 29th, 2020
69
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 67.84 KB | None | 0 0
raw download clone embed print report
  1. Jul 29 16:33:46 ipfire suricata: [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3(s) support is not enabled
  2. Jul 29 16:33:46 ipfire suricata: [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET JA3 Hash - Suspected Cobalt Strike Malleable C2 (ja3s) M1"; flow:established,from_server; ja3s.hash; content:"649d6810e8392f63dc311eecb6b7098b"; tls.cert_subject; content:!"servicebus.windows.net"; flowbits:isset,ET.cobaltstrike.ja3; metadata: former_category JA3; classtype:command-and-control; sid:2028832; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_10_15, malware_family Cobalt_Strike, updated_at 2019_10_15;)" from file /var/lib/suricata/emerging-ja3.rules at line 43
  3. Jul 29 16:33:47 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=136 TOS=0x00 PREC=0x00 TTL=63 ID=7239 DF PROTO=TCP SPT=34200 DPT=443 WINDOW=4976 RES=0x00 ACK PSH URGP=0
  4. Jul 29 16:33:52 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=136 TOS=0x00 PREC=0x00 TTL=63 ID=7240 DF PROTO=TCP SPT=34200 DPT=443 WINDOW=4976 RES=0x00 ACK PSH URGP=0
  5. Jul 29 16:34:01 ipfire unbound: [9800:0] error: SERVFAIL <google.com. A IN>: all the configured stub or forward servers failed, at zone .
  6. Jul 29 16:34:01 ipfire unbound: [9800:0] error: SERVFAIL <google.com.home. A IN>: all the configured stub or forward servers failed, at zone .
  7. Jul 29 16:34:01 ipfire dhcpcd[24539]: sending signal ALRM to pid 23749
  8. Jul 29 16:34:01 ipfire dhcpcd[24539]: waiting for pid 23749 to exit
  9. Jul 29 16:34:01 ipfire dhcpcd[23749]: received SIGALRM, releasing
  10. Jul 29 16:34:01 ipfire dhcpcd[23749]: red0: removing interface
  11. Jul 29 16:34:01 ipfire dhcpcd[23749]: red0: releasing lease of 192.168.1.2
  12. Jul 29 16:34:01 ipfire dhcpcd[23749]: red0: deleting route to 192.168.1.0/24
  13. Jul 29 16:34:01 ipfire dhcpcd[23749]: red0: deleting default route via 192.168.1.1
  14. Jul 29 16:34:01 ipfire kernel: red0 ate my IP address
  15. Jul 29 16:34:01 ipfire dhcpcd.exe[24540]: red0 has been brought down (STOP)
  16. Jul 29 16:34:01 ipfire dhcpcd[23749]: dhcpcd exited
  17. Jul 29 16:34:03 ipfire kernel: 8021q: adding VLAN 0 to HW filter on device red0
  18. Jul 29 16:34:03 ipfire dhcpcd[24817]: dhcpcd-9.1.2 starting
  19. Jul 29 16:34:03 ipfire dhcpcd[24819]: DUID 00:04:50:fd:87:0c:e4:4d:4b:19:8b:bf:03:6d:e8:bc:e8:df
  20. Jul 29 16:34:03 ipfire dhcpcd[24819]: red0: waiting for carrier
  21. Jul 29 16:34:04 ipfire ntpd[2552]: Deleting interface #180 red0, 192.168.1.2#123, interface stats: received=0, sent=0, dropped=0, active_time=46 secs
  22. Jul 29 16:34:06 ipfire dhcpcd[24819]: red0: carrier acquired
  23. Jul 29 16:34:06 ipfire kernel: igb 0000:04:00.1 red0: igb: red0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX
  24. Jul 29 16:34:06 ipfire dhcpcd[24819]: red0: IAID ed:88:32:68
  25. Jul 29 16:34:06 ipfire dhcpcd[24819]: red0: adding address fe80::2e0:edff:fe88:3268
  26. Jul 29 16:34:06 ipfire dhcpcd[24819]: ipv6_addaddr1: Permission denied
  27. Jul 29 16:34:06 ipfire dhcpcd[24819]: red0: soliciting an IPv6 router
  28. Jul 29 16:34:07 ipfire dhcpcd[24819]: red0: soliciting a DHCP lease
  29. Jul 29 16:34:07 ipfire dhcpcd[24819]: red0: offered 192.168.1.2 from 192.168.1.1
  30. Jul 29 16:34:07 ipfire dhcpcd[24819]: red0: probing address 192.168.1.2/24
  31. Jul 29 16:34:12 ipfire dhcpcd[24819]: red0: leased 192.168.1.2 for 3600 seconds
  32. Jul 29 16:34:12 ipfire dhcpcd[24819]: red0: adding route to 192.168.1.0/24
  33. Jul 29 16:34:12 ipfire dhcpcd[24819]: red0: adding default route via 192.168.1.1
  34. Jul 29 16:34:12 ipfire dhcpcd.exe[24858]: red0 has been (re)configured with IP=192.168.1.2
  35. Jul 29 16:34:14 ipfire ntpd[2552]: Listen normally on 181 red0 192.168.1.2:123
  36. Jul 29 16:34:14 ipfire ntpd[2552]: new interface(s) found: waking up resolver
  37. Jul 29 16:34:17 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.1.195 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=24928 DF PROTO=TCP SPT=50552 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
  38. Jul 29 16:34:23 ipfire suricata: This is Suricata version 5.0.3 RELEASE running in SYSTEM mode
  39. Jul 29 16:34:23 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.12.157 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=48716 DF PROTO=TCP SPT=56394 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
  40. Jul 29 16:34:23 ipfire suricata: [ERRCODE: SC_WARN_NO_STATS_LOGGERS(261)] - stats are enabled but no loggers are active
  41. Jul 29 16:34:23 ipfire suricata: all 8 packet processing threads, 2 management threads initialized, engine started.
  42. Jul 29 16:34:23 ipfire suricata: rule reload starting
  43. Jul 29 16:34:24 ipfire unbound: [9800:0] info: service stopped (unbound 1.10.1).
  44. Jul 29 16:34:24 ipfire unbound: [9800:0] info: server stats for thread 0: 30 queries, 21 answers from cache, 9 recursions, 0 prefetch, 0 rejected by ip ratelimiting
  45. Jul 29 16:34:24 ipfire unbound: [9800:0] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
  46. Jul 29 16:34:24 ipfire unbound: [9800:0] info: average recursion processing time 0.000000 sec
  47. Jul 29 16:34:24 ipfire unbound: [9800:0] info: histogram of recursion processing times
  48. Jul 29 16:34:24 ipfire unbound: [9800:0] info: [25%]=2.5e-07 median[50%]=5e-07 [75%]=7.5e-07
  49. Jul 29 16:34:24 ipfire unbound: [9800:0] info: lower(secs) upper(secs) recursions
  50. Jul 29 16:34:24 ipfire unbound: [9800:0] info: 0.000000 0.000001 9
  51. Jul 29 16:34:24 ipfire unbound: [9800:0] notice: Restart of unbound 1.10.1.
  52. Jul 29 16:34:24 ipfire unbound: [9800:0] notice: init module 0: validator
  53. Jul 29 16:34:24 ipfire unbound: [9800:0] notice: init module 1: iterator
  54. Jul 29 16:34:24 ipfire unbound: [9800:0] info: start of service (unbound 1.10.1).
  55. Jul 29 16:34:24 ipfire unbound: [9800:0] error: SERVFAIL <ping.ipfire.org. A IN>: all the configured stub or forward servers failed, at zone .
  56. Jul 29 16:34:29 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=5.255.255.55 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=40055 DF PROTO=TCP SPT=35754 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
  57. Jul 29 16:34:30 ipfire ntpdate[25138]: adjust time server 81.3.27.46 offset +0.018871 sec
  58. Jul 29 16:34:30 ipfire ipfire: NTP synchronisation
  59. Jul 29 16:34:33 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=01:00:5e:00:00:01:0c:b6:d2:e7:6e:69:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
  60. Jul 29 16:34:38 ipfire pakfire: PAKFIRE INFO: IPFire Pakfire 2.25.1 started!
  61. Jul 29 16:34:38 ipfire pakfire: MIRROR INFO: server-list.db is 6722 seconds old. - DEBUG: force
  62. Jul 29 16:34:38 ipfire pakfire: DOWNLOAD STARTED: 2.25.1/lists/server-list.db
  63. Jul 29 16:34:38 ipfire pakfire: DOWNLOAD INFO: Host: pakfire.ipfire.org (HTTPS) - File: 2.25.1/lists/server-list.db
  64. Jul 29 16:34:39 ipfire unbound: [9800:0] error: SERVFAIL <pakfire.ipfire.org. A IN>: all the configured stub or forward servers failed, at zone .
  65. Jul 29 16:34:39 ipfire unbound: [9800:0] error: SERVFAIL <pakfire.ipfire.org.home. A IN>: all the configured stub or forward servers failed, at zone .
  66. Jul 29 16:34:39 ipfire pakfire: DOWNLOAD INFO: 2.25.1/lists/server-list.db has size of bytes
  67. Jul 29 16:34:39 ipfire pakfire: DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't connect to pakfire.ipfire.org:443 (Name or service not known)
  68. Jul 29 16:34:39 ipfire pakfire: Giving up: There was no chance to get the file 2.25.1/lists/server-list.db from any available server. There was an error on the way. Please fix it.
