API tools faq
paste
Grommish

Untitled

Grommish
Sep 18th, 2020
147
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.26 KB | None | 0 0
raw download clone embed print report
  1. root@OpenWrt:/etc# snort -v -c /etc/snort/snort.lua -i eth0:br-lan --daq-dir /us
  2. r/lib/daq --daq afpacket --daq-var debug --daq-var fanout_type=hash --daq-var fa
  3. nout_flag=defrag -A alert_full --tweaks talos -Q -l /var/log
  4. --------------------------------------------------
  5. o")~ Snort++ 3.0.0-247
  6. --------------------------------------------------
  7. Loading /etc/snort/snort.lua:
  8. ips
  9. dce_http_proxy
  10. wizard
  11. pop
  12. ftp_server
  13. ssl
  14. stream_icmp
  15. ftp_data
  16. dnp3
  17. alerts
  18. telnet
  19. latency
  20. profiler
  21. dce_udp
  22. alert_fast
  23. daq
  24. classifications
  25. imap
  26. references
  27. binder
  28. appid
  29. ftp_client
  30. smtp
  31. gtp_inspect
  32. port_scan
  33. dce_tcp
  34. back_orifice
  35. ssh
  36. rpc_decode
  37. normalizer
  38. stream_tcp
  39. modbus
  40. http2_inspect
  41. http_inspect
  42. arp_spoof
  43. stream_user
  44. stream_udp
  45. stream_ip
  46. stream_file
  47. stream
  48. dce_http_server
  49. dce_smb
  50. sip
  51. file_id
  52. dns
  53. Finished /etc/snort/snort.lua.
  54. Loading builtin:
  55. Finished builtin.
  56. Loading /etc/snort/snort3-community-rules/snort3-community.rules:
  57. Finished /etc/snort/snort3-community-rules/snort3-community.rules.
  58. --------------------------------------------------
  59. rule counts
  60. total rules loaded: 1300
  61. text rules: 829
  62. builtin rules: 471
  63. option chains: 1300
  64. chain headers: 46
  65. --------------------------------------------------
  66. port rule counts
  67. tcp udp icmp ip
  68. any 534 3 0 0
  69. src 124 3 0 0
  70. dst 539 98 0 0
  71. both 0 1 0 0
  72. total 1197 105 0 0
  73. --------------------------------------------------
  74. flowbits
  75. defined: 20
  76. not checked: 11
  77. not set: 3
  78. --------------------------------------------------
  79. service rule counts - tcp to-srv to-cli
  80. dns: 1 0
  81. ftp: 7 2
  82. ftp-data: 0 8
  83. http: 485 92
  84. imap: 0 8
  85. irc: 4 1
  86. netbios-ssn: 15 1
  87. pop3: 0 8
  88. smtp: 16 0
  89. ssl: 14 31
  90. telnet: 1 0
  91. total: 543 151
  92. --------------------------------------------------
  93. service rule counts - udp to-srv to-cli
  94. dns: 88 2
  95. http: 4 0
  96. total: 92 2
  97. --------------------------------------------------
  98. fast pattern port groups src dst any
  99. packet: 13 24 2
  100. --------------------------------------------------
  101. fast pattern service groups to-srv to-cli
  102. packet: 10 6
  103. key: 1 0
  104. header: 1 4
  105. body: 1 0
  106. file: 2 4
  107. --------------------------------------------------
  108. search engine
  109. instances: 65
  110. patterns: 2719
  111. pattern chars: 49786
  112. num states: 38972
  113. num match states: 2649
  114. memory scale: MB
  115. total memory: 1.04895
  116. pattern memory: 0.151139
  117. match list memory: 0.384735
  118. transition memory: 0.505138
  119. Binder
  120. Wizard
  121. Normalizer config:
  122. ip4.base: on
  123. ip4.df: off
  124. ip4.rf: off
  125. ip4.tos: off
  126. ip4.trim: off
  127. ip4.ttl: on (min=1, new=5)
  128. icmp4: off
  129. icmp6: off
  130. tcp.ecn: off
  131. tcp.block: on
  132. tcp.rsv: on
  133. tcp.pad: on
  134. tcp.req_urg: on
  135. tcp.req_pay: on
  136. tcp.req_urp: on
  137. tcp.urp: on
  138. tcp.opt: on (allow )
  139. tcp.ips: on
  140. tcp.trim_syn: off
  141. tcp.trim_rst: off
  142. tcp.trim_win: off
  143. tcp.trim_mss: off
  144. Stream ICMP config:
  145. Timeout: 30 seconds
  146. Stream IP config:
  147. Timeout: 30 seconds
  148. Defrag engine config:
  149. engine-based policy: LINUX
  150. Fragment timeout: 30 seconds
  151. Fragment min_ttl: 1
  152. Max frags: 8192
  153. Max overlaps: 0
  154. Min fragment Length: 0
  155. Stream UDP config:
  156. Timeout: 30 seconds
  157. Stream user config:
  158. Timeout: 30 seconds
  159. Stream TCP Policy config:
  160. Reassembly Policy: bsd
  161. Timeout: 30 seconds
  162. Maximum number of bytes to queue per session: 1048576
  163. Maximum number of segs to queue per session: 2621
  164. Require 3-Way Handshake: NO
  165. back_orifice
  166. arpspoof configured
  167. HttpInspect
  168. DNS
  169. POP config:
  170. Base64 Decoding: Enabled
  171. Base64 Decoding Depth: 1460
  172. Quoted-Printable Decoding: Enabled
  173. Quoted-Printable Decoding Depth: 1460
  174. Unix-to-Unix Decoding: Enabled
  175. Unix-to-Unix Decoding Depth: 1460
  176. Non-Encoded MIME attachment Extraction: Enabled
  177. Non-Encoded MIME attachment Extraction Depth: 1460
  178.  
