API tools faq
paste
Advertisement
James_inthe_box

Bad blocks

James_inthe_box
May 18th, 2018
467
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 147.01 KB | None | 0 0
raw download clone embed print report
  1. May 1 02:35:45 server kernel: [154057.372449] IN=ppp0 OUT= MAC= SRC=163.172.119.161 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=121 ID=20703 DF PROTO=TCP SPT=59195 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  2. May 1 03:33:15 server kernel: [157506.940456] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=243 ID=17356 PROTO=TCP SPT=48652 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  3. May 1 03:37:34 server kernel: [157766.255895] IN=ppp0 OUT= MAC= SRC=212.129.60.91 DST=x.x.x.x LEN=728 TOS=0x00 PREC=0x00 TTL=120 ID=10654 PROTO=UDP SPT=4044 DPT=5060 LEN=708
  4. May 1 06:25:56 server snort[17849]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5064 -> x.x.x.x:5060
  5. May 1 06:25:56 server snort[17849]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5064 -> x.x.x.x:5060
  6. May 1 06:25:56 server kernel: [167867.966410] IN=ppp0 OUT= MAC= SRC=212.129.56.204 DST=x.x.x.x LEN=447 TOS=0x08 PREC=0x20 TTL=52 ID=20470 DF PROTO=UDP SPT=5064 DPT=5060 LEN=427
  7. May 1 08:04:35 server kernel: [173787.355114] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=32354 PROTO=TCP SPT=43690 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  8. May 1 08:26:58 server snort[17849]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5063 -> x.x.x.x:5060
  9. May 1 08:26:58 server snort[17849]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5063 -> x.x.x.x:5060
  10. May 1 08:26:58 server kernel: [175129.868150] IN=ppp0 OUT= MAC= SRC=212.129.56.204 DST=x.x.x.x LEN=447 TOS=0x08 PREC=0x20 TTL=53 ID=9218 DF PROTO=UDP SPT=5063 DPT=5060 LEN=427
  11. May 1 09:47:21 server kernel: [179952.801162] IN=ppp0 OUT= MAC= SRC=62.4.14.198 DST=x.x.x.x LEN=60 TOS=0x08 PREC=0x20 TTL=53 ID=44296 DF PROTO=TCP SPT=29167 DPT=2000 WINDOW=5840 RES=0x00 SYN URGP=0
  12. May 1 10:28:36 server snort[17849]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5086 -> x.x.x.x:5060
  13. May 1 10:28:36 server snort[17849]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5086 -> x.x.x.x:5060
  14. May 1 10:28:36 server kernel: [182428.480162] IN=ppp0 OUT= MAC= SRC=212.129.56.204 DST=x.x.x.x LEN=447 TOS=0x08 PREC=0x20 TTL=52 ID=13271 DF PROTO=UDP SPT=5086 DPT=5060 LEN=427
  15. May 1 10:42:09 server snort[17849]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.83.174.25:5540 -> x.x.x.x:5060
  16. May 1 10:42:09 server snort[17849]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.83.174.25:5540 -> x.x.x.x:5060
  17. May 1 10:42:09 server kernel: [183240.800217] IN=ppp0 OUT= MAC= SRC=212.83.174.25 DST=x.x.x.x LEN=441 TOS=0x08 PREC=0x20 TTL=52 ID=23732 DF PROTO=UDP SPT=5540 DPT=5060 LEN=421
  18. May 1 11:24:08 server kernel: [185759.768403] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=12495 PROTO=TCP SPT=58725 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  19. May 1 11:36:21 server kernel: [186493.257042] IN=ppp0 OUT= MAC= SRC=163.172.70.102 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=120 ID=6659 DF PROTO=TCP SPT=59190 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  20. May 1 11:36:24 server kernel: [186496.255964] IN=ppp0 OUT= MAC= SRC=163.172.70.102 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=120 ID=9244 DF PROTO=TCP SPT=59190 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  21. May 1 12:21:49 server kernel: [189221.078053] IN=ppp0 OUT= MAC= SRC=51.15.240.38 DST=x.x.x.x LEN=373 TOS=0x00 PREC=0x00 TTL=53 ID=18656 DF PROTO=UDP SPT=5063 DPT=5060 LEN=353
  22. May 1 12:31:39 server kernel: [189810.946516] IN=ppp0 OUT= MAC= SRC=212.129.56.204 DST=x.x.x.x LEN=444 TOS=0x08 PREC=0x20 TTL=53 ID=65113 DF PROTO=UDP SPT=5060 DPT=5060 LEN=424
  23. May 1 12:31:39 server snort[17849]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5060 -> x.x.x.x:5060
  24. May 1 12:31:39 server snort[17849]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5060 -> x.x.x.x:5060
  25. May 1 14:29:57 server snort[17849]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5080 -> x.x.x.x:5060
  26. May 1 14:29:57 server snort[17849]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5080 -> x.x.x.x:5060
  27. May 1 14:29:57 server kernel: [196909.574639] IN=ppp0 OUT= MAC= SRC=212.129.56.204 DST=x.x.x.x LEN=446 TOS=0x08 PREC=0x20 TTL=52 ID=55429 DF PROTO=UDP SPT=5080 DPT=5060 LEN=426
  28. May 1 14:53:28 server kernel: [198320.489785] IN=ppp0 OUT= MAC= SRC=51.15.240.38 DST=x.x.x.x LEN=371 TOS=0x00 PREC=0x00 TTL=53 ID=56693 DF PROTO=UDP SPT=5065 DPT=5060 LEN=351
  29. May 1 15:12:56 server kernel: [199487.718031] IN=ppp0 OUT= MAC= SRC=195.154.43.58 DST=x.x.x.x LEN=437 TOS=0x00 PREC=0x00 TTL=121 ID=18142 PROTO=UDP SPT=5095 DPT=5070 LEN=417
  30. May 1 15:26:35 server kernel: [200307.413625] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=243 ID=22025 PROTO=TCP SPT=53793 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  31. May 1 15:35:41 server kernel: [200853.311781] IN=ppp0 OUT= MAC= SRC=51.15.152.87 DST=x.x.x.x LEN=60 TOS=0x08 PREC=0x20 TTL=53 ID=19559 DF PROTO=TCP SPT=49428 DPT=8291 WINDOW=5840 RES=0x00 SYN URGP=0
  32. May 1 16:30:48 server snort[17849]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5078 -> x.x.x.x:5060
  33. May 1 16:30:48 server snort[17849]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5078 -> x.x.x.x:5060
  34. May 1 16:30:48 server kernel: [204160.254877] IN=ppp0 OUT= MAC= SRC=212.129.56.204 DST=x.x.x.x LEN=447 TOS=0x08 PREC=0x20 TTL=52 ID=30122 DF PROTO=UDP SPT=5078 DPT=5060 LEN=427
  35. May 1 17:37:42 server kernel: [208174.224942] IN=ppp0 OUT= MAC= SRC=163.172.119.161 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=121 ID=12027 DF PROTO=TCP SPT=62197 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  36. May 1 18:31:33 server snort[17849]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5060 -> x.x.x.x:5060
  37. May 1 18:31:33 server snort[17849]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5060 -> x.x.x.x:5060
  38. May 1 18:31:33 server kernel: [211405.338465] IN=ppp0 OUT= MAC= SRC=212.129.56.204 DST=x.x.x.x LEN=446 TOS=0x08 PREC=0x20 TTL=53 ID=9381 DF PROTO=UDP SPT=5060 DPT=5060 LEN=426
  39. May 1 19:36:54 server kernel: [215325.771751] IN=ppp0 OUT= MAC= SRC=51.15.235.67 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=32818 PROTO=TCP SPT=62131 DPT=23 WINDOW=42516 RES=0x00 SYN URGP=0
  40. May 1 19:36:54 server snort[17849]: [1:2403374:40207] ET CINS Active Threat Intelligence Poor Reputation IP TCP group 38 [Classification: Misc Attack] [Priority: 2] {TCP} 51.15.235.67:62131 -> x.x.x.x:23
  41. May 1 19:44:13 server snort[17849]: [1:2018789:3] ET POLICY TLS possible TOR SSL traffic [Classification: Misc activity] [Priority: 3] {TCP} 212.47.229.2:9001 -> 192.168.1.6:51502
  42. May 1 19:44:16 server snort[17849]: [1:2018789:3] ET POLICY TLS possible TOR SSL traffic [Classification: Misc activity] [Priority: 3] {TCP} 212.129.5.219:9001 -> 192.168.1.6:53866
  43. May 1 20:05:50 server kernel: [217062.294009] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=36021 PROTO=TCP SPT=49578 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  44. May 1 20:32:29 server snort[17849]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5063 -> x.x.x.x:5060
  45. May 1 20:32:29 server snort[17849]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5063 -> x.x.x.x:5060
  46. May 1 20:32:29 server kernel: [218660.733321] IN=ppp0 OUT= MAC= SRC=212.129.56.204 DST=x.x.x.x LEN=445 TOS=0x08 PREC=0x20 TTL=53 ID=41437 DF PROTO=UDP SPT=5063 DPT=5060 LEN=425
  47. May 1 21:38:17 server kernel: [222609.144161] IN=ppp0 OUT= MAC= SRC=51.15.240.38 DST=x.x.x.x LEN=370 TOS=0x00 PREC=0x00 TTL=53 ID=35967 DF PROTO=UDP SPT=5084 DPT=5060 LEN=350
  48. May 1 22:33:58 server snort[17849]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5070 -> x.x.x.x:5060
  49. May 1 22:33:58 server snort[17849]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5070 -> x.x.x.x:5060
  50. May 1 22:33:58 server kernel: [225950.348175] IN=ppp0 OUT= MAC= SRC=212.129.56.204 DST=x.x.x.x LEN=447 TOS=0x08 PREC=0x20 TTL=53 ID=15547 DF PROTO=UDP SPT=5070 DPT=5060 LEN=427
