Guest User

Teste

a guest
Jul 31st, 2014
336
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # snort -c /data/IDS/snort-2.9.6.1/etc/snort.conf -i eth0
  2. Running in IDS mode
  3.  
  4. --== Initializing Snort ==--
  5. Initializing Output Plugins!
  6. Initializing Preprocessors!
  7. Initializing Plug-ins!
  8. Parsing Rules file "/data/IDS/snort-2.9.6.1/etc/snort.conf"
  9. PortVar 'HTTP_PORTS' defined : [ 36 80:90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 2231 2301 2381 2809 3029 3037 3057 3128 3443 3702 4000 4343 4848 5117 5250 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777 7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8500 8509 8800 8888 8899 9000 9060 9080 9090:9091 9111 9443 9999:10000 11371 12601 15489 29991 33300 34412 34443:34444 41080 44449 50000 50002 51423 53331 55252 55555 56712 ]
  10. PortVar 'SHELLCODE_PORTS' defined : [ 0:79 81:65535 ]
  11. PortVar 'ORACLE_PORTS' defined : [ 1024:65535 ]
  12. PortVar 'SSH_PORTS' defined : [ 22 ]
  13. PortVar 'FTP_PORTS' defined : [ 21 2100 3535 ]
  14. PortVar 'SIP_PORTS' defined : [ 5060:5061 5600 ]
  15. PortVar 'FILE_DATA_PORTS' defined : [ 36 80:90 110 143 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 2231 2301 2381 2809 3029 3037 3057 3128 3443 3702 4000 4343 4848 5117 5250 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777 7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8500 8509 8800 8888 8899 9000 9060 9080 9090:9091 9111 9443 9999:10000 11371 12601 15489 29991 33300 34412 34443:34444 41080 44449 50000 50002 51423 53331 55252 55555 56712 ]
  16. PortVar 'GTP_PORTS' defined : [ 2123 2152 3386 ]
  17. Detection:
  18. Search-Method = AC-Full-Q
  19. Split Any/Any group = enabled
  20. Search-Method-Optimizations = enabled
  21. Maximum pattern length = 20
  22. Found profile_preprocs config directive (print all, sort avg_ticks)
  23. Found profile_rules config directive (print all, sort avg_ticks)
  24. Tagged Packet Limit: 256
  25. Log directory = /var/log/snort
  26. WARNING: ip4 normalizations disabled because not inline.
  27. WARNING: tcp normalizations disabled because not inline.
  28. WARNING: icmp4 normalizations disabled because not inline.
  29. Frag3 global config:
  30. Max frags: 65536
  31. Fragment memory cap: 4194304 bytes
  32. Frag3 engine config:
  33. Bound Address: default
  34. Target-based policy: WINDOWS
  35. Fragment timeout: 180 seconds
  36. Fragment min_ttl: 1
  37. Fragment Anomalies: Alert
  38. Overlap Limit: 10
  39. Min fragment Length: 100
  40. Stream5 global config:
  41. Track TCP sessions: ACTIVE
  42. Max TCP sessions: 262144
  43. TCP cache pruning timeout: 30 seconds
  44. TCP cache nominal timeout: 3600 seconds
  45. Memcap (for reassembly packet storage): 8388608
  46. Track UDP sessions: ACTIVE
  47. Max UDP sessions: 131072
  48. UDP cache pruning timeout: 30 seconds
  49. UDP cache nominal timeout: 180 seconds
  50. Track ICMP sessions: INACTIVE
  51. Track IP sessions: INACTIVE
  52. Log info if session memory consumption exceeds 1048576
  53. Send up to 2 active responses
  54. Wait at least 5 seconds between responses
  55. Protocol Aware Flushing: ACTIVE
  56. Maximum Flush Point: 16000
  57. Max Expected Streams: 768
  58. Stream5 TCP Policy config:
  59. Bound Address: default
  60. Reassembly Policy: WINDOWS
  61. Timeout: 180 seconds
  62. Limit on TCP Overlaps: 10
  63. Maximum number of bytes to queue per session: 1048576
  64. Maximum number of segs to queue per session: 2621
  65. Options:
  66. Require 3-Way Handshake: YES
  67. 3-Way Handshake Timeout: 180
  68. Detect Anomalies: YES
  69. Reassembly Ports:
  70. 21 client (Footprint)
  71. 22 client (Footprint)
  72. 23 client (Footprint)
  73. 25 client (Footprint)
  74. 36 client (Footprint) server (Footprint)
  75. 42 client (Footprint)
  76. 53 client (Footprint)
  77. 70 client (Footprint)
  78. 79 client (Footprint)
  79. 80 client (Footprint) server (Footprint)
  80. 81 client (Footprint) server (Footprint)
  81. 82 client (Footprint) server (Footprint)
  82. 83 client (Footprint) server (Footprint)
  83. 84 client (Footprint) server (Footprint)
  84. 85 client (Footprint) server (Footprint)
  85. 86 client (Footprint) server (Footprint)
  86. 87 client (Footprint) server (Footprint)
  87. 88 client (Footprint) server (Footprint)
  88. 89 client (Footprint) server (Footprint)
  89. 90 client (Footprint) server (Footprint)
  90. additional ports configured but not printed.