  69. Jul 29 16:34:39 ipfire pakfire: DB INFO: packages_list.db is 6722 seconds old. - DEBUG: force
  70. Jul 29 16:34:39 ipfire pakfire: DOWNLOAD STARTED: lists/packages_list.db
  71. Jul 29 16:34:39 ipfire pakfire: MIRROR INFO: 2 servers found in list
  72. Jul 29 16:34:39 ipfire pakfire: DOWNLOAD INFO: Host: ipfire.earl-net.com (HTTPS) - File: pakfire2/2.25.1/lists/packages_list.db
  73. Jul 29 16:34:39 ipfire unbound: [9800:0] error: SERVFAIL <ipfire.earl-net.com. A IN>: all the configured stub or forward servers failed, at zone .
  74. Jul 29 16:34:39 ipfire unbound: [9800:0] error: SERVFAIL <ipfire.earl-net.com.home. A IN>: all the configured stub or forward servers failed, at zone .
  75. Jul 29 16:34:39 ipfire pakfire: DOWNLOAD INFO: pakfire2/2.25.1/lists/packages_list.db has size of bytes
  76. Jul 29 16:34:39 ipfire pakfire: DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't connect to ipfire.earl-net.com:443 (Name or service not known)
  77. Jul 29 16:34:39 ipfire pakfire: Giving up: There was no chance to get the file lists/packages_list.db from any available server. There was an error on the way. Please fix it.
  78. Jul 29 16:34:39 ipfire pakfire: CORE INFO: core-list.db is 6720 seconds old. - DEBUG: force
  79. Jul 29 16:34:39 ipfire pakfire: DOWNLOAD STARTED: lists/core-list.db
  80. Jul 29 16:34:39 ipfire pakfire: MIRROR INFO: 2 servers found in list
  81. Jul 29 16:34:39 ipfire pakfire: DOWNLOAD INFO: Host: mirror1.ipfire.org (HTTPS) - File: pakfire2/2.25.1/lists/core-list.db
  82. Jul 29 16:34:39 ipfire unbound: [9800:0] error: SERVFAIL <mirror1.ipfire.org. A IN>: all the configured stub or forward servers failed, at zone .
  83. Jul 29 16:34:39 ipfire unbound: [9800:0] error: SERVFAIL <mirror1.ipfire.org.home. A IN>: all the configured stub or forward servers failed, at zone .
  84. Jul 29 16:34:39 ipfire pakfire: DOWNLOAD INFO: pakfire2/2.25.1/lists/core-list.db has size of bytes
  85. Jul 29 16:34:39 ipfire pakfire: DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't connect to mirror1.ipfire.org:443 (Name or service not known)
  86. Jul 29 16:34:39 ipfire pakfire: Giving up: There was no chance to get the file lists/core-list.db from any available server. There was an error on the way. Please fix it.
  87. Jul 29 16:34:39 ipfire pakfire: PAKFIRE INFO: Pakfire has finished. Closing.
  88. Jul 29 16:34:40 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=48070 DF PROTO=TCP SPT=34602 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
  89. Jul 29 16:34:42 ipfire suricata: [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3 support is not enabled
  90. Jul 29 16:34:42 ipfire suricata: [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET JA3 Hash - Suspected Cobalt Strike Malleable C2 M1 (set)"; flow:established,to_server; ja3.hash; content:"eb88d0b3e1961a0562f006e5ce2a0b87"; ja3.string; content:"771,49192-49191-49172-49171"; flowbits:set,ET.cobaltstrike.ja3; flowbits:noalert; metadata: former_category JA3; classtype:command-and-control; sid:2028831; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_10_15, malware_family Cobalt_Strike, updated_at 2019_10_15;)" from file /var/lib/suricata/emerging-ja3.rules at line 41
  91. Jul 29 16:34:42 ipfire suricata: [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3(s) support is not enabled
  92. Jul 29 16:34:42 ipfire suricata: [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET JA3 Hash - Suspected Cobalt Strike Malleable C2 (ja3s) M1"; flow:established,from_server; ja3s.hash; content:"649d6810e8392f63dc311eecb6b7098b"; tls.cert_subject; content:!"servicebus.windows.net"; flowbits:isset,ET.cobaltstrike.ja3; metadata: former_category JA3; classtype:command-and-control; sid:2028832; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_10_15, malware_family Cobalt_Strike, updated_at 2019_10_15;)" from file /var/lib/suricata/emerging-ja3.rules at line 43
  93. Jul 29 16:35:01 ipfire unbound: [9800:0] error: SERVFAIL <google.com. A IN>: all the configured stub or forward servers failed, at zone .
  94. Jul 29 16:35:01 ipfire unbound: [9800:0] error: SERVFAIL <google.com.home. A IN>: all the configured stub or forward servers failed, at zone .
  95. Jul 29 16:35:01 ipfire dhcpcd[25644]: sending signal ALRM to pid 24819
  96. Jul 29 16:35:01 ipfire dhcpcd[25644]: waiting for pid 24819 to exit
  97. Jul 29 16:35:01 ipfire dhcpcd[24819]: received SIGALRM, releasing
  98. Jul 29 16:35:01 ipfire dhcpcd[24819]: red0: removing interface
  99. Jul 29 16:35:01 ipfire dhcpcd[24819]: red0: releasing lease of 192.168.1.2
  100. Jul 29 16:35:01 ipfire kernel: red0 ate my IP address
  101. Jul 29 16:35:01 ipfire dhcpcd[24819]: red0: deleting route to 192.168.1.0/24
  102. Jul 29 16:35:01 ipfire dhcpcd[24819]: red0: deleting default route via 192.168.1.1
  103. Jul 29 16:35:01 ipfire dhcpcd.exe[25645]: red0 has been brought down (STOP)
  104. Jul 29 16:35:01 ipfire dhcpcd[24819]: dhcpcd exited
  105. Jul 29 16:35:03 ipfire kernel: 8021q: adding VLAN 0 to HW filter on device red0
  106. Jul 29 16:35:03 ipfire dhcpcd[25946]: dhcpcd-9.1.2 starting
  107. Jul 29 16:35:03 ipfire dhcpcd[25948]: DUID 00:04:50:fd:87:0c:e4:4d:4b:19:8b:bf:03:6d:e8:bc:e8:df
  108. Jul 29 16:35:03 ipfire dhcpcd[25948]: red0: waiting for carrier
  109. Jul 29 16:35:04 ipfire ntpd[2552]: Deleting interface #181 red0, 192.168.1.2#123, interface stats: received=0, sent=0, dropped=0, active_time=50 secs
  110. Jul 29 16:35:06 ipfire dhcpcd[25948]: red0: carrier acquired
  111. Jul 29 16:35:06 ipfire kernel: igb 0000:04:00.1 red0: igb: red0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX
  112. Jul 29 16:35:06 ipfire dhcpcd[25948]: red0: IAID ed:88:32:68
  113. Jul 29 16:35:06 ipfire dhcpcd[25948]: red0: adding address fe80::2e0:edff:fe88:3268
  114. Jul 29 16:35:06 ipfire dhcpcd[25948]: ipv6_addaddr1: Permission denied
  115. Jul 29 16:35:06 ipfire dhcpcd[25948]: red0: soliciting an IPv6 router
  116. Jul 29 16:35:06 ipfire dhcpcd[25948]: red0: soliciting a DHCP lease
  117. Jul 29 16:35:10 ipfire dhcpcd[25948]: red0: offered 192.168.1.2 from 192.168.1.1
  118. Jul 29 16:35:10 ipfire dhcpcd[25948]: red0: probing address 192.168.1.2/24
  119. Jul 29 16:35:15 ipfire dhcpcd[25948]: red0: leased 192.168.1.2 for 3600 seconds
  120. Jul 29 16:35:15 ipfire dhcpcd[25948]: red0: adding route to 192.168.1.0/24
  121. Jul 29 16:35:15 ipfire dhcpcd[25948]: red0: adding default route via 192.168.1.1
  122. Jul 29 16:35:15 ipfire dhcpcd.exe[25987]: red0 has been (re)configured with IP=192.168.1.2
  123. Jul 29 16:35:16 ipfire ntpd[2552]: Listen normally on 182 red0 192.168.1.2:123
  124. Jul 29 16:35:16 ipfire ntpd[2552]: new interface(s) found: waking up resolver
  125. Jul 29 16:35:25 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=48071 DF PROTO=TCP SPT=34602 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
  126. Jul 29 16:35:26 ipfire suricata: This is Suricata version 5.0.3 RELEASE running in SYSTEM mode
  127. Jul 29 16:35:26 ipfire suricata: [ERRCODE: SC_WARN_NO_STATS_LOGGERS(261)] - stats are enabled but no loggers are active