  51. May 2 00:21:48 server kernel: [232420.405652] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=26619 PROTO=TCP SPT=45376 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  52. May 2 00:34:37 server kernel: [233189.482529] IN=ppp0 OUT= MAC= SRC=212.129.56.204 DST=x.x.x.x LEN=446 TOS=0x08 PREC=0x20 TTL=53 ID=20795 DF PROTO=UDP SPT=5085 DPT=5060 LEN=426
  53. May 2 00:34:37 server snort[13359]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5085 -> x.x.x.x:5060
  54. May 2 00:34:37 server snort[13359]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5085 -> x.x.x.x:5060
  55. May 2 01:17:46 server kernel: [235777.986696] IN=ppp0 OUT= MAC= SRC=163.172.119.161 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=121 ID=20728 DF PROTO=TCP SPT=62132 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  56. May 2 03:47:24 server kernel: [244755.969578] IN=ppp0 OUT= MAC= SRC=195.154.102.181 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=64108 PROTO=TCP SPT=62298 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  57. May 2 04:48:30 server kernel: [248422.589114] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=22592 PROTO=TCP SPT=40477 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  58. May 2 05:13:48 server snort[13359]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 62.210.247.187:5075 -> x.x.x.x:5060
  59. May 2 05:13:48 server snort[13359]: [1:2403411:40231] ET CINS Active Threat Intelligence Poor Reputation IP UDP group 56 [Classification: Misc Attack] [Priority: 2] {UDP} 62.210.247.187:5075 -> x.x.x.x:5060
  60. May 2 05:13:48 server kernel: [249940.357791] IN=ppp0 OUT= MAC= SRC=62.210.247.187 DST=x.x.x.x LEN=377 TOS=0x00 PREC=0x00 TTL=57 ID=12804 DF PROTO=UDP SPT=5075 DPT=5060 LEN=357
  61. May 2 06:36:14 server kernel: [254886.349926] IN=ppp0 OUT= MAC= SRC=163.172.70.102 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=120 ID=9324 DF PROTO=TCP SPT=56929 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  62. May 2 06:36:17 server kernel: [254889.349234] IN=ppp0 OUT= MAC= SRC=163.172.70.102 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=120 ID=11852 DF PROTO=TCP SPT=56929 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  63. May 2 08:42:02 server kernel: [262434.483853] IN=ppp0 OUT= MAC= SRC=62.210.247.187 DST=x.x.x.x LEN=376 TOS=0x00 PREC=0x00 TTL=57 ID=54928 DF PROTO=UDP SPT=5094 DPT=5060 LEN=356
  64. May 2 08:42:02 server snort[13359]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 62.210.247.187:5094 -> x.x.x.x:5060
  65. May 2 08:42:02 server snort[13359]: [1:2403411:40231] ET CINS Active Threat Intelligence Poor Reputation IP UDP group 56 [Classification: Misc Attack] [Priority: 2] {UDP} 62.210.247.187:5094 -> x.x.x.x:5060
  66. May 2 08:42:50 server kernel: [262482.215393] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=243 ID=33913 PROTO=TCP SPT=55665 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  67. May 2 08:55:24 server kernel: [263236.049944] IN=ppp0 OUT= MAC= SRC=212.129.56.204 DST=x.x.x.x LEN=446 TOS=0x08 PREC=0x20 TTL=52 ID=18700 DF PROTO=UDP SPT=5079 DPT=5060 LEN=426
  68. May 2 08:55:24 server snort[13359]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5079 -> x.x.x.x:5060
  69. May 2 08:55:24 server snort[13359]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5079 -> x.x.x.x:5060
  70. May 2 10:23:13 server snort[13359]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 163.172.124.136:5073 -> x.x.x.x:5060
  71. May 2 10:23:13 server kernel: [268505.600463] IN=ppp0 OUT= MAC= SRC=163.172.124.136 DST=x.x.x.x LEN=379 TOS=0x08 PREC=0x20 TTL=52 ID=59690 DF PROTO=UDP SPT=5073 DPT=5060 LEN=359
  72. May 2 10:57:51 server snort[13359]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5067 -> x.x.x.x:5060
  73. May 2 10:57:51 server snort[13359]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5067 -> x.x.x.x:5060
  74. May 2 10:57:51 server kernel: [270583.462765] IN=ppp0 OUT= MAC= SRC=212.129.56.204 DST=x.x.x.x LEN=447 TOS=0x08 PREC=0x20 TTL=50 ID=51824 DF PROTO=UDP SPT=5067 DPT=5060 LEN=427
  75. May 2 12:42:58 server kernel: [276890.268426] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=243 ID=59474 PROTO=TCP SPT=51379 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  76. May 2 12:58:25 server snort[13359]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5061 -> x.x.x.x:5060
  77. May 2 12:58:25 server snort[13359]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5061 -> x.x.x.x:5060
  78. May 2 12:58:25 server kernel: [277817.632919] IN=ppp0 OUT= MAC= SRC=212.129.56.204 DST=x.x.x.x LEN=448 TOS=0x08 PREC=0x20 TTL=52 ID=23714 DF PROTO=UDP SPT=5061 DPT=5060 LEN=428
  79. May 2 14:58:59 server snort[13359]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5099 -> x.x.x.x:5060
  80. May 2 14:58:59 server snort[13359]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5099 -> x.x.x.x:5060
  81. May 2 14:58:59 server kernel: [285051.356732] IN=ppp0 OUT= MAC= SRC=212.129.56.204 DST=x.x.x.x LEN=447 TOS=0x08 PREC=0x20 TTL=52 ID=32409 DF PROTO=UDP SPT=5099 DPT=5060 LEN=427
  82. May 2 15:23:28 server kernel: [286519.696753] IN=ppp0 OUT= MAC= SRC=163.172.119.161 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=121 ID=8914 DF PROTO=TCP SPT=54307 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  83. May 2 16:11:12 server snort[13359]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.20.175:5374 -> x.x.x.x:5060
  84. May 2 16:11:12 server snort[13359]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.20.175:5374 -> x.x.x.x:5060
  85. May 2 16:11:12 server kernel: [289383.892932] IN=ppp0 OUT= MAC= SRC=212.129.20.175 DST=x.x.x.x LEN=442 TOS=0x00 PREC=0x00 TTL=57 ID=21600 DF PROTO=UDP SPT=5374 DPT=5060 LEN=422
  86. May 2 16:12:18 server snort[13359]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 163.172.197.89:5073 -> x.x.x.x:5060
  87. May 2 16:12:18 server snort[13359]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 163.172.197.89:5073 -> x.x.x.x:5060
  88. May 2 16:12:18 server kernel: [289450.405084] IN=ppp0 OUT= MAC= SRC=163.172.197.89 DST=x.x.x.x LEN=440 TOS=0x00 PREC=0x00 TTL=57 ID=44607 DF PROTO=UDP SPT=5073 DPT=5060 LEN=420
  89. May 2 17:00:06 server snort[13359]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5075 -> x.x.x.x:5060
  90. May 2 17:00:06 server snort[13359]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5075 -> x.x.x.x:5060
  91. May 2 17:00:06 server kernel: [292318.008053] IN=ppp0 OUT= MAC= SRC=212.129.56.204 DST=x.x.x.x LEN=446 TOS=0x08 PREC=0x20 TTL=52 ID=58684 DF PROTO=UDP SPT=5075 DPT=5060 LEN=426
  92. May 2 17:29:43 server kernel: [294095.598246] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=241 ID=54948 PROTO=TCP SPT=47331 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  93. May 2 18:28:25 server kernel: [297617.039871] IN=ppp0 OUT= MAC= SRC=212.83.174.25 DST=x.x.x.x LEN=437 TOS=0x08 PREC=0x20 TTL=53 ID=41057 DF PROTO=UDP SPT=5627 DPT=5060 LEN=417
  94. May 2 18:28:25 server snort[13359]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.83.174.25:5627 -> x.x.x.x:5060
  95. May 2 18:28:25 server snort[13359]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.83.174.25:5627 -> x.x.x.x:5060
  96. May 2 19:00:56 server kernel: [299568.485563] IN=ppp0 OUT= MAC= SRC=212.129.56.204 DST=x.x.x.x LEN=446 TOS=0x08 PREC=0x20 TTL=52 ID=7377 DF PROTO=UDP SPT=5088 DPT=5060 LEN=426
  97. May 2 19:00:56 server snort[13359]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5088 -> x.x.x.x:5060
  98. May 2 19:00:56 server snort[13359]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5088 -> x.x.x.x:5060
  99. May 2 21:02:44 server snort[13359]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5063 -> x.x.x.x:5060
  100. May 2 21:02:44 server snort[13359]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5063 -> x.x.x.x:5060
  101. May 2 21:02:45 server kernel: [306876.640871] IN=ppp0 OUT= MAC= SRC=212.129.56.204 DST=x.x.x.x LEN=445 TOS=0x08 PREC=0x20 TTL=53 ID=18895 DF PROTO=UDP SPT=5063 DPT=5060 LEN=425
  102. May 2 22:14:03 server kernel: [311155.096141] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=243 ID=13178 PROTO=TCP SPT=42427 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  103. May 2 23:03:20 server snort[13359]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5076 -> x.x.x.x:5060
