API tools faq
paste
Guest User

Untitled

a guest
Nov 19th, 2018
603
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 437.85 KB | None | 0 0
raw download clone embed print report
  1. 16/11/2018 -- 11:28:57 - <Notice> - Signal Received. Stopping engine.
  2. 16/11/2018 -- 11:28:57 - <Perf> - 0 new flows, 0 established flows were timed out, 0 flows in closed state
  3. 16/11/2018 -- 11:28:57 - <Info> - time elapsed 265424.719s
  4. 16/11/2018 -- 11:28:57 - <Perf> - 736620 flows processed
  5. 16/11/2018 -- 11:28:57 - <Perf> - (W#01-igb0) Kernel: Packets 631, dropped 0, bytes 37860
  6. 16/11/2018 -- 11:28:57 - <Info> - (W#01-igb0) Dropped Packets 0
  7. 16/11/2018 -- 11:28:57 - <Perf> - (W#02-igb0) Kernel: Packets 0, dropped 0, bytes 0
  8. 16/11/2018 -- 11:28:57 - <Info> - (W#02-igb0) Dropped Packets 0
  9. 16/11/2018 -- 11:28:57 - <Perf> - (W#03-igb0) Kernel: Packets 0, dropped 0, bytes 0
  10. 16/11/2018 -- 11:28:57 - <Info> - (W#03-igb0) Dropped Packets 0
  11. 16/11/2018 -- 11:28:57 - <Perf> - (W#04-igb0) Kernel: Packets 53089, dropped 0, bytes 4353398
  12. 16/11/2018 -- 11:28:57 - <Info> - (W#04-igb0) Dropped Packets 0
  13. 16/11/2018 -- 11:28:57 - <Perf> - (W#01-igb1) Kernel: Packets 1300128, dropped 0, bytes 168105296
  14. 16/11/2018 -- 11:28:57 - <Info> - (W#01-igb1) Dropped Packets 0
  15. 16/11/2018 -- 11:28:57 - <Perf> - (W#02-igb1) Kernel: Packets 652728, dropped 0, bytes 144993033
  16. 16/11/2018 -- 11:28:57 - <Info> - (W#02-igb1) Dropped Packets 0
  17. 16/11/2018 -- 11:28:57 - <Perf> - (W#03-igb1) Kernel: Packets 677456, dropped 0, bytes 152503377
  18. 16/11/2018 -- 11:28:57 - <Info> - (W#03-igb1) Dropped Packets 0
  19. 16/11/2018 -- 11:28:57 - <Perf> - (W#04-igb1) Kernel: Packets 731500, dropped 0, bytes 164402599
  20. 16/11/2018 -- 11:28:57 - <Info> - (W#04-igb1) Dropped Packets 0
  21. 16/11/2018 -- 11:28:57 - <Info> - Alerts: 2
  22. 16/11/2018 -- 11:28:57 - <Perf> - ippair memory usage: 366144 bytes, maximum: 16777216
  23. 16/11/2018 -- 11:28:57 - <Perf> - host memory usage: 366144 bytes, maximum: 33554432
  24. 16/11/2018 -- 11:29:03 - <Notice> - This is Suricata version 4.0.5 RELEASE
  25. 16/11/2018 -- 11:29:03 - <Info> - CPUs/cores online: 4
  26. 16/11/2018 -- 11:29:03 - <Config> - Adding interface igb0 from config file
  27. 16/11/2018 -- 11:29:03 - <Config> - Adding interface igb1 from config file
  28. 16/11/2018 -- 11:29:03 - <Info> - Netmap: Setting IPS mode
  29. 16/11/2018 -- 11:29:03 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33910 and 'request-body-inspect-window' set to 4006 after randomization.
  30. 16/11/2018 -- 11:29:03 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 41463 and 'response-body-inspect-window' set to 16150 after randomization.
  31. 16/11/2018 -- 11:29:03 - <Config> - DNS request flood protection level: 500
  32. 16/11/2018 -- 11:29:03 - <Config> - DNS per flow memcap (state-memcap): 524288
  33. 16/11/2018 -- 11:29:03 - <Config> - DNS global memcap: 16777216
  34. 16/11/2018 -- 11:29:03 - <Config> - Protocol detection and parser disabled for modbus protocol.
  35. 16/11/2018 -- 11:29:03 - <Config> - Protocol detection and parser disabled for enip protocol.
  36. 16/11/2018 -- 11:29:03 - <Config> - Protocol detection and parser disabled for DNP3.
  37. 16/11/2018 -- 11:29:03 - <Info> - Found an MTU of 1500 for 'igb0'
  38. 16/11/2018 -- 11:29:03 - <Info> - Found an MTU of 1500 for 'igb0'
  39. 16/11/2018 -- 11:29:03 - <Info> - Found an MTU of 1500 for 'igb1'
  40. 16/11/2018 -- 11:29:03 - <Info> - Found an MTU of 1500 for 'igb1'
  41. 16/11/2018 -- 11:29:03 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
  42. 16/11/2018 -- 11:29:03 - <Config> - preallocated 1000 hosts of size 104
  43. 16/11/2018 -- 11:29:03 - <Config> - host memory usage: 366144 bytes, maximum: 33554432
  44. 16/11/2018 -- 11:29:03 - <Config> - Core dump size is unlimited.
  45. 16/11/2018 -- 11:29:03 - <Config> - allocated 1572864 bytes of memory for the defrag hash... 65536 buckets of size 24
  46. 16/11/2018 -- 11:29:03 - <Config> - preallocated 65535 defrag trackers of size 136
  47. 16/11/2018 -- 11:29:03 - <Config> - defrag memory usage: 10485624 bytes, maximum: 33554432
  48. 16/11/2018 -- 11:29:03 - <Config> - stream "prealloc-sessions": 2048 (per thread)
  49. 16/11/2018 -- 11:29:03 - <Config> - stream "memcap": 268435456
  50. 16/11/2018 -- 11:29:03 - <Config> - stream "midstream" session pickups: disabled
  51. 16/11/2018 -- 11:29:03 - <Config> - stream "async-oneside": disabled
  52. 16/11/2018 -- 11:29:03 - <Config> - stream "checksum-validation": disabled
  53. 16/11/2018 -- 11:29:03 - <Config> - stream."inline": enabled
  54. 16/11/2018 -- 11:29:03 - <Config> - stream "bypass": disabled
  55. 16/11/2018 -- 11:29:03 - <Config> - stream "max-synack-queued": 5
  56. 16/11/2018 -- 11:29:03 - <Config> - stream.reassembly "memcap": 536870912
  57. 16/11/2018 -- 11:29:03 - <Config> - stream.reassembly "depth": 1048576
  58. 16/11/2018 -- 11:29:03 - <Config> - stream.reassembly "toserver-chunk-size": 2622
  59. 16/11/2018 -- 11:29:03 - <Config> - stream.reassembly "toclient-chunk-size": 2571
  60. 16/11/2018 -- 11:29:03 - <Config> - stream.reassembly.raw: enabled
  61. 16/11/2018 -- 11:29:03 - <Config> - stream.reassembly "segment-prealloc": 2048
  62. 16/11/2018 -- 11:29:03 - <Config> - Delayed detect disabled
  63. 16/11/2018 -- 11:29:03 - <Config> - pattern matchers: MPM: ac-ks, SPM: bm
  64. 16/11/2018 -- 11:29:03 - <Config> - toclient-groups 100
  65. 16/11/2018 -- 11:29:03 - <Config> - toserver-groups 100
  66. 16/11/2018 -- 11:29:03 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
  67. 16/11/2018 -- 11:29:03 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
  68. 16/11/2018 -- 11:29:03 - <Config> - prefilter engines: MPM
  69. 16/11/2018 -- 11:29:03 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/anonymizing_vpn_service.list
  70. 16/11/2018 -- 11:29:03 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening ip rep file /usr/local/etc/suricata/iprep/anonymizing_vpn_service.list: No such file or directory
  71. 16/11/2018 -- 11:29:03 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/bitSight_search_engines.list
  72. 16/11/2018 -- 11:29:03 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/botIP-Baiduspider.list
  73. 16/11/2018 -- 11:29:03 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening ip rep file /usr/local/etc/suricata/iprep/botIP-Baiduspider.list: No such file or directory
  74. 16/11/2018 -- 11:29:03 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/botIP1.list
  75. 16/11/2018 -- 11:29:03 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening ip rep file /usr/local/etc/suricata/iprep/botIP1.list: No such file or directory
  76. 16/11/2018 -- 11:29:03 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/fake_crawler.list
  77. 16/11/2018 -- 11:29:03 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening ip rep file /usr/local/etc/suricata/iprep/fake_crawler.list: No such file or directory
  78. 16/11/2018 -- 11:29:03 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/it_security_block.list
  79. 16/11/2018 -- 11:29:03 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/known_attack_source.list
  80. 16/11/2018 -- 11:29:03 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening ip rep file /usr/local/etc/suricata/iprep/known_attack_source.list: No such file or directory
  81. 16/11/2018 -- 11:29:03 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/known_attack_source_mail.list
  82. 16/11/2018 -- 11:29:03 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening ip rep file /usr/local/etc/suricata/iprep/known_attack_source_mail.list: No such file or directory
  83. 16/11/2018 -- 11:29:03 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/known_attack_source_ssh.list
  84. 16/11/2018 -- 11:29:03 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening ip rep file /usr/local/etc/suricata/iprep/known_attack_source_ssh.list: No such file or directory
  85. 16/11/2018 -- 11:29:03 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/public_cgi_proxy.list
  86. 16/11/2018 -- 11:29:03 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening ip rep file /usr/local/etc/suricata/iprep/public_cgi_proxy.list: No such file or directory
  87. 16/11/2018 -- 11:29:03 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/public_web_proxy.list
  88. 16/11/2018 -- 11:29:03 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening ip rep file /usr/local/etc/suricata/iprep/public_web_proxy.list: No such file or directory
  89. 16/11/2018 -- 11:29:03 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/tor_exit_node.list
  90. 16/11/2018 -- 11:29:03 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening ip rep file /usr/local/etc/suricata/iprep/tor_exit_node.list: No such file or directory
  91. 16/11/2018 -- 11:29:03 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/web_scraper.list
  92. 16/11/2018 -- 11:29:03 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening ip rep file /usr/local/etc/suricata/iprep/web_scraper.list: No such file or directory
  93. 16/11/2018 -- 11:29:03 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/whitelist.list
  94. 16/11/2018 -- 11:29:03 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/reputation.list
  95. 16/11/2018 -- 11:29:03 - <Perf> - host memory usage: 366144 bytes, maximum: 33554432
  96. 16/11/2018 -- 11:29:03 - <Config> - Loading rule file: /usr/local/etc/suricata/rules/snort.rules
  97. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_NOT_IPV4_DGRAM"; sid:1; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode;)" from file /usr/local/etc/suricata/rules/snort.rules at line 1401
  98. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_DGRAM_LT_ICMPHDR"; sid:105; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1402
  99. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_DGRAM_LT_TIMESTAMPHDR"; sid:106; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1403
  100. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_DGRAM_LT_ADDRHDR"; sid:107; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1404
  101. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV4_DGRAM_UNKNOWN"; sid:108; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1405
  102. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ARP_TRUNCATED"; sid:109; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1406
  103. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_EAPOL_TRUNCATED"; sid:110; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1407
  104. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_EAPKEY_TRUNCATED"; sid:111; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1408
  105. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_EAP_TRUNCATED"; sid:112; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1409
  106. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_PPPOE"; sid:120; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1410
  107. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_VLAN"; sid:130; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1411
  108. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_VLAN_ETHLLC"; sid:131; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1412
  109. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_VLAN_OTHER"; sid:132; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1413
  110. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_80211_ETHLLC"; sid:133; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1414
  111. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_80211_OTHER"; sid:134; gid:116; rev:1; metadata:rule-type decode;classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1415
  112. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_TRH"; sid:140; gid:116; rev:1; metadata:rule-type decode;classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1416
  113. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_TR_ETHLLC"; sid:141; gid:116; rev:1; metadata:rule-type decode;classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1417
  114. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_TR_MR_LEN"; sid:142; gid:116; rev:1; metadata:rule-type decode;classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1418
  115. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_TRHMR"; sid:143; gid:116; rev:1; metadata:rule-type decode;classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1419
  116. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_TRAFFIC_LOOPBACK"; sid:150; gid:116; rev:1; metadata:rule-type decode;classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1420
  117. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_TRAFFIC_SAME_SRCDST"; sid:151; gid:116; rev:1; metadata:rule-type decode; reference:cve,1999-0016; reference:cve,2005-0688; reference:bugtraq,2666; reference:url,www.microsoft.com/technet/security/bulletin/ms05-019.mspx; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1421
  118. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_GRE_DGRAM_LT_GREHDR"; sid:160; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1422
  119. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_GRE_MULTIPLE_ENCAPSULATION"; sid:161; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1423
  120. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_GRE_INVALID_VERSION"; sid:162; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1424
  121. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_GRE_INVALID_HEADER"; sid:163; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1425
  122. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_GRE_V1_INVALID_HEADER"; sid:164; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1426
  123. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_GRE_TRANS_DGRAM_LT_TRANSHDR"; sid:165; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1427
  124. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_MPLS"; sid:170; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1428
  125. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_MPLS_LABEL0"; sid:171; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1429
  126. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_MPLS_LABEL1"; sid:172; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1430
  127. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_MPLS_LABEL2"; sid:173; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1431
  128. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_MPLS_LABEL3"; sid:174; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1432
  129. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_MPLS_RESERVEDLABEL"; sid:175; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1433
  130. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_MPLS_LABEL_STACK"; sid:176; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1434
  131. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV4_INVALID_HEADER_LEN"; sid:2; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1435
  132. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_ORIG_IP_TRUNCATED"; sid:250; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1436
  133. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_ORIG_IP_VER_MISMATCH"; sid:251; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1437
  134. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_ORIG_DGRAM_LT_ORIG_IP"; sid:252; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1438
  135. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_ORIG_PAYLOAD_LT_64"; sid:253; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1439
  136. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_ORIG_PAYLOAD_GT_576"; sid:254; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1440
  137. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_ORIG_IP_WITH_FRAGOFFSET"; sid:255; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1441
  138. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_MIN_TTL"; sid:270; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1442
  139. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_IS_NOT"; sid:271; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1443
  140. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_TRUNCATED_EXT"; sid:272; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1444
  141. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_TRUNCATED"; sid:273; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1445
  142. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_DGRAM_LT_IPHDR"; sid:274; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1446
  143. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_DGRAM_GT_IPHDR"; sid:275; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1447
  144. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_DST_ZERO"; sid:276; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1448
  145. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_SRC_MULTICAST"; sid:277; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1449
  146. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_DST_RESERVED_MULTICAST"; sid:278; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1450
  147. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_BAD_OPT_TYPE"; sid:279; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1451
  148. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_BAD_MULTICAST_SCOPE"; sid:280; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1452
  149. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_BAD_NEXT_HEADER"; sid:281; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1453
  150. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_ROUTE_AND_HOPBYHOP"; sid:282; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1454
  151. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_TWO_ROUTE_HEADERS"; sid:283; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1455
  152. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMPV6_TOO_BIG_BAD_MTU"; sid:285; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1456
  153. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMPV6_UNREACHABLE_BAD_CODE"; sid:286; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1457
  154. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMPV6_SOLICITATION_BAD_CODE"; sid:287; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1458
  155. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMPV6_ADVERT_BAD_CODE"; sid:288; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1459
  156. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMPV6_SOLICITATION_BAD_RESERVED"; sid:289; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1460
  157. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMPV6_ADVERT_BAD_REACHABLE"; sid:290; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1461
  158. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_TUNNELED_IPV4_TRUNCATED"; sid:291; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-dos; reference:cve,2008-2136; reference:bugtraq,29235; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1462
  159. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_DSTOPTS_WITH_ROUTING"; sid:292; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1463
  160. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP_MULTIPLE_ENCAPSULATION"; sid:293; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1464
  161. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ESP_HEADER_TRUNC"; sid:294; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1465
  162. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_BAD_OPT_LEN"; sid:295; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1466
  163. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_UNORDERED_EXTENSIONS"; sid:296; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1467
  164. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_GTP_MULTIPLE_ENCAPSULATION"; sid:297; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1468
  165. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_GTP_BAD_LEN_STR"; sid:298; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1469
  166. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV4_DGRAM_LT_IPHDR"; sid:3; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1470
  167. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV4OPT_BADLEN"; sid:4; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1471
  168. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_XMAS"; sid: 400; gid: 116; rev: 1; metadata: rule-type decode ; classtype:attempted-recon; reference:bugtraq,7700; reference:cve,2003-0393; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1472
  169. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_NMAP_XMAS"; sid: 401; gid: 116; rev: 1; metadata: rule-type decode ; classtype:attempted-recon; reference:bugtraq,7700; reference:cve,2003-0393; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1473
  170. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_DOS_NAPTHA"; sid: 402; gid: 116; rev: 1; metadata: rule-type decode ; classtype:attempted-dos; reference:bugtraq,2022; reference:cve,2000-1039; reference:nessus,275; reference:url,razor.bindview.com/publish/advisories/adv_NAPTHA.html; reference:url,www.cert.org/advisories/CA-2000-21.html; reference:url,www.microsoft.com/technet/security/bulletin/MS00-091.mspx; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1474
  171. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_SYN_TO_MULTICAST"; sid: 403; gid: 116; rev: 1; metadata: rule-type decode ; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1475
  172. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ZERO_TTL"; sid: 404; gid: 116; rev: 1; metadata: rule-type decode ; classtype:misc-activity; reference:url,support.microsoft.com/kb/q138268; reference:url,tools.ietf.org/html/rfc1122; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1476
  173. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_FRAGBITS"; sid: 405; gid: 116; rev: 1; metadata: rule-type decode ; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1477
  174. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_UDP_IPV6_ZERO_CHECKSUM"; sid:406; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1478
  175. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_LEN_OFFSET"; sid:407; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1479
  176. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_SRC_THIS_NET"; sid:408; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1480
  177. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_DST_THIS_NET"; sid:409; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1481
  178. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_SRC_MULTICAST"; sid:410; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1482
  179. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_SRC_RESERVED"; sid:411; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1483
  180. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_DST_RESERVED"; sid:412; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1484
  181. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_SRC_BROADCAST"; sid:413; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1485
  182. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_DST_BROADCAST"; sid:414; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1486
  183. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP4_DST_MULTICAST"; sid:415; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1487
  184. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP4_DST_BROADCAST"; sid:416; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1488
  185. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP4_TYPE_OTHER"; sid:418; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1489
  186. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_BAD_URP"; sid:419; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1490
  187. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_SYN_FIN"; sid:420; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1491
  188. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_SYN_RST"; sid:421; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1492
  189. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_MUST_ACK"; sid:422; gid:116; rev:2; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1493
  190. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_NO_SYN_ACK_RST"; sid:423; gid:116; rev:2; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1494
  191. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ETH_HDR_TRUNC"; sid:424; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1495
  192. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_HDR_TRUNC"; sid:425; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1496
  193. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP4_HDR_TRUNC"; sid:426; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1497
  194. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP6_HDR_TRUNC"; sid:427; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1498
  195. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_MIN_TTL"; sid:428; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1499
  196. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP6_ZERO_HOP_LIMIT"; sid:429; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1500
  197. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_DF_OFFSET"; sid:430; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1501
  198. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP6_TYPE_OTHER"; sid:431; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1502
  199. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP6_DST_MULTICAST"; sid:432; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1503
  200. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_SHAFT_SYNFLOOD"; sid:433; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-dos; reference:cve,2000-0138; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1504
  201. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_PING_NMAP"; sid:434; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1505
  202. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_ICMPENUM"; sid:435; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1506
  203. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_REDIRECT_HOST"; sid:436; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1507
  204. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_REDIRECT_NET"; sid:437; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1508
  205. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_TRACEROUTE_IPOPTS"; sid:438; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1509
  206. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_SOURCE_QUENCH"; sid:439; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1510
  207. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_BROADSCAN_SMURF_SCANNER"; sid:440; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1511
  208. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_DST_UNREACH_ADMIN_PROHIBITED"; sid:441; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1512
  209. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_DST_UNREACH_DST_HOST_PROHIBITED"; sid:442; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1513
  210. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_DST_UNREACH_DST_NET_PROHIBITED"; sid:443; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1514
  211. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP_OPTION_SET"; sid:444; gid:116; rev:1; metadata:rule-type decode; classtype: bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1515
  212. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_UDP_LARGE_PACKET"; sid:445; gid:116; rev:1; metadata:rule-type decode; classtype: bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1516
  213. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_PORT_ZERO"; sid:446; gid:116; rev:1; metadata:rule-type decode; classtype: misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1517
  214. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_UDP_PORT_ZERO"; sid:447; gid:116; rev:1; metadata:rule-type decode; classtype: misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1518
  215. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP_RESERVED_FRAG_BIT"; sid:448; gid:116; rev:1; metadata:rule-type decode; classtype: misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1519
  216. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP_UNASSIGNED_PROTO"; sid:449; gid:116; rev:1; metadata:rule-type decode; classtype: non-standard-protocol; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1520
  217. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_DGRAM_LT_TCPHDR"; sid:45; gid:116; rev:1; metadata:rule-type decode;classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1521
  218. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP_BAD_PROTO"; sid:450; gid:116; rev:1; metadata:rule-type decode; classtype: non-standard-protocol; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1522
  219. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_PATH_MTU_DOS"; sid:451; gid:116; rev:1; metadata:rule-type decode; reference:bugtraq,13124; reference:cve,2004-1060; classtype:attempted-dos;)" from file /usr/local/etc/suricata/rules/snort.rules at line 1523
  220. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_DOS_ATTEMPT"; sid:452; gid:116; rev:1; metadata:rule-type decode; reference:url,www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.3; reference:cve,2006-0454; reference:bugtraq,16532; classtype:denial-of-service;)" from file /usr/local/etc/suricata/rules/snort.rules at line 1524
  221. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_ISATAP_SPOOF"; sid:453; gid:116; rev:1; metadata:rule-type decode; reference:cve,2010-0812; reference:url,www.microsoft.com/technet/security/bulletin/MS10-029.mspx; classtype:misc-attack; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1525
  222. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_PGM_NAK_OVERFLOW"; sid:454; gid:116; rev:1; metadata:rule-type decode; reference:url,www.microsoft.com/technet/security/bulletin/ms06-052.mspx; reference:cve,2006-3442; reference:bugtraq,19922; classtype:attempted-admin; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1526
  223. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IGMP_OPTIONS_DOS"; sid:455; gid:116; rev:1; metadata:rule-type decode; reference:url,www.microsoft.com/technet/security/bulletin/ms06-007.mspx; reference:cve,2006-0021; reference:bugtraq,16645; classtype:attempted-dos; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1527
  224. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP6_EXCESS_EXT_HDR"; sid:456; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1528
  225. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMPV6_UNREACHABLE_NON_RFC_4443_CODE"; sid:457; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1529
  226. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_BAD_FRAG_PKT"; sid:458; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1530
  227. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ZERO_LENGTH_FRAG"; sid:459; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1531
  228. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_INVALID_OFFSET"; sid:46; gid:116; rev:1; metadata:rule-type decode; reference:cve,2004-0816; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1532
  229. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMPV6_SOLICITATION_BAD_CODE"; sid:460; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1533
  230. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_ROUTE_ZERO"; sid:461; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1534
  231. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ERSPAN_HDR_VERSION_MISMATCH_STR"; sid:462; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1535
  232. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ERSPAN2_DGRAM_LT_HDR_STR"; sid:463; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1536
  233. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ERSPAN3_DGRAM_LT_HDR_STR"; sid:464; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1537
  234. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_LARGE_OFFSET"; sid:47; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1538
  235. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV4OPT_TRUNCATED"; sid:5; gid:116; rev:1; metadata:rule-type decode; reference:cve,2005-0048; reference:url,www.microsoft.com/technet/security/bulletin/ms05-019.mspx; classtype:protocol-command-decode;)" from file /usr/local/etc/suricata/rules/snort.rules at line 1539
  236. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCPOPT_BADLEN"; sid:54; gid:116; rev:1; metadata:rule-type decode; reference:bugtraq,14811; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1540
  237. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCPOPT_TRUNCATED"; sid:55; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1541
  238. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCPOPT_TTCP"; sid:56; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1542
  239. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCPOPT_OBSOLETE"; sid:57; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1543
  240. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCPOPT_EXPERIMENT"; sid:58; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1544
  241. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCPOPT_WSCALE_INVALID"; sid:59; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1545
  242. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV4_DGRAM_GT_IPHDR"; sid:6; gid:116; rev:1; metadata:rule-type decode;classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1546
  243. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_UDP_DGRAM_LT_UDPHDR"; sid:95; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1547
  244. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_UDP_DGRAM_INVALID_LENGTH"; sid:96; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1548
  245. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_UDP_DGRAM_SHORT_PACKET"; sid:97; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1549
  246. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_UDP_DGRAM_LONG_PACKET"; sid:98; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1550
  247. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_header" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  248. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"EXPLOIT-KIT Flashpack/Safe/CritX exploit kit executable download"; flow:to_client,established; file_data; content:"filename="; http_header; content:".exe"; within:4; distance:24; pcre:"/filename\=[a-z0-9]{24}\.exe/H"; metadata:policy balanced-ips drop, policy security-ips drop, service http; reference:url,www.malwaresigs.com/2013/06/06/flashpack-exploit-kit-safepack/; classtype:trojan-activity; sid:26891; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 1718
  249. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_header" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  250. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"EXPLOIT-KIT Flashpack/Safe/CritX exploit kit jar file download"; flow:to_client,established; file_data; content:"filename="; http_header; content:".jar"; within:4; distance:24; pcre:"/filename\=[a-z0-9]{24}\.jar/H"; metadata:policy balanced-ips drop, policy security-ips drop, service http; reference:url,www.malwaresigs.com/2013/06/06/flashpack-exploit-kit-safepack/; classtype:trojan-activity; sid:26892; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 1719
  251. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  252. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"EXPLOIT-KIT Flim exploit kit landing page"; flow:to_client,established; file_data; dsize:<400; content:"<html><body><script>"; content:"var"; within:3; distance:1; content:"document.createElement"; content:"iframe"; within:6; distance:2; content:".setAttribute("; distance:0; content:"document.body.appendChild("; distance:0; fast_pattern; pcre:"/var\s+(?P<variable>\w+)\=document\.createElement.*?\x3b(?P=variable)\.setAttribute.*?document\.body\.appendChild\x28(?P=variable)\x29/i"; metadata:policy balanced-ips drop, policy security-ips drop, service http; classtype:trojan-activity; sid:26961; rev:3;)" from file /usr/local/etc/suricata/rules/snort.rules at line 1732
  253. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  254. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET $FILE_DATA_PORTS -> $HOME_NET any (msg:"FILE-FLASH Adobe Flash Player malformed ATF file length load buffer overflow attempt"; flow:to_client,established; flowbits:isset,file.atf; file_data; content:"ATF"; depth:3; content:"|FF|"; within:1; distance:3; dsize:<1201; byte_extract:4,1,file_length,relative; isdataat:!file_length,relative; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service ftp-data, service http, service imap, service pop3; reference:cve,2016-4138; reference:cve,2017-2933; reference:url,helpx.adobe.com/security/products/flash-player/apsb16-18.html; reference:url,helpx.adobe.com/security/products/flash-player/apsb17-02.html; classtype:attempted-user; sid:39308; rev:3;)" from file /usr/local/etc/suricata/rules/snort.rules at line 3281
  255. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  256. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"FILE-FLASH Adobe Flash Player malformed ATF file length load buffer overflow attempt"; flow:to_server,established; flowbits:isset,file.atf; file_data; content:"ATF"; depth:3; content:"|FF|"; within:1; distance:3; dsize:<1201; byte_extract:4,1,file_length,relative; isdataat:!file_length,relative; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service smtp; reference:cve,2016-4138; reference:cve,2017-2933; reference:url,helpx.adobe.com/security/products/flash-player/apsb16-18.html; reference:url,helpx.adobe.com/security/products/flash-player/apsb17-02.html; classtype:attempted-user; sid:39309; rev:3;)" from file /usr/local/etc/suricata/rules/snort.rules at line 3282
  257. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  258. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt"; flow:to_server,established; content:"|5C 5C 2E 5C|localhost"; fast_pattern:only; content:".swf?"; nocase; http_raw_uri; content:"|5C 5C 2E 5C|localhost"; distance:0; nocase; http_raw_uri; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service http; reference:cve,2016-4178; reference:url,helpx.adobe.com/security/products/flash-player/apsb16-25.html; classtype:attempted-user; sid:39540; rev:3;)" from file /usr/local/etc/suricata/rules/snort.rules at line 3297
  259. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  260. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt"; flow:to_server,established; content:"|5C 5C 2E 5C|127.0.0.1"; fast_pattern:only; content:".swf?"; nocase; http_raw_uri; content:"|5C 5C 2E 5C|127.0.0.1"; distance:0; http_raw_uri; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service http; reference:cve,2016-4178; reference:url,helpx.adobe.com/security/products/flash-player/apsb16-25.html; classtype:attempted-user; sid:39543; rev:3;)" from file /usr/local/etc/suricata/rules/snort.rules at line 3300
  261. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_method" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  262. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected"; flow:to_server,established; file_data; content:"POST"; http_method; content:"|00 09 00 00|"; depth:5; offset:1; fast_pattern; content:!"|00|"; depth:1; byte_test:1,<=,2,0; flowbits:set,file.wmf; flowbits:noalert; metadata:service http; reference:url,en.wikipedia.org/wiki/.wmf; classtype:misc-activity; sid:43364; rev:3;)" from file /usr/local/etc/suricata/rules/snort.rules at line 4557
  263. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'byte_math'.