  128. Jul 29 16:35:26 ipfire suricata: all 8 packet processing threads, 2 management threads initialized, engine started.
  129. Jul 29 16:35:26 ipfire suricata: rule reload starting
  130. Jul 29 16:35:26 ipfire unbound: [9800:0] info: service stopped (unbound 1.10.1).
  131. Jul 29 16:35:26 ipfire unbound: [9800:0] info: server stats for thread 0: 30 queries, 21 answers from cache, 9 recursions, 0 prefetch, 0 rejected by ip ratelimiting
  132. Jul 29 16:35:26 ipfire unbound: [9800:0] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
  133. Jul 29 16:35:26 ipfire unbound: [9800:0] info: average recursion processing time 0.000000 sec
  134. Jul 29 16:35:26 ipfire unbound: [9800:0] info: histogram of recursion processing times
  135. Jul 29 16:35:26 ipfire unbound: [9800:0] info: [25%]=2.5e-07 median[50%]=5e-07 [75%]=7.5e-07
  136. Jul 29 16:35:26 ipfire unbound: [9800:0] info: lower(secs) upper(secs) recursions
  137. Jul 29 16:35:26 ipfire unbound: [9800:0] info: 0.000000 0.000001 9
  138. Jul 29 16:35:26 ipfire unbound: [9800:0] notice: Restart of unbound 1.10.1.
  139. Jul 29 16:35:26 ipfire unbound: [9800:0] notice: init module 0: validator
  140. Jul 29 16:35:26 ipfire unbound: [9800:0] notice: init module 1: iterator
  141. Jul 29 16:35:26 ipfire unbound: [9800:0] info: start of service (unbound 1.10.1).
  142. Jul 29 16:35:42 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.1.195 LEN=210 TOS=0x00 PREC=0x00 TTL=63 ID=24930 DF PROTO=TCP SPT=50552 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
  143. Jul 29 16:35:42 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.1.195 LEN=98 TOS=0x00 PREC=0x00 TTL=63 ID=24931 DF PROTO=TCP SPT=50552 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
  144. Jul 29 16:35:42 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.1.195 LEN=98 TOS=0x00 PREC=0x00 TTL=63 ID=24932 DF PROTO=TCP SPT=50552 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
  145. Jul 29 16:35:42 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.1.195 LEN=256 TOS=0x00 PREC=0x00 TTL=63 ID=24933 DF PROTO=TCP SPT=50552 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
  146. Jul 29 16:35:43 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.1.195 LEN=256 TOS=0x00 PREC=0x00 TTL=63 ID=24934 DF PROTO=TCP SPT=50552 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
  147. Jul 29 16:35:44 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.1.195 LEN=256 TOS=0x00 PREC=0x00 TTL=63 ID=24935 DF PROTO=TCP SPT=50552 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
  148. Jul 29 16:35:45 ipfire suricata: [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3 support is not enabled
  149. Jul 29 16:35:45 ipfire suricata: [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET JA3 Hash - Suspected Cobalt Strike Malleable C2 M1 (set)"; flow:established,to_server; ja3.hash; content:"eb88d0b3e1961a0562f006e5ce2a0b87"; ja3.string; content:"771,49192-49191-49172-49171"; flowbits:set,ET.cobaltstrike.ja3; flowbits:noalert; metadata: former_category JA3; classtype:command-and-control; sid:2028831; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_10_15, malware_family Cobalt_Strike, updated_at 2019_10_15;)" from file /var/lib/suricata/emerging-ja3.rules at line 41
  150. Jul 29 16:35:45 ipfire suricata: [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3(s) support is not enabled
  151. Jul 29 16:35:45 ipfire suricata: [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET JA3 Hash - Suspected Cobalt Strike Malleable C2 (ja3s) M1"; flow:established,from_server; ja3s.hash; content:"649d6810e8392f63dc311eecb6b7098b"; tls.cert_subject; content:!"servicebus.windows.net"; flowbits:isset,ET.cobaltstrike.ja3; metadata: former_category JA3; classtype:command-and-control; sid:2028832; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_10_15, malware_family Cobalt_Strike, updated_at 2019_10_15;)" from file /var/lib/suricata/emerging-ja3.rules at line 43
  152. Jul 29 16:35:46 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.1.195 LEN=256 TOS=0x00 PREC=0x00 TTL=63 ID=24936 DF PROTO=TCP SPT=50552 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
  153. Jul 29 16:35:51 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.1.195 LEN=256 TOS=0x00 PREC=0x00 TTL=63 ID=24937 DF PROTO=TCP SPT=50552 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
  154. Jul 29 16:35:53 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.12.157 LEN=121 TOS=0x00 PREC=0x00 TTL=63 ID=48718 DF PROTO=TCP SPT=56394 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
  155. Jul 29 16:35:53 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.12.157 LEN=98 TOS=0x00 PREC=0x00 TTL=63 ID=48719 DF PROTO=TCP SPT=56394 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
  156. Jul 29 16:35:53 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.12.157 LEN=98 TOS=0x00 PREC=0x00 TTL=63 ID=48720 DF PROTO=TCP SPT=56394 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
  157. Jul 29 16:35:53 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.12.157 LEN=167 TOS=0x00 PREC=0x00 TTL=63 ID=48721 DF PROTO=TCP SPT=56394 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
  158. Jul 29 16:35:54 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.12.157 LEN=167 TOS=0x00 PREC=0x00 TTL=63 ID=48722 DF PROTO=TCP SPT=56394 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
  159. Jul 29 16:35:55 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.12.157 LEN=167 TOS=0x00 PREC=0x00 TTL=63 ID=48723 DF PROTO=TCP SPT=56394 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
  160. Jul 29 16:35:58 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.12.157 LEN=167 TOS=0x00 PREC=0x00 TTL=63 ID=48724 DF PROTO=TCP SPT=56394 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
  161. Jul 29 16:36:00 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=5.255.255.55 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=40057 DF PROTO=TCP SPT=35754 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
  162. Jul 29 16:36:03 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.12.157 LEN=167 TOS=0x00 PREC=0x00 TTL=63 ID=48725 DF PROTO=TCP SPT=56394 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
  163. Jul 29 16:36:04 ipfire pakfire: PAKFIRE INFO: IPFire Pakfire 2.25.1 started!
  164. Jul 29 16:36:04 ipfire pakfire: MIRROR INFO: server-list.db is 6808 seconds old. - DEBUG: force
  165. Jul 29 16:36:04 ipfire pakfire: DOWNLOAD STARTED: 2.25.1/lists/server-list.db
  166. Jul 29 16:36:04 ipfire pakfire: DOWNLOAD INFO: Host: pakfire.ipfire.org (HTTPS) - File: 2.25.1/lists/server-list.db
  167. Jul 29 16:36:10 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=48072 DF PROTO=TCP SPT=34602 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
  168. Jul 29 16:36:14 ipfire unbound: [9800:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
  169. Jul 29 16:36:24 ipfire pakfire: DOWNLOAD INFO: 2.25.1/lists/server-list.db has size of bytes
  170. Jul 29 16:36:34 ipfire pakfire: DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't connect to pakfire.ipfire.org:443 (Name or service not known)
  171. Jul 29 16:36:34 ipfire pakfire: Giving up: There was no chance to get the file 2.25.1/lists/server-list.db from any available server. There was an error on the way. Please fix it.
  172. Jul 29 16:36:34 ipfire pakfire: DB INFO: packages_list.db is 6837 seconds old. - DEBUG: force
  173. Jul 29 16:36:34 ipfire pakfire: DOWNLOAD STARTED: lists/packages_list.db
  174. Jul 29 16:36:34 ipfire pakfire: MIRROR INFO: 2 servers found in list
  175. Jul 29 16:36:34 ipfire pakfire: DOWNLOAD INFO: Host: mirror1.ipfire.org (HTTPS) - File: pakfire2/2.25.1/lists/packages_list.db
  176. Jul 29 16:36:38 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=01:00:5e:00:00:01:0c:b6:d2:e7:6e:69:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
  177. Jul 29 16:36:44 ipfire pakfire: DOWNLOAD INFO: pakfire2/2.25.1/lists/packages_list.db has size of bytes
  178. Jul 29 16:36:45 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=5.255.255.55 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=40058 DF PROTO=TCP SPT=35754 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
  179. Jul 29 16:36:52 ipfire pakfire: DOWNLOAD INFO: HTTP-Status-Code: 200 - 200 OK
  180. Jul 29 16:36:52 ipfire pakfire: DOWNLOAD INFO: File received. Start checking signature...
  181. Jul 29 16:36:52 ipfire pakfire: DOWNLOAD ERROR: The downloaded file (pakfire2/2.25.1/lists/packages_list.db) wasn't verified by IPFire.org. Sorry - Exiting...