  104. May 2 23:03:20 server snort[13359]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5076 -> x.x.x.x:5060
  105. May 2 23:03:20 server kernel: [314112.333394] IN=ppp0 OUT= MAC= SRC=212.129.56.204 DST=x.x.x.x LEN=447 TOS=0x08 PREC=0x20 TTL=53 ID=5387 DF PROTO=UDP SPT=5076 DPT=5060 LEN=427
  106. May 3 00:54:07 server kernel: [320759.083061] IN=ppp0 OUT= MAC= SRC=62.210.107.77 DST=x.x.x.x LEN=429 TOS=0x00 PREC=0x00 TTL=57 ID=24077 DF PROTO=UDP SPT=5612 DPT=5060 LEN=409
  107. May 3 00:54:07 server snort[9779]: [1:2012296:1] ET VOIP Modified Sipvicious Asterisk PBX User-Agent [Classification: Attempted Information Leak] [Priority: 2] {UDP} 62.210.107.77:5612 -> x.x.x.x:5060
  108. May 3 00:54:07 server snort[9779]: [1:2403411:40255] ET CINS Active Threat Intelligence Poor Reputation IP UDP group 56 [Classification: Misc Attack] [Priority: 2] {UDP} 62.210.107.77:5612 -> x.x.x.x:5060
  109. May 3 01:03:51 server snort[9779]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5088 -> x.x.x.x:5060
  110. May 3 01:03:51 server snort[9779]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5088 -> x.x.x.x:5060
  111. May 3 01:03:51 server kernel: [321342.877541] IN=ppp0 OUT= MAC= SRC=212.129.56.204 DST=x.x.x.x LEN=447 TOS=0x08 PREC=0x20 TTL=52 ID=56860 DF PROTO=UDP SPT=5088 DPT=5060 LEN=427
  112. May 3 01:48:08 server snort[9779]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 195.154.53.30:5810 -> x.x.x.x:5060
  113. May 3 01:48:08 server snort[9779]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 195.154.53.30:5810 -> x.x.x.x:5060
  114. May 3 01:48:08 server kernel: [323999.768620] IN=ppp0 OUT= MAC= SRC=195.154.53.30 DST=x.x.x.x LEN=414 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=UDP SPT=5810 DPT=5060 LEN=394
  115. May 3 02:21:43 server kernel: [326015.278384] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=63909 PROTO=TCP SPT=58199 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  116. May 3 02:32:17 server kernel: [326648.664424] IN=ppp0 OUT= MAC= SRC=163.172.119.161 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=121 ID=26923 DF PROTO=TCP SPT=54596 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  117. May 3 06:05:09 server kernel: [339421.524776] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=243 ID=51154 PROTO=TCP SPT=53968 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  118. May 3 09:59:33 server kernel: [353484.923891] IN=ppp0 OUT= MAC= SRC=62.210.247.187 DST=x.x.x.x LEN=377 TOS=0x00 PREC=0x00 TTL=57 ID=19577 DF PROTO=UDP SPT=5084 DPT=5060 LEN=357
  119. May 3 09:59:33 server snort[9779]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 62.210.247.187:5084 -> x.x.x.x:5060
  120. May 3 09:59:33 server snort[9779]: [1:2403411:40255] ET CINS Active Threat Intelligence Poor Reputation IP UDP group 56 [Classification: Misc Attack] [Priority: 2] {UDP} 62.210.247.187:5084 -> x.x.x.x:5060
  121. May 3 10:45:35 server kernel: [356247.275091] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=26143 PROTO=TCP SPT=48914 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  122. May 3 13:45:13 server kernel: [367025.418878] IN=ppp0 OUT= MAC= SRC=212.129.56.204 DST=x.x.x.x LEN=447 TOS=0x08 PREC=0x20 TTL=52 ID=31079 DF PROTO=UDP SPT=5091 DPT=5060 LEN=427
  123. May 3 13:45:13 server snort[9779]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5091 -> x.x.x.x:5060
  124. May 3 13:45:13 server snort[9779]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5091 -> x.x.x.x:5060
  125. May 3 15:38:15 server kernel: [373806.959664] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=16085 PROTO=TCP SPT=43907 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  126. May 3 15:39:49 server kernel: [373900.731493] IN=ppp0 OUT= MAC= SRC=163.172.122.10 DST=x.x.x.x LEN=441 TOS=0x08 PREC=0x20 TTL=52 ID=63593 DF PROTO=UDP SPT=5532 DPT=5060 LEN=421
  127. May 3 15:39:49 server snort[9779]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 163.172.122.10:5532 -> x.x.x.x:5060
  128. May 3 15:39:49 server snort[9779]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 163.172.122.10:5532 -> x.x.x.x:5060
  129. May 3 15:45:45 server kernel: [374257.567582] IN=ppp0 OUT= MAC= SRC=212.129.56.204 DST=x.x.x.x LEN=443 TOS=0x08 PREC=0x20 TTL=50 ID=63670 DF PROTO=UDP SPT=5067 DPT=5060 LEN=423
  130. May 3 15:45:45 server snort[9779]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5067 -> x.x.x.x:5060
  131. May 3 15:45:45 server snort[9779]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5067 -> x.x.x.x:5060
  132. May 3 16:57:20 server snort[9779]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.54.38:5557 -> x.x.x.x:5060
  133. May 3 16:57:20 server snort[9779]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.54.38:5557 -> x.x.x.x:5060
  134. May 3 16:57:20 server kernel: [378552.096584] IN=ppp0 OUT= MAC= SRC=212.129.54.38 DST=x.x.x.x LEN=440 TOS=0x08 PREC=0x20 TTL=51 ID=21611 DF PROTO=UDP SPT=5557 DPT=5060 LEN=420
  135. May 3 17:47:16 server kernel: [381548.524189] IN=ppp0 OUT= MAC= SRC=212.129.56.204 DST=x.x.x.x LEN=447 TOS=0x08 PREC=0x20 TTL=52 ID=27005 DF PROTO=UDP SPT=5082 DPT=5060 LEN=427
  136. May 3 17:47:17 server snort[9779]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5082 -> x.x.x.x:5060
  137. May 3 17:47:17 server snort[9779]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5082 -> x.x.x.x:5060
  138. May 3 18:33:45 server kernel: [384337.254325] IN=ppp0 OUT= MAC= SRC=163.172.119.161 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=121 ID=18313 DF PROTO=TCP SPT=59788 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  139. May 3 19:09:50 server kernel: [386502.474379] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=14454 PROTO=TCP SPT=59631 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  140. May 3 19:47:25 server snort[9779]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5072 -> x.x.x.x:5060
  141. May 3 19:47:25 server snort[9779]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5072 -> x.x.x.x:5060
  142. May 3 19:47:25 server kernel: [388756.856507] IN=ppp0 OUT= MAC= SRC=212.129.56.204 DST=x.x.x.x LEN=447 TOS=0x08 PREC=0x20 TTL=52 ID=28947 DF PROTO=UDP SPT=5072 DPT=5060 LEN=427
  143. May 3 23:12:31 server snort[9779]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 195.154.53.24:6219 -> x.x.x.x:5060
  144. May 3 23:12:31 server snort[9779]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 195.154.53.24:6219 -> x.x.x.x:5060
  145. May 3 23:12:31 server kernel: [401062.652759] IN=ppp0 OUT= MAC= SRC=195.154.53.24 DST=x.x.x.x LEN=415 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=UDP SPT=6219 DPT=5060 LEN=395
  146. May 3 23:27:52 server kernel: [401984.573540] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=24553 PROTO=TCP SPT=50087 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  147. May 4 00:45:55 server kernel: [406667.474269] IN=ppp0 OUT= MAC= SRC=212.83.176.116 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=121 ID=23036 DF PROTO=TCP SPT=25982 DPT=80 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  148. May 4 00:45:58 server kernel: [406670.474252] IN=ppp0 OUT= MAC= SRC=212.83.176.116 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=121 ID=23037 DF PROTO=TCP SPT=25982 DPT=80 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  149. May 4 03:33:17 server kernel: [416709.363700] IN=ppp0 OUT= MAC= SRC=212.129.19.129 DST=x.x.x.x LEN=752 TOS=0x00 PREC=0x00 TTL=121 ID=30337 PROTO=UDP SPT=50070 DPT=5060 LEN=732
  150. May 4 03:52:25 server kernel: [417856.651843] IN=ppp0 OUT= MAC= SRC=212.129.17.130 DST=x.x.x.x LEN=443 TOS=0x00 PREC=0x00 TTL=57 ID=65398 DF PROTO=UDP SPT=5328 DPT=5060 LEN=423
  151. May 4 03:52:25 server snort[5848]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.17.130:5328 -> x.x.x.x:5060
  152. May 4 03:52:25 server snort[5848]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.17.130:5328 -> x.x.x.x:5060
