Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- root@OpenWrt:/etc# snort -v -c /etc/snort/snort.lua -i eth0:br-lan --daq-dir /us
- r/lib/daq --daq afpacket --daq-var debug --daq-var fanout_type=hash --daq-var fa
- nout_flag=defrag -A alert_full --tweaks talos -Q -l /var/log
- --------------------------------------------------
- o")~ Snort++ 3.0.0-247
- --------------------------------------------------
- Loading /etc/snort/snort.lua:
- ips
- dce_http_proxy
- wizard
- pop
- ftp_server
- ssl
- stream_icmp
- ftp_data
- dnp3
- alerts
- telnet
- latency
- profiler
- dce_udp
- alert_fast
- daq
- classifications
- imap
- references
- binder
- appid
- ftp_client
- smtp
- gtp_inspect
- port_scan
- dce_tcp
- back_orifice
- ssh
- rpc_decode
- normalizer
- stream_tcp
- modbus
- http2_inspect
- http_inspect
- arp_spoof
- stream_user
- stream_udp
- stream_ip
- stream_file
- stream
- dce_http_server
- dce_smb
- sip
- file_id
- dns
- Finished /etc/snort/snort.lua.
- Loading builtin:
- Finished builtin.
- Loading /etc/snort/snort3-community-rules/snort3-community.rules:
- Finished /etc/snort/snort3-community-rules/snort3-community.rules.
- --------------------------------------------------
- rule counts
- total rules loaded: 1300
- text rules: 829
- builtin rules: 471
- option chains: 1300
- chain headers: 46
- --------------------------------------------------
- port rule counts
- tcp udp icmp ip
- any 534 3 0 0
- src 124 3 0 0
- dst 539 98 0 0
- both 0 1 0 0
- total 1197 105 0 0
- --------------------------------------------------
- flowbits
- defined: 20
- not checked: 11
- not set: 3
- --------------------------------------------------
- service rule counts - tcp to-srv to-cli
- dns: 1 0
- ftp: 7 2
- ftp-data: 0 8
- http: 485 92
- imap: 0 8
- irc: 4 1
- netbios-ssn: 15 1
- pop3: 0 8
- smtp: 16 0
- ssl: 14 31
- telnet: 1 0
- total: 543 151
- --------------------------------------------------
- service rule counts - udp to-srv to-cli
- dns: 88 2
- http: 4 0
- total: 92 2
- --------------------------------------------------
- fast pattern port groups src dst any
- packet: 13 24 2
- --------------------------------------------------
- fast pattern service groups to-srv to-cli
- packet: 10 6
- key: 1 0
- header: 1 4
- body: 1 0
- file: 2 4
- --------------------------------------------------
- search engine
- instances: 65
- patterns: 2719
- pattern chars: 49786
- num states: 38972
- num match states: 2649
- memory scale: MB
- total memory: 1.04895
- pattern memory: 0.151139
- match list memory: 0.384735
- transition memory: 0.505138
- Binder
- Wizard
- Normalizer config:
- ip4.base: on
- ip4.df: off
- ip4.rf: off
- ip4.tos: off
- ip4.trim: off
- ip4.ttl: on (min=1, new=5)
- icmp4: off
- icmp6: off
- tcp.ecn: off
- tcp.block: on
- tcp.rsv: on
- tcp.pad: on
- tcp.req_urg: on
- tcp.req_pay: on
- tcp.req_urp: on
- tcp.urp: on
- tcp.opt: on (allow )
- tcp.ips: on
- tcp.trim_syn: off
- tcp.trim_rst: off
- tcp.trim_win: off
- tcp.trim_mss: off
- Stream ICMP config:
- Timeout: 30 seconds
- Stream IP config:
- Timeout: 30 seconds
- Defrag engine config:
- engine-based policy: LINUX
- Fragment timeout: 30 seconds
- Fragment min_ttl: 1
- Max frags: 8192
- Max overlaps: 0
- Min fragment Length: 0
- Stream UDP config:
- Timeout: 30 seconds
- Stream user config:
- Timeout: 30 seconds
- Stream TCP Policy config:
- Reassembly Policy: bsd
- Timeout: 30 seconds
- Maximum number of bytes to queue per session: 1048576
- Maximum number of segs to queue per session: 2621
- Require 3-Way Handshake: NO
- back_orifice
- arpspoof configured
- HttpInspect
- DNS
- POP config:
- Base64 Decoding: Enabled
- Base64 Decoding Depth: 1460
- Quoted-Printable Decoding: Enabled
- Quoted-Printable Decoding Depth: 1460
- Unix-to-Unix Decoding: Enabled
- Unix-to-Unix Decoding Depth: 1460
- Non-Encoded MIME attachment Extraction: Enabled
- Non-Encoded MIME attachment Extraction Depth: 1460