  182. Jul 29 16:36:53 ipfire pakfire: TIME INFO: Time Server 213.172.105.106 has -0.004369 sec offset to localtime.
  183. Jul 29 16:36:55 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=48073 DF PROTO=TCP SPT=34602 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
  184. Jul 29 16:37:25 ipfire suricata: rule reload complete
  185. Jul 29 16:37:25 ipfire suricata: Signature(s) loaded, Detect thread(s) activated.
  186. Jul 29 16:37:40 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=48074 DF PROTO=TCP SPT=34602 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
  187. Jul 29 16:38:25 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=48075 DF PROTO=TCP SPT=34602 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
  188. Jul 29 16:38:43 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=01:00:5e:00:00:01:0c:b6:d2:e7:6e:69:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
  189. Jul 29 16:39:10 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=48076 DF PROTO=TCP SPT=34602 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
  190. Jul 29 16:39:55 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=48077 DF PROTO=TCP SPT=34602 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
  191. Jul 29 16:40:33 ipfire kernel: DROP_NEWNOTSYN IN=red0 OUT= MAC=00:e0:ed:88:32:68:0c:b6:d2:e7:6e:69:08:00 SRC=104.26.12.18 DST=192.168.1.2 LEN=79 TOS=0x00 PREC=0x80 TTL=57 ID=32148 DF PROTO=TCP SPT=443 DPT=34602 WINDOW=67 RES=0x00 ACK PSH URGP=0
  192. Jul 29 16:40:33 ipfire kernel: DROP_NEWNOTSYN IN=red0 OUT= MAC=00:e0:ed:88:32:68:0c:b6:d2:e7:6e:69:08:00 SRC=104.26.12.18 DST=192.168.1.2 LEN=64 TOS=0x00 PREC=0x80 TTL=57 ID=32149 DF PROTO=TCP SPT=443 DPT=34602 WINDOW=67 RES=0x00 ACK PSH URGP=0
  193. Jul 29 16:40:40 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=48078 DF PROTO=TCP SPT=34602 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
  194. Jul 29 16:40:48 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=01:00:5e:00:00:01:0c:b6:d2:e7:6e:69:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
  195. Jul 29 16:42:53 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=01:00:5e:00:00:01:0c:b6:d2:e7:6e:69:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
  196. Jul 29 16:44:04 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=ff:ff:ff:ff:ff:ff:d4:5e:ec:6e:43:82:08:00 SRC=192.168.1.6 DST=192.168.1.255 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=48229 DF PROTO=UDP SPT=59292 DPT=65001 LEN=28
  197. Jul 29 16:44:04 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=ff:ff:ff:ff:ff:ff:d4:5e:ec:6e:43:82:08:00 SRC=192.168.1.6 DST=192.168.1.255 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=48304 DF PROTO=UDP SPT=59292 DPT=65001 LEN=28
  198. Jul 29 16:44:58 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=01:00:5e:00:00:01:0c:b6:d2:e7:6e:69:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
  199. Jul 29 16:46:39 ipfire sshd[26992]: Accepted password for root from 10.0.0.2 port 39083 ssh2
  200. Jul 29 16:47:03 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=01:00:5e:00:00:01:0c:b6:d2:e7:6e:69:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
  201. Jul 29 16:32:53 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.12.157 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=48714 DF PROTO=TCP SPT=56394 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
  202. Jul 29 16:32:59 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=5.255.255.55 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=40053 DF PROTO=TCP SPT=35754 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
  203. Jul 29 16:33:01 ipfire unbound: [9800:0] error: SERVFAIL <google.com. A IN>: all the configured stub or forward servers failed, at zone .
  204. Jul 29 16:33:01 ipfire unbound: [9800:0] error: SERVFAIL <google.com.home. A IN>: all the configured stub or forward servers failed, at zone .
  205. Jul 29 16:33:01 ipfire dhcpcd[23469]: sending signal ALRM to pid 22680
  206. Jul 29 16:33:01 ipfire dhcpcd[23469]: waiting for pid 22680 to exit
  207. Jul 29 16:33:01 ipfire dhcpcd[22680]: received SIGALRM, releasing
  208. Jul 29 16:33:01 ipfire dhcpcd[22680]: red0: removing interface
  209. Jul 29 16:33:01 ipfire dhcpcd[22680]: red0: releasing lease of 192.168.1.2
  210. Jul 29 16:33:01 ipfire dhcpcd[22680]: red0: deleting route to 192.168.1.0/24
  211. Jul 29 16:33:01 ipfire dhcpcd[22680]: red0: deleting default route via 192.168.1.1
  212. Jul 29 16:33:01 ipfire kernel: red0 ate my IP address
  213. Jul 29 16:33:01 ipfire dhcpcd.exe[23470]: red0 has been brought down (STOP)
  214. Jul 29 16:33:01 ipfire dhcpcd[22680]: dhcpcd exited
  215. Jul 29 16:33:03 ipfire dhcpd: reuse_lease: lease age 182 (secs) under 25% threshold, reply with unaltered, existing lease for 10.0.0.2
  216. Jul 29 16:33:03 ipfire dhcpd: DHCPREQUEST for 10.0.0.2 from 80:e8:2c:73:ac:2b (stas-HP-Laptop) via green0
  217. Jul 29 16:33:03 ipfire dhcpd: DHCPACK on 10.0.0.2 to 80:e8:2c:73:ac:2b (stas-HP-Laptop) via green0
  218. Jul 29 16:33:03 ipfire unbound: [9800:0] error: SERVFAIL <home. NS IN>: all the configured stub or forward servers failed, at zone .
  219. Jul 29 16:33:03 ipfire kernel: 8021q: adding VLAN 0 to HW filter on device red0
  220. Jul 29 16:33:03 ipfire dhcpcd[23747]: dhcpcd-9.1.2 starting
  221. Jul 29 16:33:03 ipfire dhcpcd[23749]: DUID 00:04:50:fd:87:0c:e4:4d:4b:19:8b:bf:03:6d:e8:bc:e8:df
  222. Jul 29 16:33:03 ipfire dhcpcd[23749]: red0: waiting for carrier
  223. Jul 29 16:33:04 ipfire ntpd[2552]: Deleting interface #179 red0, 192.168.1.2#123, interface stats: received=0, sent=0, dropped=0, active_time=47 secs
  224. Jul 29 16:33:06 ipfire dhcpcd[23749]: red0: carrier acquired
  225. Jul 29 16:33:06 ipfire kernel: igb 0000:04:00.1 red0: igb: red0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX
  226. Jul 29 16:33:06 ipfire dhcpcd[23749]: red0: IAID ed:88:32:68
  227. Jul 29 16:33:06 ipfire dhcpcd[23749]: red0: adding address fe80::2e0:edff:fe88:3268
  228. Jul 29 16:33:06 ipfire dhcpcd[23749]: ipv6_addaddr1: Permission denied
  229. Jul 29 16:33:06 ipfire dhcpcd[23749]: red0: soliciting an IPv6 router
  230. Jul 29 16:33:07 ipfire dhcpcd[23749]: red0: soliciting a DHCP lease
  231. Jul 29 16:33:11 ipfire dhcpcd[23749]: red0: offered 192.168.1.2 from 192.168.1.1
  232. Jul 29 16:33:11 ipfire dhcpcd[23749]: red0: probing address 192.168.1.2/24
  233. Jul 29 16:33:17 ipfire dhcpcd[23749]: red0: leased 192.168.1.2 for 3600 seconds
  234. Jul 29 16:33:17 ipfire dhcpcd[23749]: red0: adding route to 192.168.1.0/24
  235. Jul 29 16:33:17 ipfire dhcpcd[23749]: red0: adding default route via 192.168.1.1
  236. Jul 29 16:33:17 ipfire dhcpcd.exe[23788]: red0 has been (re)configured with IP=192.168.1.2
  237. Jul 29 16:33:18 ipfire ntpd[2552]: Listen normally on 180 red0 192.168.1.2:123
  238. Jul 29 16:33:18 ipfire ntpd[2552]: new interface(s) found: waking up resolver
  239. Jul 29 16:33:28 ipfire suricata: This is Suricata version 5.0.3 RELEASE running in SYSTEM mode
  240. Jul 29 16:33:28 ipfire suricata: [ERRCODE: SC_WARN_NO_STATS_LOGGERS(261)] - stats are enabled but no loggers are active
  241. Jul 29 16:33:28 ipfire suricata: all 8 packet processing threads, 2 management threads initialized, engine started.
  242. Jul 29 16:33:28 ipfire suricata: rule reload starting
  243. Jul 29 16:33:28 ipfire unbound: [9800:0] info: service stopped (unbound 1.10.1).
  244. Jul 29 16:33:28 ipfire unbound: [9800:0] info: server stats for thread 0: 32 queries, 22 answers from cache, 10 recursions, 0 prefetch, 0 rejected by ip ratelimiting
  245. Jul 29 16:33:28 ipfire unbound: [9800:0] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
  246. Jul 29 16:33:28 ipfire unbound: [9800:0] info: average recursion processing time 0.000000 sec
  247. Jul 29 16:33:28 ipfire unbound: [9800:0] info: histogram of recursion processing times
  248. Jul 29 16:33:28 ipfire unbound: [9800:0] info: [25%]=2.5e-07 median[50%]=5e-07 [75%]=7.5e-07
  249. Jul 29 16:33:28 ipfire unbound: [9800:0] info: lower(secs) upper(secs) recursions
  250. Jul 29 16:33:28 ipfire unbound: [9800:0] info: 0.000000 0.000001 10
  251. Jul 29 16:33:28 ipfire unbound: [9800:0] notice: Restart of unbound 1.10.1.
  252. Jul 29 16:33:28 ipfire unbound: [9800:0] notice: init module 0: validator
  253. Jul 29 16:33:28 ipfire unbound: [9800:0] notice: init module 1: iterator
  254. Jul 29 16:33:28 ipfire unbound: [9800:0] info: start of service (unbound 1.10.1).
  255. Jul 29 16:33:28 ipfire unbound: [9800:0] error: SERVFAIL <ping.ipfire.org. A IN>: all the configured stub or forward servers failed, at zone .