  153. May 4 03:55:50 server kernel: [418061.699893] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=16054 PROTO=TCP SPT=50534 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  154. May 4 04:09:36 server kernel: [418888.175349] IN=ppp0 OUT= MAC= SRC=163.172.119.161 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=121 ID=347 DF PROTO=TCP SPT=53122 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  155. May 4 04:35:30 server kernel: [420441.709741] IN=ppp0 OUT= MAC= SRC=163.172.95.54 DST=x.x.x.x LEN=93 TOS=0x08 PREC=0x20 TTL=52 ID=4643 DF PROTO=UDP SPT=41612 DPT=11211 LEN=73
  156. May 4 08:09:14 server kernel: [433266.556998] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=241 ID=65295 PROTO=TCP SPT=45610 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  157. May 4 11:58:35 server kernel: [447026.674969] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=243 ID=53254 PROTO=TCP SPT=41474 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  158. May 4 13:07:40 server snort[5848]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5094 -> x.x.x.x:5060
  159. May 4 13:07:40 server snort[5848]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5094 -> x.x.x.x:5060
  160. May 4 13:07:40 server kernel: [451171.705158] IN=ppp0 OUT= MAC= SRC=212.129.56.204 DST=x.x.x.x LEN=446 TOS=0x08 PREC=0x20 TTL=52 ID=44113 DF PROTO=UDP SPT=5094 DPT=5060 LEN=426
  161. May 4 13:35:29 server kernel: [452840.943150] IN=ppp0 OUT= MAC= SRC=212.129.54.38 DST=x.x.x.x LEN=440 TOS=0x08 PREC=0x20 TTL=52 ID=2819 DF PROTO=UDP SPT=5060 DPT=5060 LEN=420
  162. May 4 13:35:29 server snort[5848]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.54.38:5060 -> x.x.x.x:5060
  163. May 4 13:35:29 server snort[5848]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.54.38:5060 -> x.x.x.x:5060
  164. May 4 14:10:47 server snort[5848]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 163.172.122.10:5753 -> x.x.x.x:5060
  165. May 4 14:10:47 server snort[5848]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 163.172.122.10:5753 -> x.x.x.x:5060
  166. May 4 14:10:47 server kernel: [454959.554240] IN=ppp0 OUT= MAC= SRC=163.172.122.10 DST=x.x.x.x LEN=442 TOS=0x08 PREC=0x20 TTL=52 ID=37689 DF PROTO=UDP SPT=5753 DPT=5060 LEN=422
  167. May 4 14:53:45 server kernel: [457536.742670] IN=ppp0 OUT= MAC= SRC=195.154.181.114 DST=x.x.x.x LEN=448 TOS=0x00 PREC=0x00 TTL=57 ID=45100 DF PROTO=UDP SPT=56482 DPT=6060 LEN=428
  168. May 4 15:09:12 server snort[5848]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5063 -> x.x.x.x:5060
  169. May 4 15:09:12 server snort[5848]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5063 -> x.x.x.x:5060
  170. May 4 15:09:12 server kernel: [458464.512737] IN=ppp0 OUT= MAC= SRC=212.129.56.204 DST=x.x.x.x LEN=447 TOS=0x08 PREC=0x20 TTL=53 ID=1164 DF PROTO=UDP SPT=5063 DPT=5060 LEN=427
  171. May 4 17:09:57 server snort[5848]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5092 -> x.x.x.x:5060
  172. May 4 17:09:57 server snort[5848]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5092 -> x.x.x.x:5060
  173. May 4 17:09:57 server kernel: [465708.708592] IN=ppp0 OUT= MAC= SRC=212.129.56.204 DST=x.x.x.x LEN=444 TOS=0x08 PREC=0x20 TTL=52 ID=57758 DF PROTO=UDP SPT=5092 DPT=5060 LEN=424
  174. May 4 17:30:09 server kernel: [466920.678036] IN=ppp0 OUT= MAC= SRC=163.172.119.161 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=121 ID=21422 DF PROTO=TCP SPT=58736 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  175. May 4 17:31:56 server kernel: [467028.117617] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=243 ID=7640 PROTO=TCP SPT=56525 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  176. May 4 19:10:26 server kernel: [472938.191694] IN=ppp0 OUT= MAC= SRC=212.129.56.204 DST=x.x.x.x LEN=447 TOS=0x08 PREC=0x20 TTL=52 ID=24531 DF PROTO=UDP SPT=5101 DPT=5060 LEN=427
  177. May 4 19:10:26 server snort[5848]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5101 -> x.x.x.x:5060
  178. May 4 19:10:26 server snort[5848]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5101 -> x.x.x.x:5060
  179. May 4 20:29:42 server kernel: [477694.235131] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=243 ID=34864 PROTO=TCP SPT=52328 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  180. May 4 21:01:31 server kernel: [479602.688855] SASL authentication failed IN=ppp0 OUT= MAC= SRC=51.15.152.98 DST=x.x.x.x LEN=52 TOS=0x00 PREC=0x00 TTL=121 ID=11005 DF PROTO=TCP SPT=49340 DPT=25 WINDOW=260 RES=0x00 ACK PSH URGP=0
  181. May 4 21:11:44 server kernel: [480215.836351] IN=ppp0 OUT= MAC= SRC=212.129.56.204 DST=x.x.x.x LEN=445 TOS=0x08 PREC=0x20 TTL=52 ID=43696 DF PROTO=UDP SPT=5079 DPT=5060 LEN=425
  182. May 4 21:11:44 server snort[5848]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5079 -> x.x.x.x:5060
  183. May 4 21:11:44 server snort[5848]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5079 -> x.x.x.x:5060
  184. May 4 21:12:04 server kernel: [480236.239614] IN=ppp0 OUT= MAC= SRC=62.210.247.187 DST=x.x.x.x LEN=377 TOS=0x00 PREC=0x00 TTL=57 ID=46732 DF PROTO=UDP SPT=5101 DPT=5060 LEN=357
  185. May 4 21:12:04 server snort[5848]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 62.210.247.187:5101 -> x.x.x.x:5060
  186. May 4 21:12:04 server snort[5848]: [1:2403411:40279] ET CINS Active Threat Intelligence Poor Reputation IP UDP group 56 [Classification: Misc Attack] [Priority: 2] {UDP} 62.210.247.187:5101 -> x.x.x.x:5060
  187. May 4 21:17:44 server kernel: [480576.250243] IN=ppp0 OUT= MAC= SRC=163.172.4.153 DST=x.x.x.x LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=30946 DF PROTO=TCP SPT=7020 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
  188. May 4 21:17:45 server kernel: [480577.259782] IN=ppp0 OUT= MAC= SRC=163.172.4.153 DST=x.x.x.x LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=30947 DF PROTO=TCP SPT=7020 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
  189. May 4 21:17:47 server kernel: [480579.255321] IN=ppp0 OUT= MAC= SRC=163.172.4.153 DST=x.x.x.x LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=30948 DF PROTO=TCP SPT=7020 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
  190. May 4 21:17:51 server kernel: [480583.261149] IN=ppp0 OUT= MAC= SRC=163.172.4.153 DST=x.x.x.x LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=30949 DF PROTO=TCP SPT=7020 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
  191. May 4 21:17:59 server kernel: [480591.277287] IN=ppp0 OUT= MAC= SRC=163.172.4.153 DST=x.x.x.x LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=30950 DF PROTO=TCP SPT=7020 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
  192. May 4 21:18:15 server kernel: [480607.309715] IN=ppp0 OUT= MAC= SRC=163.172.4.153 DST=x.x.x.x LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=30951 DF PROTO=TCP SPT=7020 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
  193. May 4 23:12:37 server kernel: [487468.894906] IN=ppp0 OUT= MAC= SRC=212.129.56.204 DST=x.x.x.x LEN=447 TOS=0x08 PREC=0x20 TTL=53 ID=56833 DF PROTO=UDP SPT=5060 DPT=5060 LEN=427
  194. May 4 23:12:37 server snort[5848]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5060 -> x.x.x.x:5060
  195. May 4 23:12:37 server snort[5848]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5060 -> x.x.x.x:5060
  196. May 4 23:15:24 server kernel: [487636.059676] IN=ppp0 OUT= MAC= SRC=212.83.174.25 DST=x.x.x.x LEN=440 TOS=0x08 PREC=0x20 TTL=52 ID=21281 DF PROTO=UDP SPT=5751 DPT=5060 LEN=420
  197. May 4 23:15:24 server snort[5848]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.83.174.25:5751 -> x.x.x.x:5060
  198. May 4 23:15:24 server snort[5848]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.83.174.25:5751 -> x.x.x.x:5060
  199. May 4 23:36:42 server kernel: [488913.912907] IN=ppp0 OUT= MAC= SRC=195.154.102.181 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=50329 PROTO=TCP SPT=63409 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  200. May 5 01:03:43 server kernel: [494135.573159] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=6325 PROTO=TCP SPT=48018 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  201. May 5 01:13:40 server kernel: [494731.899177] IN=ppp0 OUT= MAC= SRC=212.129.56.204 DST=x.x.x.x LEN=447 TOS=0x08 PREC=0x20 TTL=52 ID=62369 DF PROTO=UDP SPT=5084 DPT=5060 LEN=427
  202. May 5 01:13:40 server snort[4962]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5084 -> x.x.x.x:5060
  203. May 5 01:13:40 server snort[4962]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5084 -> x.x.x.x:5060