  91. Stream5 UDP Policy config:
  92. Timeout: 180 seconds
  93. HttpInspect Config:
  94. GLOBAL CONFIG
  95. Max Pipeline Requests: 0
  96. Inspection Type: STATELESS
  97. Detect Proxy Usage: NO
  98. IIS Unicode Map Filename: /data/IDS/snort-2.9.6.1/etc/unicode.map
  99. IIS Unicode Map Codepage: 1252
  100. Memcap used for logging URI and Hostname: 150994944
  101. Max Gzip Memory: 838860
  102. Max Gzip Sessions: 9532
  103. Gzip Compress Depth: 65535
  104. Gzip Decompress Depth: 65535
  105. DEFAULT SERVER CONFIG:
  106. Server profile: All
  107. Ports (PAF): 36 80 81 82 83 84 85 86 87 88 89 90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1741 1830 2231 2301 2381 2809 3029 3037 3057 3128 3443 3702 4000 4343 4848 5117 5250 6080 6173 6988 7000 7001 7071 7144 7145 7510 7770 7777 7779 8000 8008 8014 8028 8080 8081 8082 8085 8088 8090 8118 8123 8180 8181 8222 8243 8280 8300 8500 8509 8800 8888 8899 9000 9060 9080 9090 9091 9111 9443 9999 10000 11371 12601 15489 29991 33300 34412 34443 34444 41080 44449 50000 50002 51423 53331 55252 55555 56712
  108. Server Flow Depth: 10
  109. Client Flow Depth: 10
  110. Max Chunk Length: 500000
  111. Small Chunk Length Evasion: chunk size <= 10, threshold >= 5 times
  112. Max Header Field Length: 750
  113. Max Number Header Fields: 100
  114. Max Number of WhiteSpaces allowed with header folding: 200
  115. Inspect Pipeline Requests: YES
  116. URI Discovery Strict Mode: NO
  117. Allow Proxy Usage: NO
  118. Disable Alerting: NO
  119. Oversize Dir Length: 500
  120. Only inspect URI: NO
  121. Normalize HTTP Headers: YES
  122. Inspect HTTP Cookies: NO
  123. Inspect HTTP Responses: YES
  124. Extract Gzip from responses: YES
  125. Unlimited decompression of gzip data from responses: YES
  126. Normalize Javascripts in HTTP Responses: YES
  127. Max Number of WhiteSpaces allowed with Javascript Obfuscation in HTTP responses: 200
  128. Normalize HTTP Cookies: NO
  129. Enable XFF and True Client IP: NO
  130. Log HTTP URI data: NO
  131. Log HTTP Hostname data: NO
  132. Extended ASCII code support in URI: NO
  133. Ascii: YES alert: NO
  134. Double Decoding: YES alert: NO
  135. %U Encoding: YES alert: YES
  136. Bare Byte: YES alert: NO
  137. UTF 8: YES alert: NO
  138. IIS Unicode: YES alert: NO
  139. Multiple Slash: YES alert: NO
  140. IIS Backslash: YES alert: NO
  141. Directory Traversal: YES alert: NO
  142. Web Root Traversal: YES alert: NO
  143. Apache WhiteSpace: YES alert: NO
  144. IIS Delimiter: YES alert: NO
  145. IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
  146. Non-RFC Compliant Characters: NONE
  147. Whitespace Characters: 0x09 0x0b 0x0c 0x0d
  148.  
  149. +++++++++++++++++++++++++++++++++++++++++++++++++++
  150. Initializing rule chains...
  151. 0 Snort rules read
  152. 0 detection rules
  153. 0 decoder rules
  154. 0 preprocessor rules
  155. 0 Option Chains linked into 0 Chain Headers
  156. 0 Dynamic rules
  157. +++++++++++++++++++++++++++++++++++++++++++++++++++
  158.  