  256. Jul 29 16:33:32 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.1.195 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=24927 DF PROTO=TCP SPT=50552 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
  257. Jul 29 16:33:32 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=7232 DF PROTO=TCP SPT=34200 DPT=443 WINDOW=4976 RES=0x00 ACK URGP=0
  258. Jul 29 16:33:34 ipfire ntpdate[24068]: adjust time server 81.3.27.46 offset +0.040222 sec
  259. Jul 29 16:33:34 ipfire ipfire: NTP synchronisation
  260. Jul 29 16:33:38 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.12.157 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=48715 DF PROTO=TCP SPT=56394 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
  261. Jul 29 16:33:42 ipfire pakfire: PAKFIRE INFO: IPFire Pakfire 2.25.1 started!
  262. Jul 29 16:33:42 ipfire pakfire: MIRROR INFO: server-list.db is 6666 seconds old. - DEBUG: force
  263. Jul 29 16:33:42 ipfire pakfire: DOWNLOAD STARTED: 2.25.1/lists/server-list.db
  264. Jul 29 16:33:42 ipfire pakfire: DOWNLOAD INFO: Host: pakfire.ipfire.org (HTTPS) - File: 2.25.1/lists/server-list.db
  265. Jul 29 16:33:43 ipfire unbound: [9800:0] error: SERVFAIL <pakfire.ipfire.org. A IN>: all the configured stub or forward servers failed, at zone .
  266. Jul 29 16:33:43 ipfire unbound: [9800:0] error: SERVFAIL <pakfire.ipfire.org.home. A IN>: all the configured stub or forward servers failed, at zone .
  267. Jul 29 16:33:43 ipfire pakfire: DOWNLOAD INFO: 2.25.1/lists/server-list.db has size of bytes
  268. Jul 29 16:33:43 ipfire pakfire: DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't connect to pakfire.ipfire.org:443 (Name or service not known)
  269. Jul 29 16:33:43 ipfire pakfire: Giving up: There was no chance to get the file 2.25.1/lists/server-list.db from any available server. There was an error on the way. Please fix it.
  270. Jul 29 16:33:43 ipfire pakfire: DB INFO: packages_list.db is 6666 seconds old. - DEBUG: force
  271. Jul 29 16:33:43 ipfire pakfire: DOWNLOAD STARTED: lists/packages_list.db
  272. Jul 29 16:33:43 ipfire pakfire: MIRROR INFO: 2 servers found in list
  273. Jul 29 16:33:43 ipfire pakfire: DOWNLOAD INFO: Host: mirror1.ipfire.org (HTTPS) - File: pakfire2/2.25.1/lists/packages_list.db
  274. Jul 29 16:33:43 ipfire unbound: [9800:0] error: SERVFAIL <mirror1.ipfire.org. A IN>: all the configured stub or forward servers failed, at zone .
  275. Jul 29 16:33:43 ipfire unbound: [9800:0] error: SERVFAIL <mirror1.ipfire.org.home. A IN>: all the configured stub or forward servers failed, at zone .
  276. Jul 29 16:33:43 ipfire pakfire: DOWNLOAD INFO: pakfire2/2.25.1/lists/packages_list.db has size of bytes
  277. Jul 29 16:33:43 ipfire pakfire: DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't connect to mirror1.ipfire.org:443 (Name or service not known)
  278. Jul 29 16:33:43 ipfire pakfire: Giving up: There was no chance to get the file lists/packages_list.db from any available server. There was an error on the way. Please fix it.
  279. Jul 29 16:33:43 ipfire pakfire: CORE INFO: core-list.db is 6664 seconds old. - DEBUG: force
  280. Jul 29 16:33:43 ipfire pakfire: DOWNLOAD STARTED: lists/core-list.db
  281. Jul 29 16:33:43 ipfire pakfire: MIRROR INFO: 2 servers found in list
  282. Jul 29 16:33:43 ipfire pakfire: DOWNLOAD INFO: Host: ipfire.earl-net.com (HTTPS) - File: pakfire2/2.25.1/lists/core-list.db
  283. Jul 29 16:33:43 ipfire unbound: [9800:0] error: SERVFAIL <ipfire.earl-net.com. A IN>: all the configured stub or forward servers failed, at zone .
  284. Jul 29 16:33:43 ipfire unbound: [9800:0] error: SERVFAIL <ipfire.earl-net.com.home. A IN>: all the configured stub or forward servers failed, at zone .
  285. Jul 29 16:33:43 ipfire pakfire: DOWNLOAD INFO: pakfire2/2.25.1/lists/core-list.db has size of bytes
  286. Jul 29 16:33:43 ipfire pakfire: DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't connect to ipfire.earl-net.com:443 (Name or service not known)
  287. Jul 29 16:33:43 ipfire pakfire: Giving up: There was no chance to get the file lists/core-list.db from any available server. There was an error on the way. Please fix it.
  288. Jul 29 16:33:43 ipfire pakfire: PAKFIRE INFO: Pakfire has finished. Closing.
  289. Jul 29 16:33:43 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=97 TOS=0x00 PREC=0x00 TTL=63 ID=7233 DF PROTO=TCP SPT=34200 DPT=443 WINDOW=4976 RES=0x00 ACK PSH URGP=0
  290. Jul 29 16:33:43 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=79 TOS=0x00 PREC=0x00 TTL=63 ID=7234 DF PROTO=TCP SPT=34200 DPT=443 WINDOW=4976 RES=0x00 ACK PSH URGP=0
  291. Jul 29 16:33:43 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=79 TOS=0x00 PREC=0x00 TTL=63 ID=7235 DF PROTO=TCP SPT=34200 DPT=443 WINDOW=4976 RES=0x00 ACK PSH URGP=0
  292. Jul 29 16:33:43 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=136 TOS=0x00 PREC=0x00 TTL=63 ID=7236 DF PROTO=TCP SPT=34200 DPT=443 WINDOW=4976 RES=0x00 ACK PSH URGP=0
  293. Jul 29 16:33:44 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=136 TOS=0x00 PREC=0x00 TTL=63 ID=7237 DF PROTO=TCP SPT=34200 DPT=443 WINDOW=4976 RES=0x00 ACK PSH URGP=0
  294. Jul 29 16:33:44 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=5.255.255.55 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=40054 DF PROTO=TCP SPT=35754 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
  295. Jul 29 16:33:45 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=136 TOS=0x00 PREC=0x00 TTL=63 ID=7238 DF PROTO=TCP SPT=34200 DPT=443 WINDOW=4976 RES=0x00 ACK PSH URGP=0
  296. Jul 29 16:33:46 ipfire suricata: [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3 support is not enabled
  297. Jul 29 16:33:46 ipfire suricata: [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET JA3 Hash - Suspected Cobalt Strike Malleable C2 M1 (set)"; flow:established,to_server; ja3.hash; content:"eb88d0b3e1961a0562f006e5ce2a0b87"; ja3.string; content:"771,49192-49191-49172-49171"; flowbits:set,ET.cobaltstrike.ja3; flowbits:noalert; metadata: former_category JA3; classtype:command-and-control; sid:2028831; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_10_15, malware_family Cobalt_Strike, updated_at 2019_10_15;)" from file /var/lib/suricata/emerging-ja3.rules at line 41
  298. Jul 29 16:33:46 ipfire suricata: [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3(s) support is not enabled
  299. Jul 29 16:33:46 ipfire suricata: [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET JA3 Hash - Suspected Cobalt Strike Malleable C2 (ja3s) M1"; flow:established,from_server; ja3s.hash; content:"649d6810e8392f63dc311eecb6b7098b"; tls.cert_subject; content:!"servicebus.windows.net"; flowbits:isset,ET.cobaltstrike.ja3; metadata: former_category JA3; classtype:command-and-control; sid:2028832; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_10_15, malware_family Cobalt_Strike, updated_at 2019_10_15;)" from file /var/lib/suricata/emerging-ja3.rules at line 43
  300. Jul 29 16:33:47 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=136 TOS=0x00 PREC=0x00 TTL=63 ID=7239 DF PROTO=TCP SPT=34200 DPT=443 WINDOW=4976 RES=0x00 ACK PSH URGP=0
  301. Jul 29 16:33:52 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=136 TOS=0x00 PREC=0x00 TTL=63 ID=7240 DF PROTO=TCP SPT=34200 DPT=443 WINDOW=4976 RES=0x00 ACK PSH URGP=0
  302. Jul 29 16:34:01 ipfire unbound: [9800:0] error: SERVFAIL <google.com. A IN>: all the configured stub or forward servers failed, at zone .
  303. Jul 29 16:34:01 ipfire unbound: [9800:0] error: SERVFAIL <google.com.home. A IN>: all the configured stub or forward servers failed, at zone .