- SIP config:
- Max number of dialogs in a session: 4 (Default)
- Ignore media channel: DISABLED
- Max URI length: 256 (Default)
- Max Call ID length: 256 (Default)
- Max Request name length: 20 (Default)
- Max From length: 256 (Default)
- Max To length: 256 (Default)
- Max Via length: 1024 (Default)
- Max Contact length: 256 (Default)
- Max Content length: 1024 (Default)
- Methods:
- invite cancel ack bye register options
- DCE SMB config:
- Defragmentation: ENABLED
- Max Fragment length: 65535
- Policy : WinXP
- Reassemble Threshold : 0
- SMB fingerprint policy : Disabled
- Maximum SMB command chaining: 3
- Maximum SMB compounded requests: 3
- SMB file inspection: Disabled
- SMB valid versions : all
- ftp_server:
- Check for Telnet Cmds: OFF
- Ignore Telnet Cmd Operations: OFF
- Ignore open data channels: NO
- Check for Encrypted Traffic: OFF
- Continue to check encrypted data: NO
- SSL config:
- DNP3 config:
- Check CRC: DISABLED
- TELNET CONFIG:
- Are You There Threshold: -1
- Normalize: NO
- Check for Encrypted Traffic: OFF
- Continue to check encrypted data: NO
- DCE UDP config:
- Defragmentation: ENABLED
- Max Fragment length: 65535
- SMTP Config:
- Normalize: none
- Ignore Data: No
- Ignore TLS Data: No
- Max Command Line Length: Unlimited
- Max Specific Command Line Length: None
- Max Header Line Length: Unlimited
- Max Auth Command Line Length: 1000
- Max Response Line Length: Unlimited
- X-Link2State Enabled: Yes
- Drop on X-Link2State Alert: No
- Alert on commands: None
- Base64 Decoding: Enabled
- Base64 Decoding Depth: 1464
- Quoted-Printable Decoding: Enabled
- Quoted-Printable Decoding Depth: 1464
- Unix-to-Unix Decoding: Enabled
- Unix-to-Unix Decoding Depth: 1464
- Non-Encoded MIME attachment Extraction: Enabled
- Non-Encoded MIME attachment Extraction Depth: 1464
- Log Attachment filename: Enabled
- Log MAIL FROM Address: Not Enabled
- Log RCPT TO Addresses: Not Enabled
- Log Email Headers: Not Enabled
- Http2Inspect
- IMAP config:
- Base64 Decoding: Enabled
- Base64 Decoding Depth: 1460
- Quoted-Printable Decoding: Enabled
- Quoted-Printable Decoding Depth: 1460
- Unix-to-Unix Decoding: Enabled
- Unix-to-Unix Decoding Depth: 1460
- Non-Encoded MIME attachment Extraction: Enabled
- Non-Encoded MIME attachment Extraction Depth: 1460
- rpc_decode
- SSH config:
- Max Encrypted Packets: 25
- Max Server Version String Length: 80
- MaxClientBytes: 19600
- DCE TCP config:
- Defragmentation: ENABLED
- Max Fragment length: 65535
- Policy : WinXP
- Reassemble Threshold : 0
- AppId Configuration
- Detector Path: (null)
- appSt[ 827.869031] device br-lan entered promiscuous mode
- ats Logging: disabled
- appStats Period: 300 secs
- appStats Rollover Size: 20971520 bytes
- appStats Rollover time: 86400 secs
- Portscan Detection Config:
- Detect Protocols: TCP UDP ICMP IP
- Detect Scan Type: portscan portsweep decoy_portscan distributed_portscan
- Memcap (in bytes): 1048576
- Number of Nodes: 6898
- --------------------------------------------------
- afpacket DAQ configured to inline.
- Commencing packet processing
- ++ [0] eth0:br-lan
- Version: 1
- Header Length: 32
- AFPacket Layout:
- Frame Size: 1584
- Frames: 21180
- Block Size: 32768 (Order 3)
- Blocks: 1059
- Created a ring of type 5 with total size of 34701312
- AFPacket Layout:
- Frame Size: 1584
- Frames: 21180
- Block Size: 32768 (Order 3)
- Blocks: 1059
- Created a ring of type 13 with total size of 34701312
- [ 827.957018] device eth0 entered promiscuous mode
- Version: 1
- Header Length: 32
- AFPacket Layout:
- Frame Size: 1584
- Frames: 21180
- Block Size: 32768 (Order 3)
- Blocks: 1059
- Created a ring of type 5 with total size of 34701312
- AFPacket Layout:
- Frame Size: 1584
- Frames: 21180
- Block Size: 32768 (Order 3)
- Blocks: 1059
- Created a ring of type 13 with total size of 34701312
Add Comment
Please, Sign In to add comment