  264. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET $FILE_DATA_PORTS -> $HOME_NET any (msg:"FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawRects record out of bounds read attempt"; flow:to_client,established; file_data; content:"|46 00 00 00|"; content:"|45 4D 46 2B|"; within:4; distance:8; fast_pattern; content:"|0B 40|"; distance:0; content:"|02|"; within:1; distance:1; byte_math:bytes 4,offset 4,oper /,rvalue 16,result total_rects,relative,endian little; byte_test:4,>,total_rects,8,relative,little; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service ftp-data, service http, service imap, service pop3; reference:cve,2018-4896; reference:url,helpx.adobe.com/security/products/acrobat/apsb18-02.html; classtype:attempted-user; sid:45819; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 5612
  265. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'byte_math'.
  266. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawRects record out of bounds read attempt"; flow:to_server,established; file_data; content:"|46 00 00 00|"; content:"|45 4D 46 2B|"; within:4; distance:8; fast_pattern; content:"|0B 40|"; distance:0; content:"|00|"; within:1; distance:1; byte_math:bytes 4,offset 4,oper /,rvalue 8,result total_rects,relative,endian little; byte_test:4,>,total_rects,8,relative,little; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service smtp; reference:cve,2018-4896; reference:url,helpx.adobe.com/security/products/acrobat/apsb18-02.html; classtype:attempted-user; sid:45820; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 5613
  267. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'byte_math'.
  268. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET $FILE_DATA_PORTS -> $HOME_NET any (msg:"FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawRects record out of bounds read attempt"; flow:to_client,established; file_data; content:"|46 00 00 00|"; content:"|45 4D 46 2B|"; within:4; distance:8; fast_pattern; content:"|0B 40|"; distance:0; content:"|00|"; within:1; distance:1; byte_math:bytes 4,offset 4,oper /,rvalue 8,result total_rects,relative,endian little; byte_test:4,>,total_rects,8,relative,little; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service ftp-data, service http, service imap, service pop3; reference:cve,2018-4896; reference:url,helpx.adobe.com/security/products/acrobat/apsb18-02.html; classtype:attempted-user; sid:45821; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 5614
  269. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'byte_math'.
  270. 16/11/2018 -- 11:29:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawRects record out of bounds read attempt"; flow:to_server,established; file_data; content:"|46 00 00 00|"; content:"|45 4D 46 2B|"; within:4; distance:8; fast_pattern; content:"|0B 40|"; distance:0; content:"|02|"; within:1; distance:1; byte_math:bytes 4,offset 4,oper /,rvalue 16,result total_rects,relative,endian little; byte_test:4,>,total_rects,8,relative,little; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service smtp; reference:cve,2018-4896; reference:url,helpx.adobe.com/security/products/acrobat/apsb18-02.html; classtype:attempted-user; sid:45822; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 5615
  271. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - pcre with /R (relative) needs preceeding match in the same buffer
  272. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Koobface variant outbound connection"; flow:to_server,established; content:"GET"; http_method; content:"/cap/?a=get&i="; nocase; http_uri; pcre:"/\d+&/miR"; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,threatexpert.com/report.aspx?md5=efbc47d5e8f3ed68a13968cda586d68d; classtype:trojan-activity; sid:16484; rev:9;)" from file /usr/local/etc/suricata/rules/snort.rules at line 6471
  273. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - pcre with /R (relative) needs preceeding match in the same buffer
  274. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Swisyn variant outbound connection"; flow:to_server,established; content:"POST"; nocase; http_method; content:"|0A|User-Agent|3A 20|tiehttp"; fast_pattern; nocase; http_header; content:"Content-Disposition|3A 20|"; nocase; http_client_body; content:"form-data|3B| name=|22|filename|22|"; distance:0; nocase; http_client_body; content:"|0D 0A 0D 0A|"; within:4; http_client_body; pcre:"/^\d{0,10}_passes_\d{1,10}\.xm/iR"; metadata:policy balanced-ips drop, policy security-ips drop, service http; reference:url,www.virustotal.com/#/file/f9775d5fc61ec53a7cab4b432ec2d227/detection; classtype:trojan-activity; sid:21760; rev:6;)" from file /usr/local/etc/suricata/rules/snort.rules at line 6685
  275. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  276. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET 1024:65535 (msg:"MALWARE-CNC Win.Trojan.Fakeavlock variant outbound connection"; flow:to_server,established; dsize:267<>276; content:"User-Agent|3A| Mozilla/5.0 (Windows|3B| U|3B| MSIE 9.0|3B| Windows NT 9.0|3B| en-US)|0D 0A|"; fast_pattern:only; http_header; urilen:159; pcre:"/\x2f[A-F0-9]{158}/U"; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/file/c49f7dbc036ad0a86df02cbbde00cb3b3fbd651d82f6c9c5a98170644374f64f/analysis/; classtype:trojan-activity; sid:25675; rev:7;)" from file /usr/local/etc/suricata/rules/snort.rules at line 6868
  277. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  278. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Bancos fake JPG encrypted config file download"; flow:to_server,established; content:".com.br|0D 0A 0D 0A|"; fast_pattern:only; content:"/imagens/"; depth:9; http_uri; content:".jpg"; distance:0; http_uri; pcre:"/\.jpg\x20HTTP\/1\.[01]\r\nUser\x2dAgent\x3a\x20[a-z]+\r\nHost\x3a\x20[a-z0-9\x2d\x2e]+\.com\.br\r\n\r\n$/"; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; classtype:trojan-activity; sid:26722; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 6935
  279. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  280. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win32/Autorun.JN variant outbound connection"; flow:to_server,established; dsize:142; urilen:8; content:"/u5.htm"; fast_pattern:only; http_uri; content:"//u5.htm"; http_raw_uri; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Worm%3AWin32%2FAutorun.JN; reference:url,www.virustotal.com/en/file/36144738373c665d262bc007fceaeb9613e59ec29ea3d7424dd9f400af2c0f06/analysis/; classtype:trojan-activity; sid:26966; rev:3;)" from file /usr/local/etc/suricata/rules/snort.rules at line 6996
  281. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_header" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  282. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"MALWARE-CNC Osx.Trojan.Janicab runtime traffic detected"; flow:to_client,established; file_data; content:"content=|22|just something i made up for fun, check out my website at"; fast_pattern:only; content:"X-YouTube-Other-Cookies:"; nocase; http_header; metadata:impact_flag red, policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service http; reference:cve,2012-0158; reference:url,www.virustotal.com/file/3bc13adad9b7b60354d83bc27a507864a2639b43ec835c45d8b7c565e81f1a8f/analysis/; classtype:trojan-activity; sid:27544; rev:3;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7024
  283. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  284. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET 80 (msg:"MALWARE-CNC Win.Trojan.Conficker variant outbound connection"; flow:to_server,established; dsize:146; urilen:1; content:"GET / HTTP/1.1|0D 0A|User-Agent: Mozilla/4.0 (compatible|3B| MSIE 7.0|3B| Windows NT 5.1|3B| Trident/4.0)|0D 0A|Host: checkip.dyndns.org|0D 0A|Cache-Control: no-cache|0D 0A 0D 0A|"; fast_pattern:only; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.sans.org/security-resources/malwarefaq/conficker-worm.php; classtype:trojan-activity; sid:28542; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7171
  285. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  286. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET 80 (msg:"MALWARE-CNC Win.Trojan.Conficker variant outbound connection"; flow:to_server,established; dsize:139; urilen:1; content:"GET / HTTP/1.1|0D 0A|User-Agent: Mozilla/4.0 (compatible|3B| MSIE 7.0|3B| Windows NT 5.1|3B| Trident/4.0)|0D 0A|Host: www.ask.com|0D 0A|Cache-Control: no-cache|0D 0A 0D 0A|"; fast_pattern:only; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.sans.org/security-resources/malwarefaq/conficker-worm.php; classtype:trojan-activity; sid:28543; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7172
  287. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  288. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Injector variant outbound connection"; flow:to_server,established; urilen:9; content:"/load.exe HTTP/1.1|0D 0A|User-Agent: Mozilla/"; fast_pattern:only; content:"|3B 20|MSIE|20|"; http_header; content:")|0D 0A|Host: "; distance:0; http_header; content:!"Accept"; http_header; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,urlquery.net/search.php?q=%5C%2Fload%5C.exe%24&type=regexp&start=2013-08-24&end=2013-11-22&max=400; reference:url,www.virustotal.com/en/file/032572ea1f34a060ecac98a8e2899dc0f2a41dff199e879050481ddd3818b4d0/analysis/; classtype:trojan-activity; sid:28807; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7196
  289. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  290. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Chewbacca outbound connection"; flow:to_server,established; urilen:4; dsize:<200; content:"/ip/"; depth:4; fast_pattern; http_uri; content:"Keep-Alive|3A 20|300|0D 0A|"; http_header; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,threatpost.com/chewbacca-latest-malware-to-take-a-liking-to-tor/103220; reference:url,www.securelist.com/en/blog/208214185/ChewBacca_a_new_episode_of_Tor_based_Malware; classtype:trojan-activity; sid:29440; rev:5;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7347
  291. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  292. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.WEC variant outbound connection"; flow:to_server,established; dsize:69; urilen:1; content:"GET / HTTP/1.1|0D 0A|User-Agent: Mozilla/4.0|0D 0A|Host: checkip.dyndns.org|0D 0A 0D 0A|"; fast_pattern:only; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/en/file/164c792247b2822ab1dce8271a9498d3c9172ff21d36feccf83265ded1be8d0b/analysis/; classtype:trojan-activity; sid:29882; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7401
  293. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  294. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Bancos variant outbound connection"; flow:to_server,established; content:"Content-Length: 166"; content:".php HTTP/1.1|0D 0A|Accept: */*|0D 0A|Content-Type: application/x-www-form-urlencoded|0D 0A|User-Agent: Mozilla/5.0 (Windows NT 6.1|3B| Trident/7.0|3B| rv:11.0) like Gecko|0D 0A|Host: "; fast_pattern:only; content:"v="; depth:2; http_client_body; content:"&c="; within:7; http_client_body; pcre:"/\x3d\x3d$/P"; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/en/file/51540d7c9a4bc2a430bc50c85cf9cec5c6f2bb755e800a3f3575ba34fe5f008c/analysis; classtype:trojan-activity; sid:29895; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7406
  295. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Can't use file_data with flow:to_server or flow:from_client with http.
  296. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC ANDR.Trojan.FakeApp outbound connection"; flow:established, to_server; content:"/cp/server.php"; fast_pattern:only; http_uri; content:"Content-Type: multipart/form-data|3B| boundary=Aab03x"; http_header; content:"User-Agent: Dalvik"; http_header; file_data; content:"AaB03x"; content:"name=|22|phone"; distance:0; content:"name=|22|type"; distance:0; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,securityaffairs.co/wordpress/22465/cyber-crime/banking-trojan-hit-islamic-mobile.html; reference:url,www.virustotal.com/file/66911EE32FC4777BB9272F9BE9EB8970B39440768B612FBAB4AC01D8E23F9AA1/analysis/; classtype:trojan-activity; sid:29978; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7421
  297. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  298. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Critroni outbound connection"; flow:to_server,established; dsize:174; urilen:1; content:"/"; http_uri; content:"Host|3A| ip.telize.com|0D 0A|Accept|3A| */*|0D 0A|User-Agent|3A| Mozilla/5.0 |28|Windows NT 6.1|3B| WOW64|29| AppleWebKit/537.36 |28|KHTML, like Gecko|29| Chrome/31.0.1650.63 Safari/537.36"; fast_pattern:only; http_header; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,www.virustotal.com/en/file/b3c92d7a9dead6011f3c99829c745c384dd776d88f57bbd60bc4f9d66641819b/analysis/; classtype:trojan-activity; sid:31718; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7679
  299. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  300. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Expiro outbound connection"; flow:to_server,established; dsize:<200; content:"POST"; http_method; content:"User-Agent|3A| Mozilla/"; http_header; content:"ompatible|3B| MSIE 31|3B| "; within:20; distance:6; fast_pattern; http_header; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,www.virustotal.com/en/file/f5c716890a2a76785d53e8f9a5db2268501a30df807df4c4323967672efe452c/analysis/; classtype:trojan-activity; sid:31813; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7690
  301. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  302. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Rehtesyk outbound connection"; flow:to_server,established; content:"User-Agent: Firefox|0D 0A|"; fast_pattern:only; content:"first="; depth:6; http_client_body; content:"&data="; within:7; http_client_body; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,www.virustotal.com/en/file/b1347df8f8940039cb68bd4e2568e8c68b1f1a0067ac9a0fb1a5f1aef2df61ea/analysis/; classtype:trojan-activity; sid:32311; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7822
  303. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_header" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  304. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt"; flow:to_client,established; file_data; dsize:<194; content:"INTERNACIONAL"; depth:13; content:!"Content-Length"; http_header; content:"Transfer-Encoding: chunked"; http_header; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/en/file/e0290c3900445dc00ca24888924e37fa6ac17ecaddc60591e32b81536b9f5ef7/analysis/; classtype:trojan-activity; sid:32607; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7883
  305. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_header" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  306. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt"; flow:to_client,established; file_data; dsize:<194; content:"BRASIL"; depth:6; content:!"Content-Length"; http_header; content:"Transfer-Encoding: chunked"; http_header; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/en/file/e0290c3900445dc00ca24888924e37fa6ac17ecaddc60591e32b81536b9f5ef7/analysis/; classtype:trojan-activity; sid:32608; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7884
  307. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  308. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET 8080 (msg:"MALWARE-CNC Win.Trojan.Androm variant outbound connection"; flow:to_server,established; content:"Mozilla/4.0 (compatible|3B|MSIE 7.0|3B|Windows NT 6.0)"; fast_pattern:only; http_header; content:"/"; depth:1; offset:9; http_uri; content:"/"; within:1; distance:8; http_uri; content:"Host:"; http_header; content:":8080"; within:30; http_header; content:"POST"; http_method; dsize:<480; pcre:"/^\/[a-f0-9]{8}\/[a-f0-9]{8}\/$/iU"; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,www.virustotal.com/file/27c298c77e16bbc3f056653034c2d918418f877bb0193a9ca533b5527d830a94/analysis/; classtype:trojan-activity; sid:32770; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7904
  309. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  310. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Agent.BHHK variant outbound connection"; flow:to_server,established; dsize:136; urilen:1; content:"GET / HTTP/1.1|0D 0A|User-Agent: Mozilla/4.0 (compatible|3B| MSIE 7.0|3B| Windows NT 6.0)|0D 0A|Host: windowsupdate.microsoft.com|0D 0A|Connection: Close|0D 0A 0D 0A|"; fast_pattern:only; content:!"Accept"; http_header; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/en/file/cab1fffe7a34b5bb7dab2cacd406cf15628d835ab63502d28df78c2faeaad366/analysis/1421677054/; classtype:trojan-activity; sid:33227; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7967
  311. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  312. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.FileEncoder IP geolocation checkin attempt"; flow:to_server,established; dsize:214; urilen:1; content:"GET / HTTP/1.1|0D 0A|User-Agent: Mozilla/4.0 (compatible|3B| MSIE 6.0|3B| Windows NT 5.1|3B| SV1|3B| .NET4.0C|3B| .NET4.0E|3B| .NET CLR 2.0.50727|3B| .NET CLR 3.0.4506.2152|3B| .NET CLR 3.5.30729)|0D 0A|Host: ip-addr.es|0D 0A|Cache-Control: no-cache|0D 0A 0D 0A|"; fast_pattern:only; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/en/file/17edf82c40df6c7268191def7cbff6e60e78d7388018408800d42581567f78cf/analysis/; classtype:trojan-activity; sid:33449; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 8017
  313. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  314. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Panskeg outbound connection"; flow:to_server,established; file_data; dsize:10; content:"|79 40 1F F2 03 3C 20 00 00 00|"; fast_pattern:only; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop; reference:url,virustotal.com/en/file/81c6fa11d46bf173932b067c32a852f048ba51873210c3e24ac367c95e799e42/analysis/; classtype:trojan-activity; sid:36610; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 8420
  315. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  316. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Teabevil variant outbound connection"; flow:to_server,established; content:"&vs="; fast_pattern:only; content:"/script"; http_uri; urilen:7; content:"CONTENT-TYPE:"; http_header; content:"v="; nocase; http_client_body; content:"&id="; distance:0; nocase; http_client_body; content:"&uid="; distance:0; nocase; http_client_body; content:"&vs="; distance:0; nocase; http_client_body; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,virustotal.com/en/file/9bcf7fbd2123d7085ce5e3e699c9347c48f4c2ec6f26371852a01cf597a96968/analysis/; classtype:trojan-activity; sid:36629; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 8427
  317. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  318. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Teabevil variant outbound connection"; flow:to_server,established; content:"&syspath="; fast_pattern:only; content:"/script"; http_uri; urilen:7; content:"CONTENT-TYPE:"; http_header; content:"&macid="; nocase; http_client_body; content:"&os1="; distance:0; nocase; http_client_body; content:"&os2="; distance:0; nocase; http_client_body; content:"&syspath="; distance:0; nocase; http_client_body; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,virustotal.com/en/file/9bcf7fbd2123d7085ce5e3e699c9347c48f4c2ec6f26371852a01cf597a96968/analysis/; classtype:trojan-activity; sid:36630; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 8428
  319. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  320. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET [25] (msg:"MALWARE-CNC Win.Trojan.Trochulis variant outbound connection"; flow:to_server,established; file_data; content:"|BF BF AF AF 7E 00 00 00|"; fast_pattern:only; dsize:8; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop; reference:url,www.virustotal.com/en/file/da6905d96cc860b443deb5f27271a2cfb2ce17f067a59ca7f0fd12c1d70c4372/analysis/; classtype:trojan-activity; sid:37370; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 8492
  321. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  322. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.GateKeylogger initial exfiltration attempt"; flow:to_server,established; content:"/gate.php"; fast_pattern:only; content:"pc="; nocase; http_client_body; content:"&admin="; distance:0; nocase; http_client_body; content:"&os="; distance:0; nocase; http_client_body; content:"&hid="; distance:0; nocase; http_client_body; content:"&arc="; distance:0; nocase; http_client_body; content:"User-Agent|3A 20|"; http_header; pcre:"/User-Agent\x3a\x20[A-F0-9]{32}\x0d\x0a/H"; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/en/file/77c802db1731fa8dae1b03d978f89b046309adfa1237b1497a69ccb9c2d82c16/analysis/1459520578/; classtype:trojan-activity; sid:38562; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 8560
  323. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_stat_code" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  324. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"MALWARE-CNC Win.Trojan.GateKeylogger fake 404 response"; flow:to_client,established; file_data; content:"200"; http_stat_code; content:"OK"; http_stat_msg; content:">404 Not Found<"; fast_pattern:only; content:" requested URL / was not found "; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/en/file/77c802db1731fa8dae1b03d978f89b046309adfa1237b1497a69ccb9c2d82c16/analysis/1459520578/; classtype:trojan-activity; sid:38563; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 8561
  325. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  326. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Helminth variant outbound connection"; flow:to_server,established; content:"UIET9fWR"; fast_pattern:only; content:"User-Agent: Mozilla/5.0"; http_header; content:"|20|Trident/5.0|0D 0A|"; within:14; distance:39; http_header; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,www.virustotal.com/en/file/632be0a3d8d298f2ded928a4ac27846904ed842ad08b355acab53132d31eaf24/analysis/; classtype:trojan-activity; sid:39176; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 8624
  327. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_client_body" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  328. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Unix.Trojan.Erebus variant outbound connection"; flow:to_server,established; file_data; urilen:1; content:"h="; depth:2; http_client_body; content:"&v="; within:3; distance:8; http_client_body; content:"&k="; within:3; distance:3; fast_pattern; http_client_body; content:"Expect|3A| 100-continue|0D 0A 0D 0A|"; http_header; content:!"User-Agent"; http_header; metadata:impact_flag red, policy balanced-ips alert, policy security-ips alert, service http; reference:url,virustotal.com/en/file/0b7996bca486575be15e68dba7cbd802b1e5f90436ba23f802da66292c8a055f/analysis/; classtype:trojan-activity; sid:43351; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 8955
  329. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  330. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Osx.Trojan.OceanLotus outbound connection attempt"; flow:to_server,established; content:"/sigstore.db?"; fast_pattern:only; content:"k="; http_uri; content:"?q="; distance:0; http_uri; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.alienvault.com/blogs/labs-research/oceanlotus-for-os-x-an-application-bundle-pretending-to-be-an-adobe-flash-update; classtype:trojan-activity; sid:45400; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 9153
  331. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_method" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  332. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Rarog outbound communication attempt"; flow:to_server,established; file_data; content:"POST"; nocase; http_method; content:"/2.0/method/"; depth:12; nocase; http_uri; pcre:"/\/2\.0\/method\/(checkConnection|config|delay|error|get|info|setOnline|update)/iU"; metadata:impact_flag red, policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service http; classtype:trojan-activity; sid:46238; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 9247
  333. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_method" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  334. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Rarog outbound communication attempt"; flow:to_server,established; file_data; content:"POST"; nocase; http_method; content:"/4.0/method/"; depth:12; nocase; http_uri; pcre:"/\/4\.0\/method\/(check|cores|installSuccess|modules|threads|blacklist)/iU"; metadata:impact_flag red, policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service http; classtype:trojan-activity; sid:46239; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 9248
  335. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_header" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  336. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Rarog user-agent outbound communication attempt"; flow:to_server,established; file_data; content:"User-Agent"; nocase; http_header; content:"Rarog"; within:200; fast_pattern; nocase; http_header; pcre:"/User-Agent\s*:[^\r\n]*Rarog/iH"; metadata:impact_flag red, policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service http; classtype:trojan-activity; sid:46240; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 9249
  337. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_uri" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  338. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"MALWARE-CNC Outbound malicious vbscript attempt"; flow:to_server,established; file_data; content:"/ilha/"; fast_pattern; nocase; http_uri; content:"logs.php"; within:9; distance:2; nocase; http_uri; metadata:impact_flag red, policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service ftp-data, service http, service imap, service pop3; classtype:attempted-user; sid:46792; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 9338
  339. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  340. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"MALWARE-OTHER Win.Trojan.Zeus Spam 2013 dated zip/exe HTTP Response - potential malware download"; flow:to_client,established; content:"-2013.zip|0D 0A|"; fast_pattern:only; content:"-2013.zip|0D 0A|"; http_header; content:"-"; within:1; distance:-14; http_header; file_data; content:"-2013.exe"; content:"-"; within:1; distance:-14; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/en/file/2eff3ee6ac7f5bf85e4ebcbe51974d0708cef666581ef1385c628233614b22c0/analysis/; classtype:trojan-activity; sid:26470; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 9630
  341. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_PCRE_PARSE(7)] - parse error, ret -1, string 1,=,3,0,relative,bitmask 0xF0
  342. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"OS-OTHER Intel x64 side-channel analysis information leak attempt"; flow:to_server,established; file_data; flowbits:isset,file.exe|file.elf; content:"|0F 01 F9|"; content:"|0F 01 F9|"; within:50; content:"|0F AE|"; byte_test:1,=,3,0,relative,bitmask 0xF0; content:"|0F AE|"; within:75; byte_test:1,=,3,0,relative,bitmask 0xF0; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service smtp; reference:cve,2017-5715; reference:cve,2017-5753; reference:cve,2017-5754; classtype:attempted-recon; sid:45443; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 9995
  343. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_PCRE_PARSE(7)] - parse error, ret -1, string 1,=,3,0,relative,bitmask 0xF0
  344. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET $FILE_DATA_PORTS -> $HOME_NET any (msg:"OS-OTHER Intel x64 side-channel analysis information leak attempt"; flow:to_client,established; file_data; flowbits:isset,file.exe|file.elf; content:"|0F 01 F9|"; content:"|0F 01 F9|"; within:50; content:"|0F AE|"; byte_test:1,=,3,0,relative,bitmask 0xF0; content:"|0F AE|"; within:75; byte_test:1,=,3,0,relative,bitmask 0xF0; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service ftp-data, service http, service imap, service pop3; reference:cve,2017-5715; reference:cve,2017-5753; reference:cve,2017-5754; classtype:attempted-recon; sid:45444; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 9996
  345. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'byte_math'.
  346. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop udp any any -> $HOME_NET 53 (msg:"PROTOCOL-DNS dnsmasq add_pseudoheader integer underflow attempt"; flow:to_server; byte_test:1,!&,0xF8,2; content:"|00 00 00 00 00 00|"; depth:6; offset:4; content:"|00 00 29|"; within:3; distance:2; content:"|FE|"; within:1; distance:8; byte_test:2,>,4,-3,relative; byte_math:bytes 2,offset -3,oper -,rvalue 4,result rdlen_minus_four,relative; byte_test:2,>,rdlen_minus_four,1,relative; metadata:policy max-detect-ips drop, policy security-ips drop, service dns; reference:cve,2017-14496; reference:url,security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html; classtype:attempted-admin; sid:44482; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 10595
  347. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'byte_math'.
  348. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $HOME_NET 4786 (msg:"SERVER-OTHER Cisco Smart Install invalid init discovery message denial of service attempt"; flow:to_server,established; content:"|00 00 00|"; depth:3; content:"|00 00 00 07|"; within:4; distance:5; fast_pattern; content:"|00 00 00 01|"; within:4; distance:4; byte_math:bytes 4,offset 0,oper +,rvalue 8,result sub_len_plus_eight,relative; byte_test:4,!=,sub_len_plus_eight,-8,relative; metadata:policy balanced-ips drop, policy connectivity-ips drop, policy max-detect-ips drop, policy security-ips drop; reference:cve,2018-0171; reference:url,tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2; classtype:attempted-dos; sid:46468; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 11097
  349. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_PCRE_PARSE(7)] - parse error, ret -1, string 1,=,0x05,6,relative,bitmask 0x14
  350. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"SERVER-SAMBA Samba unsigned connections attempt"; flow:to_server, established; content:"|FF|SMB"; depth:4; offset:4; byte_test:1,=,0x05,6,relative,bitmask 0x14; content:"|00 00 00 00 00 00 00 00|"; within:8; distance:10; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop; reference:cve,2017-12150; reference:url,samba.org/samba/security/CVE-2017-12150.html; classtype:attempted-user; sid:45074; rev:3;)" from file /usr/local/etc/suricata/rules/snort.rules at line 11121
  351. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_PCRE_PARSE(7)] - parse error, ret -1, string 1,=,1,2,relative,bitmask 0x01
  352. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"SERVER-SAMBA Samba tree connect andx memory corruption attempt"; flow:to_server,established; content:"|FF|SMB|75|"; fast_pattern:only; content:"|04 75 00|"; byte_test:1,=,1,2,relative,bitmask 0x01; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop; reference:cve,2017-14746; classtype:attempted-user; sid:45255; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 11122
  353. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - pcre with /R (relative) needs preceeding match in the same buffer
  354. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP Oracle GlassFish Server authentication bypass attempt"; flow:to_server,established; content:"GET"; nocase; http_method; content:"/applications/upload"; http_uri; pcre:"/^(Frame)?\.jsf/R"; content:!"JSESSIONID="; flowbits:set,glassfish_unauth_attempt; metadata:service http; reference:bugtraq,47438; reference:cve,2011-0807; classtype:attempted-admin; sid:20159; rev:8;)" from file /usr/local/etc/suricata/rules/snort.rules at line 11130
  355. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'http_raw_cookie'.
  356. 16/11/2018 -- 11:29:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP Multiple products DVR admin password leak attempt"; flow:to_server,established; content:"/device.rsp"; fast_pattern:only; http_uri; content:"uid="; http_raw_cookie; content:"cmd=list"; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service http; reference:cve,2018-9995; classtype:web-application-attack; sid:46825; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 11386
  357. 16/11/2018 -- 11:29:05 - <Config> - Loading rule file: /usr/local/etc/suricata/rules/et.rules
  358. 16/11/2018 -- 11:29:07 - <Config> - Loading rule file: /usr/local/etc/suricata/rules/feodo.rules
  359. 16/11/2018 -- 11:29:07 - <Config> - No rules loaded from feodo.rules.
  360. 16/11/2018 -- 11:29:07 - <Config> - Loading rule file: /usr/local/etc/suricata/rules/sslipblacklist.rules
  361. 16/11/2018 -- 11:29:07 - <Config> - No rules loaded from sslipblacklist.rules.
  362. 16/11/2018 -- 11:29:07 - <Config> - Loading rule file: /usr/local/etc/suricata/rules/sslblacklist.rules
  363. 16/11/2018 -- 11:29:07 - <Config> - No rules loaded from sslblacklist.rules.