  204. May 5 01:47:02 server kernel: [496734.234114] IN=ppp0 OUT= MAC= SRC=212.129.19.129 DST=x.x.x.x LEN=505 TOS=0x00 PREC=0x00 TTL=121 ID=28418 PROTO=UDP SPT=60169 DPT=5060 LEN=485
  205. May 5 03:14:22 server kernel: [501974.416812] IN=ppp0 OUT= MAC= SRC=212.129.56.204 DST=x.x.x.x LEN=446 TOS=0x08 PREC=0x20 TTL=52 ID=50608 DF PROTO=UDP SPT=5072 DPT=5060 LEN=426
  206. May 5 03:14:22 server snort[4962]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5072 -> x.x.x.x:5060
  207. May 5 03:14:22 server snort[4962]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5072 -> x.x.x.x:5060
  208. May 5 03:18:47 server kernel: [502239.402699] IN=ppp0 OUT= MAC= SRC=163.172.119.161 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=121 ID=3531 DF PROTO=TCP SPT=65013 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  209. May 5 05:16:48 server kernel: [509320.563949] IN=ppp0 OUT= MAC= SRC=212.129.56.204 DST=x.x.x.x LEN=446 TOS=0x08 PREC=0x20 TTL=52 ID=54651 DF PROTO=UDP SPT=5073 DPT=5060 LEN=426
  210. May 5 05:16:48 server snort[4962]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5073 -> x.x.x.x:5060
  211. May 5 05:16:48 server snort[4962]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5073 -> x.x.x.x:5060
  212. May 5 06:59:49 server kernel: [515500.846778] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=60705 PROTO=TCP SPT=44885 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  213. May 5 07:17:24 server kernel: [516556.511711] IN=ppp0 OUT= MAC= SRC=212.129.56.204 DST=x.x.x.x LEN=446 TOS=0x08 PREC=0x20 TTL=52 ID=41465 DF PROTO=UDP SPT=5072 DPT=5060 LEN=426
  214. May 5 07:17:24 server snort[4962]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5072 -> x.x.x.x:5060
  215. May 5 07:17:24 server snort[4962]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5072 -> x.x.x.x:5060
  216. May 5 07:27:02 server snort[4962]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.33.114:5065 -> x.x.x.x:5060
  217. May 5 07:27:02 server snort[4962]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.33.114:5065 -> x.x.x.x:5060
  218. May 5 07:27:02 server kernel: [517134.594666] IN=ppp0 OUT= MAC= SRC=212.129.33.114 DST=x.x.x.x LEN=441 TOS=0x08 PREC=0x20 TTL=117 ID=8487 PROTO=UDP SPT=5065 DPT=5060 LEN=421
  219. May 5 11:14:36 server kernel: [530788.487119] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=243 ID=52281 PROTO=TCP SPT=41360 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  220. May 5 14:06:21 server snort[4962]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5072 -> x.x.x.x:5060
  221. May 5 14:06:21 server snort[4962]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5072 -> x.x.x.x:5060
  222. May 5 14:06:21 server kernel: [541093.033489] IN=ppp0 OUT= MAC= SRC=212.129.56.204 DST=x.x.x.x LEN=446 TOS=0x08 PREC=0x20 TTL=52 ID=20633 DF PROTO=UDP SPT=5072 DPT=5060 LEN=426
  223. May 5 14:54:31 server kernel: [543983.249735] IN=ppp0 OUT= MAC= SRC=212.129.19.129 DST=x.x.x.x LEN=504 TOS=0x00 PREC=0x00 TTL=121 ID=27286 PROTO=UDP SPT=61996 DPT=5060 LEN=484
  224. May 5 15:26:02 server kernel: [545874.564350] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=243 ID=3847 PROTO=TCP SPT=57113 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  225. May 5 15:38:57 server snort[4962]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 163.172.122.10:5531 -> x.x.x.x:5060
  226. May 5 15:38:57 server snort[4962]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 163.172.122.10:5531 -> x.x.x.x:5060
  227. May 5 15:38:57 server kernel: [546649.552132] IN=ppp0 OUT= MAC= SRC=163.172.122.10 DST=x.x.x.x LEN=443 TOS=0x08 PREC=0x20 TTL=52 ID=6562 DF PROTO=UDP SPT=5531 DPT=5060 LEN=423
  228. May 5 17:35:49 server snort[4962]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5083 -> x.x.x.x:5060
  229. May 5 17:35:49 server snort[4962]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5083 -> x.x.x.x:5060
  230. May 5 17:35:49 server kernel: [553661.025739] IN=ppp0 OUT= MAC= SRC=212.129.56.204 DST=x.x.x.x LEN=446 TOS=0x08 PREC=0x20 TTL=53 ID=62711 DF PROTO=UDP SPT=5083 DPT=5060 LEN=426
  231. May 5 17:52:31 server kernel: [554662.893337] IN=ppp0 OUT= MAC= SRC=163.172.119.161 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=121 ID=24614 DF PROTO=TCP SPT=50779 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  232. May 5 19:36:22 server snort[4962]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5095 -> x.x.x.x:5060
  233. May 5 19:36:22 server snort[4962]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5095 -> x.x.x.x:5060
  234. May 5 19:36:22 server kernel: [560893.794004] IN=ppp0 OUT= MAC= SRC=212.129.56.204 DST=x.x.x.x LEN=445 TOS=0x08 PREC=0x20 TTL=53 ID=26808 DF PROTO=UDP SPT=5095 DPT=5060 LEN=425
  235. May 5 19:45:29 server kernel: [561440.823069] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=22891 PROTO=TCP SPT=52983 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  236. May 5 21:38:04 server snort[4962]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5062 -> x.x.x.x:5060
  237. May 5 21:38:04 server snort[4962]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5062 -> x.x.x.x:5060
  238. May 5 21:38:04 server kernel: [568195.936683] IN=ppp0 OUT= MAC= SRC=212.129.56.204 DST=x.x.x.x LEN=447 TOS=0x08 PREC=0x20 TTL=52 ID=60346 DF PROTO=UDP SPT=5062 DPT=5060 LEN=427
  239. May 5 23:38:43 server snort[4962]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5060 -> x.x.x.x:5060
  240. May 5 23:38:43 server snort[4962]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5060 -> x.x.x.x:5060
  241. May 5 23:38:43 server kernel: [575435.142234] IN=ppp0 OUT= MAC= SRC=212.129.56.204 DST=x.x.x.x LEN=446 TOS=0x08 PREC=0x20 TTL=52 ID=43227 DF PROTO=UDP SPT=5060 DPT=5060 LEN=426
  242. May 6 00:25:38 server kernel: [578250.416336] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=38170 PROTO=TCP SPT=48837 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  243. May 6 01:39:38 server snort[32363]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5082 -> x.x.x.x:5060
  244. May 6 01:39:38 server snort[32363]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5082 -> x.x.x.x:5060
  245. May 6 01:39:38 server kernel: [582690.185840] IN=ppp0 OUT= MAC= SRC=212.129.56.204 DST=x.x.x.x LEN=446 TOS=0x08 PREC=0x20 TTL=53 ID=53260 DF PROTO=UDP SPT=5082 DPT=5060 LEN=426
  246. May 6 03:51:08 server kernel: [590580.559658] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=23617 PROTO=TCP SPT=43784 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  247. May 6 04:11:11 server kernel: [591783.114315] IN=ppp0 OUT= MAC= SRC=163.172.119.161 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=121 ID=9918 DF PROTO=TCP SPT=51023 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  248. May 6 08:19:21 server kernel: [606673.337284] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=10818 PROTO=TCP SPT=59694 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  249. May 6 12:35:16 server snort[32363]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 163.172.197.89:5077 -> x.x.x.x:5060
  250. May 6 12:35:16 server snort[32363]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 163.172.197.89:5077 -> x.x.x.x:5060
  251. May 6 12:35:16 server kernel: [622027.830384] IN=ppp0 OUT= MAC= SRC=163.172.197.89 DST=x.x.x.x LEN=443 TOS=0x00 PREC=0x00 TTL=57 ID=1508 DF PROTO=UDP SPT=5077 DPT=5060 LEN=423
  252. May 6 12:48:38 server snort[32363]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5084 -> x.x.x.x:5060
  253. May 6 12:48:38 server snort[32363]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5084 -> x.x.x.x:5060
  254. May 6 12:48:38 server kernel: [622830.062489] IN=ppp0 OUT= MAC= SRC=212.129.56.204 DST=x.x.x.x LEN=448 TOS=0x08 PREC=0x20 TTL=52 ID=14017 DF PROTO=UDP SPT=5084 DPT=5060 LEN=428
  255. May 6 12:53:43 server kernel: [623134.921176] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=243 ID=38389 PROTO=TCP SPT=54845 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  256. May 6 14:49:32 server kernel: [630084.447851] IN=ppp0 OUT= MAC= SRC=212.129.56.204 DST=x.x.x.x LEN=447 TOS=0x08 PREC=0x20 TTL=52 ID=5998 DF PROTO=UDP SPT=5071 DPT=5060 LEN=427