  179. SIP config:
  180. Max number of dialogs in a session: 4 (Default)
  181. Ignore media channel: DISABLED
  182. Max URI length: 256 (Default)
  183. Max Call ID length: 256 (Default)
  184. Max Request name length: 20 (Default)
  185. Max From length: 256 (Default)
  186. Max To length: 256 (Default)
  187. Max Via length: 1024 (Default)
  188. Max Contact length: 256 (Default)
  189. Max Content length: 1024 (Default)
  190.  
  191. Methods:
  192. invite cancel ack bye register options
  193. DCE SMB config:
  194. Defragmentation: ENABLED
  195. Max Fragment length: 65535
  196. Policy : WinXP
  197. Reassemble Threshold : 0
  198. SMB fingerprint policy : Disabled
  199. Maximum SMB command chaining: 3
  200. Maximum SMB compounded requests: 3
  201. SMB file inspection: Disabled
  202. SMB valid versions : all
  203. ftp_server:
  204. Check for Telnet Cmds: OFF
  205. Ignore Telnet Cmd Operations: OFF
  206. Ignore open data channels: NO
  207. Check for Encrypted Traffic: OFF
  208. Continue to check encrypted data: NO
  209. SSL config:
  210.  
  211. DNP3 config:
  212. Check CRC: DISABLED
  213. TELNET CONFIG:
  214. Are You There Threshold: -1
  215. Normalize: NO
  216. Check for Encrypted Traffic: OFF
  217. Continue to check encrypted data: NO
  218. DCE UDP config:
  219. Defragmentation: ENABLED
  220. Max Fragment length: 65535
  221. SMTP Config:
  222. Normalize: none
  223. Ignore Data: No
  224. Ignore TLS Data: No
  225. Max Command Line Length: Unlimited
  226. Max Specific Command Line Length: None
  227. Max Header Line Length: Unlimited
  228. Max Auth Command Line Length: 1000
  229. Max Response Line Length: Unlimited
  230. X-Link2State Enabled: Yes
  231. Drop on X-Link2State Alert: No
  232. Alert on commands: None
  233. Base64 Decoding: Enabled
  234. Base64 Decoding Depth: 1464
  235. Quoted-Printable Decoding: Enabled
  236. Quoted-Printable Decoding Depth: 1464
  237. Unix-to-Unix Decoding: Enabled
  238. Unix-to-Unix Decoding Depth: 1464
  239. Non-Encoded MIME attachment Extraction: Enabled
  240. Non-Encoded MIME attachment Extraction Depth: 1464
  241. Log Attachment filename: Enabled
  242. Log MAIL FROM Address: Not Enabled
  243. Log RCPT TO Addresses: Not Enabled
  244. Log Email Headers: Not Enabled
  245. Http2Inspect
  246. IMAP config:
  247. Base64 Decoding: Enabled
  248. Base64 Decoding Depth: 1460
  249. Quoted-Printable Decoding: Enabled
  250. Quoted-Printable Decoding Depth: 1460
  251. Unix-to-Unix Decoding: Enabled
  252. Unix-to-Unix Decoding Depth: 1460
  253. Non-Encoded MIME attachment Extraction: Enabled
  254. Non-Encoded MIME attachment Extraction Depth: 1460
  255.  
  256. rpc_decode
  257. SSH config:
  258. Max Encrypted Packets: 25
  259. Max Server Version String Length: 80
  260. MaxClientBytes: 19600
  261.  
  262. DCE TCP config:
  263. Defragmentation: ENABLED
  264. Max Fragment length: 65535
  265. Policy : WinXP
  266. Reassemble Threshold : 0
  267. AppId Configuration
  268. Detector Path: (null)
  269. appSt[ 827.869031] device br-lan entered promiscuous mode
  270. ats Logging: disabled
  271. appStats Period: 300 secs
  272. appStats Rollover Size: 20971520 bytes
  273. appStats Rollover time: 86400 secs
  274.  
  275. Portscan Detection Config:
  276. Detect Protocols: TCP UDP ICMP IP
  277. Detect Scan Type: portscan portsweep decoy_portscan distributed_portscan
  278. Memcap (in bytes): 1048576
  279. Number of Nodes: 6898
  280. --------------------------------------------------
  281. afpacket DAQ configured to inline.
  282. Commencing packet processing
  283. ++ [0] eth0:br-lan
  284. Version: 1
  285. Header Length: 32
  286. AFPacket Layout:
  287. Frame Size: 1584
  288. Frames: 21180
  289. Block Size: 32768 (Order 3)
  290. Blocks: 1059
  291. Created a ring of type 5 with total size of 34701312
  292. AFPacket Layout:
  293. Frame Size: 1584
  294. Frames: 21180
  295. Block Size: 32768 (Order 3)
  296. Blocks: 1059
  297. Created a ring of type 13 with total size of 34701312
  298. [ 827.957018] device eth0 entered promiscuous mode
  299. Version: 1
  300. Header Length: 32
  301. AFPacket Layout:
  302. Frame Size: 1584
  303. Frames: 21180
  304. Block Size: 32768 (Order 3)
  305. Blocks: 1059
  306. Created a ring of type 5 with total size of 34701312
  307. AFPacket Layout:
  308. Frame Size: 1584
  309. Frames: 21180
  310. Block Size: 32768 (Order 3)
  311. Blocks: 1059
  312. Created a ring of type 13 with total size of 34701312
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!