  364. 16/11/2018 -- 11:29:07 - <Config> - Loading rule file: /usr/local/etc/suricata/rules/lists.rules
  365. 16/11/2018 -- 11:29:07 - <Config> - Loading rule file: /usr/local/etc/suricata/rules/zeus.rules
  366. 16/11/2018 -- 11:29:07 - <Info> - 7 rule files processed. 18072 rules successfully loaded, 205 rules failed
  367. 16/11/2018 -- 11:29:07 - <Info> - Threshold config parsed: 0 rule(s) found
  368. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for tcp-packet
  369. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for tcp-stream
  370. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for udp-packet
  371. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for other-ip
  372. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for http_uri
  373. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for http_request_line
  374. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for http_client_body
  375. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for http_response_line
  376. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for http_header
  377. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for http_header
  378. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for http_header_names
  379. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for http_header_names
  380. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for http_accept
  381. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for http_accept_enc
  382. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for http_accept_lang
  383. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for http_referer
  384. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for http_connection
  385. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for http_content_len
  386. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for http_content_len
  387. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for http_content_type
  388. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for http_content_type
  389. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for http_protocol
  390. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for http_protocol
  391. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for http_start
  392. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for http_start
  393. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for http_raw_header
  394. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for http_raw_header
  395. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for http_method
  396. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for http_cookie
  397. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for http_cookie
  398. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for http_raw_uri
  399. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for http_user_agent
  400. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for http_host
  401. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for http_raw_host
  402. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for http_stat_msg
  403. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for http_stat_code
  404. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for dns_query
  405. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for tls_sni
  406. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for tls_cert_issuer
  407. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for tls_cert_subject
  408. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for tls_cert_serial
  409. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for dce_stub_data
  410. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for dce_stub_data
  411. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for ssh_protocol
  412. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for ssh_protocol
  413. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for ssh_software
  414. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for ssh_software
  415. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for file_data
  416. 16/11/2018 -- 11:29:07 - <Perf> - using shared mpm ctx' for file_data
  417. 16/11/2018 -- 11:29:07 - <Info> - 18076 signatures processed. 17 are IP-only rules, 5774 are inspecting packet payload, 8364 inspect application layer, 0 are decoder event only
  418. 16/11/2018 -- 11:29:07 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
  419. 16/11/2018 -- 11:29:07 - <Perf> - TCP toserver: 101 port groups, 91 unique SGH's, 10 copies
  420. 16/11/2018 -- 11:29:07 - <Perf> - TCP toclient: 101 port groups, 61 unique SGH's, 40 copies
  421. 16/11/2018 -- 11:29:07 - <Perf> - UDP toserver: 83 port groups, 42 unique SGH's, 41 copies
  422. 16/11/2018 -- 11:29:07 - <Perf> - UDP toclient: 42 port groups, 20 unique SGH's, 22 copies
  423. 16/11/2018 -- 11:29:07 - <Perf> - OTHER toserver: 254 proto groups, 2 unique SGH's, 252 copies
  424. 16/11/2018 -- 11:29:07 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
  425. 16/11/2018 -- 11:29:08 - <Perf> - Unique rule groups: 216
  426. 16/11/2018 -- 11:29:08 - <Perf> - Builtin MPM "toserver TCP packet": 66
  427. 16/11/2018 -- 11:29:08 - <Perf> - Builtin MPM "toclient TCP packet": 31
  428. 16/11/2018 -- 11:29:08 - <Perf> - Builtin MPM "toserver TCP stream": 80
  429. 16/11/2018 -- 11:29:08 - <Perf> - Builtin MPM "toclient TCP stream": 47
  430. 16/11/2018 -- 11:29:08 - <Perf> - Builtin MPM "toserver UDP packet": 42
  431. 16/11/2018 -- 11:29:08 - <Perf> - Builtin MPM "toclient UDP packet": 19
  432. 16/11/2018 -- 11:29:08 - <Perf> - Builtin MPM "other IP packet": 2
  433. 16/11/2018 -- 11:29:08 - <Perf> - AppLayer MPM "toserver http_uri": 14
  434. 16/11/2018 -- 11:29:08 - <Perf> - AppLayer MPM "toserver http_client_body": 4
  435. 16/11/2018 -- 11:29:08 - <Perf> - AppLayer MPM "toserver http_header": 9
  436. 16/11/2018 -- 11:29:08 - <Perf> - AppLayer MPM "toclient http_header": 3
  437. 16/11/2018 -- 11:29:08 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
  438. 16/11/2018 -- 11:29:08 - <Perf> - AppLayer MPM "toserver http_cookie": 1
  439. 16/11/2018 -- 11:29:08 - <Perf> - AppLayer MPM "toclient http_cookie": 2
  440. 16/11/2018 -- 11:29:08 - <Perf> - AppLayer MPM "toserver http_raw_uri": 2
  441. 16/11/2018 -- 11:29:08 - <Perf> - AppLayer MPM "toserver http_user_agent": 2
  442. 16/11/2018 -- 11:29:08 - <Perf> - AppLayer MPM "toserver http_host": 1
  443. 16/11/2018 -- 11:29:08 - <Perf> - AppLayer MPM "toserver dns_query": 4
  444. 16/11/2018 -- 11:29:08 - <Perf> - AppLayer MPM "toserver dce_stub_data": 4
  445. 16/11/2018 -- 11:29:08 - <Perf> - AppLayer MPM "toserver file_data": 7
  446. 16/11/2018 -- 11:29:08 - <Perf> - AppLayer MPM "toclient file_data": 10
  447. 16/11/2018 -- 11:29:09 - <Info> - fast output device (regular) initialized: fast.log
  448. 16/11/2018 -- 11:29:09 - <Info> - eve-log output device (regular) initialized: eve.json
  449. 16/11/2018 -- 11:29:09 - <Config> - enabling 'eve-log' module 'alert'
  450. 16/11/2018 -- 11:29:09 - <Config> - enabling 'eve-log' module 'http'
  451. 16/11/2018 -- 11:29:09 - <Config> - enabling 'eve-log' module 'dns'
  452. 16/11/2018 -- 11:29:09 - <Config> - enabling 'eve-log' module 'tls'
  453. 16/11/2018 -- 11:29:09 - <Config> - enabling 'eve-log' module 'files'
  454. 16/11/2018 -- 11:29:09 - <Config> - enabling 'eve-log' module 'smtp'
  455. 16/11/2018 -- 11:29:09 - <Config> - enabling 'eve-log' module 'ssh'
  456. 16/11/2018 -- 11:29:09 - <Config> - enabling 'eve-log' module 'stats'
  457. 16/11/2018 -- 11:29:09 - <Config> - enabling 'eve-log' module 'flow'
  458. 16/11/2018 -- 11:29:09 - <Info> - Unified2-alert initialized: filename suricata.u2, limit 32 MB
  459. 16/11/2018 -- 11:29:09 - <Info> - stats output device (regular) initialized: stats.log
  460. 16/11/2018 -- 11:29:09 - <Info> - drop output device (regular) initialized: drop.log
  461. 16/11/2018 -- 11:29:09 - <Perf> - Using 4 threads for interface igb0
  462. 16/11/2018 -- 11:29:09 - <Info> - Going to use 4 thread(s)
  463. 16/11/2018 -- 11:29:09 - <Perf> - Enabling zero copy mode for igb0->igb1
  464. 16/11/2018 -- 11:29:09 - <Perf> - Enabling zero copy mode for igb0->igb1
  465. 16/11/2018 -- 11:29:09 - <Perf> - Enabling zero copy mode for igb0->igb1
  466. 16/11/2018 -- 11:29:09 - <Perf> - Enabling zero copy mode for igb0->igb1
  467. 16/11/2018 -- 11:29:09 - <Perf> - Using 4 threads for interface igb1
  468. 16/11/2018 -- 11:29:09 - <Info> - Going to use 4 thread(s)
  469. 16/11/2018 -- 11:29:09 - <Perf> - Enabling zero copy mode for igb1->igb0
  470. 16/11/2018 -- 11:29:09 - <Perf> - Enabling zero copy mode for igb1->igb0
  471. 16/11/2018 -- 11:29:09 - <Perf> - Enabling zero copy mode for igb1->igb0
  472. 16/11/2018 -- 11:29:09 - <Perf> - Enabling zero copy mode for igb1->igb0
  473. 16/11/2018 -- 11:29:09 - <Config> - using 1 flow manager threads
  474. 16/11/2018 -- 11:29:09 - <Config> - using 1 flow recycler threads
  475. 16/11/2018 -- 11:29:09 - <Notice> - all 8 packet processing threads, 4 management threads initialized, engine started.
  476. 17/11/2018 -- 02:23:04 - <Notice> - rule reload starting
  477. 17/11/2018 -- 02:23:04 - <Info> - Including configuration file reputation.yaml.
  478. 17/11/2018 -- 02:23:04 - <Info> - Configuration node 'reputation-files' redefined.
  479. 17/11/2018 -- 02:23:04 - <Config> - pattern matchers: MPM: ac-ks, SPM: bm
  480. 17/11/2018 -- 02:23:04 - <Config> - toclient-groups 100
  481. 17/11/2018 -- 02:23:04 - <Config> - toserver-groups 100
  482. 17/11/2018 -- 02:23:04 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
  483. 17/11/2018 -- 02:23:04 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
  484. 17/11/2018 -- 02:23:04 - <Config> - prefilter engines: MPM
  485. 17/11/2018 -- 02:23:04 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/anonymizing_vpn_service.list
  486. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening ip rep file /usr/local/etc/suricata/iprep/anonymizing_vpn_service.list: No such file or directory
  487. 17/11/2018 -- 02:23:04 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/bitSight_search_engines.list
  488. 17/11/2018 -- 02:23:04 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/botIP-Baiduspider.list
  489. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening ip rep file /usr/local/etc/suricata/iprep/botIP-Baiduspider.list: No such file or directory
  490. 17/11/2018 -- 02:23:04 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/botIP1.list
  491. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening ip rep file /usr/local/etc/suricata/iprep/botIP1.list: No such file or directory
  492. 17/11/2018 -- 02:23:04 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/fake_crawler.list
  493. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening ip rep file /usr/local/etc/suricata/iprep/fake_crawler.list: No such file or directory
  494. 17/11/2018 -- 02:23:04 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/it_security_block.list
  495. 17/11/2018 -- 02:23:04 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/known_attack_source.list
  496. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening ip rep file /usr/local/etc/suricata/iprep/known_attack_source.list: No such file or directory
  497. 17/11/2018 -- 02:23:04 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/known_attack_source_mail.list
  498. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening ip rep file /usr/local/etc/suricata/iprep/known_attack_source_mail.list: No such file or directory
  499. 17/11/2018 -- 02:23:04 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/known_attack_source_ssh.list
  500. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening ip rep file /usr/local/etc/suricata/iprep/known_attack_source_ssh.list: No such file or directory
  501. 17/11/2018 -- 02:23:04 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/public_cgi_proxy.list
  502. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening ip rep file /usr/local/etc/suricata/iprep/public_cgi_proxy.list: No such file or directory
  503. 17/11/2018 -- 02:23:04 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/public_web_proxy.list
  504. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening ip rep file /usr/local/etc/suricata/iprep/public_web_proxy.list: No such file or directory
  505. 17/11/2018 -- 02:23:04 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/tor_exit_node.list
  506. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening ip rep file /usr/local/etc/suricata/iprep/tor_exit_node.list: No such file or directory
  507. 17/11/2018 -- 02:23:04 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/web_scraper.list
  508. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening ip rep file /usr/local/etc/suricata/iprep/web_scraper.list: No such file or directory
  509. 17/11/2018 -- 02:23:04 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/whitelist.list
  510. 17/11/2018 -- 02:23:04 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/reputation.list
  511. 17/11/2018 -- 02:23:04 - <Perf> - host memory usage: 366144 bytes, maximum: 33554432
  512. 17/11/2018 -- 02:23:04 - <Config> - Loading rule file: /usr/local/etc/suricata/rules/snort.rules
  513. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_NOT_IPV4_DGRAM"; sid:1; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode;)" from file /usr/local/etc/suricata/rules/snort.rules at line 1401
  514. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_DGRAM_LT_ICMPHDR"; sid:105; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1402
  515. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_DGRAM_LT_TIMESTAMPHDR"; sid:106; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1403
  516. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_DGRAM_LT_ADDRHDR"; sid:107; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1404
  517. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV4_DGRAM_UNKNOWN"; sid:108; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1405
  518. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ARP_TRUNCATED"; sid:109; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1406
  519. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_EAPOL_TRUNCATED"; sid:110; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1407
  520. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_EAPKEY_TRUNCATED"; sid:111; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1408
  521. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_EAP_TRUNCATED"; sid:112; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1409
  522. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_PPPOE"; sid:120; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1410
  523. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_VLAN"; sid:130; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1411
  524. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_VLAN_ETHLLC"; sid:131; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1412
  525. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_VLAN_OTHER"; sid:132; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1413
  526. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_80211_ETHLLC"; sid:133; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1414
  527. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_80211_OTHER"; sid:134; gid:116; rev:1; metadata:rule-type decode;classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1415
  528. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_TRH"; sid:140; gid:116; rev:1; metadata:rule-type decode;classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1416
  529. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_TR_ETHLLC"; sid:141; gid:116; rev:1; metadata:rule-type decode;classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1417
  530. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_TR_MR_LEN"; sid:142; gid:116; rev:1; metadata:rule-type decode;classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1418
  531. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_TRHMR"; sid:143; gid:116; rev:1; metadata:rule-type decode;classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1419
  532. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_TRAFFIC_LOOPBACK"; sid:150; gid:116; rev:1; metadata:rule-type decode;classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1420
  533. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_TRAFFIC_SAME_SRCDST"; sid:151; gid:116; rev:1; metadata:rule-type decode; reference:cve,1999-0016; reference:cve,2005-0688; reference:bugtraq,2666; reference:url,www.microsoft.com/technet/security/bulletin/ms05-019.mspx; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1421
  534. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_GRE_DGRAM_LT_GREHDR"; sid:160; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1422
  535. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_GRE_MULTIPLE_ENCAPSULATION"; sid:161; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1423
  536. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_GRE_INVALID_VERSION"; sid:162; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1424
  537. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_GRE_INVALID_HEADER"; sid:163; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1425
  538. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_GRE_V1_INVALID_HEADER"; sid:164; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1426
  539. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_GRE_TRANS_DGRAM_LT_TRANSHDR"; sid:165; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1427
  540. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_MPLS"; sid:170; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1428
  541. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_MPLS_LABEL0"; sid:171; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1429
  542. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_MPLS_LABEL1"; sid:172; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1430
  543. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_MPLS_LABEL2"; sid:173; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1431
  544. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_MPLS_LABEL3"; sid:174; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1432
  545. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_MPLS_RESERVEDLABEL"; sid:175; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1433
  546. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_MPLS_LABEL_STACK"; sid:176; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1434
  547. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV4_INVALID_HEADER_LEN"; sid:2; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1435
  548. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_ORIG_IP_TRUNCATED"; sid:250; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1436
  549. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_ORIG_IP_VER_MISMATCH"; sid:251; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1437
  550. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_ORIG_DGRAM_LT_ORIG_IP"; sid:252; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1438
  551. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_ORIG_PAYLOAD_LT_64"; sid:253; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1439
  552. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_ORIG_PAYLOAD_GT_576"; sid:254; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1440
  553. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_ORIG_IP_WITH_FRAGOFFSET"; sid:255; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1441
  554. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_MIN_TTL"; sid:270; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1442
  555. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_IS_NOT"; sid:271; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1443
  556. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_TRUNCATED_EXT"; sid:272; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1444
  557. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_TRUNCATED"; sid:273; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1445
  558. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_DGRAM_LT_IPHDR"; sid:274; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1446
  559. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_DGRAM_GT_IPHDR"; sid:275; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1447
  560. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_DST_ZERO"; sid:276; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1448
  561. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_SRC_MULTICAST"; sid:277; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1449
  562. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_DST_RESERVED_MULTICAST"; sid:278; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1450
  563. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_BAD_OPT_TYPE"; sid:279; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1451
  564. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_BAD_MULTICAST_SCOPE"; sid:280; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1452
  565. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_BAD_NEXT_HEADER"; sid:281; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1453
  566. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_ROUTE_AND_HOPBYHOP"; sid:282; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1454
  567. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_TWO_ROUTE_HEADERS"; sid:283; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1455
  568. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMPV6_TOO_BIG_BAD_MTU"; sid:285; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1456
  569. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMPV6_UNREACHABLE_BAD_CODE"; sid:286; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1457
  570. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMPV6_SOLICITATION_BAD_CODE"; sid:287; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1458
  571. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMPV6_ADVERT_BAD_CODE"; sid:288; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1459
  572. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMPV6_SOLICITATION_BAD_RESERVED"; sid:289; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1460
  573. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMPV6_ADVERT_BAD_REACHABLE"; sid:290; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1461
  574. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_TUNNELED_IPV4_TRUNCATED"; sid:291; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-dos; reference:cve,2008-2136; reference:bugtraq,29235; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1462
  575. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_DSTOPTS_WITH_ROUTING"; sid:292; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1463
  576. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP_MULTIPLE_ENCAPSULATION"; sid:293; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1464
  577. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ESP_HEADER_TRUNC"; sid:294; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1465
  578. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_BAD_OPT_LEN"; sid:295; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1466
  579. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_UNORDERED_EXTENSIONS"; sid:296; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1467
  580. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_GTP_MULTIPLE_ENCAPSULATION"; sid:297; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1468
  581. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_GTP_BAD_LEN_STR"; sid:298; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1469
  582. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV4_DGRAM_LT_IPHDR"; sid:3; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1470
  583. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV4OPT_BADLEN"; sid:4; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1471
  584. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_XMAS"; sid: 400; gid: 116; rev: 1; metadata: rule-type decode ; classtype:attempted-recon; reference:bugtraq,7700; reference:cve,2003-0393; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1472
  585. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_NMAP_XMAS"; sid: 401; gid: 116; rev: 1; metadata: rule-type decode ; classtype:attempted-recon; reference:bugtraq,7700; reference:cve,2003-0393; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1473
  586. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_DOS_NAPTHA"; sid: 402; gid: 116; rev: 1; metadata: rule-type decode ; classtype:attempted-dos; reference:bugtraq,2022; reference:cve,2000-1039; reference:nessus,275; reference:url,razor.bindview.com/publish/advisories/adv_NAPTHA.html; reference:url,www.cert.org/advisories/CA-2000-21.html; reference:url,www.microsoft.com/technet/security/bulletin/MS00-091.mspx; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1474
  587. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_SYN_TO_MULTICAST"; sid: 403; gid: 116; rev: 1; metadata: rule-type decode ; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1475
  588. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ZERO_TTL"; sid: 404; gid: 116; rev: 1; metadata: rule-type decode ; classtype:misc-activity; reference:url,support.microsoft.com/kb/q138268; reference:url,tools.ietf.org/html/rfc1122; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1476
  589. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_FRAGBITS"; sid: 405; gid: 116; rev: 1; metadata: rule-type decode ; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1477
  590. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_UDP_IPV6_ZERO_CHECKSUM"; sid:406; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1478
  591. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_LEN_OFFSET"; sid:407; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1479
  592. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_SRC_THIS_NET"; sid:408; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1480
  593. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_DST_THIS_NET"; sid:409; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1481
  594. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_SRC_MULTICAST"; sid:410; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1482
  595. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_SRC_RESERVED"; sid:411; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1483
  596. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_DST_RESERVED"; sid:412; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1484
  597. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_SRC_BROADCAST"; sid:413; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1485
  598. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_DST_BROADCAST"; sid:414; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1486
  599. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP4_DST_MULTICAST"; sid:415; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1487
  600. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP4_DST_BROADCAST"; sid:416; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1488
  601. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP4_TYPE_OTHER"; sid:418; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1489
  602. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_BAD_URP"; sid:419; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1490
  603. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_SYN_FIN"; sid:420; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1491
  604. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_SYN_RST"; sid:421; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1492
  605. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_MUST_ACK"; sid:422; gid:116; rev:2; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1493
  606. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_NO_SYN_ACK_RST"; sid:423; gid:116; rev:2; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1494
  607. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ETH_HDR_TRUNC"; sid:424; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1495
  608. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_HDR_TRUNC"; sid:425; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1496
  609. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP4_HDR_TRUNC"; sid:426; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1497
  610. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP6_HDR_TRUNC"; sid:427; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1498
  611. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_MIN_TTL"; sid:428; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1499
  612. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP6_ZERO_HOP_LIMIT"; sid:429; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1500
  613. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_DF_OFFSET"; sid:430; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1501
  614. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP6_TYPE_OTHER"; sid:431; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1502
  615. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP6_DST_MULTICAST"; sid:432; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1503
  616. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_SHAFT_SYNFLOOD"; sid:433; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-dos; reference:cve,2000-0138; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1504
  617. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_PING_NMAP"; sid:434; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1505
  618. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_ICMPENUM"; sid:435; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1506
  619. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_REDIRECT_HOST"; sid:436; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1507
  620. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_REDIRECT_NET"; sid:437; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1508
  621. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_TRACEROUTE_IPOPTS"; sid:438; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1509
  622. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_SOURCE_QUENCH"; sid:439; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1510
  623. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_BROADSCAN_SMURF_SCANNER"; sid:440; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1511
  624. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_DST_UNREACH_ADMIN_PROHIBITED"; sid:441; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1512
  625. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_DST_UNREACH_DST_HOST_PROHIBITED"; sid:442; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1513
  626. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_DST_UNREACH_DST_NET_PROHIBITED"; sid:443; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1514
  627. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP_OPTION_SET"; sid:444; gid:116; rev:1; metadata:rule-type decode; classtype: bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1515
  628. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_UDP_LARGE_PACKET"; sid:445; gid:116; rev:1; metadata:rule-type decode; classtype: bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1516
  629. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_PORT_ZERO"; sid:446; gid:116; rev:1; metadata:rule-type decode; classtype: misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1517
  630. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_UDP_PORT_ZERO"; sid:447; gid:116; rev:1; metadata:rule-type decode; classtype: misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1518
  631. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP_RESERVED_FRAG_BIT"; sid:448; gid:116; rev:1; metadata:rule-type decode; classtype: misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1519
  632. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP_UNASSIGNED_PROTO"; sid:449; gid:116; rev:1; metadata:rule-type decode; classtype: non-standard-protocol; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1520
  633. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_DGRAM_LT_TCPHDR"; sid:45; gid:116; rev:1; metadata:rule-type decode;classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1521
  634. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP_BAD_PROTO"; sid:450; gid:116; rev:1; metadata:rule-type decode; classtype: non-standard-protocol; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1522
  635. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_PATH_MTU_DOS"; sid:451; gid:116; rev:1; metadata:rule-type decode; reference:bugtraq,13124; reference:cve,2004-1060; classtype:attempted-dos;)" from file /usr/local/etc/suricata/rules/snort.rules at line 1523
  636. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_DOS_ATTEMPT"; sid:452; gid:116; rev:1; metadata:rule-type decode; reference:url,www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.3; reference:cve,2006-0454; reference:bugtraq,16532; classtype:denial-of-service;)" from file /usr/local/etc/suricata/rules/snort.rules at line 1524
  637. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_ISATAP_SPOOF"; sid:453; gid:116; rev:1; metadata:rule-type decode; reference:cve,2010-0812; reference:url,www.microsoft.com/technet/security/bulletin/MS10-029.mspx; classtype:misc-attack; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1525
  638. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_PGM_NAK_OVERFLOW"; sid:454; gid:116; rev:1; metadata:rule-type decode; reference:url,www.microsoft.com/technet/security/bulletin/ms06-052.mspx; reference:cve,2006-3442; reference:bugtraq,19922; classtype:attempted-admin; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1526
  639. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IGMP_OPTIONS_DOS"; sid:455; gid:116; rev:1; metadata:rule-type decode; reference:url,www.microsoft.com/technet/security/bulletin/ms06-007.mspx; reference:cve,2006-0021; reference:bugtraq,16645; classtype:attempted-dos; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1527
  640. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP6_EXCESS_EXT_HDR"; sid:456; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1528
  641. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMPV6_UNREACHABLE_NON_RFC_4443_CODE"; sid:457; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1529
  642. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_BAD_FRAG_PKT"; sid:458; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1530
  643. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ZERO_LENGTH_FRAG"; sid:459; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1531
  644. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_INVALID_OFFSET"; sid:46; gid:116; rev:1; metadata:rule-type decode; reference:cve,2004-0816; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1532
  645. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMPV6_SOLICITATION_BAD_CODE"; sid:460; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1533
  646. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_ROUTE_ZERO"; sid:461; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1534
  647. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ERSPAN_HDR_VERSION_MISMATCH_STR"; sid:462; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1535
  648. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ERSPAN2_DGRAM_LT_HDR_STR"; sid:463; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1536
  649. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ERSPAN3_DGRAM_LT_HDR_STR"; sid:464; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1537
  650. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_LARGE_OFFSET"; sid:47; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1538
  651. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV4OPT_TRUNCATED"; sid:5; gid:116; rev:1; metadata:rule-type decode; reference:cve,2005-0048; reference:url,www.microsoft.com/technet/security/bulletin/ms05-019.mspx; classtype:protocol-command-decode;)" from file /usr/local/etc/suricata/rules/snort.rules at line 1539
  652. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCPOPT_BADLEN"; sid:54; gid:116; rev:1; metadata:rule-type decode; reference:bugtraq,14811; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1540
  653. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCPOPT_TRUNCATED"; sid:55; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1541
  654. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCPOPT_TTCP"; sid:56; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1542
  655. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCPOPT_OBSOLETE"; sid:57; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1543
  656. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCPOPT_EXPERIMENT"; sid:58; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1544
  657. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCPOPT_WSCALE_INVALID"; sid:59; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1545
  658. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV4_DGRAM_GT_IPHDR"; sid:6; gid:116; rev:1; metadata:rule-type decode;classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1546
  659. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_UDP_DGRAM_LT_UDPHDR"; sid:95; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1547
  660. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_UDP_DGRAM_INVALID_LENGTH"; sid:96; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1548
  661. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_UDP_DGRAM_SHORT_PACKET"; sid:97; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1549
  662. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_UDP_DGRAM_LONG_PACKET"; sid:98; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1550
  663. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_header" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  664. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"EXPLOIT-KIT Flashpack/Safe/CritX exploit kit executable download"; flow:to_client,established; file_data; content:"filename="; http_header; content:".exe"; within:4; distance:24; pcre:"/filename\=[a-z0-9]{24}\.exe/H"; metadata:policy balanced-ips drop, policy security-ips drop, service http; reference:url,www.malwaresigs.com/2013/06/06/flashpack-exploit-kit-safepack/; classtype:trojan-activity; sid:26891; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 1718
  665. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_header" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  666. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"EXPLOIT-KIT Flashpack/Safe/CritX exploit kit jar file download"; flow:to_client,established; file_data; content:"filename="; http_header; content:".jar"; within:4; distance:24; pcre:"/filename\=[a-z0-9]{24}\.jar/H"; metadata:policy balanced-ips drop, policy security-ips drop, service http; reference:url,www.malwaresigs.com/2013/06/06/flashpack-exploit-kit-safepack/; classtype:trojan-activity; sid:26892; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 1719
  667. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  668. 17/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"EXPLOIT-KIT Flim exploit kit landing page"; flow:to_client,established; file_data; dsize:<400; content:"<html><body><script>"; content:"var"; within:3; distance:1; content:"document.createElement"; content:"iframe"; within:6; distance:2; content:".setAttribute("; distance:0; content:"document.body.appendChild("; distance:0; fast_pattern; pcre:"/var\s+(?P<variable>\w+)\=document\.createElement.*?\x3b(?P=variable)\.setAttribute.*?document\.body\.appendChild\x28(?P=variable)\x29/i"; metadata:policy balanced-ips drop, policy security-ips drop, service http; classtype:trojan-activity; sid:26961; rev:3;)" from file /usr/local/etc/suricata/rules/snort.rules at line 1732
  669. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  670. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET $FILE_DATA_PORTS -> $HOME_NET any (msg:"FILE-FLASH Adobe Flash Player malformed ATF file length load buffer overflow attempt"; flow:to_client,established; flowbits:isset,file.atf; file_data; content:"ATF"; depth:3; content:"|FF|"; within:1; distance:3; dsize:<1201; byte_extract:4,1,file_length,relative; isdataat:!file_length,relative; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service ftp-data, service http, service imap, service pop3; reference:cve,2016-4138; reference:cve,2017-2933; reference:url,helpx.adobe.com/security/products/flash-player/apsb16-18.html; reference:url,helpx.adobe.com/security/products/flash-player/apsb17-02.html; classtype:attempted-user; sid:39308; rev:3;)" from file /usr/local/etc/suricata/rules/snort.rules at line 3281
  671. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  672. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"FILE-FLASH Adobe Flash Player malformed ATF file length load buffer overflow attempt"; flow:to_server,established; flowbits:isset,file.atf; file_data; content:"ATF"; depth:3; content:"|FF|"; within:1; distance:3; dsize:<1201; byte_extract:4,1,file_length,relative; isdataat:!file_length,relative; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service smtp; reference:cve,2016-4138; reference:cve,2017-2933; reference:url,helpx.adobe.com/security/products/flash-player/apsb16-18.html; reference:url,helpx.adobe.com/security/products/flash-player/apsb17-02.html; classtype:attempted-user; sid:39309; rev:3;)" from file /usr/local/etc/suricata/rules/snort.rules at line 3282
  673. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  674. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt"; flow:to_server,established; content:"|5C 5C 2E 5C|localhost"; fast_pattern:only; content:".swf?"; nocase; http_raw_uri; content:"|5C 5C 2E 5C|localhost"; distance:0; nocase; http_raw_uri; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service http; reference:cve,2016-4178; reference:url,helpx.adobe.com/security/products/flash-player/apsb16-25.html; classtype:attempted-user; sid:39540; rev:3;)" from file /usr/local/etc/suricata/rules/snort.rules at line 3297
  675. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  676. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt"; flow:to_server,established; content:"|5C 5C 2E 5C|127.0.0.1"; fast_pattern:only; content:".swf?"; nocase; http_raw_uri; content:"|5C 5C 2E 5C|127.0.0.1"; distance:0; http_raw_uri; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service http; reference:cve,2016-4178; reference:url,helpx.adobe.com/security/products/flash-player/apsb16-25.html; classtype:attempted-user; sid:39543; rev:3;)" from file /usr/local/etc/suricata/rules/snort.rules at line 3300
  677. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_method" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  678. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected"; flow:to_server,established; file_data; content:"POST"; http_method; content:"|00 09 00 00|"; depth:5; offset:1; fast_pattern; content:!"|00|"; depth:1; byte_test:1,<=,2,0; flowbits:set,file.wmf; flowbits:noalert; metadata:service http; reference:url,en.wikipedia.org/wiki/.wmf; classtype:misc-activity; sid:43364; rev:3;)" from file /usr/local/etc/suricata/rules/snort.rules at line 4557
  679. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'byte_math'.
  680. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET $FILE_DATA_PORTS -> $HOME_NET any (msg:"FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawRects record out of bounds read attempt"; flow:to_client,established; file_data; content:"|46 00 00 00|"; content:"|45 4D 46 2B|"; within:4; distance:8; fast_pattern; content:"|0B 40|"; distance:0; content:"|02|"; within:1; distance:1; byte_math:bytes 4,offset 4,oper /,rvalue 16,result total_rects,relative,endian little; byte_test:4,>,total_rects,8,relative,little; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service ftp-data, service http, service imap, service pop3; reference:cve,2018-4896; reference:url,helpx.adobe.com/security/products/acrobat/apsb18-02.html; classtype:attempted-user; sid:45819; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 5612
  681. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'byte_math'.