  257. May 6 14:49:32 server snort[32363]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5071 -> x.x.x.x:5060
  258. May 6 14:49:32 server snort[32363]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5071 -> x.x.x.x:5060
  259. May 6 16:51:32 server kernel: [637404.235305] IN=ppp0 OUT= MAC= SRC=212.129.56.204 DST=x.x.x.x LEN=447 TOS=0x08 PREC=0x20 TTL=50 ID=4199 DF PROTO=UDP SPT=5067 DPT=5060 LEN=427
  260. May 6 16:51:32 server snort[32363]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5067 -> x.x.x.x:5060
  261. May 6 16:51:32 server snort[32363]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5067 -> x.x.x.x:5060
  262. May 6 17:31:33 server kernel: [639805.607961] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=243 ID=48387 PROTO=TCP SPT=51590 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  263. May 6 17:48:27 server kernel: [640818.839494] IN=ppp0 OUT= MAC= SRC=163.172.119.161 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=121 ID=30895 DF PROTO=TCP SPT=59069 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  264. May 6 18:03:24 server snort[32363]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 163.172.122.10:5532 -> x.x.x.x:5060
  265. May 6 18:03:24 server snort[32363]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 163.172.122.10:5532 -> x.x.x.x:5060
  266. May 6 18:03:24 server kernel: [641716.389927] IN=ppp0 OUT= MAC= SRC=163.172.122.10 DST=x.x.x.x LEN=443 TOS=0x08 PREC=0x20 TTL=52 ID=47720 DF PROTO=UDP SPT=5532 DPT=5060 LEN=423
  267. May 6 18:12:42 server snort[32363]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 163.172.113.157:5113 -> x.x.x.x:5060
  268. May 6 18:12:42 server snort[32363]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 163.172.113.157:5113 -> x.x.x.x:5060
  269. May 6 18:12:42 server kernel: [642273.800555] IN=ppp0 OUT= MAC= SRC=163.172.113.157 DST=x.x.x.x LEN=445 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=UDP SPT=5113 DPT=5060 LEN=425
  270. May 6 18:51:36 server kernel: [644608.124458] IN=ppp0 OUT= MAC= SRC=212.129.56.204 DST=x.x.x.x LEN=447 TOS=0x08 PREC=0x20 TTL=52 ID=9997 DF PROTO=UDP SPT=5089 DPT=5060 LEN=427
  271. May 6 18:51:36 server snort[32363]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5089 -> x.x.x.x:5060
  272. May 6 18:51:36 server snort[32363]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5089 -> x.x.x.x:5060
  273. May 6 20:52:48 server snort[32363]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5086 -> x.x.x.x:5060
  274. May 6 20:52:48 server snort[32363]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5086 -> x.x.x.x:5060
  275. May 6 20:52:48 server kernel: [651880.236463] IN=ppp0 OUT= MAC= SRC=212.129.56.204 DST=x.x.x.x LEN=446 TOS=0x08 PREC=0x20 TTL=52 ID=29907 DF PROTO=UDP SPT=5086 DPT=5060 LEN=426
  276. May 6 20:53:31 server kernel: [651922.776238] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=243 ID=543 PROTO=TCP SPT=46676 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  277. May 6 22:53:41 server kernel: [659133.452374] IN=ppp0 OUT= MAC= SRC=212.129.56.204 DST=x.x.x.x LEN=444 TOS=0x08 PREC=0x20 TTL=52 ID=48645 DF PROTO=UDP SPT=5079 DPT=5060 LEN=424
  278. May 6 22:53:41 server snort[32363]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5079 -> x.x.x.x:5060
  279. May 6 22:53:41 server snort[32363]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5079 -> x.x.x.x:5060
  280. May 7 00:54:14 server snort[26867]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5103 -> x.x.x.x:5060
  281. May 7 00:54:14 server snort[26867]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.56.204:5103 -> x.x.x.x:5060
  282. May 7 00:54:14 server kernel: [666365.666602] IN=ppp0 OUT= MAC= SRC=212.129.56.204 DST=x.x.x.x LEN=447 TOS=0x08 PREC=0x20 TTL=53 ID=35893 DF PROTO=UDP SPT=5103 DPT=5060 LEN=427
  283. May 7 01:28:46 server kernel: [668437.888251] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=34629 PROTO=TCP SPT=41858 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  284. May 7 02:09:46 server kernel: [670897.964839] IN=ppp0 OUT= MAC= SRC=163.172.83.169 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=52 ID=61816 DF PROTO=TCP SPT=53760 DPT=41606 WINDOW=0 RES=0x00 ACK RST URGP=0
  285. May 7 04:15:01 server kernel: [678412.666325] IN=ppp0 OUT= MAC= SRC=163.172.222.45 DST=x.x.x.x LEN=44 TOS=0x08 PREC=0x20 TTL=52 ID=0 DF PROTO=TCP SPT=8000 DPT=13622 WINDOW=29200 RES=0x00 ACK SYN URGP=0
  286. May 7 05:57:28 server kernel: [684560.553399] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=16576 PROTO=TCP SPT=57674 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  287. May 7 06:25:48 server kernel: [686260.300138] IN=ppp0 OUT= MAC= SRC=163.172.119.161 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=121 ID=12891 DF PROTO=TCP SPT=56729 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  288. May 7 07:09:31 server kernel: [688883.133112] IN=ppp0 OUT= MAC= SRC=212.129.50.159 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=24319 PROTO=TCP SPT=54145 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0
  289. May 7 08:08:21 server kernel: [692412.710437] IN=ppp0 OUT= MAC= SRC=212.129.17.23 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=7253 PROTO=TCP SPT=57694 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0
  290. May 7 10:11:13 server snort[26867]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 62.210.177.44:5221 -> x.x.x.x:5060
  291. May 7 10:11:13 server kernel: [699785.454625] IN=ppp0 OUT= MAC= SRC=62.210.177.44 DST=x.x.x.x LEN=441 TOS=0x00 PREC=0x00 TTL=57 ID=30092 DF PROTO=UDP SPT=5221 DPT=5060 LEN=421
  292. May 7 10:11:13 server snort[26867]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 62.210.177.44:5221 -> x.x.x.x:5060
  293. May 7 10:26:20 server kernel: [700692.037603] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=243 ID=13207 PROTO=TCP SPT=52660 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  294. May 7 11:09:05 server kernel: [703257.068146] IN=ppp0 OUT= MAC= SRC=62.210.115.135 DST=x.x.x.x LEN=48 TOS=0x00 PREC=0x00 TTL=121 ID=58586 PROTO=TCP SPT=44055 DPT=5900 WINDOW=65535 RES=0x00 SYN URGP=0
  295. May 7 14:28:13 server kernel: [715205.303166] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=62254 PROTO=TCP SPT=47736 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  296. May 7 15:11:32 server kernel: [717804.434804] IN=ppp0 OUT= MAC= SRC=51.15.157.223 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=31013 PROTO=TCP SPT=46237 DPT=22022 WINDOW=1024 RES=0x00 SYN URGP=0
  297. May 7 15:15:44 server snort[26867]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.54.38:5557 -> x.x.x.x:5060
  298. May 7 15:15:44 server snort[26867]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.54.38:5557 -> x.x.x.x:5060
  299. May 7 15:15:44 server kernel: [718056.376186] IN=ppp0 OUT= MAC= SRC=212.129.54.38 DST=x.x.x.x LEN=441 TOS=0x08 PREC=0x20 TTL=52 ID=52331 DF PROTO=UDP SPT=5557 DPT=5060 LEN=421
  300. May 7 17:58:02 server snort[26867]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 163.172.122.10:5559 -> x.x.x.x:5060
  301. May 7 17:58:02 server snort[26867]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 163.172.122.10:5559 -> x.x.x.x:5060
  302. May 7 17:58:02 server kernel: [727794.296602] IN=ppp0 OUT= MAC= SRC=163.172.122.10 DST=x.x.x.x LEN=441 TOS=0x08 PREC=0x20 TTL=52 ID=19327 DF PROTO=UDP SPT=5559 DPT=5060 LEN=421
  303. May 7 17:58:58 server kernel: [727849.903153] IN=ppp0 OUT= MAC= SRC=163.172.119.161 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=121 ID=31053 DF PROTO=TCP SPT=51289 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  304. May 7 18:10:56 server kernel: [728568.208210] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=243 ID=25177 PROTO=TCP SPT=42798 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  305. May 7 23:03:00 server kernel: [746092.173099] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=22065 PROTO=TCP SPT=58560 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  306. May 7 23:36:00 server snort[26867]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 195.154.53.24:9371 -> x.x.x.x:5060
  307. May 7 23:36:00 server snort[26867]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 195.154.53.24:9371 -> x.x.x.x:5060