  304. Jul 29 16:34:01 ipfire dhcpcd[24539]: sending signal ALRM to pid 23749
  305. Jul 29 16:34:01 ipfire dhcpcd[24539]: waiting for pid 23749 to exit
  306. Jul 29 16:34:01 ipfire dhcpcd[23749]: received SIGALRM, releasing
  307. Jul 29 16:34:01 ipfire dhcpcd[23749]: red0: removing interface
  308. Jul 29 16:34:01 ipfire dhcpcd[23749]: red0: releasing lease of 192.168.1.2
  309. Jul 29 16:34:01 ipfire dhcpcd[23749]: red0: deleting route to 192.168.1.0/24
  310. Jul 29 16:34:01 ipfire dhcpcd[23749]: red0: deleting default route via 192.168.1.1
  311. Jul 29 16:34:01 ipfire kernel: red0 ate my IP address
  312. Jul 29 16:34:01 ipfire dhcpcd.exe[24540]: red0 has been brought down (STOP)
  313. Jul 29 16:34:01 ipfire dhcpcd[23749]: dhcpcd exited
  314. Jul 29 16:34:03 ipfire kernel: 8021q: adding VLAN 0 to HW filter on device red0
  315. Jul 29 16:34:03 ipfire dhcpcd[24817]: dhcpcd-9.1.2 starting
  316. Jul 29 16:34:03 ipfire dhcpcd[24819]: DUID 00:04:50:fd:87:0c:e4:4d:4b:19:8b:bf:03:6d:e8:bc:e8:df
  317. Jul 29 16:34:03 ipfire dhcpcd[24819]: red0: waiting for carrier
  318. Jul 29 16:34:04 ipfire ntpd[2552]: Deleting interface #180 red0, 192.168.1.2#123, interface stats: received=0, sent=0, dropped=0, active_time=46 secs
  319. Jul 29 16:34:06 ipfire dhcpcd[24819]: red0: carrier acquired
  320. Jul 29 16:34:06 ipfire kernel: igb 0000:04:00.1 red0: igb: red0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX
  321. Jul 29 16:34:06 ipfire dhcpcd[24819]: red0: IAID ed:88:32:68
  322. Jul 29 16:34:06 ipfire dhcpcd[24819]: red0: adding address fe80::2e0:edff:fe88:3268
  323. Jul 29 16:34:06 ipfire dhcpcd[24819]: ipv6_addaddr1: Permission denied
  324. Jul 29 16:34:06 ipfire dhcpcd[24819]: red0: soliciting an IPv6 router
  325. Jul 29 16:34:07 ipfire dhcpcd[24819]: red0: soliciting a DHCP lease
  326. Jul 29 16:34:07 ipfire dhcpcd[24819]: red0: offered 192.168.1.2 from 192.168.1.1
  327. Jul 29 16:34:07 ipfire dhcpcd[24819]: red0: probing address 192.168.1.2/24
  328. Jul 29 16:34:12 ipfire dhcpcd[24819]: red0: leased 192.168.1.2 for 3600 seconds
  329. Jul 29 16:34:12 ipfire dhcpcd[24819]: red0: adding route to 192.168.1.0/24
  330. Jul 29 16:34:12 ipfire dhcpcd[24819]: red0: adding default route via 192.168.1.1
  331. Jul 29 16:34:12 ipfire dhcpcd.exe[24858]: red0 has been (re)configured with IP=192.168.1.2
  332. Jul 29 16:34:14 ipfire ntpd[2552]: Listen normally on 181 red0 192.168.1.2:123
  333. Jul 29 16:34:14 ipfire ntpd[2552]: new interface(s) found: waking up resolver
  334. Jul 29 16:34:17 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.1.195 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=24928 DF PROTO=TCP SPT=50552 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
  335. Jul 29 16:34:23 ipfire suricata: This is Suricata version 5.0.3 RELEASE running in SYSTEM mode
  336. Jul 29 16:34:23 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.12.157 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=48716 DF PROTO=TCP SPT=56394 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
  337. Jul 29 16:34:23 ipfire suricata: [ERRCODE: SC_WARN_NO_STATS_LOGGERS(261)] - stats are enabled but no loggers are active
  338. Jul 29 16:34:23 ipfire suricata: all 8 packet processing threads, 2 management threads initialized, engine started.
  339. Jul 29 16:34:23 ipfire suricata: rule reload starting
  340. Jul 29 16:34:24 ipfire unbound: [9800:0] info: service stopped (unbound 1.10.1).
  341. Jul 29 16:34:24 ipfire unbound: [9800:0] info: server stats for thread 0: 30 queries, 21 answers from cache, 9 recursions, 0 prefetch, 0 rejected by ip ratelimiting
  342. Jul 29 16:34:24 ipfire unbound: [9800:0] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
  343. Jul 29 16:34:24 ipfire unbound: [9800:0] info: average recursion processing time 0.000000 sec
  344. Jul 29 16:34:24 ipfire unbound: [9800:0] info: histogram of recursion processing times
  345. Jul 29 16:34:24 ipfire unbound: [9800:0] info: [25%]=2.5e-07 median[50%]=5e-07 [75%]=7.5e-07
  346. Jul 29 16:34:24 ipfire unbound: [9800:0] info: lower(secs) upper(secs) recursions
  347. Jul 29 16:34:24 ipfire unbound: [9800:0] info: 0.000000 0.000001 9
  348. Jul 29 16:34:24 ipfire unbound: [9800:0] notice: Restart of unbound 1.10.1.
  349. Jul 29 16:34:24 ipfire unbound: [9800:0] notice: init module 0: validator
  350. Jul 29 16:34:24 ipfire unbound: [9800:0] notice: init module 1: iterator
  351. Jul 29 16:34:24 ipfire unbound: [9800:0] info: start of service (unbound 1.10.1).
  352. Jul 29 16:34:24 ipfire unbound: [9800:0] error: SERVFAIL <ping.ipfire.org. A IN>: all the configured stub or forward servers failed, at zone .
  353. Jul 29 16:34:29 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=5.255.255.55 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=40055 DF PROTO=TCP SPT=35754 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
  354. Jul 29 16:34:30 ipfire ntpdate[25138]: adjust time server 81.3.27.46 offset +0.018871 sec
  355. Jul 29 16:34:30 ipfire ipfire: NTP synchronisation
  356. Jul 29 16:34:33 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=01:00:5e:00:00:01:0c:b6:d2:e7:6e:69:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
  357. Jul 29 16:34:38 ipfire pakfire: PAKFIRE INFO: IPFire Pakfire 2.25.1 started!
  358. Jul 29 16:34:38 ipfire pakfire: MIRROR INFO: server-list.db is 6722 seconds old. - DEBUG: force
  359. Jul 29 16:34:38 ipfire pakfire: DOWNLOAD STARTED: 2.25.1/lists/server-list.db
  360. Jul 29 16:34:38 ipfire pakfire: DOWNLOAD INFO: Host: pakfire.ipfire.org (HTTPS) - File: 2.25.1/lists/server-list.db
  361. Jul 29 16:34:39 ipfire unbound: [9800:0] error: SERVFAIL <pakfire.ipfire.org. A IN>: all the configured stub or forward servers failed, at zone .
  362. Jul 29 16:34:39 ipfire unbound: [9800:0] error: SERVFAIL <pakfire.ipfire.org.home. A IN>: all the configured stub or forward servers failed, at zone .
  363. Jul 29 16:34:39 ipfire pakfire: DOWNLOAD INFO: 2.25.1/lists/server-list.db has size of bytes
  364. Jul 29 16:34:39 ipfire pakfire: DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't connect to pakfire.ipfire.org:443 (Name or service not known)
  365. Jul 29 16:34:39 ipfire pakfire: Giving up: There was no chance to get the file 2.25.1/lists/server-list.db from any available server. There was an error on the way. Please fix it.
  366. Jul 29 16:34:39 ipfire pakfire: DB INFO: packages_list.db is 6722 seconds old. - DEBUG: force
  367. Jul 29 16:34:39 ipfire pakfire: DOWNLOAD STARTED: lists/packages_list.db
  368. Jul 29 16:34:39 ipfire pakfire: MIRROR INFO: 2 servers found in list
  369. Jul 29 16:34:39 ipfire pakfire: DOWNLOAD INFO: Host: ipfire.earl-net.com (HTTPS) - File: pakfire2/2.25.1/lists/packages_list.db
  370. Jul 29 16:34:39 ipfire unbound: [9800:0] error: SERVFAIL <ipfire.earl-net.com. A IN>: all the configured stub or forward servers failed, at zone .
  371. Jul 29 16:34:39 ipfire unbound: [9800:0] error: SERVFAIL <ipfire.earl-net.com.home. A IN>: all the configured stub or forward servers failed, at zone .
  372. Jul 29 16:34:39 ipfire pakfire: DOWNLOAD INFO: pakfire2/2.25.1/lists/packages_list.db has size of bytes
  373. Jul 29 16:34:39 ipfire pakfire: DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't connect to ipfire.earl-net.com:443 (Name or service not known)
  374. Jul 29 16:34:39 ipfire pakfire: Giving up: There was no chance to get the file lists/packages_list.db from any available server. There was an error on the way. Please fix it.
  375. Jul 29 16:34:39 ipfire pakfire: CORE INFO: core-list.db is 6720 seconds old. - DEBUG: force
  376. Jul 29 16:34:39 ipfire pakfire: DOWNLOAD STARTED: lists/core-list.db
  377. Jul 29 16:34:39 ipfire pakfire: MIRROR INFO: 2 servers found in list
  378. Jul 29 16:34:39 ipfire pakfire: DOWNLOAD INFO: Host: mirror1.ipfire.org (HTTPS) - File: pakfire2/2.25.1/lists/core-list.db
  379. Jul 29 16:34:39 ipfire unbound: [9800:0] error: SERVFAIL <mirror1.ipfire.org. A IN>: all the configured stub or forward servers failed, at zone .
  380. Jul 29 16:34:39 ipfire unbound: [9800:0] error: SERVFAIL <mirror1.ipfire.org.home. A IN>: all the configured stub or forward servers failed, at zone .
  381. Jul 29 16:34:39 ipfire pakfire: DOWNLOAD INFO: pakfire2/2.25.1/lists/core-list.db has size of bytes
  382. Jul 29 16:34:39 ipfire pakfire: DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't connect to mirror1.ipfire.org:443 (Name or service not known)
  383. Jul 29 16:34:39 ipfire pakfire: Giving up: There was no chance to get the file lists/core-list.db from any available server. There was an error on the way. Please fix it.