  682. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawRects record out of bounds read attempt"; flow:to_server,established; file_data; content:"|46 00 00 00|"; content:"|45 4D 46 2B|"; within:4; distance:8; fast_pattern; content:"|0B 40|"; distance:0; content:"|00|"; within:1; distance:1; byte_math:bytes 4,offset 4,oper /,rvalue 8,result total_rects,relative,endian little; byte_test:4,>,total_rects,8,relative,little; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service smtp; reference:cve,2018-4896; reference:url,helpx.adobe.com/security/products/acrobat/apsb18-02.html; classtype:attempted-user; sid:45820; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 5613
  683. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'byte_math'.
  684. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET $FILE_DATA_PORTS -> $HOME_NET any (msg:"FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawRects record out of bounds read attempt"; flow:to_client,established; file_data; content:"|46 00 00 00|"; content:"|45 4D 46 2B|"; within:4; distance:8; fast_pattern; content:"|0B 40|"; distance:0; content:"|00|"; within:1; distance:1; byte_math:bytes 4,offset 4,oper /,rvalue 8,result total_rects,relative,endian little; byte_test:4,>,total_rects,8,relative,little; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service ftp-data, service http, service imap, service pop3; reference:cve,2018-4896; reference:url,helpx.adobe.com/security/products/acrobat/apsb18-02.html; classtype:attempted-user; sid:45821; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 5614
  685. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'byte_math'.
  686. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawRects record out of bounds read attempt"; flow:to_server,established; file_data; content:"|46 00 00 00|"; content:"|45 4D 46 2B|"; within:4; distance:8; fast_pattern; content:"|0B 40|"; distance:0; content:"|02|"; within:1; distance:1; byte_math:bytes 4,offset 4,oper /,rvalue 16,result total_rects,relative,endian little; byte_test:4,>,total_rects,8,relative,little; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service smtp; reference:cve,2018-4896; reference:url,helpx.adobe.com/security/products/acrobat/apsb18-02.html; classtype:attempted-user; sid:45822; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 5615
  687. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - pcre with /R (relative) needs preceeding match in the same buffer
  688. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Koobface variant outbound connection"; flow:to_server,established; content:"GET"; http_method; content:"/cap/?a=get&i="; nocase; http_uri; pcre:"/\d+&/miR"; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,threatexpert.com/report.aspx?md5=efbc47d5e8f3ed68a13968cda586d68d; classtype:trojan-activity; sid:16484; rev:9;)" from file /usr/local/etc/suricata/rules/snort.rules at line 6471
  689. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - pcre with /R (relative) needs preceeding match in the same buffer
  690. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Swisyn variant outbound connection"; flow:to_server,established; content:"POST"; nocase; http_method; content:"|0A|User-Agent|3A 20|tiehttp"; fast_pattern; nocase; http_header; content:"Content-Disposition|3A 20|"; nocase; http_client_body; content:"form-data|3B| name=|22|filename|22|"; distance:0; nocase; http_client_body; content:"|0D 0A 0D 0A|"; within:4; http_client_body; pcre:"/^\d{0,10}_passes_\d{1,10}\.xm/iR"; metadata:policy balanced-ips drop, policy security-ips drop, service http; reference:url,www.virustotal.com/#/file/f9775d5fc61ec53a7cab4b432ec2d227/detection; classtype:trojan-activity; sid:21760; rev:6;)" from file /usr/local/etc/suricata/rules/snort.rules at line 6685
  691. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  692. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET 1024:65535 (msg:"MALWARE-CNC Win.Trojan.Fakeavlock variant outbound connection"; flow:to_server,established; dsize:267<>276; content:"User-Agent|3A| Mozilla/5.0 (Windows|3B| U|3B| MSIE 9.0|3B| Windows NT 9.0|3B| en-US)|0D 0A|"; fast_pattern:only; http_header; urilen:159; pcre:"/\x2f[A-F0-9]{158}/U"; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/file/c49f7dbc036ad0a86df02cbbde00cb3b3fbd651d82f6c9c5a98170644374f64f/analysis/; classtype:trojan-activity; sid:25675; rev:7;)" from file /usr/local/etc/suricata/rules/snort.rules at line 6868
  693. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  694. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Bancos fake JPG encrypted config file download"; flow:to_server,established; content:".com.br|0D 0A 0D 0A|"; fast_pattern:only; content:"/imagens/"; depth:9; http_uri; content:".jpg"; distance:0; http_uri; pcre:"/\.jpg\x20HTTP\/1\.[01]\r\nUser\x2dAgent\x3a\x20[a-z]+\r\nHost\x3a\x20[a-z0-9\x2d\x2e]+\.com\.br\r\n\r\n$/"; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; classtype:trojan-activity; sid:26722; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 6935
  695. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  696. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win32/Autorun.JN variant outbound connection"; flow:to_server,established; dsize:142; urilen:8; content:"/u5.htm"; fast_pattern:only; http_uri; content:"//u5.htm"; http_raw_uri; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Worm%3AWin32%2FAutorun.JN; reference:url,www.virustotal.com/en/file/36144738373c665d262bc007fceaeb9613e59ec29ea3d7424dd9f400af2c0f06/analysis/; classtype:trojan-activity; sid:26966; rev:3;)" from file /usr/local/etc/suricata/rules/snort.rules at line 6996
  697. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_header" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  698. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"MALWARE-CNC Osx.Trojan.Janicab runtime traffic detected"; flow:to_client,established; file_data; content:"content=|22|just something i made up for fun, check out my website at"; fast_pattern:only; content:"X-YouTube-Other-Cookies:"; nocase; http_header; metadata:impact_flag red, policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service http; reference:cve,2012-0158; reference:url,www.virustotal.com/file/3bc13adad9b7b60354d83bc27a507864a2639b43ec835c45d8b7c565e81f1a8f/analysis/; classtype:trojan-activity; sid:27544; rev:3;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7024
  699. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  700. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET 80 (msg:"MALWARE-CNC Win.Trojan.Conficker variant outbound connection"; flow:to_server,established; dsize:146; urilen:1; content:"GET / HTTP/1.1|0D 0A|User-Agent: Mozilla/4.0 (compatible|3B| MSIE 7.0|3B| Windows NT 5.1|3B| Trident/4.0)|0D 0A|Host: checkip.dyndns.org|0D 0A|Cache-Control: no-cache|0D 0A 0D 0A|"; fast_pattern:only; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.sans.org/security-resources/malwarefaq/conficker-worm.php; classtype:trojan-activity; sid:28542; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7171
  701. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  702. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET 80 (msg:"MALWARE-CNC Win.Trojan.Conficker variant outbound connection"; flow:to_server,established; dsize:139; urilen:1; content:"GET / HTTP/1.1|0D 0A|User-Agent: Mozilla/4.0 (compatible|3B| MSIE 7.0|3B| Windows NT 5.1|3B| Trident/4.0)|0D 0A|Host: www.ask.com|0D 0A|Cache-Control: no-cache|0D 0A 0D 0A|"; fast_pattern:only; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.sans.org/security-resources/malwarefaq/conficker-worm.php; classtype:trojan-activity; sid:28543; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7172
  703. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  704. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Injector variant outbound connection"; flow:to_server,established; urilen:9; content:"/load.exe HTTP/1.1|0D 0A|User-Agent: Mozilla/"; fast_pattern:only; content:"|3B 20|MSIE|20|"; http_header; content:")|0D 0A|Host: "; distance:0; http_header; content:!"Accept"; http_header; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,urlquery.net/search.php?q=%5C%2Fload%5C.exe%24&type=regexp&start=2013-08-24&end=2013-11-22&max=400; reference:url,www.virustotal.com/en/file/032572ea1f34a060ecac98a8e2899dc0f2a41dff199e879050481ddd3818b4d0/analysis/; classtype:trojan-activity; sid:28807; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7196
  705. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  706. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Chewbacca outbound connection"; flow:to_server,established; urilen:4; dsize:<200; content:"/ip/"; depth:4; fast_pattern; http_uri; content:"Keep-Alive|3A 20|300|0D 0A|"; http_header; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,threatpost.com/chewbacca-latest-malware-to-take-a-liking-to-tor/103220; reference:url,www.securelist.com/en/blog/208214185/ChewBacca_a_new_episode_of_Tor_based_Malware; classtype:trojan-activity; sid:29440; rev:5;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7347
  707. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  708. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.WEC variant outbound connection"; flow:to_server,established; dsize:69; urilen:1; content:"GET / HTTP/1.1|0D 0A|User-Agent: Mozilla/4.0|0D 0A|Host: checkip.dyndns.org|0D 0A 0D 0A|"; fast_pattern:only; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/en/file/164c792247b2822ab1dce8271a9498d3c9172ff21d36feccf83265ded1be8d0b/analysis/; classtype:trojan-activity; sid:29882; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7401
  709. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  710. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Bancos variant outbound connection"; flow:to_server,established; content:"Content-Length: 166"; content:".php HTTP/1.1|0D 0A|Accept: */*|0D 0A|Content-Type: application/x-www-form-urlencoded|0D 0A|User-Agent: Mozilla/5.0 (Windows NT 6.1|3B| Trident/7.0|3B| rv:11.0) like Gecko|0D 0A|Host: "; fast_pattern:only; content:"v="; depth:2; http_client_body; content:"&c="; within:7; http_client_body; pcre:"/\x3d\x3d$/P"; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/en/file/51540d7c9a4bc2a430bc50c85cf9cec5c6f2bb755e800a3f3575ba34fe5f008c/analysis; classtype:trojan-activity; sid:29895; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7406
  711. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Can't use file_data with flow:to_server or flow:from_client with http.
  712. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC ANDR.Trojan.FakeApp outbound connection"; flow:established, to_server; content:"/cp/server.php"; fast_pattern:only; http_uri; content:"Content-Type: multipart/form-data|3B| boundary=Aab03x"; http_header; content:"User-Agent: Dalvik"; http_header; file_data; content:"AaB03x"; content:"name=|22|phone"; distance:0; content:"name=|22|type"; distance:0; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,securityaffairs.co/wordpress/22465/cyber-crime/banking-trojan-hit-islamic-mobile.html; reference:url,www.virustotal.com/file/66911EE32FC4777BB9272F9BE9EB8970B39440768B612FBAB4AC01D8E23F9AA1/analysis/; classtype:trojan-activity; sid:29978; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7421
  713. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  714. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Critroni outbound connection"; flow:to_server,established; dsize:174; urilen:1; content:"/"; http_uri; content:"Host|3A| ip.telize.com|0D 0A|Accept|3A| */*|0D 0A|User-Agent|3A| Mozilla/5.0 |28|Windows NT 6.1|3B| WOW64|29| AppleWebKit/537.36 |28|KHTML, like Gecko|29| Chrome/31.0.1650.63 Safari/537.36"; fast_pattern:only; http_header; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,www.virustotal.com/en/file/b3c92d7a9dead6011f3c99829c745c384dd776d88f57bbd60bc4f9d66641819b/analysis/; classtype:trojan-activity; sid:31718; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7679
  715. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  716. 17/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Expiro outbound connection"; flow:to_server,established; dsize:<200; content:"POST"; http_method; content:"User-Agent|3A| Mozilla/"; http_header; content:"ompatible|3B| MSIE 31|3B| "; within:20; distance:6; fast_pattern; http_header; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,www.virustotal.com/en/file/f5c716890a2a76785d53e8f9a5db2268501a30df807df4c4323967672efe452c/analysis/; classtype:trojan-activity; sid:31813; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7690
  717. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  718. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Rehtesyk outbound connection"; flow:to_server,established; content:"User-Agent: Firefox|0D 0A|"; fast_pattern:only; content:"first="; depth:6; http_client_body; content:"&data="; within:7; http_client_body; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,www.virustotal.com/en/file/b1347df8f8940039cb68bd4e2568e8c68b1f1a0067ac9a0fb1a5f1aef2df61ea/analysis/; classtype:trojan-activity; sid:32311; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7822
  719. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_header" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  720. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt"; flow:to_client,established; file_data; dsize:<194; content:"INTERNACIONAL"; depth:13; content:!"Content-Length"; http_header; content:"Transfer-Encoding: chunked"; http_header; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/en/file/e0290c3900445dc00ca24888924e37fa6ac17ecaddc60591e32b81536b9f5ef7/analysis/; classtype:trojan-activity; sid:32607; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7883
  721. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_header" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  722. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt"; flow:to_client,established; file_data; dsize:<194; content:"BRASIL"; depth:6; content:!"Content-Length"; http_header; content:"Transfer-Encoding: chunked"; http_header; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/en/file/e0290c3900445dc00ca24888924e37fa6ac17ecaddc60591e32b81536b9f5ef7/analysis/; classtype:trojan-activity; sid:32608; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7884
  723. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  724. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET 8080 (msg:"MALWARE-CNC Win.Trojan.Androm variant outbound connection"; flow:to_server,established; content:"Mozilla/4.0 (compatible|3B|MSIE 7.0|3B|Windows NT 6.0)"; fast_pattern:only; http_header; content:"/"; depth:1; offset:9; http_uri; content:"/"; within:1; distance:8; http_uri; content:"Host:"; http_header; content:":8080"; within:30; http_header; content:"POST"; http_method; dsize:<480; pcre:"/^\/[a-f0-9]{8}\/[a-f0-9]{8}\/$/iU"; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,www.virustotal.com/file/27c298c77e16bbc3f056653034c2d918418f877bb0193a9ca533b5527d830a94/analysis/; classtype:trojan-activity; sid:32770; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7904
  725. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  726. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Agent.BHHK variant outbound connection"; flow:to_server,established; dsize:136; urilen:1; content:"GET / HTTP/1.1|0D 0A|User-Agent: Mozilla/4.0 (compatible|3B| MSIE 7.0|3B| Windows NT 6.0)|0D 0A|Host: windowsupdate.microsoft.com|0D 0A|Connection: Close|0D 0A 0D 0A|"; fast_pattern:only; content:!"Accept"; http_header; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/en/file/cab1fffe7a34b5bb7dab2cacd406cf15628d835ab63502d28df78c2faeaad366/analysis/1421677054/; classtype:trojan-activity; sid:33227; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7967
  727. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  728. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.FileEncoder IP geolocation checkin attempt"; flow:to_server,established; dsize:214; urilen:1; content:"GET / HTTP/1.1|0D 0A|User-Agent: Mozilla/4.0 (compatible|3B| MSIE 6.0|3B| Windows NT 5.1|3B| SV1|3B| .NET4.0C|3B| .NET4.0E|3B| .NET CLR 2.0.50727|3B| .NET CLR 3.0.4506.2152|3B| .NET CLR 3.5.30729)|0D 0A|Host: ip-addr.es|0D 0A|Cache-Control: no-cache|0D 0A 0D 0A|"; fast_pattern:only; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/en/file/17edf82c40df6c7268191def7cbff6e60e78d7388018408800d42581567f78cf/analysis/; classtype:trojan-activity; sid:33449; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 8017
  729. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  730. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Panskeg outbound connection"; flow:to_server,established; file_data; dsize:10; content:"|79 40 1F F2 03 3C 20 00 00 00|"; fast_pattern:only; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop; reference:url,virustotal.com/en/file/81c6fa11d46bf173932b067c32a852f048ba51873210c3e24ac367c95e799e42/analysis/; classtype:trojan-activity; sid:36610; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 8420
  731. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  732. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Teabevil variant outbound connection"; flow:to_server,established; content:"&vs="; fast_pattern:only; content:"/script"; http_uri; urilen:7; content:"CONTENT-TYPE:"; http_header; content:"v="; nocase; http_client_body; content:"&id="; distance:0; nocase; http_client_body; content:"&uid="; distance:0; nocase; http_client_body; content:"&vs="; distance:0; nocase; http_client_body; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,virustotal.com/en/file/9bcf7fbd2123d7085ce5e3e699c9347c48f4c2ec6f26371852a01cf597a96968/analysis/; classtype:trojan-activity; sid:36629; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 8427
  733. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  734. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Teabevil variant outbound connection"; flow:to_server,established; content:"&syspath="; fast_pattern:only; content:"/script"; http_uri; urilen:7; content:"CONTENT-TYPE:"; http_header; content:"&macid="; nocase; http_client_body; content:"&os1="; distance:0; nocase; http_client_body; content:"&os2="; distance:0; nocase; http_client_body; content:"&syspath="; distance:0; nocase; http_client_body; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,virustotal.com/en/file/9bcf7fbd2123d7085ce5e3e699c9347c48f4c2ec6f26371852a01cf597a96968/analysis/; classtype:trojan-activity; sid:36630; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 8428
  735. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  736. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET [25] (msg:"MALWARE-CNC Win.Trojan.Trochulis variant outbound connection"; flow:to_server,established; file_data; content:"|BF BF AF AF 7E 00 00 00|"; fast_pattern:only; dsize:8; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop; reference:url,www.virustotal.com/en/file/da6905d96cc860b443deb5f27271a2cfb2ce17f067a59ca7f0fd12c1d70c4372/analysis/; classtype:trojan-activity; sid:37370; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 8492
  737. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  738. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.GateKeylogger initial exfiltration attempt"; flow:to_server,established; content:"/gate.php"; fast_pattern:only; content:"pc="; nocase; http_client_body; content:"&admin="; distance:0; nocase; http_client_body; content:"&os="; distance:0; nocase; http_client_body; content:"&hid="; distance:0; nocase; http_client_body; content:"&arc="; distance:0; nocase; http_client_body; content:"User-Agent|3A 20|"; http_header; pcre:"/User-Agent\x3a\x20[A-F0-9]{32}\x0d\x0a/H"; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/en/file/77c802db1731fa8dae1b03d978f89b046309adfa1237b1497a69ccb9c2d82c16/analysis/1459520578/; classtype:trojan-activity; sid:38562; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 8560
  739. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_stat_code" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  740. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"MALWARE-CNC Win.Trojan.GateKeylogger fake 404 response"; flow:to_client,established; file_data; content:"200"; http_stat_code; content:"OK"; http_stat_msg; content:">404 Not Found<"; fast_pattern:only; content:" requested URL / was not found "; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/en/file/77c802db1731fa8dae1b03d978f89b046309adfa1237b1497a69ccb9c2d82c16/analysis/1459520578/; classtype:trojan-activity; sid:38563; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 8561
  741. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  742. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Helminth variant outbound connection"; flow:to_server,established; content:"UIET9fWR"; fast_pattern:only; content:"User-Agent: Mozilla/5.0"; http_header; content:"|20|Trident/5.0|0D 0A|"; within:14; distance:39; http_header; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,www.virustotal.com/en/file/632be0a3d8d298f2ded928a4ac27846904ed842ad08b355acab53132d31eaf24/analysis/; classtype:trojan-activity; sid:39176; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 8624
  743. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_client_body" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  744. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Unix.Trojan.Erebus variant outbound connection"; flow:to_server,established; file_data; urilen:1; content:"h="; depth:2; http_client_body; content:"&v="; within:3; distance:8; http_client_body; content:"&k="; within:3; distance:3; fast_pattern; http_client_body; content:"Expect|3A| 100-continue|0D 0A 0D 0A|"; http_header; content:!"User-Agent"; http_header; metadata:impact_flag red, policy balanced-ips alert, policy security-ips alert, service http; reference:url,virustotal.com/en/file/0b7996bca486575be15e68dba7cbd802b1e5f90436ba23f802da66292c8a055f/analysis/; classtype:trojan-activity; sid:43351; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 8955
  745. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  746. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Osx.Trojan.OceanLotus outbound connection attempt"; flow:to_server,established; content:"/sigstore.db?"; fast_pattern:only; content:"k="; http_uri; content:"?q="; distance:0; http_uri; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.alienvault.com/blogs/labs-research/oceanlotus-for-os-x-an-application-bundle-pretending-to-be-an-adobe-flash-update; classtype:trojan-activity; sid:45400; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 9153
  747. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_method" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  748. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Rarog outbound communication attempt"; flow:to_server,established; file_data; content:"POST"; nocase; http_method; content:"/2.0/method/"; depth:12; nocase; http_uri; pcre:"/\/2\.0\/method\/(checkConnection|config|delay|error|get|info|setOnline|update)/iU"; metadata:impact_flag red, policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service http; classtype:trojan-activity; sid:46238; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 9247
  749. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_method" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  750. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Rarog outbound communication attempt"; flow:to_server,established; file_data; content:"POST"; nocase; http_method; content:"/4.0/method/"; depth:12; nocase; http_uri; pcre:"/\/4\.0\/method\/(check|cores|installSuccess|modules|threads|blacklist)/iU"; metadata:impact_flag red, policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service http; classtype:trojan-activity; sid:46239; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 9248
  751. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_header" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  752. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Rarog user-agent outbound communication attempt"; flow:to_server,established; file_data; content:"User-Agent"; nocase; http_header; content:"Rarog"; within:200; fast_pattern; nocase; http_header; pcre:"/User-Agent\s*:[^\r\n]*Rarog/iH"; metadata:impact_flag red, policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service http; classtype:trojan-activity; sid:46240; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 9249
  753. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_uri" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  754. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"MALWARE-CNC Outbound malicious vbscript attempt"; flow:to_server,established; file_data; content:"/ilha/"; fast_pattern; nocase; http_uri; content:"logs.php"; within:9; distance:2; nocase; http_uri; metadata:impact_flag red, policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service ftp-data, service http, service imap, service pop3; classtype:attempted-user; sid:46792; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 9338
  755. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  756. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"MALWARE-OTHER Win.Trojan.Zeus Spam 2013 dated zip/exe HTTP Response - potential malware download"; flow:to_client,established; content:"-2013.zip|0D 0A|"; fast_pattern:only; content:"-2013.zip|0D 0A|"; http_header; content:"-"; within:1; distance:-14; http_header; file_data; content:"-2013.exe"; content:"-"; within:1; distance:-14; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/en/file/2eff3ee6ac7f5bf85e4ebcbe51974d0708cef666581ef1385c628233614b22c0/analysis/; classtype:trojan-activity; sid:26470; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 9630
  757. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_PCRE_PARSE(7)] - parse error, ret -1, string 1,=,3,0,relative,bitmask 0xF0
  758. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"OS-OTHER Intel x64 side-channel analysis information leak attempt"; flow:to_server,established; file_data; flowbits:isset,file.exe|file.elf; content:"|0F 01 F9|"; content:"|0F 01 F9|"; within:50; content:"|0F AE|"; byte_test:1,=,3,0,relative,bitmask 0xF0; content:"|0F AE|"; within:75; byte_test:1,=,3,0,relative,bitmask 0xF0; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service smtp; reference:cve,2017-5715; reference:cve,2017-5753; reference:cve,2017-5754; classtype:attempted-recon; sid:45443; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 9995
  759. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_PCRE_PARSE(7)] - parse error, ret -1, string 1,=,3,0,relative,bitmask 0xF0
  760. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET $FILE_DATA_PORTS -> $HOME_NET any (msg:"OS-OTHER Intel x64 side-channel analysis information leak attempt"; flow:to_client,established; file_data; flowbits:isset,file.exe|file.elf; content:"|0F 01 F9|"; content:"|0F 01 F9|"; within:50; content:"|0F AE|"; byte_test:1,=,3,0,relative,bitmask 0xF0; content:"|0F AE|"; within:75; byte_test:1,=,3,0,relative,bitmask 0xF0; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service ftp-data, service http, service imap, service pop3; reference:cve,2017-5715; reference:cve,2017-5753; reference:cve,2017-5754; classtype:attempted-recon; sid:45444; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 9996
  761. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'byte_math'.
  762. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop udp any any -> $HOME_NET 53 (msg:"PROTOCOL-DNS dnsmasq add_pseudoheader integer underflow attempt"; flow:to_server; byte_test:1,!&,0xF8,2; content:"|00 00 00 00 00 00|"; depth:6; offset:4; content:"|00 00 29|"; within:3; distance:2; content:"|FE|"; within:1; distance:8; byte_test:2,>,4,-3,relative; byte_math:bytes 2,offset -3,oper -,rvalue 4,result rdlen_minus_four,relative; byte_test:2,>,rdlen_minus_four,1,relative; metadata:policy max-detect-ips drop, policy security-ips drop, service dns; reference:cve,2017-14496; reference:url,security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html; classtype:attempted-admin; sid:44482; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 10595
  763. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'byte_math'.
  764. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $HOME_NET 4786 (msg:"SERVER-OTHER Cisco Smart Install invalid init discovery message denial of service attempt"; flow:to_server,established; content:"|00 00 00|"; depth:3; content:"|00 00 00 07|"; within:4; distance:5; fast_pattern; content:"|00 00 00 01|"; within:4; distance:4; byte_math:bytes 4,offset 0,oper +,rvalue 8,result sub_len_plus_eight,relative; byte_test:4,!=,sub_len_plus_eight,-8,relative; metadata:policy balanced-ips drop, policy connectivity-ips drop, policy max-detect-ips drop, policy security-ips drop; reference:cve,2018-0171; reference:url,tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2; classtype:attempted-dos; sid:46468; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 11097
  765. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_PCRE_PARSE(7)] - parse error, ret -1, string 1,=,0x05,6,relative,bitmask 0x14
  766. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"SERVER-SAMBA Samba unsigned connections attempt"; flow:to_server, established; content:"|FF|SMB"; depth:4; offset:4; byte_test:1,=,0x05,6,relative,bitmask 0x14; content:"|00 00 00 00 00 00 00 00|"; within:8; distance:10; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop; reference:cve,2017-12150; reference:url,samba.org/samba/security/CVE-2017-12150.html; classtype:attempted-user; sid:45074; rev:3;)" from file /usr/local/etc/suricata/rules/snort.rules at line 11121
  767. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_PCRE_PARSE(7)] - parse error, ret -1, string 1,=,1,2,relative,bitmask 0x01
  768. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"SERVER-SAMBA Samba tree connect andx memory corruption attempt"; flow:to_server,established; content:"|FF|SMB|75|"; fast_pattern:only; content:"|04 75 00|"; byte_test:1,=,1,2,relative,bitmask 0x01; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop; reference:cve,2017-14746; classtype:attempted-user; sid:45255; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 11122
  769. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - pcre with /R (relative) needs preceeding match in the same buffer
  770. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP Oracle GlassFish Server authentication bypass attempt"; flow:to_server,established; content:"GET"; nocase; http_method; content:"/applications/upload"; http_uri; pcre:"/^(Frame)?\.jsf/R"; content:!"JSESSIONID="; flowbits:set,glassfish_unauth_attempt; metadata:service http; reference:bugtraq,47438; reference:cve,2011-0807; classtype:attempted-admin; sid:20159; rev:8;)" from file /usr/local/etc/suricata/rules/snort.rules at line 11130
  771. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'http_raw_cookie'.
  772. 17/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP Multiple products DVR admin password leak attempt"; flow:to_server,established; content:"/device.rsp"; fast_pattern:only; http_uri; content:"uid="; http_raw_cookie; content:"cmd=list"; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service http; reference:cve,2018-9995; classtype:web-application-attack; sid:46825; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 11386
  773. 17/11/2018 -- 02:23:06 - <Config> - Loading rule file: /usr/local/etc/suricata/rules/et.rules
  774. 17/11/2018 -- 02:23:08 - <Config> - Loading rule file: /usr/local/etc/suricata/rules/feodo.rules
  775. 17/11/2018 -- 02:23:08 - <Config> - No rules loaded from feodo.rules.
  776. 17/11/2018 -- 02:23:08 - <Config> - Loading rule file: /usr/local/etc/suricata/rules/sslipblacklist.rules
  777. 17/11/2018 -- 02:23:08 - <Config> - No rules loaded from sslipblacklist.rules.
  778. 17/11/2018 -- 02:23:08 - <Config> - Loading rule file: /usr/local/etc/suricata/rules/sslblacklist.rules
  779. 17/11/2018 -- 02:23:08 - <Config> - No rules loaded from sslblacklist.rules.