  308. May 7 23:36:00 server kernel: [748071.753635] IN=ppp0 OUT= MAC= SRC=195.154.53.24 DST=x.x.x.x LEN=418 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=UDP SPT=9371 DPT=5060 LEN=398
  309. May 8 02:03:07 server kernel: [756899.493444] IN=ppp0 OUT= MAC= SRC=163.172.119.161 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=121 ID=10160 DF PROTO=TCP SPT=56758 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  310. May 8 03:20:55 server kernel: [761567.245120] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=243 ID=49514 PROTO=TCP SPT=53351 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  311. May 8 04:05:12 server snort[22191]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 62.210.245.189:5066 -> x.x.x.x:5060
  312. May 8 04:05:12 server snort[22191]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 62.210.245.189:5066 -> x.x.x.x:5060
  313. May 8 04:05:12 server snort[22191]: [1:2403415:40375] ET CINS Active Threat Intelligence Poor Reputation IP UDP group 58 [Classification: Misc Attack] [Priority: 2] {UDP} 62.210.245.189:5066 -> x.x.x.x:5060
  314. May 8 04:05:12 server kernel: [764224.365211] IN=ppp0 OUT= MAC= SRC=62.210.245.189 DST=x.x.x.x LEN=433 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=UDP SPT=5066 DPT=5060 LEN=413
  315. May 8 06:59:46 server kernel: [774697.910234] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=57568 PROTO=TCP SPT=48514 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  316. May 8 11:21:14 server kernel: [790386.417517] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=243 ID=41854 PROTO=TCP SPT=43972 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  317. May 8 13:43:49 server kernel: [798941.047782] IN=ppp0 OUT= MAC= SRC=51.15.237.54 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=1665 PROTO=TCP SPT=45042 DPT=69 WINDOW=1024 RES=0x00 SYN URGP=0
  318. May 8 14:03:27 server kernel: [800118.982930] IN=ppp0 OUT= MAC= SRC=163.172.70.102 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=120 ID=11986 DF PROTO=TCP SPT=58496 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  319. May 8 14:03:30 server kernel: [800121.984611] IN=ppp0 OUT= MAC= SRC=163.172.70.102 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=120 ID=14541 DF PROTO=TCP SPT=58496 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  320. May 8 14:22:23 server kernel: [801255.043769] IN=ppp0 OUT= MAC= SRC=62.4.15.172 DST=x.x.x.x LEN=440 TOS=0x08 PREC=0x20 TTL=52 ID=36452 DF PROTO=UDP SPT=5097 DPT=5060 LEN=420
  321. May 8 14:22:23 server snort[22191]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 62.4.15.172:5097 -> x.x.x.x:5060
  322. May 8 14:22:23 server snort[22191]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 62.4.15.172:5097 -> x.x.x.x:5060
  323. May 8 14:22:23 server snort[22191]: [1:2403417:40375] ET CINS Active Threat Intelligence Poor Reputation IP UDP group 59 [Classification: Misc Attack] [Priority: 2] {UDP} 62.4.15.172:5097 -> x.x.x.x:5060
  324. May 8 16:19:33 server kernel: [808285.056162] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=6180 PROTO=TCP SPT=40730 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  325. May 8 17:32:54 server kernel: [812686.596584] IN=ppp0 OUT= MAC= SRC=163.172.124.136 DST=x.x.x.x LEN=445 TOS=0x08 PREC=0x20 TTL=52 ID=44569 DF PROTO=UDP SPT=5463 DPT=5060 LEN=425
  326. May 8 17:32:54 server snort[22191]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 163.172.124.136:5463 -> x.x.x.x:5060
  327. May 8 17:32:54 server snort[22191]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 163.172.124.136:5463 -> x.x.x.x:5060
  328. May 8 17:56:36 server kernel: [814108.220268] IN=ppp0 OUT= MAC= SRC=163.172.119.161 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=121 ID=7557 DF PROTO=TCP SPT=64608 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  329. May 8 20:09:57 server kernel: [822109.479338] IN=ppp0 OUT= MAC= SRC=195.154.30.177 DST=x.x.x.x LEN=443 TOS=0x00 PREC=0x00 TTL=56 ID=9528 DF PROTO=UDP SPT=5827 DPT=5060 LEN=423
  330. May 8 20:09:57 server snort[22191]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 195.154.30.177:5827 -> x.x.x.x:5060
  331. May 8 20:09:57 server snort[22191]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 195.154.30.177:5827 -> x.x.x.x:5060
  332. May 8 21:32:58 server kernel: [827090.502355] IN=ppp0 OUT= MAC= SRC=163.172.4.153 DST=x.x.x.x LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=41480 DF PROTO=TCP SPT=65332 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
  333. May 8 21:32:59 server kernel: [827091.502986] IN=ppp0 OUT= MAC= SRC=163.172.4.153 DST=x.x.x.x LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=41481 DF PROTO=TCP SPT=65332 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
  334. May 8 21:33:01 server kernel: [827093.506894] IN=ppp0 OUT= MAC= SRC=163.172.4.153 DST=x.x.x.x LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=41482 DF PROTO=TCP SPT=65332 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
  335. May 8 21:33:05 server kernel: [827097.515254] IN=ppp0 OUT= MAC= SRC=163.172.4.153 DST=x.x.x.x LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=41483 DF PROTO=TCP SPT=65332 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
  336. May 8 21:33:13 server kernel: [827105.531037] IN=ppp0 OUT= MAC= SRC=163.172.4.153 DST=x.x.x.x LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=41484 DF PROTO=TCP SPT=65332 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
  337. May 8 21:33:29 server kernel: [827121.563101] IN=ppp0 OUT= MAC= SRC=163.172.4.153 DST=x.x.x.x LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=41485 DF PROTO=TCP SPT=65332 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
  338. May 8 21:35:04 server kernel: [827216.573338] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=243 ID=25419 PROTO=TCP SPT=56533 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  339. May 8 22:00:25 server kernel: [828737.063877] IN=ppp0 OUT= MAC= SRC=195.154.102.181 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=60765 PROTO=TCP SPT=61748 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  340. May 9 00:51:21 server kernel: [838993.530174] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=241 ID=29553 PROTO=TCP SPT=52277 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  341. May 9 00:59:24 server kernel: [839475.670081] IN=ppp0 OUT= MAC= SRC=163.172.70.102 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=120 ID=14948 DF PROTO=TCP SPT=56880 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  342. May 9 00:59:27 server kernel: [839478.662615] IN=ppp0 OUT= MAC= SRC=163.172.70.102 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=120 ID=17300 DF PROTO=TCP SPT=56880 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  343. May 9 02:00:34 server kernel: [843146.555013] IN=ppp0 OUT= MAC= SRC=163.172.119.161 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=121 ID=19460 DF PROTO=TCP SPT=63685 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  344. May 9 02:58:07 server snort[20357]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.6.216:5088 -> x.x.x.x:5060
  345. May 9 02:58:07 server snort[20357]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.6.216:5088 -> x.x.x.x:5060
  346. May 9 02:58:07 server kernel: [846599.025307] IN=ppp0 OUT= MAC= SRC=212.129.6.216 DST=x.x.x.x LEN=441 TOS=0x00 PREC=0x00 TTL=57 ID=45912 DF PROTO=UDP SPT=5088 DPT=5060 LEN=421
  347. May 9 05:24:28 server kernel: [855380.488102] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=28827 PROTO=TCP SPT=47438 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  348. May 9 08:48:51 server kernel: [867642.990406] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=23163 PROTO=TCP SPT=42434 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  349. May 9 12:12:30 server kernel: [879861.985927] IN=ppp0 OUT= MAC= SRC=51.15.237.54 DST=x.x.x.x LEN=28 TOS=0x00 PREC=0x00 TTL=244 ID=61291 PROTO=UDP SPT=49447 DPT=69 LEN=8
  350. May 9 14:02:21 server kernel: [886453.332820] IN=ppp0 OUT= MAC= SRC=195.154.181.114 DST=x.x.x.x LEN=447 TOS=0x00 PREC=0x00 TTL=57 ID=53126 DF PROTO=UDP SPT=27530 DPT=5061 LEN=427
  351. May 9 14:02:21 server kernel: [886453.350057] IN=ppp0 OUT= MAC= SRC=195.154.181.114 DST=x.x.x.x LEN=447 TOS=0x00 PREC=0x00 TTL=57 ID=53142 DF PROTO=UDP SPT=27530 DPT=5062 LEN=427