  384. Jul 29 16:34:39 ipfire pakfire: PAKFIRE INFO: Pakfire has finished. Closing.
  385. Jul 29 16:34:40 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=48070 DF PROTO=TCP SPT=34602 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
  386. Jul 29 16:34:42 ipfire suricata: [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3 support is not enabled
  387. Jul 29 16:34:42 ipfire suricata: [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET JA3 Hash - Suspected Cobalt Strike Malleable C2 M1 (set)"; flow:established,to_server; ja3.hash; content:"eb88d0b3e1961a0562f006e5ce2a0b87"; ja3.string; content:"771,49192-49191-49172-49171"; flowbits:set,ET.cobaltstrike.ja3; flowbits:noalert; metadata: former_category JA3; classtype:command-and-control; sid:2028831; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_10_15, malware_family Cobalt_Strike, updated_at 2019_10_15;)" from file /var/lib/suricata/emerging-ja3.rules at line 41
  388. Jul 29 16:34:42 ipfire suricata: [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3(s) support is not enabled
  389. Jul 29 16:34:42 ipfire suricata: [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET JA3 Hash - Suspected Cobalt Strike Malleable C2 (ja3s) M1"; flow:established,from_server; ja3s.hash; content:"649d6810e8392f63dc311eecb6b7098b"; tls.cert_subject; content:!"servicebus.windows.net"; flowbits:isset,ET.cobaltstrike.ja3; metadata: former_category JA3; classtype:command-and-control; sid:2028832; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_10_15, malware_family Cobalt_Strike, updated_at 2019_10_15;)" from file /var/lib/suricata/emerging-ja3.rules at line 43
  390. Jul 29 16:35:01 ipfire unbound: [9800:0] error: SERVFAIL <google.com. A IN>: all the configured stub or forward servers failed, at zone .
  391. Jul 29 16:35:01 ipfire unbound: [9800:0] error: SERVFAIL <google.com.home. A IN>: all the configured stub or forward servers failed, at zone .
  392. Jul 29 16:35:01 ipfire dhcpcd[25644]: sending signal ALRM to pid 24819
  393. Jul 29 16:35:01 ipfire dhcpcd[25644]: waiting for pid 24819 to exit
  394. Jul 29 16:35:01 ipfire dhcpcd[24819]: received SIGALRM, releasing
  395. Jul 29 16:35:01 ipfire dhcpcd[24819]: red0: removing interface
  396. Jul 29 16:35:01 ipfire dhcpcd[24819]: red0: releasing lease of 192.168.1.2
  397. Jul 29 16:35:01 ipfire kernel: red0 ate my IP address
  398. Jul 29 16:35:01 ipfire dhcpcd[24819]: red0: deleting route to 192.168.1.0/24
  399. Jul 29 16:35:01 ipfire dhcpcd[24819]: red0: deleting default route via 192.168.1.1
  400. Jul 29 16:35:01 ipfire dhcpcd.exe[25645]: red0 has been brought down (STOP)
  401. Jul 29 16:35:01 ipfire dhcpcd[24819]: dhcpcd exited
  402. Jul 29 16:35:03 ipfire kernel: 8021q: adding VLAN 0 to HW filter on device red0
  403. Jul 29 16:35:03 ipfire dhcpcd[25946]: dhcpcd-9.1.2 starting
  404. Jul 29 16:35:03 ipfire dhcpcd[25948]: DUID 00:04:50:fd:87:0c:e4:4d:4b:19:8b:bf:03:6d:e8:bc:e8:df
  405. Jul 29 16:35:03 ipfire dhcpcd[25948]: red0: waiting for carrier
  406. Jul 29 16:35:04 ipfire ntpd[2552]: Deleting interface #181 red0, 192.168.1.2#123, interface stats: received=0, sent=0, dropped=0, active_time=50 secs
  407. Jul 29 16:35:06 ipfire dhcpcd[25948]: red0: carrier acquired
  408. Jul 29 16:35:06 ipfire kernel: igb 0000:04:00.1 red0: igb: red0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX
  409. Jul 29 16:35:06 ipfire dhcpcd[25948]: red0: IAID ed:88:32:68
  410. Jul 29 16:35:06 ipfire dhcpcd[25948]: red0: adding address fe80::2e0:edff:fe88:3268
  411. Jul 29 16:35:06 ipfire dhcpcd[25948]: ipv6_addaddr1: Permission denied
  412. Jul 29 16:35:06 ipfire dhcpcd[25948]: red0: soliciting an IPv6 router
  413. Jul 29 16:35:06 ipfire dhcpcd[25948]: red0: soliciting a DHCP lease
  414. Jul 29 16:35:10 ipfire dhcpcd[25948]: red0: offered 192.168.1.2 from 192.168.1.1
  415. Jul 29 16:35:10 ipfire dhcpcd[25948]: red0: probing address 192.168.1.2/24
  416. Jul 29 16:35:15 ipfire dhcpcd[25948]: red0: leased 192.168.1.2 for 3600 seconds
  417. Jul 29 16:35:15 ipfire dhcpcd[25948]: red0: adding route to 192.168.1.0/24
  418. Jul 29 16:35:15 ipfire dhcpcd[25948]: red0: adding default route via 192.168.1.1
  419. Jul 29 16:35:15 ipfire dhcpcd.exe[25987]: red0 has been (re)configured with IP=192.168.1.2
  420. Jul 29 16:35:16 ipfire ntpd[2552]: Listen normally on 182 red0 192.168.1.2:123
  421. Jul 29 16:35:16 ipfire ntpd[2552]: new interface(s) found: waking up resolver
  422. Jul 29 16:35:25 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=48071 DF PROTO=TCP SPT=34602 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
  423. Jul 29 16:35:26 ipfire suricata: This is Suricata version 5.0.3 RELEASE running in SYSTEM mode
  424. Jul 29 16:35:26 ipfire suricata: [ERRCODE: SC_WARN_NO_STATS_LOGGERS(261)] - stats are enabled but no loggers are active
  425. Jul 29 16:35:26 ipfire suricata: all 8 packet processing threads, 2 management threads initialized, engine started.
  426. Jul 29 16:35:26 ipfire suricata: rule reload starting
  427. Jul 29 16:35:26 ipfire unbound: [9800:0] info: service stopped (unbound 1.10.1).
  428. Jul 29 16:35:26 ipfire unbound: [9800:0] info: server stats for thread 0: 30 queries, 21 answers from cache, 9 recursions, 0 prefetch, 0 rejected by ip ratelimiting