  780. 17/11/2018 -- 02:23:08 - <Config> - Loading rule file: /usr/local/etc/suricata/rules/lists.rules
  781. 17/11/2018 -- 02:23:08 - <Config> - Loading rule file: /usr/local/etc/suricata/rules/zeus.rules
  782. 17/11/2018 -- 02:23:08 - <Info> - 7 rule files processed. 18072 rules successfully loaded, 205 rules failed
  783. 17/11/2018 -- 02:23:08 - <Info> - Threshold config parsed: 0 rule(s) found
  784. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for tcp-packet
  785. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for tcp-stream
  786. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for udp-packet
  787. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for other-ip
  788. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for http_uri
  789. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for http_request_line
  790. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for http_client_body
  791. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for http_response_line
  792. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for http_header
  793. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for http_header
  794. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for http_header_names
  795. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for http_header_names
  796. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for http_accept
  797. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for http_accept_enc
  798. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for http_accept_lang
  799. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for http_referer
  800. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for http_connection
  801. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for http_content_len
  802. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for http_content_len
  803. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for http_content_type
  804. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for http_content_type
  805. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for http_protocol
  806. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for http_protocol
  807. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for http_start
  808. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for http_start
  809. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for http_raw_header
  810. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for http_raw_header
  811. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for http_method
  812. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for http_cookie
  813. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for http_cookie
  814. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for http_raw_uri
  815. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for http_user_agent
  816. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for http_host
  817. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for http_raw_host
  818. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for http_stat_msg
  819. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for http_stat_code
  820. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for dns_query
  821. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for tls_sni
  822. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for tls_cert_issuer
  823. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for tls_cert_subject
  824. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for tls_cert_serial
  825. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for dce_stub_data
  826. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for dce_stub_data
  827. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for ssh_protocol
  828. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for ssh_protocol
  829. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for ssh_software
  830. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for ssh_software
  831. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for file_data
  832. 17/11/2018 -- 02:23:08 - <Perf> - using shared mpm ctx' for file_data
  833. 17/11/2018 -- 02:23:08 - <Info> - 18076 signatures processed. 17 are IP-only rules, 5774 are inspecting packet payload, 8364 inspect application layer, 0 are decoder event only
  834. 17/11/2018 -- 02:23:08 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
  835. 17/11/2018 -- 02:23:08 - <Perf> - TCP toserver: 101 port groups, 91 unique SGH's, 10 copies
  836. 17/11/2018 -- 02:23:08 - <Perf> - TCP toclient: 101 port groups, 61 unique SGH's, 40 copies
  837. 17/11/2018 -- 02:23:08 - <Perf> - UDP toserver: 83 port groups, 42 unique SGH's, 41 copies
  838. 17/11/2018 -- 02:23:08 - <Perf> - UDP toclient: 42 port groups, 20 unique SGH's, 22 copies
  839. 17/11/2018 -- 02:23:08 - <Perf> - OTHER toserver: 254 proto groups, 2 unique SGH's, 252 copies
  840. 17/11/2018 -- 02:23:08 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
  841. 17/11/2018 -- 02:23:09 - <Perf> - Unique rule groups: 216
  842. 17/11/2018 -- 02:23:09 - <Perf> - Builtin MPM "toserver TCP packet": 66
  843. 17/11/2018 -- 02:23:09 - <Perf> - Builtin MPM "toclient TCP packet": 31
  844. 17/11/2018 -- 02:23:09 - <Perf> - Builtin MPM "toserver TCP stream": 80
  845. 17/11/2018 -- 02:23:09 - <Perf> - Builtin MPM "toclient TCP stream": 47
  846. 17/11/2018 -- 02:23:09 - <Perf> - Builtin MPM "toserver UDP packet": 42
  847. 17/11/2018 -- 02:23:09 - <Perf> - Builtin MPM "toclient UDP packet": 19
  848. 17/11/2018 -- 02:23:09 - <Perf> - Builtin MPM "other IP packet": 2
  849. 17/11/2018 -- 02:23:09 - <Perf> - AppLayer MPM "toserver http_uri": 14
  850. 17/11/2018 -- 02:23:09 - <Perf> - AppLayer MPM "toserver http_client_body": 4
  851. 17/11/2018 -- 02:23:09 - <Perf> - AppLayer MPM "toserver http_header": 9
  852. 17/11/2018 -- 02:23:09 - <Perf> - AppLayer MPM "toclient http_header": 3
  853. 17/11/2018 -- 02:23:09 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
  854. 17/11/2018 -- 02:23:09 - <Perf> - AppLayer MPM "toserver http_cookie": 1
  855. 17/11/2018 -- 02:23:09 - <Perf> - AppLayer MPM "toclient http_cookie": 2
  856. 17/11/2018 -- 02:23:09 - <Perf> - AppLayer MPM "toserver http_raw_uri": 2
  857. 17/11/2018 -- 02:23:09 - <Perf> - AppLayer MPM "toserver http_user_agent": 2
  858. 17/11/2018 -- 02:23:09 - <Perf> - AppLayer MPM "toserver http_host": 1
  859. 17/11/2018 -- 02:23:09 - <Perf> - AppLayer MPM "toserver dns_query": 4
  860. 17/11/2018 -- 02:23:09 - <Perf> - AppLayer MPM "toserver dce_stub_data": 4
  861. 17/11/2018 -- 02:23:09 - <Perf> - AppLayer MPM "toserver file_data": 7
  862. 17/11/2018 -- 02:23:09 - <Perf> - AppLayer MPM "toclient file_data": 10
  863. 17/11/2018 -- 02:23:10 - <Info> - cleaning up signature grouping structure... complete
  864. 17/11/2018 -- 02:23:10 - <Notice> - rule reload complete
  865. 18/11/2018 -- 02:23:05 - <Notice> - rule reload starting
  866. 18/11/2018 -- 02:23:05 - <Info> - Including configuration file reputation.yaml.
  867. 18/11/2018 -- 02:23:05 - <Info> - Configuration node 'reputation-files' redefined.
  868. 18/11/2018 -- 02:23:05 - <Config> - pattern matchers: MPM: ac-ks, SPM: bm
  869. 18/11/2018 -- 02:23:05 - <Config> - toclient-groups 100
  870. 18/11/2018 -- 02:23:05 - <Config> - toserver-groups 100
  871. 18/11/2018 -- 02:23:05 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
  872. 18/11/2018 -- 02:23:05 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
  873. 18/11/2018 -- 02:23:05 - <Config> - prefilter engines: MPM
  874. 18/11/2018 -- 02:23:05 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/anonymizing_vpn_service.list
  875. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening ip rep file /usr/local/etc/suricata/iprep/anonymizing_vpn_service.list: No such file or directory
  876. 18/11/2018 -- 02:23:05 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/bitSight_search_engines.list
  877. 18/11/2018 -- 02:23:05 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/botIP-Baiduspider.list
  878. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening ip rep file /usr/local/etc/suricata/iprep/botIP-Baiduspider.list: No such file or directory
  879. 18/11/2018 -- 02:23:05 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/botIP1.list
  880. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening ip rep file /usr/local/etc/suricata/iprep/botIP1.list: No such file or directory
  881. 18/11/2018 -- 02:23:05 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/fake_crawler.list
  882. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening ip rep file /usr/local/etc/suricata/iprep/fake_crawler.list: No such file or directory
  883. 18/11/2018 -- 02:23:05 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/it_security_block.list
  884. 18/11/2018 -- 02:23:05 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/known_attack_source.list
  885. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening ip rep file /usr/local/etc/suricata/iprep/known_attack_source.list: No such file or directory
  886. 18/11/2018 -- 02:23:05 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/known_attack_source_mail.list
  887. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening ip rep file /usr/local/etc/suricata/iprep/known_attack_source_mail.list: No such file or directory
  888. 18/11/2018 -- 02:23:05 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/known_attack_source_ssh.list
  889. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening ip rep file /usr/local/etc/suricata/iprep/known_attack_source_ssh.list: No such file or directory
  890. 18/11/2018 -- 02:23:05 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/public_cgi_proxy.list
  891. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening ip rep file /usr/local/etc/suricata/iprep/public_cgi_proxy.list: No such file or directory
  892. 18/11/2018 -- 02:23:05 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/public_web_proxy.list
  893. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening ip rep file /usr/local/etc/suricata/iprep/public_web_proxy.list: No such file or directory
  894. 18/11/2018 -- 02:23:05 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/tor_exit_node.list
  895. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening ip rep file /usr/local/etc/suricata/iprep/tor_exit_node.list: No such file or directory
  896. 18/11/2018 -- 02:23:05 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/web_scraper.list
  897. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening ip rep file /usr/local/etc/suricata/iprep/web_scraper.list: No such file or directory
  898. 18/11/2018 -- 02:23:05 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/whitelist.list
  899. 18/11/2018 -- 02:23:05 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/reputation.list
  900. 18/11/2018 -- 02:23:05 - <Perf> - host memory usage: 366144 bytes, maximum: 33554432
  901. 18/11/2018 -- 02:23:05 - <Config> - Loading rule file: /usr/local/etc/suricata/rules/snort.rules
  902. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_NOT_IPV4_DGRAM"; sid:1; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode;)" from file /usr/local/etc/suricata/rules/snort.rules at line 1401
  903. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_DGRAM_LT_ICMPHDR"; sid:105; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1402
  904. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_DGRAM_LT_TIMESTAMPHDR"; sid:106; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1403
  905. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_DGRAM_LT_ADDRHDR"; sid:107; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1404
  906. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV4_DGRAM_UNKNOWN"; sid:108; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1405
  907. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ARP_TRUNCATED"; sid:109; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1406
  908. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_EAPOL_TRUNCATED"; sid:110; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1407
  909. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_EAPKEY_TRUNCATED"; sid:111; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1408
  910. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_EAP_TRUNCATED"; sid:112; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1409
  911. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_PPPOE"; sid:120; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1410
  912. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_VLAN"; sid:130; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1411
  913. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_VLAN_ETHLLC"; sid:131; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1412
  914. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_VLAN_OTHER"; sid:132; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1413
  915. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_80211_ETHLLC"; sid:133; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1414
  916. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_80211_OTHER"; sid:134; gid:116; rev:1; metadata:rule-type decode;classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1415
  917. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_TRH"; sid:140; gid:116; rev:1; metadata:rule-type decode;classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1416
  918. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_TR_ETHLLC"; sid:141; gid:116; rev:1; metadata:rule-type decode;classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1417
  919. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_TR_MR_LEN"; sid:142; gid:116; rev:1; metadata:rule-type decode;classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1418
  920. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_TRHMR"; sid:143; gid:116; rev:1; metadata:rule-type decode;classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1419
  921. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_TRAFFIC_LOOPBACK"; sid:150; gid:116; rev:1; metadata:rule-type decode;classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1420
  922. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_TRAFFIC_SAME_SRCDST"; sid:151; gid:116; rev:1; metadata:rule-type decode; reference:cve,1999-0016; reference:cve,2005-0688; reference:bugtraq,2666; reference:url,www.microsoft.com/technet/security/bulletin/ms05-019.mspx; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1421
  923. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_GRE_DGRAM_LT_GREHDR"; sid:160; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1422
  924. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_GRE_MULTIPLE_ENCAPSULATION"; sid:161; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1423
  925. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_GRE_INVALID_VERSION"; sid:162; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1424
  926. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_GRE_INVALID_HEADER"; sid:163; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1425
  927. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_GRE_V1_INVALID_HEADER"; sid:164; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1426
  928. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_GRE_TRANS_DGRAM_LT_TRANSHDR"; sid:165; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1427
  929. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_MPLS"; sid:170; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1428
  930. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_MPLS_LABEL0"; sid:171; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1429
  931. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_MPLS_LABEL1"; sid:172; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1430
  932. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_MPLS_LABEL2"; sid:173; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1431
  933. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_MPLS_LABEL3"; sid:174; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1432
  934. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_MPLS_RESERVEDLABEL"; sid:175; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1433
  935. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_MPLS_LABEL_STACK"; sid:176; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1434
  936. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV4_INVALID_HEADER_LEN"; sid:2; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1435
  937. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_ORIG_IP_TRUNCATED"; sid:250; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1436
  938. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_ORIG_IP_VER_MISMATCH"; sid:251; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1437
  939. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_ORIG_DGRAM_LT_ORIG_IP"; sid:252; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1438
  940. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_ORIG_PAYLOAD_LT_64"; sid:253; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1439
  941. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_ORIG_PAYLOAD_GT_576"; sid:254; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1440
  942. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_ORIG_IP_WITH_FRAGOFFSET"; sid:255; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1441
  943. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_MIN_TTL"; sid:270; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1442
  944. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_IS_NOT"; sid:271; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1443
  945. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_TRUNCATED_EXT"; sid:272; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1444
  946. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_TRUNCATED"; sid:273; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1445
  947. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_DGRAM_LT_IPHDR"; sid:274; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1446
  948. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_DGRAM_GT_IPHDR"; sid:275; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1447
  949. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_DST_ZERO"; sid:276; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1448
  950. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_SRC_MULTICAST"; sid:277; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1449
  951. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_DST_RESERVED_MULTICAST"; sid:278; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1450
  952. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_BAD_OPT_TYPE"; sid:279; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1451
  953. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_BAD_MULTICAST_SCOPE"; sid:280; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1452
  954. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_BAD_NEXT_HEADER"; sid:281; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1453
  955. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_ROUTE_AND_HOPBYHOP"; sid:282; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1454
  956. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_TWO_ROUTE_HEADERS"; sid:283; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1455
  957. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMPV6_TOO_BIG_BAD_MTU"; sid:285; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1456
  958. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMPV6_UNREACHABLE_BAD_CODE"; sid:286; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1457
  959. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMPV6_SOLICITATION_BAD_CODE"; sid:287; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1458
  960. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMPV6_ADVERT_BAD_CODE"; sid:288; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1459
  961. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMPV6_SOLICITATION_BAD_RESERVED"; sid:289; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1460
  962. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMPV6_ADVERT_BAD_REACHABLE"; sid:290; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1461
  963. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_TUNNELED_IPV4_TRUNCATED"; sid:291; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-dos; reference:cve,2008-2136; reference:bugtraq,29235; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1462
  964. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_DSTOPTS_WITH_ROUTING"; sid:292; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1463
  965. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP_MULTIPLE_ENCAPSULATION"; sid:293; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1464
  966. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ESP_HEADER_TRUNC"; sid:294; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1465
  967. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_BAD_OPT_LEN"; sid:295; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1466
  968. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_UNORDERED_EXTENSIONS"; sid:296; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1467
  969. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_GTP_MULTIPLE_ENCAPSULATION"; sid:297; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1468
  970. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_GTP_BAD_LEN_STR"; sid:298; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1469
  971. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV4_DGRAM_LT_IPHDR"; sid:3; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1470
  972. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV4OPT_BADLEN"; sid:4; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1471
  973. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_XMAS"; sid: 400; gid: 116; rev: 1; metadata: rule-type decode ; classtype:attempted-recon; reference:bugtraq,7700; reference:cve,2003-0393; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1472
  974. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_NMAP_XMAS"; sid: 401; gid: 116; rev: 1; metadata: rule-type decode ; classtype:attempted-recon; reference:bugtraq,7700; reference:cve,2003-0393; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1473
  975. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_DOS_NAPTHA"; sid: 402; gid: 116; rev: 1; metadata: rule-type decode ; classtype:attempted-dos; reference:bugtraq,2022; reference:cve,2000-1039; reference:nessus,275; reference:url,razor.bindview.com/publish/advisories/adv_NAPTHA.html; reference:url,www.cert.org/advisories/CA-2000-21.html; reference:url,www.microsoft.com/technet/security/bulletin/MS00-091.mspx; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1474
  976. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_SYN_TO_MULTICAST"; sid: 403; gid: 116; rev: 1; metadata: rule-type decode ; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1475
  977. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ZERO_TTL"; sid: 404; gid: 116; rev: 1; metadata: rule-type decode ; classtype:misc-activity; reference:url,support.microsoft.com/kb/q138268; reference:url,tools.ietf.org/html/rfc1122; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1476
  978. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_FRAGBITS"; sid: 405; gid: 116; rev: 1; metadata: rule-type decode ; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1477
  979. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_UDP_IPV6_ZERO_CHECKSUM"; sid:406; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1478
  980. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_LEN_OFFSET"; sid:407; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1479
  981. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_SRC_THIS_NET"; sid:408; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1480
  982. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_DST_THIS_NET"; sid:409; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1481
  983. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_SRC_MULTICAST"; sid:410; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1482
  984. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_SRC_RESERVED"; sid:411; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1483
  985. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_DST_RESERVED"; sid:412; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1484
  986. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_SRC_BROADCAST"; sid:413; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1485
  987. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_DST_BROADCAST"; sid:414; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1486
  988. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP4_DST_MULTICAST"; sid:415; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1487
  989. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP4_DST_BROADCAST"; sid:416; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1488
  990. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP4_TYPE_OTHER"; sid:418; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1489
  991. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_BAD_URP"; sid:419; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1490
  992. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_SYN_FIN"; sid:420; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1491
  993. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_SYN_RST"; sid:421; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1492
  994. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_MUST_ACK"; sid:422; gid:116; rev:2; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1493
  995. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_NO_SYN_ACK_RST"; sid:423; gid:116; rev:2; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1494
  996. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ETH_HDR_TRUNC"; sid:424; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1495
  997. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_HDR_TRUNC"; sid:425; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1496
  998. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP4_HDR_TRUNC"; sid:426; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1497
  999. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP6_HDR_TRUNC"; sid:427; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1498
  1000. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_MIN_TTL"; sid:428; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1499
  1001. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP6_ZERO_HOP_LIMIT"; sid:429; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1500
  1002. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_DF_OFFSET"; sid:430; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1501
  1003. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP6_TYPE_OTHER"; sid:431; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1502
  1004. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP6_DST_MULTICAST"; sid:432; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1503
  1005. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_SHAFT_SYNFLOOD"; sid:433; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-dos; reference:cve,2000-0138; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1504
  1006. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_PING_NMAP"; sid:434; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1505
  1007. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_ICMPENUM"; sid:435; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1506
  1008. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_REDIRECT_HOST"; sid:436; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1507
  1009. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_REDIRECT_NET"; sid:437; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1508
  1010. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_TRACEROUTE_IPOPTS"; sid:438; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1509
  1011. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_SOURCE_QUENCH"; sid:439; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1510
  1012. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_BROADSCAN_SMURF_SCANNER"; sid:440; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1511
  1013. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_DST_UNREACH_ADMIN_PROHIBITED"; sid:441; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1512
  1014. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_DST_UNREACH_DST_HOST_PROHIBITED"; sid:442; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1513
  1015. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_DST_UNREACH_DST_NET_PROHIBITED"; sid:443; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1514
  1016. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP_OPTION_SET"; sid:444; gid:116; rev:1; metadata:rule-type decode; classtype: bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1515
  1017. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_UDP_LARGE_PACKET"; sid:445; gid:116; rev:1; metadata:rule-type decode; classtype: bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1516
  1018. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_PORT_ZERO"; sid:446; gid:116; rev:1; metadata:rule-type decode; classtype: misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1517
  1019. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_UDP_PORT_ZERO"; sid:447; gid:116; rev:1; metadata:rule-type decode; classtype: misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1518
  1020. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP_RESERVED_FRAG_BIT"; sid:448; gid:116; rev:1; metadata:rule-type decode; classtype: misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1519
  1021. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP_UNASSIGNED_PROTO"; sid:449; gid:116; rev:1; metadata:rule-type decode; classtype: non-standard-protocol; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1520
  1022. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_DGRAM_LT_TCPHDR"; sid:45; gid:116; rev:1; metadata:rule-type decode;classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1521
  1023. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP_BAD_PROTO"; sid:450; gid:116; rev:1; metadata:rule-type decode; classtype: non-standard-protocol; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1522
  1024. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_PATH_MTU_DOS"; sid:451; gid:116; rev:1; metadata:rule-type decode; reference:bugtraq,13124; reference:cve,2004-1060; classtype:attempted-dos;)" from file /usr/local/etc/suricata/rules/snort.rules at line 1523
  1025. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_DOS_ATTEMPT"; sid:452; gid:116; rev:1; metadata:rule-type decode; reference:url,www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.3; reference:cve,2006-0454; reference:bugtraq,16532; classtype:denial-of-service;)" from file /usr/local/etc/suricata/rules/snort.rules at line 1524
  1026. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_ISATAP_SPOOF"; sid:453; gid:116; rev:1; metadata:rule-type decode; reference:cve,2010-0812; reference:url,www.microsoft.com/technet/security/bulletin/MS10-029.mspx; classtype:misc-attack; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1525
  1027. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_PGM_NAK_OVERFLOW"; sid:454; gid:116; rev:1; metadata:rule-type decode; reference:url,www.microsoft.com/technet/security/bulletin/ms06-052.mspx; reference:cve,2006-3442; reference:bugtraq,19922; classtype:attempted-admin; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1526
  1028. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IGMP_OPTIONS_DOS"; sid:455; gid:116; rev:1; metadata:rule-type decode; reference:url,www.microsoft.com/technet/security/bulletin/ms06-007.mspx; reference:cve,2006-0021; reference:bugtraq,16645; classtype:attempted-dos; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1527
  1029. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP6_EXCESS_EXT_HDR"; sid:456; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1528
  1030. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMPV6_UNREACHABLE_NON_RFC_4443_CODE"; sid:457; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1529
  1031. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_BAD_FRAG_PKT"; sid:458; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1530
  1032. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ZERO_LENGTH_FRAG"; sid:459; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1531
  1033. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_INVALID_OFFSET"; sid:46; gid:116; rev:1; metadata:rule-type decode; reference:cve,2004-0816; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1532
  1034. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMPV6_SOLICITATION_BAD_CODE"; sid:460; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1533
  1035. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_ROUTE_ZERO"; sid:461; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1534
  1036. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ERSPAN_HDR_VERSION_MISMATCH_STR"; sid:462; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1535
  1037. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ERSPAN2_DGRAM_LT_HDR_STR"; sid:463; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1536
  1038. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ERSPAN3_DGRAM_LT_HDR_STR"; sid:464; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1537
  1039. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_LARGE_OFFSET"; sid:47; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1538
  1040. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV4OPT_TRUNCATED"; sid:5; gid:116; rev:1; metadata:rule-type decode; reference:cve,2005-0048; reference:url,www.microsoft.com/technet/security/bulletin/ms05-019.mspx; classtype:protocol-command-decode;)" from file /usr/local/etc/suricata/rules/snort.rules at line 1539
  1041. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCPOPT_BADLEN"; sid:54; gid:116; rev:1; metadata:rule-type decode; reference:bugtraq,14811; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1540
  1042. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCPOPT_TRUNCATED"; sid:55; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1541
  1043. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCPOPT_TTCP"; sid:56; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1542
  1044. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCPOPT_OBSOLETE"; sid:57; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1543
  1045. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCPOPT_EXPERIMENT"; sid:58; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1544
  1046. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCPOPT_WSCALE_INVALID"; sid:59; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1545
  1047. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV4_DGRAM_GT_IPHDR"; sid:6; gid:116; rev:1; metadata:rule-type decode;classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1546
  1048. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_UDP_DGRAM_LT_UDPHDR"; sid:95; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1547
  1049. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_UDP_DGRAM_INVALID_LENGTH"; sid:96; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1548
  1050. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_UDP_DGRAM_SHORT_PACKET"; sid:97; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1549
  1051. 18/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_UDP_DGRAM_LONG_PACKET"; sid:98; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1550
  1052. 18/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_header" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  1053. 18/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"EXPLOIT-KIT Flashpack/Safe/CritX exploit kit executable download"; flow:to_client,established; file_data; content:"filename="; http_header; content:".exe"; within:4; distance:24; pcre:"/filename\=[a-z0-9]{24}\.exe/H"; metadata:policy balanced-ips drop, policy security-ips drop, service http; reference:url,www.malwaresigs.com/2013/06/06/flashpack-exploit-kit-safepack/; classtype:trojan-activity; sid:26891; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 1718
  1054. 18/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_header" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  1055. 18/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"EXPLOIT-KIT Flashpack/Safe/CritX exploit kit jar file download"; flow:to_client,established; file_data; content:"filename="; http_header; content:".jar"; within:4; distance:24; pcre:"/filename\=[a-z0-9]{24}\.jar/H"; metadata:policy balanced-ips drop, policy security-ips drop, service http; reference:url,www.malwaresigs.com/2013/06/06/flashpack-exploit-kit-safepack/; classtype:trojan-activity; sid:26892; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 1719
  1056. 18/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  1057. 18/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"EXPLOIT-KIT Flim exploit kit landing page"; flow:to_client,established; file_data; dsize:<400; content:"<html><body><script>"; content:"var"; within:3; distance:1; content:"document.createElement"; content:"iframe"; within:6; distance:2; content:".setAttribute("; distance:0; content:"document.body.appendChild("; distance:0; fast_pattern; pcre:"/var\s+(?P<variable>\w+)\=document\.createElement.*?\x3b(?P=variable)\.setAttribute.*?document\.body\.appendChild\x28(?P=variable)\x29/i"; metadata:policy balanced-ips drop, policy security-ips drop, service http; classtype:trojan-activity; sid:26961; rev:3;)" from file /usr/local/etc/suricata/rules/snort.rules at line 1732
  1058. 18/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  1059. 18/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET $FILE_DATA_PORTS -> $HOME_NET any (msg:"FILE-FLASH Adobe Flash Player malformed ATF file length load buffer overflow attempt"; flow:to_client,established; flowbits:isset,file.atf; file_data; content:"ATF"; depth:3; content:"|FF|"; within:1; distance:3; dsize:<1201; byte_extract:4,1,file_length,relative; isdataat:!file_length,relative; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service ftp-data, service http, service imap, service pop3; reference:cve,2016-4138; reference:cve,2017-2933; reference:url,helpx.adobe.com/security/products/flash-player/apsb16-18.html; reference:url,helpx.adobe.com/security/products/flash-player/apsb17-02.html; classtype:attempted-user; sid:39308; rev:3;)" from file /usr/local/etc/suricata/rules/snort.rules at line 3281
  1060. 18/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  1061. 18/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"FILE-FLASH Adobe Flash Player malformed ATF file length load buffer overflow attempt"; flow:to_server,established; flowbits:isset,file.atf; file_data; content:"ATF"; depth:3; content:"|FF|"; within:1; distance:3; dsize:<1201; byte_extract:4,1,file_length,relative; isdataat:!file_length,relative; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service smtp; reference:cve,2016-4138; reference:cve,2017-2933; reference:url,helpx.adobe.com/security/products/flash-player/apsb16-18.html; reference:url,helpx.adobe.com/security/products/flash-player/apsb17-02.html; classtype:attempted-user; sid:39309; rev:3;)" from file /usr/local/etc/suricata/rules/snort.rules at line 3282
  1062. 18/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  1063. 18/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt"; flow:to_server,established; content:"|5C 5C 2E 5C|localhost"; fast_pattern:only; content:".swf?"; nocase; http_raw_uri; content:"|5C 5C 2E 5C|localhost"; distance:0; nocase; http_raw_uri; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service http; reference:cve,2016-4178; reference:url,helpx.adobe.com/security/products/flash-player/apsb16-25.html; classtype:attempted-user; sid:39540; rev:3;)" from file /usr/local/etc/suricata/rules/snort.rules at line 3297
  1064. 18/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  1065. 18/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt"; flow:to_server,established; content:"|5C 5C 2E 5C|127.0.0.1"; fast_pattern:only; content:".swf?"; nocase; http_raw_uri; content:"|5C 5C 2E 5C|127.0.0.1"; distance:0; http_raw_uri; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service http; reference:cve,2016-4178; reference:url,helpx.adobe.com/security/products/flash-player/apsb16-25.html; classtype:attempted-user; sid:39543; rev:3;)" from file /usr/local/etc/suricata/rules/snort.rules at line 3300
  1066. 18/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_method" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  1067. 18/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected"; flow:to_server,established; file_data; content:"POST"; http_method; content:"|00 09 00 00|"; depth:5; offset:1; fast_pattern; content:!"|00|"; depth:1; byte_test:1,<=,2,0; flowbits:set,file.wmf; flowbits:noalert; metadata:service http; reference:url,en.wikipedia.org/wiki/.wmf; classtype:misc-activity; sid:43364; rev:3;)" from file /usr/local/etc/suricata/rules/snort.rules at line 4557
  1068. 18/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'byte_math'.
  1069. 18/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET $FILE_DATA_PORTS -> $HOME_NET any (msg:"FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawRects record out of bounds read attempt"; flow:to_client,established; file_data; content:"|46 00 00 00|"; content:"|45 4D 46 2B|"; within:4; distance:8; fast_pattern; content:"|0B 40|"; distance:0; content:"|02|"; within:1; distance:1; byte_math:bytes 4,offset 4,oper /,rvalue 16,result total_rects,relative,endian little; byte_test:4,>,total_rects,8,relative,little; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service ftp-data, service http, service imap, service pop3; reference:cve,2018-4896; reference:url,helpx.adobe.com/security/products/acrobat/apsb18-02.html; classtype:attempted-user; sid:45819; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 5612
  1070. 18/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'byte_math'.
  1071. 18/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawRects record out of bounds read attempt"; flow:to_server,established; file_data; content:"|46 00 00 00|"; content:"|45 4D 46 2B|"; within:4; distance:8; fast_pattern; content:"|0B 40|"; distance:0; content:"|00|"; within:1; distance:1; byte_math:bytes 4,offset 4,oper /,rvalue 8,result total_rects,relative,endian little; byte_test:4,>,total_rects,8,relative,little; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service smtp; reference:cve,2018-4896; reference:url,helpx.adobe.com/security/products/acrobat/apsb18-02.html; classtype:attempted-user; sid:45820; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 5613
  1072. 18/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'byte_math'.
  1073. 18/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET $FILE_DATA_PORTS -> $HOME_NET any (msg:"FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawRects record out of bounds read attempt"; flow:to_client,established; file_data; content:"|46 00 00 00|"; content:"|45 4D 46 2B|"; within:4; distance:8; fast_pattern; content:"|0B 40|"; distance:0; content:"|00|"; within:1; distance:1; byte_math:bytes 4,offset 4,oper /,rvalue 8,result total_rects,relative,endian little; byte_test:4,>,total_rects,8,relative,little; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service ftp-data, service http, service imap, service pop3; reference:cve,2018-4896; reference:url,helpx.adobe.com/security/products/acrobat/apsb18-02.html; classtype:attempted-user; sid:45821; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 5614
  1074. 18/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'byte_math'.