  159. +-------------------[Rule Port Counts]---------------------------------------
  160. | tcp udp icmp ip
  161. | src 0 0 0 0
  162. | dst 0 0 0 0
  163. | any 0 0 0 0
  164. | nc 0 0 0 0
  165. | s+d 0 0 0 0
  166. +----------------------------------------------------------------------------
  167.  
  168. +-----------------------[detection-filter-config]------------------------------
  169. | memory-cap : 1048576 bytes
  170. +-----------------------[detection-filter-rules]-------------------------------
  171. | none
  172. -------------------------------------------------------------------------------
  173.  
  174. +-----------------------[rate-filter-config]-----------------------------------
  175. | memory-cap : 1048576 bytes
  176. +-----------------------[rate-filter-rules]------------------------------------
  177. | none
  178. -------------------------------------------------------------------------------
  179.  
  180. +-----------------------[event-filter-config]----------------------------------
  181. | memory-cap : 1048576 bytes
  182. +-----------------------[event-filter-global]----------------------------------
  183. +-----------------------[event-filter-local]-----------------------------------
  184. | none
  185. +-----------------------[suppression]------------------------------------------
  186. | none
  187. -------------------------------------------------------------------------------
  188. Rule application order: activation->dynamic->pass->drop->sdrop->reject->alert->log
  189. Verifying Preprocessor Configurations!
  190. ICMP tracking disabled, no ICMP sessions allocated
  191. IP tracking disabled, no IP sessions allocated
  192. pcap DAQ configured to passive.
  193. Acquiring network traffic from "eth0".
  194. Reload thread starting...
  195. Reload thread started, thread 0xe74e0b90 (7994)
  196. Decoding Ethernet
  197.  
  198. --== Initialization Complete ==--
  199.  
  200. ,,_ -*> Snort! <*-
  201. o" )~ Version 2.9.6.1 GRE (Build 56)
  202. '''' By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team
  203. Copyright (C) 2014 Cisco and/or its affiliates. All rights reserved.
  204. Copyright (C) 1998-2013 Sourcefire, Inc., et al.
  205. Using libpcap version 1.2.1
  206. Using PCRE version: 7.0 18-Dec-2006
  207. Using ZLIB version: 1.2.7
  208.  
  209. Commencing packet processing (pid=7993)
  210. ^C*** Caught Int-Signal
  211. ===============================================================================
  212. Run time for packet processing was 8.1071 seconds
  213. Snort processed 11 packets.
  214. Snort ran for 0 days 0 hours 0 minutes 8 seconds
  215. Pkts/sec: 1
  216. Preprocessor Profile Statistics (all)
  217. ==========================================================
  218. Num Preprocessor Layer Checks Exits Microsecs Avg/Check Pct of Caller Pct of Total
  219. === ============ ===== ====== ===== ========= ========= ============= ============
  220. 1 s5 0 6 6 19 3.30 13.26 13.26
  221. 1 s5tcp 1 6 6 10 1.75 53.01 7.03
  222. 2 decode 0 11 11 29 2.69 19.86 19.86
  223. 3 eventq 0 22 22 6 0.32 4.67 4.67
  224. total total 0 11 11 149 13.57 0.00 0.00
  225. Rule Profile Statistics (all rules)
  226. ==========================================================
  227. No rules were profiled
  228. ===============================================================================
  229. Memory usage summary:
  230. Total non-mmapped bytes (arena): 2932736
  231. Bytes in mapped regions (hblkhd): 6873088
  232. Total allocated space (uordblks): 1192608
  233. Total free space (fordblks): 1740128
  234. Topmost releasable block (keepcost): 1448