  429. Jul 29 16:35:26 ipfire unbound: [9800:0] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
  430. Jul 29 16:35:26 ipfire unbound: [9800:0] info: average recursion processing time 0.000000 sec
  431. Jul 29 16:35:26 ipfire unbound: [9800:0] info: histogram of recursion processing times
  432. Jul 29 16:35:26 ipfire unbound: [9800:0] info: [25%]=2.5e-07 median[50%]=5e-07 [75%]=7.5e-07
  433. Jul 29 16:35:26 ipfire unbound: [9800:0] info: lower(secs) upper(secs) recursions
  434. Jul 29 16:35:26 ipfire unbound: [9800:0] info: 0.000000 0.000001 9
  435. Jul 29 16:35:26 ipfire unbound: [9800:0] notice: Restart of unbound 1.10.1.
  436. Jul 29 16:35:26 ipfire unbound: [9800:0] notice: init module 0: validator
  437. Jul 29 16:35:26 ipfire unbound: [9800:0] notice: init module 1: iterator
  438. Jul 29 16:35:26 ipfire unbound: [9800:0] info: start of service (unbound 1.10.1).
  439. Jul 29 16:35:42 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.1.195 LEN=210 TOS=0x00 PREC=0x00 TTL=63 ID=24930 DF PROTO=TCP SPT=50552 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
  440. Jul 29 16:35:42 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.1.195 LEN=98 TOS=0x00 PREC=0x00 TTL=63 ID=24931 DF PROTO=TCP SPT=50552 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
  441. Jul 29 16:35:42 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.1.195 LEN=98 TOS=0x00 PREC=0x00 TTL=63 ID=24932 DF PROTO=TCP SPT=50552 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
  442. Jul 29 16:35:42 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.1.195 LEN=256 TOS=0x00 PREC=0x00 TTL=63 ID=24933 DF PROTO=TCP SPT=50552 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
  443. Jul 29 16:35:43 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.1.195 LEN=256 TOS=0x00 PREC=0x00 TTL=63 ID=24934 DF PROTO=TCP SPT=50552 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
  444. Jul 29 16:35:44 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.1.195 LEN=256 TOS=0x00 PREC=0x00 TTL=63 ID=24935 DF PROTO=TCP SPT=50552 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
  445. Jul 29 16:35:45 ipfire suricata: [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3 support is not enabled
  446. Jul 29 16:35:45 ipfire suricata: [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tls $HOME_NET any -> $EXTERNAL_NET any (msg:"ET JA3 Hash - Suspected Cobalt Strike Malleable C2 M1 (set)"; flow:established,to_server; ja3.hash; content:"eb88d0b3e1961a0562f006e5ce2a0b87"; ja3.string; content:"771,49192-49191-49172-49171"; flowbits:set,ET.cobaltstrike.ja3; flowbits:noalert; metadata: former_category JA3; classtype:command-and-control; sid:2028831; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_10_15, malware_family Cobalt_Strike, updated_at 2019_10_15;)" from file /var/lib/suricata/emerging-ja3.rules at line 41
  447. Jul 29 16:35:45 ipfire suricata: [ERRCODE: SC_WARN_JA3_DISABLED(309)] - ja3(s) support is not enabled
  448. Jul 29 16:35:45 ipfire suricata: [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET JA3 Hash - Suspected Cobalt Strike Malleable C2 (ja3s) M1"; flow:established,from_server; ja3s.hash; content:"649d6810e8392f63dc311eecb6b7098b"; tls.cert_subject; content:!"servicebus.windows.net"; flowbits:isset,ET.cobaltstrike.ja3; metadata: former_category JA3; classtype:command-and-control; sid:2028832; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, deployment Perimeter, signature_severity Major, created_at 2019_10_15, malware_family Cobalt_Strike, updated_at 2019_10_15;)" from file /var/lib/suricata/emerging-ja3.rules at line 43
  449. Jul 29 16:35:46 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.1.195 LEN=256 TOS=0x00 PREC=0x00 TTL=63 ID=24936 DF PROTO=TCP SPT=50552 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
  450. Jul 29 16:35:51 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.1.195 LEN=256 TOS=0x00 PREC=0x00 TTL=63 ID=24937 DF PROTO=TCP SPT=50552 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
  451. Jul 29 16:35:53 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.12.157 LEN=121 TOS=0x00 PREC=0x00 TTL=63 ID=48718 DF PROTO=TCP SPT=56394 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
  452. Jul 29 16:35:53 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.12.157 LEN=98 TOS=0x00 PREC=0x00 TTL=63 ID=48719 DF PROTO=TCP SPT=56394 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
  453. Jul 29 16:35:53 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.12.157 LEN=98 TOS=0x00 PREC=0x00 TTL=63 ID=48720 DF PROTO=TCP SPT=56394 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
  454. Jul 29 16:35:53 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.12.157 LEN=167 TOS=0x00 PREC=0x00 TTL=63 ID=48721 DF PROTO=TCP SPT=56394 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
  455. Jul 29 16:35:54 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.12.157 LEN=167 TOS=0x00 PREC=0x00 TTL=63 ID=48722 DF PROTO=TCP SPT=56394 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
  456. Jul 29 16:35:55 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.12.157 LEN=167 TOS=0x00 PREC=0x00 TTL=63 ID=48723 DF PROTO=TCP SPT=56394 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
  457. Jul 29 16:35:58 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.12.157 LEN=167 TOS=0x00 PREC=0x00 TTL=63 ID=48724 DF PROTO=TCP SPT=56394 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
  458. Jul 29 16:36:00 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=5.255.255.55 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=40057 DF PROTO=TCP SPT=35754 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
  459. Jul 29 16:36:03 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=151.101.12.157 LEN=167 TOS=0x00 PREC=0x00 TTL=63 ID=48725 DF PROTO=TCP SPT=56394 DPT=443 WINDOW=501 RES=0x00 ACK PSH URGP=0
  460. Jul 29 16:36:04 ipfire pakfire: PAKFIRE INFO: IPFire Pakfire 2.25.1 started!
  461. Jul 29 16:36:04 ipfire pakfire: MIRROR INFO: server-list.db is 6808 seconds old. - DEBUG: force
  462. Jul 29 16:36:04 ipfire pakfire: DOWNLOAD STARTED: 2.25.1/lists/server-list.db
  463. Jul 29 16:36:04 ipfire pakfire: DOWNLOAD INFO: Host: pakfire.ipfire.org (HTTPS) - File: 2.25.1/lists/server-list.db
  464. Jul 29 16:36:10 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=48072 DF PROTO=TCP SPT=34602 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
  465. Jul 29 16:36:14 ipfire unbound: [9800:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
  466. Jul 29 16:36:24 ipfire pakfire: DOWNLOAD INFO: 2.25.1/lists/server-list.db has size of bytes
  467. Jul 29 16:36:34 ipfire pakfire: DOWNLOAD INFO: HTTP-Status-Code: 500 - 500 Can't connect to pakfire.ipfire.org:443 (Name or service not known)
  468. Jul 29 16:36:34 ipfire pakfire: Giving up: There was no chance to get the file 2.25.1/lists/server-list.db from any available server. There was an error on the way. Please fix it.
  469. Jul 29 16:36:34 ipfire pakfire: DB INFO: packages_list.db is 6837 seconds old. - DEBUG: force
  470. Jul 29 16:36:34 ipfire pakfire: DOWNLOAD STARTED: lists/packages_list.db
  471. Jul 29 16:36:34 ipfire pakfire: MIRROR INFO: 2 servers found in list
  472. Jul 29 16:36:34 ipfire pakfire: DOWNLOAD INFO: Host: mirror1.ipfire.org (HTTPS) - File: pakfire2/2.25.1/lists/packages_list.db
  473. Jul 29 16:36:38 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=01:00:5e:00:00:01:0c:b6:d2:e7:6e:69:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
  474. Jul 29 16:36:44 ipfire pakfire: DOWNLOAD INFO: pakfire2/2.25.1/lists/packages_list.db has size of bytes
  475. Jul 29 16:36:45 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=5.255.255.55 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=40058 DF PROTO=TCP SPT=35754 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
  476. Jul 29 16:36:52 ipfire pakfire: DOWNLOAD INFO: HTTP-Status-Code: 200 - 200 OK
  477. Jul 29 16:36:52 ipfire pakfire: DOWNLOAD INFO: File received. Start checking signature...
  478. Jul 29 16:36:52 ipfire pakfire: DOWNLOAD ERROR: The downloaded file (pakfire2/2.25.1/lists/packages_list.db) wasn't verified by IPFire.org. Sorry - Exiting...
  479. Jul 29 16:36:53 ipfire pakfire: TIME INFO: Time Server 213.172.105.106 has -0.004369 sec offset to localtime.
  480. Jul 29 16:36:55 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=48073 DF PROTO=TCP SPT=34602 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
  481. Jul 29 16:37:25 ipfire suricata: rule reload complete
  482. Jul 29 16:37:25 ipfire suricata: Signature(s) loaded, Detect thread(s) activated.
  483. Jul 29 16:37:40 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=48074 DF PROTO=TCP SPT=34602 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
  484. Jul 29 16:38:25 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=48075 DF PROTO=TCP SPT=34602 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
  485. Jul 29 16:38:43 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=01:00:5e:00:00:01:0c:b6:d2:e7:6e:69:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
  486. Jul 29 16:39:10 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=48076 DF PROTO=TCP SPT=34602 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
  487. Jul 29 16:39:55 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=48077 DF PROTO=TCP SPT=34602 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
  488. Jul 29 16:40:33 ipfire kernel: DROP_NEWNOTSYN IN=red0 OUT= MAC=00:e0:ed:88:32:68:0c:b6:d2:e7:6e:69:08:00 SRC=104.26.12.18 DST=192.168.1.2 LEN=79 TOS=0x00 PREC=0x80 TTL=57 ID=32148 DF PROTO=TCP SPT=443 DPT=34602 WINDOW=67 RES=0x00 ACK PSH URGP=0
  489. Jul 29 16:40:33 ipfire kernel: DROP_NEWNOTSYN IN=red0 OUT= MAC=00:e0:ed:88:32:68:0c:b6:d2:e7:6e:69:08:00 SRC=104.26.12.18 DST=192.168.1.2 LEN=64 TOS=0x00 PREC=0x80 TTL=57 ID=32149 DF PROTO=TCP SPT=443 DPT=34602 WINDOW=67 RES=0x00 ACK PSH URGP=0
  490. Jul 29 16:40:40 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:e0:ed:88:32:69:80:e8:2c:73:ac:2b:08:00 SRC=10.0.0.2 DST=104.26.12.18 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=48078 DF PROTO=TCP SPT=34602 DPT=443 WINDOW=501 RES=0x00 ACK URGP=0
  491. Jul 29 16:40:48 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=01:00:5e:00:00:01:0c:b6:d2:e7:6e:69:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
  492. Jul 29 16:42:53 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=01:00:5e:00:00:01:0c:b6:d2:e7:6e:69:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
  493. Jul 29 16:44:04 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=ff:ff:ff:ff:ff:ff:d4:5e:ec:6e:43:82:08:00 SRC=192.168.1.6 DST=192.168.1.255 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=48229 DF PROTO=UDP SPT=59292 DPT=65001 LEN=28
  494. Jul 29 16:44:04 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=ff:ff:ff:ff:ff:ff:d4:5e:ec:6e:43:82:08:00 SRC=192.168.1.6 DST=192.168.1.255 LEN=48 TOS=0x00 PREC=0x00 TTL=64 ID=48304 DF PROTO=UDP SPT=59292 DPT=65001 LEN=28
  495. Jul 29 16:44:58 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=01:00:5e:00:00:01:0c:b6:d2:e7:6e:69:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
  496. Jul 29 16:46:39 ipfire sshd[26992]: Accepted password for root from 10.0.0.2 port 39083 ssh2
  497. Jul 29 16:47:03 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=01:00:5e:00:00:01:0c:b6:d2:e7:6e:69:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
  498. Jul 29 16:49:08 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=01:00:5e:00:00:01:0c:b6:d2:e7:6e:69:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
  499. Jul 29 16:51:13 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=01:00:5e:00:00:01:0c:b6:d2:e7:6e:69:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
  500. Jul 29 16:53:18 ipfire kernel: DROP_INPUT IN=red0 OUT= MAC=01:00:5e:00:00:01:0c:b6:d2:e7:6e:69:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=2
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!