  1075. 18/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawRects record out of bounds read attempt"; flow:to_server,established; file_data; content:"|46 00 00 00|"; content:"|45 4D 46 2B|"; within:4; distance:8; fast_pattern; content:"|0B 40|"; distance:0; content:"|02|"; within:1; distance:1; byte_math:bytes 4,offset 4,oper /,rvalue 16,result total_rects,relative,endian little; byte_test:4,>,total_rects,8,relative,little; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service smtp; reference:cve,2018-4896; reference:url,helpx.adobe.com/security/products/acrobat/apsb18-02.html; classtype:attempted-user; sid:45822; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 5615
  1076. 18/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - pcre with /R (relative) needs preceeding match in the same buffer
  1077. 18/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Koobface variant outbound connection"; flow:to_server,established; content:"GET"; http_method; content:"/cap/?a=get&i="; nocase; http_uri; pcre:"/\d+&/miR"; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,threatexpert.com/report.aspx?md5=efbc47d5e8f3ed68a13968cda586d68d; classtype:trojan-activity; sid:16484; rev:9;)" from file /usr/local/etc/suricata/rules/snort.rules at line 6471
  1078. 18/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - pcre with /R (relative) needs preceeding match in the same buffer
  1079. 18/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Swisyn variant outbound connection"; flow:to_server,established; content:"POST"; nocase; http_method; content:"|0A|User-Agent|3A 20|tiehttp"; fast_pattern; nocase; http_header; content:"Content-Disposition|3A 20|"; nocase; http_client_body; content:"form-data|3B| name=|22|filename|22|"; distance:0; nocase; http_client_body; content:"|0D 0A 0D 0A|"; within:4; http_client_body; pcre:"/^\d{0,10}_passes_\d{1,10}\.xm/iR"; metadata:policy balanced-ips drop, policy security-ips drop, service http; reference:url,www.virustotal.com/#/file/f9775d5fc61ec53a7cab4b432ec2d227/detection; classtype:trojan-activity; sid:21760; rev:6;)" from file /usr/local/etc/suricata/rules/snort.rules at line 6685
  1080. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  1081. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET 1024:65535 (msg:"MALWARE-CNC Win.Trojan.Fakeavlock variant outbound connection"; flow:to_server,established; dsize:267<>276; content:"User-Agent|3A| Mozilla/5.0 (Windows|3B| U|3B| MSIE 9.0|3B| Windows NT 9.0|3B| en-US)|0D 0A|"; fast_pattern:only; http_header; urilen:159; pcre:"/\x2f[A-F0-9]{158}/U"; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/file/c49f7dbc036ad0a86df02cbbde00cb3b3fbd651d82f6c9c5a98170644374f64f/analysis/; classtype:trojan-activity; sid:25675; rev:7;)" from file /usr/local/etc/suricata/rules/snort.rules at line 6868
  1082. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  1083. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Bancos fake JPG encrypted config file download"; flow:to_server,established; content:".com.br|0D 0A 0D 0A|"; fast_pattern:only; content:"/imagens/"; depth:9; http_uri; content:".jpg"; distance:0; http_uri; pcre:"/\.jpg\x20HTTP\/1\.[01]\r\nUser\x2dAgent\x3a\x20[a-z]+\r\nHost\x3a\x20[a-z0-9\x2d\x2e]+\.com\.br\r\n\r\n$/"; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; classtype:trojan-activity; sid:26722; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 6935
  1084. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  1085. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win32/Autorun.JN variant outbound connection"; flow:to_server,established; dsize:142; urilen:8; content:"/u5.htm"; fast_pattern:only; http_uri; content:"//u5.htm"; http_raw_uri; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Worm%3AWin32%2FAutorun.JN; reference:url,www.virustotal.com/en/file/36144738373c665d262bc007fceaeb9613e59ec29ea3d7424dd9f400af2c0f06/analysis/; classtype:trojan-activity; sid:26966; rev:3;)" from file /usr/local/etc/suricata/rules/snort.rules at line 6996
  1086. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_header" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  1087. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"MALWARE-CNC Osx.Trojan.Janicab runtime traffic detected"; flow:to_client,established; file_data; content:"content=|22|just something i made up for fun, check out my website at"; fast_pattern:only; content:"X-YouTube-Other-Cookies:"; nocase; http_header; metadata:impact_flag red, policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service http; reference:cve,2012-0158; reference:url,www.virustotal.com/file/3bc13adad9b7b60354d83bc27a507864a2639b43ec835c45d8b7c565e81f1a8f/analysis/; classtype:trojan-activity; sid:27544; rev:3;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7024
  1088. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  1089. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET 80 (msg:"MALWARE-CNC Win.Trojan.Conficker variant outbound connection"; flow:to_server,established; dsize:146; urilen:1; content:"GET / HTTP/1.1|0D 0A|User-Agent: Mozilla/4.0 (compatible|3B| MSIE 7.0|3B| Windows NT 5.1|3B| Trident/4.0)|0D 0A|Host: checkip.dyndns.org|0D 0A|Cache-Control: no-cache|0D 0A 0D 0A|"; fast_pattern:only; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.sans.org/security-resources/malwarefaq/conficker-worm.php; classtype:trojan-activity; sid:28542; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7171
  1090. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  1091. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET 80 (msg:"MALWARE-CNC Win.Trojan.Conficker variant outbound connection"; flow:to_server,established; dsize:139; urilen:1; content:"GET / HTTP/1.1|0D 0A|User-Agent: Mozilla/4.0 (compatible|3B| MSIE 7.0|3B| Windows NT 5.1|3B| Trident/4.0)|0D 0A|Host: www.ask.com|0D 0A|Cache-Control: no-cache|0D 0A 0D 0A|"; fast_pattern:only; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.sans.org/security-resources/malwarefaq/conficker-worm.php; classtype:trojan-activity; sid:28543; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7172
  1092. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  1093. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Injector variant outbound connection"; flow:to_server,established; urilen:9; content:"/load.exe HTTP/1.1|0D 0A|User-Agent: Mozilla/"; fast_pattern:only; content:"|3B 20|MSIE|20|"; http_header; content:")|0D 0A|Host: "; distance:0; http_header; content:!"Accept"; http_header; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,urlquery.net/search.php?q=%5C%2Fload%5C.exe%24&type=regexp&start=2013-08-24&end=2013-11-22&max=400; reference:url,www.virustotal.com/en/file/032572ea1f34a060ecac98a8e2899dc0f2a41dff199e879050481ddd3818b4d0/analysis/; classtype:trojan-activity; sid:28807; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7196
  1094. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  1095. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Chewbacca outbound connection"; flow:to_server,established; urilen:4; dsize:<200; content:"/ip/"; depth:4; fast_pattern; http_uri; content:"Keep-Alive|3A 20|300|0D 0A|"; http_header; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,threatpost.com/chewbacca-latest-malware-to-take-a-liking-to-tor/103220; reference:url,www.securelist.com/en/blog/208214185/ChewBacca_a_new_episode_of_Tor_based_Malware; classtype:trojan-activity; sid:29440; rev:5;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7347
  1096. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  1097. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.WEC variant outbound connection"; flow:to_server,established; dsize:69; urilen:1; content:"GET / HTTP/1.1|0D 0A|User-Agent: Mozilla/4.0|0D 0A|Host: checkip.dyndns.org|0D 0A 0D 0A|"; fast_pattern:only; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/en/file/164c792247b2822ab1dce8271a9498d3c9172ff21d36feccf83265ded1be8d0b/analysis/; classtype:trojan-activity; sid:29882; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7401
  1098. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  1099. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Bancos variant outbound connection"; flow:to_server,established; content:"Content-Length: 166"; content:".php HTTP/1.1|0D 0A|Accept: */*|0D 0A|Content-Type: application/x-www-form-urlencoded|0D 0A|User-Agent: Mozilla/5.0 (Windows NT 6.1|3B| Trident/7.0|3B| rv:11.0) like Gecko|0D 0A|Host: "; fast_pattern:only; content:"v="; depth:2; http_client_body; content:"&c="; within:7; http_client_body; pcre:"/\x3d\x3d$/P"; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/en/file/51540d7c9a4bc2a430bc50c85cf9cec5c6f2bb755e800a3f3575ba34fe5f008c/analysis; classtype:trojan-activity; sid:29895; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7406
  1100. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Can't use file_data with flow:to_server or flow:from_client with http.
  1101. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC ANDR.Trojan.FakeApp outbound connection"; flow:established, to_server; content:"/cp/server.php"; fast_pattern:only; http_uri; content:"Content-Type: multipart/form-data|3B| boundary=Aab03x"; http_header; content:"User-Agent: Dalvik"; http_header; file_data; content:"AaB03x"; content:"name=|22|phone"; distance:0; content:"name=|22|type"; distance:0; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,securityaffairs.co/wordpress/22465/cyber-crime/banking-trojan-hit-islamic-mobile.html; reference:url,www.virustotal.com/file/66911EE32FC4777BB9272F9BE9EB8970B39440768B612FBAB4AC01D8E23F9AA1/analysis/; classtype:trojan-activity; sid:29978; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7421
  1102. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  1103. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Critroni outbound connection"; flow:to_server,established; dsize:174; urilen:1; content:"/"; http_uri; content:"Host|3A| ip.telize.com|0D 0A|Accept|3A| */*|0D 0A|User-Agent|3A| Mozilla/5.0 |28|Windows NT 6.1|3B| WOW64|29| AppleWebKit/537.36 |28|KHTML, like Gecko|29| Chrome/31.0.1650.63 Safari/537.36"; fast_pattern:only; http_header; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,www.virustotal.com/en/file/b3c92d7a9dead6011f3c99829c745c384dd776d88f57bbd60bc4f9d66641819b/analysis/; classtype:trojan-activity; sid:31718; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7679
  1104. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  1105. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Expiro outbound connection"; flow:to_server,established; dsize:<200; content:"POST"; http_method; content:"User-Agent|3A| Mozilla/"; http_header; content:"ompatible|3B| MSIE 31|3B| "; within:20; distance:6; fast_pattern; http_header; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,www.virustotal.com/en/file/f5c716890a2a76785d53e8f9a5db2268501a30df807df4c4323967672efe452c/analysis/; classtype:trojan-activity; sid:31813; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7690
  1106. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  1107. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Rehtesyk outbound connection"; flow:to_server,established; content:"User-Agent: Firefox|0D 0A|"; fast_pattern:only; content:"first="; depth:6; http_client_body; content:"&data="; within:7; http_client_body; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,www.virustotal.com/en/file/b1347df8f8940039cb68bd4e2568e8c68b1f1a0067ac9a0fb1a5f1aef2df61ea/analysis/; classtype:trojan-activity; sid:32311; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7822
  1108. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_header" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  1109. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt"; flow:to_client,established; file_data; dsize:<194; content:"INTERNACIONAL"; depth:13; content:!"Content-Length"; http_header; content:"Transfer-Encoding: chunked"; http_header; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/en/file/e0290c3900445dc00ca24888924e37fa6ac17ecaddc60591e32b81536b9f5ef7/analysis/; classtype:trojan-activity; sid:32607; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7883
  1110. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_header" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  1111. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt"; flow:to_client,established; file_data; dsize:<194; content:"BRASIL"; depth:6; content:!"Content-Length"; http_header; content:"Transfer-Encoding: chunked"; http_header; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/en/file/e0290c3900445dc00ca24888924e37fa6ac17ecaddc60591e32b81536b9f5ef7/analysis/; classtype:trojan-activity; sid:32608; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7884
  1112. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  1113. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET 8080 (msg:"MALWARE-CNC Win.Trojan.Androm variant outbound connection"; flow:to_server,established; content:"Mozilla/4.0 (compatible|3B|MSIE 7.0|3B|Windows NT 6.0)"; fast_pattern:only; http_header; content:"/"; depth:1; offset:9; http_uri; content:"/"; within:1; distance:8; http_uri; content:"Host:"; http_header; content:":8080"; within:30; http_header; content:"POST"; http_method; dsize:<480; pcre:"/^\/[a-f0-9]{8}\/[a-f0-9]{8}\/$/iU"; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,www.virustotal.com/file/27c298c77e16bbc3f056653034c2d918418f877bb0193a9ca533b5527d830a94/analysis/; classtype:trojan-activity; sid:32770; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7904
  1114. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  1115. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Agent.BHHK variant outbound connection"; flow:to_server,established; dsize:136; urilen:1; content:"GET / HTTP/1.1|0D 0A|User-Agent: Mozilla/4.0 (compatible|3B| MSIE 7.0|3B| Windows NT 6.0)|0D 0A|Host: windowsupdate.microsoft.com|0D 0A|Connection: Close|0D 0A 0D 0A|"; fast_pattern:only; content:!"Accept"; http_header; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/en/file/cab1fffe7a34b5bb7dab2cacd406cf15628d835ab63502d28df78c2faeaad366/analysis/1421677054/; classtype:trojan-activity; sid:33227; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7967
  1116. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  1117. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.FileEncoder IP geolocation checkin attempt"; flow:to_server,established; dsize:214; urilen:1; content:"GET / HTTP/1.1|0D 0A|User-Agent: Mozilla/4.0 (compatible|3B| MSIE 6.0|3B| Windows NT 5.1|3B| SV1|3B| .NET4.0C|3B| .NET4.0E|3B| .NET CLR 2.0.50727|3B| .NET CLR 3.0.4506.2152|3B| .NET CLR 3.5.30729)|0D 0A|Host: ip-addr.es|0D 0A|Cache-Control: no-cache|0D 0A 0D 0A|"; fast_pattern:only; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/en/file/17edf82c40df6c7268191def7cbff6e60e78d7388018408800d42581567f78cf/analysis/; classtype:trojan-activity; sid:33449; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 8017
  1118. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  1119. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Panskeg outbound connection"; flow:to_server,established; file_data; dsize:10; content:"|79 40 1F F2 03 3C 20 00 00 00|"; fast_pattern:only; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop; reference:url,virustotal.com/en/file/81c6fa11d46bf173932b067c32a852f048ba51873210c3e24ac367c95e799e42/analysis/; classtype:trojan-activity; sid:36610; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 8420
  1120. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  1121. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Teabevil variant outbound connection"; flow:to_server,established; content:"&vs="; fast_pattern:only; content:"/script"; http_uri; urilen:7; content:"CONTENT-TYPE:"; http_header; content:"v="; nocase; http_client_body; content:"&id="; distance:0; nocase; http_client_body; content:"&uid="; distance:0; nocase; http_client_body; content:"&vs="; distance:0; nocase; http_client_body; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,virustotal.com/en/file/9bcf7fbd2123d7085ce5e3e699c9347c48f4c2ec6f26371852a01cf597a96968/analysis/; classtype:trojan-activity; sid:36629; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 8427
  1122. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  1123. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Teabevil variant outbound connection"; flow:to_server,established; content:"&syspath="; fast_pattern:only; content:"/script"; http_uri; urilen:7; content:"CONTENT-TYPE:"; http_header; content:"&macid="; nocase; http_client_body; content:"&os1="; distance:0; nocase; http_client_body; content:"&os2="; distance:0; nocase; http_client_body; content:"&syspath="; distance:0; nocase; http_client_body; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,virustotal.com/en/file/9bcf7fbd2123d7085ce5e3e699c9347c48f4c2ec6f26371852a01cf597a96968/analysis/; classtype:trojan-activity; sid:36630; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 8428
  1124. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  1125. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET [25] (msg:"MALWARE-CNC Win.Trojan.Trochulis variant outbound connection"; flow:to_server,established; file_data; content:"|BF BF AF AF 7E 00 00 00|"; fast_pattern:only; dsize:8; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop; reference:url,www.virustotal.com/en/file/da6905d96cc860b443deb5f27271a2cfb2ce17f067a59ca7f0fd12c1d70c4372/analysis/; classtype:trojan-activity; sid:37370; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 8492
  1126. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  1127. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.GateKeylogger initial exfiltration attempt"; flow:to_server,established; content:"/gate.php"; fast_pattern:only; content:"pc="; nocase; http_client_body; content:"&admin="; distance:0; nocase; http_client_body; content:"&os="; distance:0; nocase; http_client_body; content:"&hid="; distance:0; nocase; http_client_body; content:"&arc="; distance:0; nocase; http_client_body; content:"User-Agent|3A 20|"; http_header; pcre:"/User-Agent\x3a\x20[A-F0-9]{32}\x0d\x0a/H"; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/en/file/77c802db1731fa8dae1b03d978f89b046309adfa1237b1497a69ccb9c2d82c16/analysis/1459520578/; classtype:trojan-activity; sid:38562; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 8560
  1128. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_stat_code" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  1129. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"MALWARE-CNC Win.Trojan.GateKeylogger fake 404 response"; flow:to_client,established; file_data; content:"200"; http_stat_code; content:"OK"; http_stat_msg; content:">404 Not Found<"; fast_pattern:only; content:" requested URL / was not found "; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/en/file/77c802db1731fa8dae1b03d978f89b046309adfa1237b1497a69ccb9c2d82c16/analysis/1459520578/; classtype:trojan-activity; sid:38563; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 8561
  1130. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  1131. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Helminth variant outbound connection"; flow:to_server,established; content:"UIET9fWR"; fast_pattern:only; content:"User-Agent: Mozilla/5.0"; http_header; content:"|20|Trident/5.0|0D 0A|"; within:14; distance:39; http_header; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,www.virustotal.com/en/file/632be0a3d8d298f2ded928a4ac27846904ed842ad08b355acab53132d31eaf24/analysis/; classtype:trojan-activity; sid:39176; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 8624
  1132. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_client_body" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  1133. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Unix.Trojan.Erebus variant outbound connection"; flow:to_server,established; file_data; urilen:1; content:"h="; depth:2; http_client_body; content:"&v="; within:3; distance:8; http_client_body; content:"&k="; within:3; distance:3; fast_pattern; http_client_body; content:"Expect|3A| 100-continue|0D 0A 0D 0A|"; http_header; content:!"User-Agent"; http_header; metadata:impact_flag red, policy balanced-ips alert, policy security-ips alert, service http; reference:url,virustotal.com/en/file/0b7996bca486575be15e68dba7cbd802b1e5f90436ba23f802da66292c8a055f/analysis/; classtype:trojan-activity; sid:43351; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 8955
  1134. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  1135. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Osx.Trojan.OceanLotus outbound connection attempt"; flow:to_server,established; content:"/sigstore.db?"; fast_pattern:only; content:"k="; http_uri; content:"?q="; distance:0; http_uri; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.alienvault.com/blogs/labs-research/oceanlotus-for-os-x-an-application-bundle-pretending-to-be-an-adobe-flash-update; classtype:trojan-activity; sid:45400; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 9153
  1136. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_method" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  1137. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Rarog outbound communication attempt"; flow:to_server,established; file_data; content:"POST"; nocase; http_method; content:"/2.0/method/"; depth:12; nocase; http_uri; pcre:"/\/2\.0\/method\/(checkConnection|config|delay|error|get|info|setOnline|update)/iU"; metadata:impact_flag red, policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service http; classtype:trojan-activity; sid:46238; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 9247
  1138. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_method" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  1139. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Rarog outbound communication attempt"; flow:to_server,established; file_data; content:"POST"; nocase; http_method; content:"/4.0/method/"; depth:12; nocase; http_uri; pcre:"/\/4\.0\/method\/(check|cores|installSuccess|modules|threads|blacklist)/iU"; metadata:impact_flag red, policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service http; classtype:trojan-activity; sid:46239; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 9248
  1140. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_header" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  1141. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Rarog user-agent outbound communication attempt"; flow:to_server,established; file_data; content:"User-Agent"; nocase; http_header; content:"Rarog"; within:200; fast_pattern; nocase; http_header; pcre:"/User-Agent\s*:[^\r\n]*Rarog/iH"; metadata:impact_flag red, policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service http; classtype:trojan-activity; sid:46240; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 9249
  1142. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_uri" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  1143. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"MALWARE-CNC Outbound malicious vbscript attempt"; flow:to_server,established; file_data; content:"/ilha/"; fast_pattern; nocase; http_uri; content:"logs.php"; within:9; distance:2; nocase; http_uri; metadata:impact_flag red, policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service ftp-data, service http, service imap, service pop3; classtype:attempted-user; sid:46792; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 9338
  1144. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  1145. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"MALWARE-OTHER Win.Trojan.Zeus Spam 2013 dated zip/exe HTTP Response - potential malware download"; flow:to_client,established; content:"-2013.zip|0D 0A|"; fast_pattern:only; content:"-2013.zip|0D 0A|"; http_header; content:"-"; within:1; distance:-14; http_header; file_data; content:"-2013.exe"; content:"-"; within:1; distance:-14; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/en/file/2eff3ee6ac7f5bf85e4ebcbe51974d0708cef666581ef1385c628233614b22c0/analysis/; classtype:trojan-activity; sid:26470; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 9630
  1146. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_PCRE_PARSE(7)] - parse error, ret -1, string 1,=,3,0,relative,bitmask 0xF0
  1147. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"OS-OTHER Intel x64 side-channel analysis information leak attempt"; flow:to_server,established; file_data; flowbits:isset,file.exe|file.elf; content:"|0F 01 F9|"; content:"|0F 01 F9|"; within:50; content:"|0F AE|"; byte_test:1,=,3,0,relative,bitmask 0xF0; content:"|0F AE|"; within:75; byte_test:1,=,3,0,relative,bitmask 0xF0; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service smtp; reference:cve,2017-5715; reference:cve,2017-5753; reference:cve,2017-5754; classtype:attempted-recon; sid:45443; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 9995
  1148. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_PCRE_PARSE(7)] - parse error, ret -1, string 1,=,3,0,relative,bitmask 0xF0
  1149. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET $FILE_DATA_PORTS -> $HOME_NET any (msg:"OS-OTHER Intel x64 side-channel analysis information leak attempt"; flow:to_client,established; file_data; flowbits:isset,file.exe|file.elf; content:"|0F 01 F9|"; content:"|0F 01 F9|"; within:50; content:"|0F AE|"; byte_test:1,=,3,0,relative,bitmask 0xF0; content:"|0F AE|"; within:75; byte_test:1,=,3,0,relative,bitmask 0xF0; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service ftp-data, service http, service imap, service pop3; reference:cve,2017-5715; reference:cve,2017-5753; reference:cve,2017-5754; classtype:attempted-recon; sid:45444; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 9996
  1150. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'byte_math'.
  1151. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop udp any any -> $HOME_NET 53 (msg:"PROTOCOL-DNS dnsmasq add_pseudoheader integer underflow attempt"; flow:to_server; byte_test:1,!&,0xF8,2; content:"|00 00 00 00 00 00|"; depth:6; offset:4; content:"|00 00 29|"; within:3; distance:2; content:"|FE|"; within:1; distance:8; byte_test:2,>,4,-3,relative; byte_math:bytes 2,offset -3,oper -,rvalue 4,result rdlen_minus_four,relative; byte_test:2,>,rdlen_minus_four,1,relative; metadata:policy max-detect-ips drop, policy security-ips drop, service dns; reference:cve,2017-14496; reference:url,security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html; classtype:attempted-admin; sid:44482; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 10595
  1152. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'byte_math'.
  1153. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $HOME_NET 4786 (msg:"SERVER-OTHER Cisco Smart Install invalid init discovery message denial of service attempt"; flow:to_server,established; content:"|00 00 00|"; depth:3; content:"|00 00 00 07|"; within:4; distance:5; fast_pattern; content:"|00 00 00 01|"; within:4; distance:4; byte_math:bytes 4,offset 0,oper +,rvalue 8,result sub_len_plus_eight,relative; byte_test:4,!=,sub_len_plus_eight,-8,relative; metadata:policy balanced-ips drop, policy connectivity-ips drop, policy max-detect-ips drop, policy security-ips drop; reference:cve,2018-0171; reference:url,tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2; classtype:attempted-dos; sid:46468; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 11097
  1154. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_PCRE_PARSE(7)] - parse error, ret -1, string 1,=,0x05,6,relative,bitmask 0x14
  1155. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"SERVER-SAMBA Samba unsigned connections attempt"; flow:to_server, established; content:"|FF|SMB"; depth:4; offset:4; byte_test:1,=,0x05,6,relative,bitmask 0x14; content:"|00 00 00 00 00 00 00 00|"; within:8; distance:10; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop; reference:cve,2017-12150; reference:url,samba.org/samba/security/CVE-2017-12150.html; classtype:attempted-user; sid:45074; rev:3;)" from file /usr/local/etc/suricata/rules/snort.rules at line 11121
  1156. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_PCRE_PARSE(7)] - parse error, ret -1, string 1,=,1,2,relative,bitmask 0x01
  1157. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"SERVER-SAMBA Samba tree connect andx memory corruption attempt"; flow:to_server,established; content:"|FF|SMB|75|"; fast_pattern:only; content:"|04 75 00|"; byte_test:1,=,1,2,relative,bitmask 0x01; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop; reference:cve,2017-14746; classtype:attempted-user; sid:45255; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 11122
  1158. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - pcre with /R (relative) needs preceeding match in the same buffer
  1159. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP Oracle GlassFish Server authentication bypass attempt"; flow:to_server,established; content:"GET"; nocase; http_method; content:"/applications/upload"; http_uri; pcre:"/^(Frame)?\.jsf/R"; content:!"JSESSIONID="; flowbits:set,glassfish_unauth_attempt; metadata:service http; reference:bugtraq,47438; reference:cve,2011-0807; classtype:attempted-admin; sid:20159; rev:8;)" from file /usr/local/etc/suricata/rules/snort.rules at line 11130
  1160. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'http_raw_cookie'.
  1161. 18/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP Multiple products DVR admin password leak attempt"; flow:to_server,established; content:"/device.rsp"; fast_pattern:only; http_uri; content:"uid="; http_raw_cookie; content:"cmd=list"; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service http; reference:cve,2018-9995; classtype:web-application-attack; sid:46825; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 11386
  1162. 18/11/2018 -- 02:23:07 - <Config> - Loading rule file: /usr/local/etc/suricata/rules/et.rules
  1163. 18/11/2018 -- 02:23:09 - <Config> - Loading rule file: /usr/local/etc/suricata/rules/feodo.rules
  1164. 18/11/2018 -- 02:23:09 - <Config> - No rules loaded from feodo.rules.
  1165. 18/11/2018 -- 02:23:09 - <Config> - Loading rule file: /usr/local/etc/suricata/rules/sslipblacklist.rules
  1166. 18/11/2018 -- 02:23:09 - <Config> - No rules loaded from sslipblacklist.rules.
  1167. 18/11/2018 -- 02:23:09 - <Config> - Loading rule file: /usr/local/etc/suricata/rules/sslblacklist.rules
  1168. 18/11/2018 -- 02:23:09 - <Config> - No rules loaded from sslblacklist.rules.
  1169. 18/11/2018 -- 02:23:09 - <Config> - Loading rule file: /usr/local/etc/suricata/rules/lists.rules
  1170. 18/11/2018 -- 02:23:09 - <Config> - Loading rule file: /usr/local/etc/suricata/rules/zeus.rules
  1171. 18/11/2018 -- 02:23:09 - <Info> - 7 rule files processed. 18072 rules successfully loaded, 205 rules failed
  1172. 18/11/2018 -- 02:23:09 - <Info> - Threshold config parsed: 0 rule(s) found
  1173. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for tcp-packet
  1174. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for tcp-stream
  1175. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for udp-packet
  1176. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for other-ip
  1177. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_uri
  1178. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_request_line
  1179. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_client_body
  1180. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_response_line
  1181. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_header
  1182. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_header
  1183. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_header_names
  1184. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_header_names
  1185. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_accept
  1186. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_accept_enc
  1187. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_accept_lang
  1188. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_referer
  1189. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_connection
  1190. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_content_len
  1191. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_content_len
  1192. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_content_type
  1193. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_content_type
  1194. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_protocol
  1195. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_protocol
  1196. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_start
  1197. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_start
  1198. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_raw_header
  1199. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_raw_header
  1200. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_method
  1201. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_cookie
  1202. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_cookie
  1203. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_raw_uri
  1204. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_user_agent
  1205. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_host
  1206. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_raw_host
  1207. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_stat_msg
  1208. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_stat_code
  1209. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for dns_query
  1210. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for tls_sni
  1211. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for tls_cert_issuer
  1212. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for tls_cert_subject
  1213. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for tls_cert_serial
  1214. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for dce_stub_data
  1215. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for dce_stub_data
  1216. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for ssh_protocol
  1217. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for ssh_protocol
  1218. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for ssh_software
  1219. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for ssh_software
  1220. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for file_data
  1221. 18/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for file_data
  1222. 18/11/2018 -- 02:23:09 - <Info> - 18076 signatures processed. 17 are IP-only rules, 5774 are inspecting packet payload, 8364 inspect application layer, 0 are decoder event only
  1223. 18/11/2018 -- 02:23:09 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
  1224. 18/11/2018 -- 02:23:09 - <Perf> - TCP toserver: 101 port groups, 91 unique SGH's, 10 copies
  1225. 18/11/2018 -- 02:23:09 - <Perf> - TCP toclient: 101 port groups, 61 unique SGH's, 40 copies
  1226. 18/11/2018 -- 02:23:09 - <Perf> - UDP toserver: 83 port groups, 42 unique SGH's, 41 copies
  1227. 18/11/2018 -- 02:23:09 - <Perf> - UDP toclient: 42 port groups, 20 unique SGH's, 22 copies
  1228. 18/11/2018 -- 02:23:09 - <Perf> - OTHER toserver: 254 proto groups, 2 unique SGH's, 252 copies
  1229. 18/11/2018 -- 02:23:09 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
  1230. 18/11/2018 -- 02:23:10 - <Perf> - Unique rule groups: 216
  1231. 18/11/2018 -- 02:23:10 - <Perf> - Builtin MPM "toserver TCP packet": 66
  1232. 18/11/2018 -- 02:23:10 - <Perf> - Builtin MPM "toclient TCP packet": 31
  1233. 18/11/2018 -- 02:23:10 - <Perf> - Builtin MPM "toserver TCP stream": 80
  1234. 18/11/2018 -- 02:23:10 - <Perf> - Builtin MPM "toclient TCP stream": 47
  1235. 18/11/2018 -- 02:23:10 - <Perf> - Builtin MPM "toserver UDP packet": 42
  1236. 18/11/2018 -- 02:23:10 - <Perf> - Builtin MPM "toclient UDP packet": 19
  1237. 18/11/2018 -- 02:23:10 - <Perf> - Builtin MPM "other IP packet": 2
  1238. 18/11/2018 -- 02:23:10 - <Perf> - AppLayer MPM "toserver http_uri": 14
  1239. 18/11/2018 -- 02:23:10 - <Perf> - AppLayer MPM "toserver http_client_body": 4
  1240. 18/11/2018 -- 02:23:10 - <Perf> - AppLayer MPM "toserver http_header": 9
  1241. 18/11/2018 -- 02:23:10 - <Perf> - AppLayer MPM "toclient http_header": 3
  1242. 18/11/2018 -- 02:23:10 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
  1243. 18/11/2018 -- 02:23:10 - <Perf> - AppLayer MPM "toserver http_cookie": 1
  1244. 18/11/2018 -- 02:23:10 - <Perf> - AppLayer MPM "toclient http_cookie": 2
  1245. 18/11/2018 -- 02:23:10 - <Perf> - AppLayer MPM "toserver http_raw_uri": 2
  1246. 18/11/2018 -- 02:23:10 - <Perf> - AppLayer MPM "toserver http_user_agent": 2
  1247. 18/11/2018 -- 02:23:10 - <Perf> - AppLayer MPM "toserver http_host": 1
  1248. 18/11/2018 -- 02:23:10 - <Perf> - AppLayer MPM "toserver dns_query": 4
  1249. 18/11/2018 -- 02:23:10 - <Perf> - AppLayer MPM "toserver dce_stub_data": 4
  1250. 18/11/2018 -- 02:23:10 - <Perf> - AppLayer MPM "toserver file_data": 7
  1251. 18/11/2018 -- 02:23:10 - <Perf> - AppLayer MPM "toclient file_data": 10
  1252. 18/11/2018 -- 02:23:11 - <Info> - cleaning up signature grouping structure... complete
  1253. 18/11/2018 -- 02:23:11 - <Notice> - rule reload complete
  1254. 19/11/2018 -- 02:23:04 - <Notice> - rule reload starting
  1255. 19/11/2018 -- 02:23:04 - <Info> - Including configuration file reputation.yaml.