  235. ===============================================================================
  236. Packet I/O Totals:
  237. Received: 12
  238. Analyzed: 11 ( 91.667%)
  239. Dropped: 0 ( 0.000%)
  240. Filtered: 0 ( 0.000%)
  241. Outstanding: 1 ( 8.333%)
  242. Injected: 0
  243. ===============================================================================
  244. Breakdown by protocol (includes rebuilt packets):
  245. Eth: 11 (100.000%)
  246. VLAN: 0 ( 0.000%)
  247. IP4: 6 ( 54.545%)
  248. Frag: 0 ( 0.000%)
  249. ICMP: 0 ( 0.000%)
  250. UDP: 0 ( 0.000%)
  251. TCP: 6 ( 54.545%)
  252. IP6: 0 ( 0.000%)
  253. IP6 Ext: 0 ( 0.000%)
  254. IP6 Opts: 0 ( 0.000%)
  255. Frag6: 0 ( 0.000%)
  256. ICMP6: 0 ( 0.000%)
  257. UDP6: 0 ( 0.000%)
  258. TCP6: 0 ( 0.000%)
  259. Teredo: 0 ( 0.000%)
  260. ICMP-IP: 0 ( 0.000%)
  261. EAPOL: 0 ( 0.000%)
  262. IP4/IP4: 0 ( 0.000%)
  263. IP4/IP6: 0 ( 0.000%)
  264. IP6/IP4: 0 ( 0.000%)
  265. IP6/IP6: 0 ( 0.000%)
  266. GRE: 0 ( 0.000%)
  267. GRE Eth: 0 ( 0.000%)
  268. GRE VLAN: 0 ( 0.000%)
  269. GRE IP4: 0 ( 0.000%)
  270. GRE IP6: 0 ( 0.000%)
  271. GRE IP6 Ext: 0 ( 0.000%)
  272. GRE PPTP: 0 ( 0.000%)
  273. GRE ARP: 0 ( 0.000%)
  274. GRE IPX: 0 ( 0.000%)
  275. GRE Loop: 0 ( 0.000%)
  276. MPLS: 0 ( 0.000%)
  277. ARP: 0 ( 0.000%)
  278. IPX: 0 ( 0.000%)
  279. Eth Loop: 0 ( 0.000%)
  280. Eth Disc: 0 ( 0.000%)
  281. IP4 Disc: 0 ( 0.000%)
  282. IP6 Disc: 0 ( 0.000%)
  283. TCP Disc: 0 ( 0.000%)
  284. UDP Disc: 0 ( 0.000%)
  285. ICMP Disc: 0 ( 0.000%)
  286. All Discard: 0 ( 0.000%)
  287. Other: 5 ( 45.455%)
  288. Bad Chk Sum: 0 ( 0.000%)
  289. Bad TTL: 0 ( 0.000%)
  290. S5 G 1: 0 ( 0.000%)
  291. S5 G 2: 0 ( 0.000%)
  292. Total: 11
  293. ===============================================================================
  294. Action Stats:
  295. Alerts: 0 ( 0.000%)
  296. Logged: 0 ( 0.000%)
  297. Passed: 0 ( 0.000%)
  298. Limits:
  299. Match: 0
  300. Queue: 0
  301. Log: 0
  302. Event: 0
  303. Alert: 0
  304. Verdicts:
  305. Allow: 11 ( 91.667%)
  306. Block: 0 ( 0.000%)
  307. Replace: 0 ( 0.000%)
  308. Whitelist: 0 ( 0.000%)
  309. Blacklist: 0 ( 0.000%)
  310. Ignore: 0 ( 0.000%)
  311. ===============================================================================
  312. Frag3 statistics:
  313. Total Fragments: 0
  314. Frags Reassembled: 0
  315. Discards: 0
  316. Memory Faults: 0
  317. Timeouts: 0
  318. Overlaps: 0
  319. Anomalies: 0
  320. Alerts: 0
  321. Drops: 0
  322. FragTrackers Added: 0
  323. FragTrackers Dumped: 0
  324. FragTrackers Auto Freed: 0
  325. Frag Nodes Inserted: 0
  326. Frag Nodes Deleted: 0
  327. ===============================================================================
  328. Stream5 statistics:
  329. Total sessions: 0
  330. TCP sessions: 0
  331. UDP sessions: 0
  332. ICMP sessions: 0
  333. IP sessions: 0
  334. TCP Prunes: 0
  335. UDP Prunes: 0
  336. ICMP Prunes: 0
  337. IP Prunes: 0
  338. TCP StreamTrackers Created: 0
  339. TCP StreamTrackers Deleted: 0
  340. TCP Timeouts: 0
  341. TCP Overlaps: 0
  342. TCP Segments Queued: 0
  343. TCP Segments Released: 0
  344. TCP Rebuilt Packets: 0
  345. TCP Segments Used: 0
  346. TCP Discards: 0
  347. TCP Gaps: 0
  348. UDP Sessions Created: 0
  349. UDP Sessions Deleted: 0
  350. UDP Timeouts: 0
  351. UDP Discards: 0
  352. Events: 0
  353. Internal Events: 0
  354. TCP Port Filter
  355. Filtered: 0
  356. Inspected: 0
  357. Tracked: 6
  358. UDP Port Filter
  359. Filtered: 0
  360. Inspected: 0
  361. Tracked: 0
  362. ===============================================================================
  363. ===============================================================================
  364. Snort exiting
RAW Paste Data