  1256. 19/11/2018 -- 02:23:04 - <Info> - Configuration node 'reputation-files' redefined.
  1257. 19/11/2018 -- 02:23:04 - <Config> - pattern matchers: MPM: ac-ks, SPM: bm
  1258. 19/11/2018 -- 02:23:04 - <Config> - toclient-groups 100
  1259. 19/11/2018 -- 02:23:04 - <Config> - toserver-groups 100
  1260. 19/11/2018 -- 02:23:04 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
  1261. 19/11/2018 -- 02:23:04 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
  1262. 19/11/2018 -- 02:23:04 - <Config> - prefilter engines: MPM
  1263. 19/11/2018 -- 02:23:04 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/anonymizing_vpn_service.list
  1264. 19/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening ip rep file /usr/local/etc/suricata/iprep/anonymizing_vpn_service.list: No such file or directory
  1265. 19/11/2018 -- 02:23:04 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/bitSight_search_engines.list
  1266. 19/11/2018 -- 02:23:04 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/botIP-Baiduspider.list
  1267. 19/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening ip rep file /usr/local/etc/suricata/iprep/botIP-Baiduspider.list: No such file or directory
  1268. 19/11/2018 -- 02:23:04 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/botIP1.list
  1269. 19/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening ip rep file /usr/local/etc/suricata/iprep/botIP1.list: No such file or directory
  1270. 19/11/2018 -- 02:23:04 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/fake_crawler.list
  1271. 19/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening ip rep file /usr/local/etc/suricata/iprep/fake_crawler.list: No such file or directory
  1272. 19/11/2018 -- 02:23:04 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/it_security_block.list
  1273. 19/11/2018 -- 02:23:04 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/known_attack_source.list
  1274. 19/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening ip rep file /usr/local/etc/suricata/iprep/known_attack_source.list: No such file or directory
  1275. 19/11/2018 -- 02:23:04 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/known_attack_source_mail.list
  1276. 19/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening ip rep file /usr/local/etc/suricata/iprep/known_attack_source_mail.list: No such file or directory
  1277. 19/11/2018 -- 02:23:04 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/known_attack_source_ssh.list
  1278. 19/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening ip rep file /usr/local/etc/suricata/iprep/known_attack_source_ssh.list: No such file or directory
  1279. 19/11/2018 -- 02:23:04 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/public_cgi_proxy.list
  1280. 19/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening ip rep file /usr/local/etc/suricata/iprep/public_cgi_proxy.list: No such file or directory
  1281. 19/11/2018 -- 02:23:04 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/public_web_proxy.list
  1282. 19/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening ip rep file /usr/local/etc/suricata/iprep/public_web_proxy.list: No such file or directory
  1283. 19/11/2018 -- 02:23:04 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/tor_exit_node.list
  1284. 19/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening ip rep file /usr/local/etc/suricata/iprep/tor_exit_node.list: No such file or directory
  1285. 19/11/2018 -- 02:23:04 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/web_scraper.list
  1286. 19/11/2018 -- 02:23:04 - <Error> - [ERRCODE: SC_ERR_OPENING_RULE_FILE(41)] - opening ip rep file /usr/local/etc/suricata/iprep/web_scraper.list: No such file or directory
  1287. 19/11/2018 -- 02:23:04 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/whitelist.list
  1288. 19/11/2018 -- 02:23:04 - <Info> - Loading reputation file: /usr/local/etc/suricata/iprep/reputation.list
  1289. 19/11/2018 -- 02:23:04 - <Perf> - host memory usage: 366144 bytes, maximum: 33554432
  1290. 19/11/2018 -- 02:23:04 - <Config> - Loading rule file: /usr/local/etc/suricata/rules/snort.rules
  1291. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_NOT_IPV4_DGRAM"; sid:1; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode;)" from file /usr/local/etc/suricata/rules/snort.rules at line 1401
  1292. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_DGRAM_LT_ICMPHDR"; sid:105; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1402
  1293. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_DGRAM_LT_TIMESTAMPHDR"; sid:106; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1403
  1294. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_DGRAM_LT_ADDRHDR"; sid:107; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1404
  1295. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV4_DGRAM_UNKNOWN"; sid:108; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1405
  1296. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ARP_TRUNCATED"; sid:109; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1406
  1297. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_EAPOL_TRUNCATED"; sid:110; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1407
  1298. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_EAPKEY_TRUNCATED"; sid:111; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1408
  1299. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_EAP_TRUNCATED"; sid:112; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1409
  1300. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_PPPOE"; sid:120; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1410
  1301. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_VLAN"; sid:130; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1411
  1302. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_VLAN_ETHLLC"; sid:131; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1412
  1303. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_VLAN_OTHER"; sid:132; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1413
  1304. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_80211_ETHLLC"; sid:133; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1414
  1305. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_80211_OTHER"; sid:134; gid:116; rev:1; metadata:rule-type decode;classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1415
  1306. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_TRH"; sid:140; gid:116; rev:1; metadata:rule-type decode;classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1416
  1307. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_TR_ETHLLC"; sid:141; gid:116; rev:1; metadata:rule-type decode;classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1417
  1308. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_TR_MR_LEN"; sid:142; gid:116; rev:1; metadata:rule-type decode;classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1418
  1309. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_TRHMR"; sid:143; gid:116; rev:1; metadata:rule-type decode;classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1419
  1310. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_TRAFFIC_LOOPBACK"; sid:150; gid:116; rev:1; metadata:rule-type decode;classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1420
  1311. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_TRAFFIC_SAME_SRCDST"; sid:151; gid:116; rev:1; metadata:rule-type decode; reference:cve,1999-0016; reference:cve,2005-0688; reference:bugtraq,2666; reference:url,www.microsoft.com/technet/security/bulletin/ms05-019.mspx; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1421
  1312. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_GRE_DGRAM_LT_GREHDR"; sid:160; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1422
  1313. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_GRE_MULTIPLE_ENCAPSULATION"; sid:161; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1423
  1314. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_GRE_INVALID_VERSION"; sid:162; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1424
  1315. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_GRE_INVALID_HEADER"; sid:163; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1425
  1316. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_GRE_V1_INVALID_HEADER"; sid:164; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1426
  1317. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_GRE_TRANS_DGRAM_LT_TRANSHDR"; sid:165; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1427
  1318. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_MPLS"; sid:170; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1428
  1319. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_MPLS_LABEL0"; sid:171; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1429
  1320. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_MPLS_LABEL1"; sid:172; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1430
  1321. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_MPLS_LABEL2"; sid:173; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1431
  1322. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_MPLS_LABEL3"; sid:174; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1432
  1323. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_MPLS_RESERVEDLABEL"; sid:175; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1433
  1324. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_MPLS_LABEL_STACK"; sid:176; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1434
  1325. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV4_INVALID_HEADER_LEN"; sid:2; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1435
  1326. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_ORIG_IP_TRUNCATED"; sid:250; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1436
  1327. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_ORIG_IP_VER_MISMATCH"; sid:251; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1437
  1328. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_ORIG_DGRAM_LT_ORIG_IP"; sid:252; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1438
  1329. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_ORIG_PAYLOAD_LT_64"; sid:253; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1439
  1330. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_ORIG_PAYLOAD_GT_576"; sid:254; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1440
  1331. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_ORIG_IP_WITH_FRAGOFFSET"; sid:255; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1441
  1332. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_MIN_TTL"; sid:270; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1442
  1333. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_IS_NOT"; sid:271; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1443
  1334. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_TRUNCATED_EXT"; sid:272; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1444
  1335. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_TRUNCATED"; sid:273; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1445
  1336. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_DGRAM_LT_IPHDR"; sid:274; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1446
  1337. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_DGRAM_GT_IPHDR"; sid:275; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1447
  1338. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_DST_ZERO"; sid:276; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1448
  1339. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_SRC_MULTICAST"; sid:277; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1449
  1340. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_DST_RESERVED_MULTICAST"; sid:278; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1450
  1341. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_BAD_OPT_TYPE"; sid:279; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1451
  1342. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_BAD_MULTICAST_SCOPE"; sid:280; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1452
  1343. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_BAD_NEXT_HEADER"; sid:281; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1453
  1344. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_ROUTE_AND_HOPBYHOP"; sid:282; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1454
  1345. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_TWO_ROUTE_HEADERS"; sid:283; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1455
  1346. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMPV6_TOO_BIG_BAD_MTU"; sid:285; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1456
  1347. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMPV6_UNREACHABLE_BAD_CODE"; sid:286; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1457
  1348. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMPV6_SOLICITATION_BAD_CODE"; sid:287; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1458
  1349. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMPV6_ADVERT_BAD_CODE"; sid:288; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1459
  1350. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMPV6_SOLICITATION_BAD_RESERVED"; sid:289; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1460
  1351. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMPV6_ADVERT_BAD_REACHABLE"; sid:290; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1461
  1352. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_TUNNELED_IPV4_TRUNCATED"; sid:291; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-dos; reference:cve,2008-2136; reference:bugtraq,29235; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1462
  1353. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_DSTOPTS_WITH_ROUTING"; sid:292; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1463
  1354. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP_MULTIPLE_ENCAPSULATION"; sid:293; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1464
  1355. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ESP_HEADER_TRUNC"; sid:294; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1465
  1356. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_BAD_OPT_LEN"; sid:295; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1466
  1357. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_UNORDERED_EXTENSIONS"; sid:296; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1467
  1358. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_GTP_MULTIPLE_ENCAPSULATION"; sid:297; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1468
  1359. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_GTP_BAD_LEN_STR"; sid:298; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1469
  1360. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV4_DGRAM_LT_IPHDR"; sid:3; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1470
  1361. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV4OPT_BADLEN"; sid:4; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1471
  1362. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_XMAS"; sid: 400; gid: 116; rev: 1; metadata: rule-type decode ; classtype:attempted-recon; reference:bugtraq,7700; reference:cve,2003-0393; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1472
  1363. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_NMAP_XMAS"; sid: 401; gid: 116; rev: 1; metadata: rule-type decode ; classtype:attempted-recon; reference:bugtraq,7700; reference:cve,2003-0393; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1473
  1364. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_DOS_NAPTHA"; sid: 402; gid: 116; rev: 1; metadata: rule-type decode ; classtype:attempted-dos; reference:bugtraq,2022; reference:cve,2000-1039; reference:nessus,275; reference:url,razor.bindview.com/publish/advisories/adv_NAPTHA.html; reference:url,www.cert.org/advisories/CA-2000-21.html; reference:url,www.microsoft.com/technet/security/bulletin/MS00-091.mspx; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1474
  1365. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_SYN_TO_MULTICAST"; sid: 403; gid: 116; rev: 1; metadata: rule-type decode ; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1475
  1366. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ZERO_TTL"; sid: 404; gid: 116; rev: 1; metadata: rule-type decode ; classtype:misc-activity; reference:url,support.microsoft.com/kb/q138268; reference:url,tools.ietf.org/html/rfc1122; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1476
  1367. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_BAD_FRAGBITS"; sid: 405; gid: 116; rev: 1; metadata: rule-type decode ; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1477
  1368. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_UDP_IPV6_ZERO_CHECKSUM"; sid:406; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1478
  1369. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_LEN_OFFSET"; sid:407; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1479
  1370. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_SRC_THIS_NET"; sid:408; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1480
  1371. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_DST_THIS_NET"; sid:409; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1481
  1372. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_SRC_MULTICAST"; sid:410; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1482
  1373. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_SRC_RESERVED"; sid:411; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1483
  1374. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_DST_RESERVED"; sid:412; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1484
  1375. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_SRC_BROADCAST"; sid:413; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1485
  1376. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_DST_BROADCAST"; sid:414; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1486
  1377. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP4_DST_MULTICAST"; sid:415; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1487
  1378. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP4_DST_BROADCAST"; sid:416; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1488
  1379. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP4_TYPE_OTHER"; sid:418; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1489
  1380. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_BAD_URP"; sid:419; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1490
  1381. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_SYN_FIN"; sid:420; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1491
  1382. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_SYN_RST"; sid:421; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1492
  1383. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_MUST_ACK"; sid:422; gid:116; rev:2; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1493
  1384. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_NO_SYN_ACK_RST"; sid:423; gid:116; rev:2; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1494
  1385. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ETH_HDR_TRUNC"; sid:424; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1495
  1386. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_HDR_TRUNC"; sid:425; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1496
  1387. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP4_HDR_TRUNC"; sid:426; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1497
  1388. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP6_HDR_TRUNC"; sid:427; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1498
  1389. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_MIN_TTL"; sid:428; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1499
  1390. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP6_ZERO_HOP_LIMIT"; sid:429; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1500
  1391. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP4_DF_OFFSET"; sid:430; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1501
  1392. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP6_TYPE_OTHER"; sid:431; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1502
  1393. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP6_DST_MULTICAST"; sid:432; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1503
  1394. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_SHAFT_SYNFLOOD"; sid:433; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-dos; reference:cve,2000-0138; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1504
  1395. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_PING_NMAP"; sid:434; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1505
  1396. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_ICMPENUM"; sid:435; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1506
  1397. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_REDIRECT_HOST"; sid:436; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1507
  1398. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_REDIRECT_NET"; sid:437; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1508
  1399. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_TRACEROUTE_IPOPTS"; sid:438; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1509
  1400. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_SOURCE_QUENCH"; sid:439; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1510
  1401. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_BROADSCAN_SMURF_SCANNER"; sid:440; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1511
  1402. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_DST_UNREACH_ADMIN_PROHIBITED"; sid:441; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1512
  1403. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_DST_UNREACH_DST_HOST_PROHIBITED"; sid:442; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1513
  1404. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_DST_UNREACH_DST_NET_PROHIBITED"; sid:443; gid:116; rev:1; metadata:rule-type decode; classtype:attempted-recon; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1514
  1405. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP_OPTION_SET"; sid:444; gid:116; rev:1; metadata:rule-type decode; classtype: bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1515
  1406. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_UDP_LARGE_PACKET"; sid:445; gid:116; rev:1; metadata:rule-type decode; classtype: bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1516
  1407. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_PORT_ZERO"; sid:446; gid:116; rev:1; metadata:rule-type decode; classtype: misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1517
  1408. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_UDP_PORT_ZERO"; sid:447; gid:116; rev:1; metadata:rule-type decode; classtype: misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1518
  1409. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP_RESERVED_FRAG_BIT"; sid:448; gid:116; rev:1; metadata:rule-type decode; classtype: misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1519
  1410. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP_UNASSIGNED_PROTO"; sid:449; gid:116; rev:1; metadata:rule-type decode; classtype: non-standard-protocol; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1520
  1411. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_DGRAM_LT_TCPHDR"; sid:45; gid:116; rev:1; metadata:rule-type decode;classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1521
  1412. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP_BAD_PROTO"; sid:450; gid:116; rev:1; metadata:rule-type decode; classtype: non-standard-protocol; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1522
  1413. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_PATH_MTU_DOS"; sid:451; gid:116; rev:1; metadata:rule-type decode; reference:bugtraq,13124; reference:cve,2004-1060; classtype:attempted-dos;)" from file /usr/local/etc/suricata/rules/snort.rules at line 1523
  1414. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMP_DOS_ATTEMPT"; sid:452; gid:116; rev:1; metadata:rule-type decode; reference:url,www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15.3; reference:cve,2006-0454; reference:bugtraq,16532; classtype:denial-of-service;)" from file /usr/local/etc/suricata/rules/snort.rules at line 1524
  1415. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_ISATAP_SPOOF"; sid:453; gid:116; rev:1; metadata:rule-type decode; reference:cve,2010-0812; reference:url,www.microsoft.com/technet/security/bulletin/MS10-029.mspx; classtype:misc-attack; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1525
  1416. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_PGM_NAK_OVERFLOW"; sid:454; gid:116; rev:1; metadata:rule-type decode; reference:url,www.microsoft.com/technet/security/bulletin/ms06-052.mspx; reference:cve,2006-3442; reference:bugtraq,19922; classtype:attempted-admin; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1526
  1417. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IGMP_OPTIONS_DOS"; sid:455; gid:116; rev:1; metadata:rule-type decode; reference:url,www.microsoft.com/technet/security/bulletin/ms06-007.mspx; reference:cve,2006-0021; reference:bugtraq,16645; classtype:attempted-dos; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1527
  1418. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IP6_EXCESS_EXT_HDR"; sid:456; gid:116; rev:1; metadata:rule-type decode; classtype:misc-activity; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1528
  1419. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMPV6_UNREACHABLE_NON_RFC_4443_CODE"; sid:457; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1529
  1420. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_BAD_FRAG_PKT"; sid:458; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1530
  1421. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ZERO_LENGTH_FRAG"; sid:459; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1531
  1422. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_INVALID_OFFSET"; sid:46; gid:116; rev:1; metadata:rule-type decode; reference:cve,2004-0816; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1532
  1423. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ICMPV6_SOLICITATION_BAD_CODE"; sid:460; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1533
  1424. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV6_ROUTE_ZERO"; sid:461; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1534
  1425. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ERSPAN_HDR_VERSION_MISMATCH_STR"; sid:462; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1535
  1426. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ERSPAN2_DGRAM_LT_HDR_STR"; sid:463; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1536
  1427. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_ERSPAN3_DGRAM_LT_HDR_STR"; sid:464; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1537
  1428. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCP_LARGE_OFFSET"; sid:47; gid:116; rev:1; metadata:rule-type decode; classtype:bad-unknown; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1538
  1429. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV4OPT_TRUNCATED"; sid:5; gid:116; rev:1; metadata:rule-type decode; reference:cve,2005-0048; reference:url,www.microsoft.com/technet/security/bulletin/ms05-019.mspx; classtype:protocol-command-decode;)" from file /usr/local/etc/suricata/rules/snort.rules at line 1539
  1430. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCPOPT_BADLEN"; sid:54; gid:116; rev:1; metadata:rule-type decode; reference:bugtraq,14811; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1540
  1431. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCPOPT_TRUNCATED"; sid:55; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1541
  1432. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCPOPT_TTCP"; sid:56; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1542
  1433. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCPOPT_OBSOLETE"; sid:57; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1543
  1434. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCPOPT_EXPERIMENT"; sid:58; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1544
  1435. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_TCPOPT_WSCALE_INVALID"; sid:59; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1545
  1436. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_IPV4_DGRAM_GT_IPHDR"; sid:6; gid:116; rev:1; metadata:rule-type decode;classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1546
  1437. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_UDP_DGRAM_LT_UDPHDR"; sid:95; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1547
  1438. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_UDP_DGRAM_INVALID_LENGTH"; sid:96; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1548
  1439. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_UDP_DGRAM_SHORT_PACKET"; sid:97; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1549
  1440. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert ( msg:"DECODE_UDP_DGRAM_LONG_PACKET"; sid:98; gid:116; rev:1; metadata:rule-type decode; classtype:protocol-command-decode; )" from file /usr/local/etc/suricata/rules/snort.rules at line 1550
  1441. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_header" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  1442. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"EXPLOIT-KIT Flashpack/Safe/CritX exploit kit executable download"; flow:to_client,established; file_data; content:"filename="; http_header; content:".exe"; within:4; distance:24; pcre:"/filename\=[a-z0-9]{24}\.exe/H"; metadata:policy balanced-ips drop, policy security-ips drop, service http; reference:url,www.malwaresigs.com/2013/06/06/flashpack-exploit-kit-safepack/; classtype:trojan-activity; sid:26891; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 1718
  1443. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_header" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  1444. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"EXPLOIT-KIT Flashpack/Safe/CritX exploit kit jar file download"; flow:to_client,established; file_data; content:"filename="; http_header; content:".jar"; within:4; distance:24; pcre:"/filename\=[a-z0-9]{24}\.jar/H"; metadata:policy balanced-ips drop, policy security-ips drop, service http; reference:url,www.malwaresigs.com/2013/06/06/flashpack-exploit-kit-safepack/; classtype:trojan-activity; sid:26892; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 1719
  1445. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  1446. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"EXPLOIT-KIT Flim exploit kit landing page"; flow:to_client,established; file_data; dsize:<400; content:"<html><body><script>"; content:"var"; within:3; distance:1; content:"document.createElement"; content:"iframe"; within:6; distance:2; content:".setAttribute("; distance:0; content:"document.body.appendChild("; distance:0; fast_pattern; pcre:"/var\s+(?P<variable>\w+)\=document\.createElement.*?\x3b(?P=variable)\.setAttribute.*?document\.body\.appendChild\x28(?P=variable)\x29/i"; metadata:policy balanced-ips drop, policy security-ips drop, service http; classtype:trojan-activity; sid:26961; rev:3;)" from file /usr/local/etc/suricata/rules/snort.rules at line 1732
  1447. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  1448. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET $FILE_DATA_PORTS -> $HOME_NET any (msg:"FILE-FLASH Adobe Flash Player malformed ATF file length load buffer overflow attempt"; flow:to_client,established; flowbits:isset,file.atf; file_data; content:"ATF"; depth:3; content:"|FF|"; within:1; distance:3; dsize:<1201; byte_extract:4,1,file_length,relative; isdataat:!file_length,relative; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service ftp-data, service http, service imap, service pop3; reference:cve,2016-4138; reference:cve,2017-2933; reference:url,helpx.adobe.com/security/products/flash-player/apsb16-18.html; reference:url,helpx.adobe.com/security/products/flash-player/apsb17-02.html; classtype:attempted-user; sid:39308; rev:3;)" from file /usr/local/etc/suricata/rules/snort.rules at line 3281
  1449. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  1450. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"FILE-FLASH Adobe Flash Player malformed ATF file length load buffer overflow attempt"; flow:to_server,established; flowbits:isset,file.atf; file_data; content:"ATF"; depth:3; content:"|FF|"; within:1; distance:3; dsize:<1201; byte_extract:4,1,file_length,relative; isdataat:!file_length,relative; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service smtp; reference:cve,2016-4138; reference:cve,2017-2933; reference:url,helpx.adobe.com/security/products/flash-player/apsb16-18.html; reference:url,helpx.adobe.com/security/products/flash-player/apsb17-02.html; classtype:attempted-user; sid:39309; rev:3;)" from file /usr/local/etc/suricata/rules/snort.rules at line 3282
  1451. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  1452. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt"; flow:to_server,established; content:"|5C 5C 2E 5C|localhost"; fast_pattern:only; content:".swf?"; nocase; http_raw_uri; content:"|5C 5C 2E 5C|localhost"; distance:0; nocase; http_raw_uri; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service http; reference:cve,2016-4178; reference:url,helpx.adobe.com/security/products/flash-player/apsb16-25.html; classtype:attempted-user; sid:39540; rev:3;)" from file /usr/local/etc/suricata/rules/snort.rules at line 3297
  1453. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  1454. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"FILE-FLASH Adobe Flash Player local-with-filesystem security bypass attempt"; flow:to_server,established; content:"|5C 5C 2E 5C|127.0.0.1"; fast_pattern:only; content:".swf?"; nocase; http_raw_uri; content:"|5C 5C 2E 5C|127.0.0.1"; distance:0; http_raw_uri; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service http; reference:cve,2016-4178; reference:url,helpx.adobe.com/security/products/flash-player/apsb16-25.html; classtype:attempted-user; sid:39543; rev:3;)" from file /usr/local/etc/suricata/rules/snort.rules at line 3300
  1455. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_method" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  1456. 19/11/2018 -- 02:23:05 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"FILE-IDENTIFY Microsoft Windows Audio wmf file magic detected"; flow:to_server,established; file_data; content:"POST"; http_method; content:"|00 09 00 00|"; depth:5; offset:1; fast_pattern; content:!"|00|"; depth:1; byte_test:1,<=,2,0; flowbits:set,file.wmf; flowbits:noalert; metadata:service http; reference:url,en.wikipedia.org/wiki/.wmf; classtype:misc-activity; sid:43364; rev:3;)" from file /usr/local/etc/suricata/rules/snort.rules at line 4557
  1457. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'byte_math'.
  1458. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET $FILE_DATA_PORTS -> $HOME_NET any (msg:"FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawRects record out of bounds read attempt"; flow:to_client,established; file_data; content:"|46 00 00 00|"; content:"|45 4D 46 2B|"; within:4; distance:8; fast_pattern; content:"|0B 40|"; distance:0; content:"|02|"; within:1; distance:1; byte_math:bytes 4,offset 4,oper /,rvalue 16,result total_rects,relative,endian little; byte_test:4,>,total_rects,8,relative,little; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service ftp-data, service http, service imap, service pop3; reference:cve,2018-4896; reference:url,helpx.adobe.com/security/products/acrobat/apsb18-02.html; classtype:attempted-user; sid:45819; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 5612
  1459. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'byte_math'.
  1460. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawRects record out of bounds read attempt"; flow:to_server,established; file_data; content:"|46 00 00 00|"; content:"|45 4D 46 2B|"; within:4; distance:8; fast_pattern; content:"|0B 40|"; distance:0; content:"|00|"; within:1; distance:1; byte_math:bytes 4,offset 4,oper /,rvalue 8,result total_rects,relative,endian little; byte_test:4,>,total_rects,8,relative,little; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service smtp; reference:cve,2018-4896; reference:url,helpx.adobe.com/security/products/acrobat/apsb18-02.html; classtype:attempted-user; sid:45820; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 5613
  1461. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'byte_math'.
  1462. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET $FILE_DATA_PORTS -> $HOME_NET any (msg:"FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawRects record out of bounds read attempt"; flow:to_client,established; file_data; content:"|46 00 00 00|"; content:"|45 4D 46 2B|"; within:4; distance:8; fast_pattern; content:"|0B 40|"; distance:0; content:"|00|"; within:1; distance:1; byte_math:bytes 4,offset 4,oper /,rvalue 8,result total_rects,relative,endian little; byte_test:4,>,total_rects,8,relative,little; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service ftp-data, service http, service imap, service pop3; reference:cve,2018-4896; reference:url,helpx.adobe.com/security/products/acrobat/apsb18-02.html; classtype:attempted-user; sid:45821; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 5614
  1463. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'byte_math'.
  1464. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"FILE-OTHER Adobe Acrobat Pro EMF EmfPlusDrawRects record out of bounds read attempt"; flow:to_server,established; file_data; content:"|46 00 00 00|"; content:"|45 4D 46 2B|"; within:4; distance:8; fast_pattern; content:"|0B 40|"; distance:0; content:"|02|"; within:1; distance:1; byte_math:bytes 4,offset 4,oper /,rvalue 16,result total_rects,relative,endian little; byte_test:4,>,total_rects,8,relative,little; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service smtp; reference:cve,2018-4896; reference:url,helpx.adobe.com/security/products/acrobat/apsb18-02.html; classtype:attempted-user; sid:45822; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 5615
  1465. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - pcre with /R (relative) needs preceeding match in the same buffer
  1466. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Koobface variant outbound connection"; flow:to_server,established; content:"GET"; http_method; content:"/cap/?a=get&i="; nocase; http_uri; pcre:"/\d+&/miR"; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,threatexpert.com/report.aspx?md5=efbc47d5e8f3ed68a13968cda586d68d; classtype:trojan-activity; sid:16484; rev:9;)" from file /usr/local/etc/suricata/rules/snort.rules at line 6471
  1467. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - pcre with /R (relative) needs preceeding match in the same buffer
  1468. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Swisyn variant outbound connection"; flow:to_server,established; content:"POST"; nocase; http_method; content:"|0A|User-Agent|3A 20|tiehttp"; fast_pattern; nocase; http_header; content:"Content-Disposition|3A 20|"; nocase; http_client_body; content:"form-data|3B| name=|22|filename|22|"; distance:0; nocase; http_client_body; content:"|0D 0A 0D 0A|"; within:4; http_client_body; pcre:"/^\d{0,10}_passes_\d{1,10}\.xm/iR"; metadata:policy balanced-ips drop, policy security-ips drop, service http; reference:url,www.virustotal.com/#/file/f9775d5fc61ec53a7cab4b432ec2d227/detection; classtype:trojan-activity; sid:21760; rev:6;)" from file /usr/local/etc/suricata/rules/snort.rules at line 6685
  1469. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  1470. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET 1024:65535 (msg:"MALWARE-CNC Win.Trojan.Fakeavlock variant outbound connection"; flow:to_server,established; dsize:267<>276; content:"User-Agent|3A| Mozilla/5.0 (Windows|3B| U|3B| MSIE 9.0|3B| Windows NT 9.0|3B| en-US)|0D 0A|"; fast_pattern:only; http_header; urilen:159; pcre:"/\x2f[A-F0-9]{158}/U"; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/file/c49f7dbc036ad0a86df02cbbde00cb3b3fbd651d82f6c9c5a98170644374f64f/analysis/; classtype:trojan-activity; sid:25675; rev:7;)" from file /usr/local/etc/suricata/rules/snort.rules at line 6868
  1471. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  1472. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Bancos fake JPG encrypted config file download"; flow:to_server,established; content:".com.br|0D 0A 0D 0A|"; fast_pattern:only; content:"/imagens/"; depth:9; http_uri; content:".jpg"; distance:0; http_uri; pcre:"/\.jpg\x20HTTP\/1\.[01]\r\nUser\x2dAgent\x3a\x20[a-z]+\r\nHost\x3a\x20[a-z0-9\x2d\x2e]+\.com\.br\r\n\r\n$/"; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; classtype:trojan-activity; sid:26722; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 6935
  1473. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  1474. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win32/Autorun.JN variant outbound connection"; flow:to_server,established; dsize:142; urilen:8; content:"/u5.htm"; fast_pattern:only; http_uri; content:"//u5.htm"; http_raw_uri; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Worm%3AWin32%2FAutorun.JN; reference:url,www.virustotal.com/en/file/36144738373c665d262bc007fceaeb9613e59ec29ea3d7424dd9f400af2c0f06/analysis/; classtype:trojan-activity; sid:26966; rev:3;)" from file /usr/local/etc/suricata/rules/snort.rules at line 6996
  1475. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_header" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  1476. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"MALWARE-CNC Osx.Trojan.Janicab runtime traffic detected"; flow:to_client,established; file_data; content:"content=|22|just something i made up for fun, check out my website at"; fast_pattern:only; content:"X-YouTube-Other-Cookies:"; nocase; http_header; metadata:impact_flag red, policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service http; reference:cve,2012-0158; reference:url,www.virustotal.com/file/3bc13adad9b7b60354d83bc27a507864a2639b43ec835c45d8b7c565e81f1a8f/analysis/; classtype:trojan-activity; sid:27544; rev:3;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7024
  1477. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  1478. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET 80 (msg:"MALWARE-CNC Win.Trojan.Conficker variant outbound connection"; flow:to_server,established; dsize:146; urilen:1; content:"GET / HTTP/1.1|0D 0A|User-Agent: Mozilla/4.0 (compatible|3B| MSIE 7.0|3B| Windows NT 5.1|3B| Trident/4.0)|0D 0A|Host: checkip.dyndns.org|0D 0A|Cache-Control: no-cache|0D 0A 0D 0A|"; fast_pattern:only; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.sans.org/security-resources/malwarefaq/conficker-worm.php; classtype:trojan-activity; sid:28542; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7171
  1479. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  1480. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET 80 (msg:"MALWARE-CNC Win.Trojan.Conficker variant outbound connection"; flow:to_server,established; dsize:139; urilen:1; content:"GET / HTTP/1.1|0D 0A|User-Agent: Mozilla/4.0 (compatible|3B| MSIE 7.0|3B| Windows NT 5.1|3B| Trident/4.0)|0D 0A|Host: www.ask.com|0D 0A|Cache-Control: no-cache|0D 0A 0D 0A|"; fast_pattern:only; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.sans.org/security-resources/malwarefaq/conficker-worm.php; classtype:trojan-activity; sid:28543; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7172
  1481. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  1482. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Injector variant outbound connection"; flow:to_server,established; urilen:9; content:"/load.exe HTTP/1.1|0D 0A|User-Agent: Mozilla/"; fast_pattern:only; content:"|3B 20|MSIE|20|"; http_header; content:")|0D 0A|Host: "; distance:0; http_header; content:!"Accept"; http_header; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,urlquery.net/search.php?q=%5C%2Fload%5C.exe%24&type=regexp&start=2013-08-24&end=2013-11-22&max=400; reference:url,www.virustotal.com/en/file/032572ea1f34a060ecac98a8e2899dc0f2a41dff199e879050481ddd3818b4d0/analysis/; classtype:trojan-activity; sid:28807; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7196
  1483. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  1484. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Chewbacca outbound connection"; flow:to_server,established; urilen:4; dsize:<200; content:"/ip/"; depth:4; fast_pattern; http_uri; content:"Keep-Alive|3A 20|300|0D 0A|"; http_header; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,threatpost.com/chewbacca-latest-malware-to-take-a-liking-to-tor/103220; reference:url,www.securelist.com/en/blog/208214185/ChewBacca_a_new_episode_of_Tor_based_Malware; classtype:trojan-activity; sid:29440; rev:5;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7347
  1485. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  1486. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.WEC variant outbound connection"; flow:to_server,established; dsize:69; urilen:1; content:"GET / HTTP/1.1|0D 0A|User-Agent: Mozilla/4.0|0D 0A|Host: checkip.dyndns.org|0D 0A 0D 0A|"; fast_pattern:only; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/en/file/164c792247b2822ab1dce8271a9498d3c9172ff21d36feccf83265ded1be8d0b/analysis/; classtype:trojan-activity; sid:29882; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7401
  1487. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  1488. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Bancos variant outbound connection"; flow:to_server,established; content:"Content-Length: 166"; content:".php HTTP/1.1|0D 0A|Accept: */*|0D 0A|Content-Type: application/x-www-form-urlencoded|0D 0A|User-Agent: Mozilla/5.0 (Windows NT 6.1|3B| Trident/7.0|3B| rv:11.0) like Gecko|0D 0A|Host: "; fast_pattern:only; content:"v="; depth:2; http_client_body; content:"&c="; within:7; http_client_body; pcre:"/\x3d\x3d$/P"; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/en/file/51540d7c9a4bc2a430bc50c85cf9cec5c6f2bb755e800a3f3575ba34fe5f008c/analysis; classtype:trojan-activity; sid:29895; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7406
  1489. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Can't use file_data with flow:to_server or flow:from_client with http.
  1490. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC ANDR.Trojan.FakeApp outbound connection"; flow:established, to_server; content:"/cp/server.php"; fast_pattern:only; http_uri; content:"Content-Type: multipart/form-data|3B| boundary=Aab03x"; http_header; content:"User-Agent: Dalvik"; http_header; file_data; content:"AaB03x"; content:"name=|22|phone"; distance:0; content:"name=|22|type"; distance:0; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,securityaffairs.co/wordpress/22465/cyber-crime/banking-trojan-hit-islamic-mobile.html; reference:url,www.virustotal.com/file/66911EE32FC4777BB9272F9BE9EB8970B39440768B612FBAB4AC01D8E23F9AA1/analysis/; classtype:trojan-activity; sid:29978; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7421
  1491. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  1492. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Critroni outbound connection"; flow:to_server,established; dsize:174; urilen:1; content:"/"; http_uri; content:"Host|3A| ip.telize.com|0D 0A|Accept|3A| */*|0D 0A|User-Agent|3A| Mozilla/5.0 |28|Windows NT 6.1|3B| WOW64|29| AppleWebKit/537.36 |28|KHTML, like Gecko|29| Chrome/31.0.1650.63 Safari/537.36"; fast_pattern:only; http_header; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,www.virustotal.com/en/file/b3c92d7a9dead6011f3c99829c745c384dd776d88f57bbd60bc4f9d66641819b/analysis/; classtype:trojan-activity; sid:31718; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7679
  1493. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  1494. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Expiro outbound connection"; flow:to_server,established; dsize:<200; content:"POST"; http_method; content:"User-Agent|3A| Mozilla/"; http_header; content:"ompatible|3B| MSIE 31|3B| "; within:20; distance:6; fast_pattern; http_header; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,www.virustotal.com/en/file/f5c716890a2a76785d53e8f9a5db2268501a30df807df4c4323967672efe452c/analysis/; classtype:trojan-activity; sid:31813; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7690
  1495. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  1496. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Rehtesyk outbound connection"; flow:to_server,established; content:"User-Agent: Firefox|0D 0A|"; fast_pattern:only; content:"first="; depth:6; http_client_body; content:"&data="; within:7; http_client_body; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,www.virustotal.com/en/file/b1347df8f8940039cb68bd4e2568e8c68b1f1a0067ac9a0fb1a5f1aef2df61ea/analysis/; classtype:trojan-activity; sid:32311; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7822
  1497. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_header" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  1498. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt"; flow:to_client,established; file_data; dsize:<194; content:"INTERNACIONAL"; depth:13; content:!"Content-Length"; http_header; content:"Transfer-Encoding: chunked"; http_header; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/en/file/e0290c3900445dc00ca24888924e37fa6ac17ecaddc60591e32b81536b9f5ef7/analysis/; classtype:trojan-activity; sid:32607; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7883
  1499. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_header" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  1500. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"MALWARE-CNC Win.Trojan.Sodebral HTTP Response attempt"; flow:to_client,established; file_data; dsize:<194; content:"BRASIL"; depth:6; content:!"Content-Length"; http_header; content:"Transfer-Encoding: chunked"; http_header; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/en/file/e0290c3900445dc00ca24888924e37fa6ac17ecaddc60591e32b81536b9f5ef7/analysis/; classtype:trojan-activity; sid:32608; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7884
  1501. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  1502. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET 8080 (msg:"MALWARE-CNC Win.Trojan.Androm variant outbound connection"; flow:to_server,established; content:"Mozilla/4.0 (compatible|3B|MSIE 7.0|3B|Windows NT 6.0)"; fast_pattern:only; http_header; content:"/"; depth:1; offset:9; http_uri; content:"/"; within:1; distance:8; http_uri; content:"Host:"; http_header; content:":8080"; within:30; http_header; content:"POST"; http_method; dsize:<480; pcre:"/^\/[a-f0-9]{8}\/[a-f0-9]{8}\/$/iU"; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,www.virustotal.com/file/27c298c77e16bbc3f056653034c2d918418f877bb0193a9ca533b5527d830a94/analysis/; classtype:trojan-activity; sid:32770; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7904
  1503. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  1504. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Agent.BHHK variant outbound connection"; flow:to_server,established; dsize:136; urilen:1; content:"GET / HTTP/1.1|0D 0A|User-Agent: Mozilla/4.0 (compatible|3B| MSIE 7.0|3B| Windows NT 6.0)|0D 0A|Host: windowsupdate.microsoft.com|0D 0A|Connection: Close|0D 0A 0D 0A|"; fast_pattern:only; content:!"Accept"; http_header; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/en/file/cab1fffe7a34b5bb7dab2cacd406cf15628d835ab63502d28df78c2faeaad366/analysis/1421677054/; classtype:trojan-activity; sid:33227; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 7967
  1505. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  1506. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.FileEncoder IP geolocation checkin attempt"; flow:to_server,established; dsize:214; urilen:1; content:"GET / HTTP/1.1|0D 0A|User-Agent: Mozilla/4.0 (compatible|3B| MSIE 6.0|3B| Windows NT 5.1|3B| SV1|3B| .NET4.0C|3B| .NET4.0E|3B| .NET CLR 2.0.50727|3B| .NET CLR 3.0.4506.2152|3B| .NET CLR 3.5.30729)|0D 0A|Host: ip-addr.es|0D 0A|Cache-Control: no-cache|0D 0A 0D 0A|"; fast_pattern:only; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/en/file/17edf82c40df6c7268191def7cbff6e60e78d7388018408800d42581567f78cf/analysis/; classtype:trojan-activity; sid:33449; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 8017
  1507. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  1508. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Panskeg outbound connection"; flow:to_server,established; file_data; dsize:10; content:"|79 40 1F F2 03 3C 20 00 00 00|"; fast_pattern:only; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop; reference:url,virustotal.com/en/file/81c6fa11d46bf173932b067c32a852f048ba51873210c3e24ac367c95e799e42/analysis/; classtype:trojan-activity; sid:36610; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 8420
  1509. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  1510. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Teabevil variant outbound connection"; flow:to_server,established; content:"&vs="; fast_pattern:only; content:"/script"; http_uri; urilen:7; content:"CONTENT-TYPE:"; http_header; content:"v="; nocase; http_client_body; content:"&id="; distance:0; nocase; http_client_body; content:"&uid="; distance:0; nocase; http_client_body; content:"&vs="; distance:0; nocase; http_client_body; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,virustotal.com/en/file/9bcf7fbd2123d7085ce5e3e699c9347c48f4c2ec6f26371852a01cf597a96968/analysis/; classtype:trojan-activity; sid:36629; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 8427
  1511. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  1512. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Teabevil variant outbound connection"; flow:to_server,established; content:"&syspath="; fast_pattern:only; content:"/script"; http_uri; urilen:7; content:"CONTENT-TYPE:"; http_header; content:"&macid="; nocase; http_client_body; content:"&os1="; distance:0; nocase; http_client_body; content:"&os2="; distance:0; nocase; http_client_body; content:"&syspath="; distance:0; nocase; http_client_body; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,virustotal.com/en/file/9bcf7fbd2123d7085ce5e3e699c9347c48f4c2ec6f26371852a01cf597a96968/analysis/; classtype:trojan-activity; sid:36630; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 8428
  1513. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - Signature combines packet specific matches (like dsize, flags, ttl) with stream / state matching by matching on app layer proto (like using http_* keywords).
  1514. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET [25] (msg:"MALWARE-CNC Win.Trojan.Trochulis variant outbound connection"; flow:to_server,established; file_data; content:"|BF BF AF AF 7E 00 00 00|"; fast_pattern:only; dsize:8; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop; reference:url,www.virustotal.com/en/file/da6905d96cc860b443deb5f27271a2cfb2ce17f067a59ca7f0fd12c1d70c4372/analysis/; classtype:trojan-activity; sid:37370; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 8492
  1515. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  1516. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.GateKeylogger initial exfiltration attempt"; flow:to_server,established; content:"/gate.php"; fast_pattern:only; content:"pc="; nocase; http_client_body; content:"&admin="; distance:0; nocase; http_client_body; content:"&os="; distance:0; nocase; http_client_body; content:"&hid="; distance:0; nocase; http_client_body; content:"&arc="; distance:0; nocase; http_client_body; content:"User-Agent|3A 20|"; http_header; pcre:"/User-Agent\x3a\x20[A-F0-9]{32}\x0d\x0a/H"; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/en/file/77c802db1731fa8dae1b03d978f89b046309adfa1237b1497a69ccb9c2d82c16/analysis/1459520578/; classtype:trojan-activity; sid:38562; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 8560
  1517. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_stat_code" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  1518. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"MALWARE-CNC Win.Trojan.GateKeylogger fake 404 response"; flow:to_client,established; file_data; content:"200"; http_stat_code; content:"OK"; http_stat_msg; content:">404 Not Found<"; fast_pattern:only; content:" requested URL / was not found "; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/en/file/77c802db1731fa8dae1b03d978f89b046309adfa1237b1497a69ccb9c2d82c16/analysis/1459520578/; classtype:trojan-activity; sid:38563; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 8561
  1519. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  1520. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Helminth variant outbound connection"; flow:to_server,established; content:"UIET9fWR"; fast_pattern:only; content:"User-Agent: Mozilla/5.0"; http_header; content:"|20|Trident/5.0|0D 0A|"; within:14; distance:39; http_header; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, service http; reference:url,www.virustotal.com/en/file/632be0a3d8d298f2ded928a4ac27846904ed842ad08b355acab53132d31eaf24/analysis/; classtype:trojan-activity; sid:39176; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 8624
  1521. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_client_body" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  1522. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Unix.Trojan.Erebus variant outbound connection"; flow:to_server,established; file_data; urilen:1; content:"h="; depth:2; http_client_body; content:"&v="; within:3; distance:8; http_client_body; content:"&k="; within:3; distance:3; fast_pattern; http_client_body; content:"Expect|3A| 100-continue|0D 0A 0D 0A|"; http_header; content:!"User-Agent"; http_header; metadata:impact_flag red, policy balanced-ips alert, policy security-ips alert, service http; reference:url,virustotal.com/en/file/0b7996bca486575be15e68dba7cbd802b1e5f90436ba23f802da66292c8a055f/analysis/; classtype:trojan-activity; sid:43351; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 8955
  1523. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  1524. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Osx.Trojan.OceanLotus outbound connection attempt"; flow:to_server,established; content:"/sigstore.db?"; fast_pattern:only; content:"k="; http_uri; content:"?q="; distance:0; http_uri; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.alienvault.com/blogs/labs-research/oceanlotus-for-os-x-an-application-bundle-pretending-to-be-an-adobe-flash-update; classtype:trojan-activity; sid:45400; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 9153
  1525. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_method" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  1526. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Rarog outbound communication attempt"; flow:to_server,established; file_data; content:"POST"; nocase; http_method; content:"/2.0/method/"; depth:12; nocase; http_uri; pcre:"/\/2\.0\/method\/(checkConnection|config|delay|error|get|info|setOnline|update)/iU"; metadata:impact_flag red, policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service http; classtype:trojan-activity; sid:46238; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 9247
  1527. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_method" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  1528. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Rarog outbound communication attempt"; flow:to_server,established; file_data; content:"POST"; nocase; http_method; content:"/4.0/method/"; depth:12; nocase; http_uri; pcre:"/\/4\.0\/method\/(check|cores|installSuccess|modules|threads|blacklist)/iU"; metadata:impact_flag red, policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service http; classtype:trojan-activity; sid:46239; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 9248
  1529. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_header" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  1530. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"MALWARE-CNC Win.Trojan.Rarog user-agent outbound communication attempt"; flow:to_server,established; file_data; content:"User-Agent"; nocase; http_header; content:"Rarog"; within:200; fast_pattern; nocase; http_header; pcre:"/User-Agent\s*:[^\r\n]*Rarog/iH"; metadata:impact_flag red, policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service http; classtype:trojan-activity; sid:46240; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 9249
  1531. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - "http_uri" keyword seen with a sticky buffer still set. Reset sticky buffer with pkt_data before using the modifier.
  1532. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"MALWARE-CNC Outbound malicious vbscript attempt"; flow:to_server,established; file_data; content:"/ilha/"; fast_pattern; nocase; http_uri; content:"logs.php"; within:9; distance:2; nocase; http_uri; metadata:impact_flag red, policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service ftp-data, service http, service imap, service pop3; classtype:attempted-user; sid:46792; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 9338
  1533. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - previous keyword has a fast_pattern:only; set. Can't have relative keywords around a fast_pattern only content
  1534. 19/11/2018 -- 02:23:06 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"MALWARE-OTHER Win.Trojan.Zeus Spam 2013 dated zip/exe HTTP Response - potential malware download"; flow:to_client,established; content:"-2013.zip|0D 0A|"; fast_pattern:only; content:"-2013.zip|0D 0A|"; http_header; content:"-"; within:1; distance:-14; http_header; file_data; content:"-2013.exe"; content:"-"; within:1; distance:-14; metadata:impact_flag red, policy balanced-ips drop, policy security-ips drop, ruleset community, service http; reference:url,www.virustotal.com/en/file/2eff3ee6ac7f5bf85e4ebcbe51974d0708cef666581ef1385c628233614b22c0/analysis/; classtype:trojan-activity; sid:26470; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 9630
  1535. 19/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_PCRE_PARSE(7)] - parse error, ret -1, string 1,=,3,0,relative,bitmask 0xF0
  1536. 19/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"OS-OTHER Intel x64 side-channel analysis information leak attempt"; flow:to_server,established; file_data; flowbits:isset,file.exe|file.elf; content:"|0F 01 F9|"; content:"|0F 01 F9|"; within:50; content:"|0F AE|"; byte_test:1,=,3,0,relative,bitmask 0xF0; content:"|0F AE|"; within:75; byte_test:1,=,3,0,relative,bitmask 0xF0; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service smtp; reference:cve,2017-5715; reference:cve,2017-5753; reference:cve,2017-5754; classtype:attempted-recon; sid:45443; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 9995
  1537. 19/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_PCRE_PARSE(7)] - parse error, ret -1, string 1,=,3,0,relative,bitmask 0xF0
  1538. 19/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET $FILE_DATA_PORTS -> $HOME_NET any (msg:"OS-OTHER Intel x64 side-channel analysis information leak attempt"; flow:to_client,established; file_data; flowbits:isset,file.exe|file.elf; content:"|0F 01 F9|"; content:"|0F 01 F9|"; within:50; content:"|0F AE|"; byte_test:1,=,3,0,relative,bitmask 0xF0; content:"|0F AE|"; within:75; byte_test:1,=,3,0,relative,bitmask 0xF0; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service ftp-data, service http, service imap, service pop3; reference:cve,2017-5715; reference:cve,2017-5753; reference:cve,2017-5754; classtype:attempted-recon; sid:45444; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 9996
  1539. 19/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'byte_math'.
  1540. 19/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "drop udp any any -> $HOME_NET 53 (msg:"PROTOCOL-DNS dnsmasq add_pseudoheader integer underflow attempt"; flow:to_server; byte_test:1,!&,0xF8,2; content:"|00 00 00 00 00 00|"; depth:6; offset:4; content:"|00 00 29|"; within:3; distance:2; content:"|FE|"; within:1; distance:8; byte_test:2,>,4,-3,relative; byte_math:bytes 2,offset -3,oper -,rvalue 4,result rdlen_minus_four,relative; byte_test:2,>,rdlen_minus_four,1,relative; metadata:policy max-detect-ips drop, policy security-ips drop, service dns; reference:cve,2017-14496; reference:url,security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html; classtype:attempted-admin; sid:44482; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 10595
  1541. 19/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'byte_math'.
  1542. 19/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $HOME_NET 4786 (msg:"SERVER-OTHER Cisco Smart Install invalid init discovery message denial of service attempt"; flow:to_server,established; content:"|00 00 00|"; depth:3; content:"|00 00 00 07|"; within:4; distance:5; fast_pattern; content:"|00 00 00 01|"; within:4; distance:4; byte_math:bytes 4,offset 0,oper +,rvalue 8,result sub_len_plus_eight,relative; byte_test:4,!=,sub_len_plus_eight,-8,relative; metadata:policy balanced-ips drop, policy connectivity-ips drop, policy max-detect-ips drop, policy security-ips drop; reference:cve,2018-0171; reference:url,tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2; classtype:attempted-dos; sid:46468; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 11097
  1543. 19/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_PCRE_PARSE(7)] - parse error, ret -1, string 1,=,0x05,6,relative,bitmask 0x14
  1544. 19/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"SERVER-SAMBA Samba unsigned connections attempt"; flow:to_server, established; content:"|FF|SMB"; depth:4; offset:4; byte_test:1,=,0x05,6,relative,bitmask 0x14; content:"|00 00 00 00 00 00 00 00|"; within:8; distance:10; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop; reference:cve,2017-12150; reference:url,samba.org/samba/security/CVE-2017-12150.html; classtype:attempted-user; sid:45074; rev:3;)" from file /usr/local/etc/suricata/rules/snort.rules at line 11121
  1545. 19/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_PCRE_PARSE(7)] - parse error, ret -1, string 1,=,1,2,relative,bitmask 0x01
  1546. 19/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $HOME_NET 445 (msg:"SERVER-SAMBA Samba tree connect andx memory corruption attempt"; flow:to_server,established; content:"|FF|SMB|75|"; fast_pattern:only; content:"|04 75 00|"; byte_test:1,=,1,2,relative,bitmask 0x01; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop; reference:cve,2017-14746; classtype:attempted-user; sid:45255; rev:2;)" from file /usr/local/etc/suricata/rules/snort.rules at line 11122
  1547. 19/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - pcre with /R (relative) needs preceeding match in the same buffer
  1548. 19/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP Oracle GlassFish Server authentication bypass attempt"; flow:to_server,established; content:"GET"; nocase; http_method; content:"/applications/upload"; http_uri; pcre:"/^(Frame)?\.jsf/R"; content:!"JSESSIONID="; flowbits:set,glassfish_unauth_attempt; metadata:service http; reference:bugtraq,47438; reference:cve,2011-0807; classtype:attempted-admin; sid:20159; rev:8;)" from file /usr/local/etc/suricata/rules/snort.rules at line 11130
  1549. 19/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_RULE_KEYWORD_UNKNOWN(102)] - unknown rule keyword 'http_raw_cookie'.
  1550. 19/11/2018 -- 02:23:07 - <Error> - [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP Multiple products DVR admin password leak attempt"; flow:to_server,established; content:"/device.rsp"; fast_pattern:only; http_uri; content:"uid="; http_raw_cookie; content:"cmd=list"; metadata:policy balanced-ips drop, policy max-detect-ips drop, policy security-ips drop, service http; reference:cve,2018-9995; classtype:web-application-attack; sid:46825; rev:1;)" from file /usr/local/etc/suricata/rules/snort.rules at line 11386
  1551. 19/11/2018 -- 02:23:07 - <Config> - Loading rule file: /usr/local/etc/suricata/rules/et.rules
  1552. 19/11/2018 -- 02:23:08 - <Config> - Loading rule file: /usr/local/etc/suricata/rules/feodo.rules
  1553. 19/11/2018 -- 02:23:08 - <Config> - No rules loaded from feodo.rules.
  1554. 19/11/2018 -- 02:23:08 - <Config> - Loading rule file: /usr/local/etc/suricata/rules/sslipblacklist.rules
  1555. 19/11/2018 -- 02:23:08 - <Config> - No rules loaded from sslipblacklist.rules.
  1556. 19/11/2018 -- 02:23:08 - <Config> - Loading rule file: /usr/local/etc/suricata/rules/sslblacklist.rules
  1557. 19/11/2018 -- 02:23:08 - <Config> - No rules loaded from sslblacklist.rules.
  1558. 19/11/2018 -- 02:23:08 - <Config> - Loading rule file: /usr/local/etc/suricata/rules/lists.rules
  1559. 19/11/2018 -- 02:23:08 - <Config> - Loading rule file: /usr/local/etc/suricata/rules/zeus.rules
  1560. 19/11/2018 -- 02:23:08 - <Info> - 7 rule files processed. 18072 rules successfully loaded, 205 rules failed
  1561. 19/11/2018 -- 02:23:08 - <Info> - Threshold config parsed: 0 rule(s) found
  1562. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for tcp-packet
  1563. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for tcp-stream
  1564. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for udp-packet
  1565. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for other-ip
  1566. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_uri
  1567. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_request_line
  1568. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_client_body
  1569. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_response_line
  1570. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_header
  1571. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_header
  1572. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_header_names
  1573. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_header_names
  1574. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_accept
  1575. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_accept_enc
  1576. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_accept_lang
  1577. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_referer
  1578. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_connection
  1579. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_content_len
  1580. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_content_len
  1581. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_content_type
  1582. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_content_type
  1583. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_protocol
  1584. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_protocol
  1585. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_start
  1586. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_start
  1587. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_raw_header
  1588. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_raw_header
  1589. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_method
  1590. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_cookie
  1591. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_cookie
  1592. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_raw_uri
  1593. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_user_agent
  1594. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_host
  1595. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_raw_host
  1596. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_stat_msg
  1597. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for http_stat_code
  1598. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for dns_query
  1599. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for tls_sni
  1600. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for tls_cert_issuer
  1601. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for tls_cert_subject
  1602. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for tls_cert_serial
  1603. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for dce_stub_data
  1604. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for dce_stub_data
  1605. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for ssh_protocol
  1606. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for ssh_protocol
  1607. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for ssh_software
  1608. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for ssh_software
  1609. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for file_data
  1610. 19/11/2018 -- 02:23:09 - <Perf> - using shared mpm ctx' for file_data
  1611. 19/11/2018 -- 02:23:09 - <Info> - 18076 signatures processed. 17 are IP-only rules, 5774 are inspecting packet payload, 8364 inspect application layer, 0 are decoder event only
  1612. 19/11/2018 -- 02:23:09 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
  1613. 19/11/2018 -- 02:23:09 - <Perf> - TCP toserver: 101 port groups, 91 unique SGH's, 10 copies
  1614. 19/11/2018 -- 02:23:09 - <Perf> - TCP toclient: 101 port groups, 61 unique SGH's, 40 copies
  1615. 19/11/2018 -- 02:23:09 - <Perf> - UDP toserver: 83 port groups, 42 unique SGH's, 41 copies
  1616. 19/11/2018 -- 02:23:09 - <Perf> - UDP toclient: 42 port groups, 20 unique SGH's, 22 copies
  1617. 19/11/2018 -- 02:23:09 - <Perf> - OTHER toserver: 254 proto groups, 2 unique SGH's, 252 copies
  1618. 19/11/2018 -- 02:23:09 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
  1619. 19/11/2018 -- 02:23:10 - <Perf> - Unique rule groups: 216
  1620. 19/11/2018 -- 02:23:10 - <Perf> - Builtin MPM "toserver TCP packet": 66
  1621. 19/11/2018 -- 02:23:10 - <Perf> - Builtin MPM "toclient TCP packet": 31
  1622. 19/11/2018 -- 02:23:10 - <Perf> - Builtin MPM "toserver TCP stream": 80
  1623. 19/11/2018 -- 02:23:10 - <Perf> - Builtin MPM "toclient TCP stream": 47
  1624. 19/11/2018 -- 02:23:10 - <Perf> - Builtin MPM "toserver UDP packet": 42
  1625. 19/11/2018 -- 02:23:10 - <Perf> - Builtin MPM "toclient UDP packet": 19
  1626. 19/11/2018 -- 02:23:10 - <Perf> - Builtin MPM "other IP packet": 2
  1627. 19/11/2018 -- 02:23:10 - <Perf> - AppLayer MPM "toserver http_uri": 14
  1628. 19/11/2018 -- 02:23:10 - <Perf> - AppLayer MPM "toserver http_client_body": 4
  1629. 19/11/2018 -- 02:23:10 - <Perf> - AppLayer MPM "toserver http_header": 9
  1630. 19/11/2018 -- 02:23:10 - <Perf> - AppLayer MPM "toclient http_header": 3
  1631. 19/11/2018 -- 02:23:10 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
  1632. 19/11/2018 -- 02:23:10 - <Perf> - AppLayer MPM "toserver http_cookie": 1
  1633. 19/11/2018 -- 02:23:10 - <Perf> - AppLayer MPM "toclient http_cookie": 2
  1634. 19/11/2018 -- 02:23:10 - <Perf> - AppLayer MPM "toserver http_raw_uri": 2
  1635. 19/11/2018 -- 02:23:10 - <Perf> - AppLayer MPM "toserver http_user_agent": 2
  1636. 19/11/2018 -- 02:23:10 - <Perf> - AppLayer MPM "toserver http_host": 1
  1637. 19/11/2018 -- 02:23:10 - <Perf> - AppLayer MPM "toserver dns_query": 4
  1638. 19/11/2018 -- 02:23:10 - <Perf> - AppLayer MPM "toserver dce_stub_data": 4
  1639. 19/11/2018 -- 02:23:10 - <Perf> - AppLayer MPM "toserver file_data": 7
  1640. 19/11/2018 -- 02:23:10 - <Perf> - AppLayer MPM "toclient file_data": 10
  1641. 19/11/2018 -- 02:23:10 - <Info> - cleaning up signature grouping structure... complete
  1642. 19/11/2018 -- 02:23:10 - <Notice> - rule reload complete
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!