  352. May 9 14:02:21 server kernel: [886453.367795] IN=ppp0 OUT= MAC= SRC=195.154.181.114 DST=x.x.x.x LEN=448 TOS=0x00 PREC=0x00 TTL=57 ID=53143 DF PROTO=UDP SPT=27530 DPT=5065 LEN=428
  353. May 9 14:18:26 server kernel: [887417.879496] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=243 ID=62293 PROTO=TCP SPT=57566 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  354. May 9 17:26:19 server kernel: [898690.643024] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=5842 PROTO=TCP SPT=52727 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  355. May 9 17:39:44 server kernel: [899496.033451] IN=ppp0 OUT= MAC= SRC=163.172.122.10 DST=x.x.x.x LEN=443 TOS=0x08 PREC=0x20 TTL=53 ID=8885 DF PROTO=UDP SPT=5610 DPT=5060 LEN=423
  356. May 9 17:39:44 server snort[20357]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 163.172.122.10:5610 -> x.x.x.x:5060
  357. May 9 17:39:44 server snort[20357]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 163.172.122.10:5610 -> x.x.x.x:5060
  358. May 9 18:30:46 server kernel: [902558.116639] IN=ppp0 OUT= MAC= SRC=163.172.119.161 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=121 ID=11186 DF PROTO=TCP SPT=49279 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  359. May 9 21:33:21 server kernel: [10267.255565] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=243 ID=12679 PROTO=TCP SPT=47661 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  360. May 10 00:14:56 server kernel: [19961.862126] IN=ppp0 OUT= MAC= SRC=212.129.6.216 DST=x.x.x.x LEN=441 TOS=0x00 PREC=0x00 TTL=57 ID=48733 DF PROTO=UDP SPT=5413 DPT=5060 LEN=421
  361. May 10 00:14:56 server snort[2209]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.6.216:5413 -> x.x.x.x:5060
  362. May 10 00:14:56 server snort[2209]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.6.216:5413 -> x.x.x.x:5060
  363. May 10 02:46:12 server kernel: [29037.512040] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=61186 PROTO=TCP SPT=42653 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  364. May 10 03:44:18 server kernel: [32524.400414] IN=ppp0 OUT= MAC= SRC=163.172.119.161 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=121 ID=26120 DF PROTO=TCP SPT=62338 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  365. May 10 06:45:08 server kernel: [43373.697020] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=27116 PROTO=TCP SPT=57591 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  366. May 10 07:16:40 server kernel: [45266.404143] IN=ppp0 OUT= MAC= SRC=195.154.181.114 DST=x.x.x.x LEN=445 TOS=0x00 PREC=0x00 TTL=57 ID=43663 DF PROTO=UDP SPT=33440 DPT=6061 LEN=425
  367. May 10 10:23:19 server snort[11321]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 195.154.52.168:5061 -> x.x.x.x:5060
  368. May 10 10:23:19 server snort[11321]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 195.154.52.168:5061 -> x.x.x.x:5060
  369. May 10 10:23:19 server kernel: [56465.329893] IN=ppp0 OUT= MAC= SRC=195.154.52.168 DST=x.x.x.x LEN=443 TOS=0x00 PREC=0x00 TTL=57 ID=41290 DF PROTO=UDP SPT=5061 DPT=5060 LEN=423
  370. May 10 10:32:40 server postfix/smtpd[22893]: connect from 51-15-152-98.rev.govps.gr[51.15.152.98]
  371. May 10 10:32:41 server kernel: [57026.724778] SASL authentication failed IN=ppp0 OUT= MAC= SRC=51.15.152.98 DST=x.x.x.x LEN=52 TOS=0x00 PREC=0x00 TTL=121 ID=18908 DF PROTO=TCP SPT=54923 DPT=25 WINDOW=260 RES=0x00 ACK PSH URGP=0
  372. May 10 10:37:41 server postfix/smtpd[22893]: timeout after AUTH from 51-15-152-98.rev.govps.gr[51.15.152.98]
  373. May 10 10:37:41 server postfix/smtpd[22893]: disconnect from 51-15-152-98.rev.govps.gr[51.15.152.98]
  374. May 10 10:54:59 server kernel: [58364.783529] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=51034 PROTO=TCP SPT=53131 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  375. May 10 12:02:26 server kernel: [62411.816169] IN=ppp0 OUT= MAC= SRC=163.172.70.102 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=120 ID=17747 DF PROTO=TCP SPT=53912 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  376. May 10 12:02:29 server kernel: [62414.829846] IN=ppp0 OUT= MAC= SRC=163.172.70.102 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=120 ID=20250 DF PROTO=TCP SPT=53912 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  377. May 10 12:50:03 server kernel: [65268.807771] IN=ppp0 OUT= MAC= SRC=163.172.197.89 DST=x.x.x.x LEN=441 TOS=0x00 PREC=0x00 TTL=57 ID=64817 DF PROTO=UDP SPT=5060 DPT=5060 LEN=421
  378. May 10 12:50:03 server snort[11321]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 163.172.197.89:5060 -> x.x.x.x:5060
  379. May 10 12:50:03 server snort[11321]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 163.172.197.89:5060 -> x.x.x.x:5060
  380. May 10 14:19:35 server kernel: [70640.951085] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=243 ID=63738 PROTO=TCP SPT=48212 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  381. May 10 15:26:18 server kernel: [74644.059654] IN=ppp0 OUT= MAC= SRC=51.15.0.122 DST=x.x.x.x LEN=48 TOS=0x08 PREC=0x20 TTL=117 ID=47447 PROTO=TCP SPT=40547 DPT=5900 WINDOW=65535 RES=0x00 SYN URGP=0
  382. May 10 15:41:03 server snort[11321]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 163.172.122.10:5592 -> x.x.x.x:5060
  383. May 10 15:41:03 server snort[11321]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 163.172.122.10:5592 -> x.x.x.x:5060
  384. May 10 15:41:03 server kernel: [75528.709909] IN=ppp0 OUT= MAC= SRC=163.172.122.10 DST=x.x.x.x LEN=443 TOS=0x08 PREC=0x20 TTL=53 ID=10020 DF PROTO=UDP SPT=5592 DPT=5060 LEN=423
  385. May 10 16:41:16 server kernel: [79142.268094] IN=ppp0 OUT= MAC= SRC=51.15.90.219 DST=x.x.x.x LEN=28 TOS=0x00 PREC=0x00 TTL=243 ID=22511 PROTO=UDP SPT=51243 DPT=69 LEN=8
  386. May 10 16:45:26 server kernel: [79391.513351] IN=ppp0 OUT= MAC= SRC=51.15.90.219 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=35993 PROTO=TCP SPT=51243 DPT=69 WINDOW=1024 RES=0x00 SYN URGP=0
  387. May 10 18:28:59 server kernel: [85604.655485] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=243 ID=31500 PROTO=TCP SPT=43411 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  388. May 10 18:50:00 server kernel: [86865.816646] IN=ppp0 OUT= MAC= SRC=163.172.119.161 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=121 ID=17767 DF PROTO=TCP SPT=56174 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  389. May 10 20:06:20 server snort[11321]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 195.154.181.114:32439 -> x.x.x.x:5060
  390. May 10 20:06:20 server snort[11321]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 195.154.181.114:32439 -> x.x.x.x:5060
  391. May 10 20:06:20 server kernel: [91446.388119] IN=ppp0 OUT= MAC= SRC=195.154.181.114 DST=x.x.x.x LEN=445 TOS=0x00 PREC=0x00 TTL=57 ID=47219 DF PROTO=UDP SPT=32439 DPT=5060 LEN=425
  392. May 10 22:35:56 server kernel: [100421.579318] IN=ppp0 OUT= MAC= SRC=195.154.53.24 DST=x.x.x.x LEN=416 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=UDP SPT=5376 DPT=5060 LEN=396
  393. May 10 22:35:56 server snort[11321]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 195.154.53.24:5376 -> x.x.x.x:5060
  394. May 10 22:35:56 server snort[11321]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 195.154.53.24:5376 -> x.x.x.x:5060
  395. May 10 22:45:46 server kernel: [101012.231763] IN=ppp0 OUT= MAC= SRC=51.15.114.252 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=28555 PROTO=TCP SPT=49314 DPT=69 WINDOW=1024 RES=0x00 SYN URGP=0
  396. May 10 23:22:44 server kernel: [103229.787755] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=243 ID=58639 PROTO=TCP SPT=59154 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  397. May 10 23:33:51 server kernel: [103897.054996] IN=ppp0 OUT= MAC= SRC=51.15.114.252 DST=x.x.x.x LEN=28 TOS=0x00 PREC=0x00 TTL=243 ID=52518 PROTO=UDP SPT=49314 DPT=69 LEN=8
  398. May 11 00:25:04 server kernel: [106969.996587] IN=ppp0 OUT= MAC= SRC=51.15.244.215 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=2623 PROTO=TCP SPT=59855 DPT=5038 WINDOW=1024 RES=0x00 SYN URGP=0
  399. May 11 01:37:50 server snort[8496]: [1:2403370:40447] ET CINS Active Threat Intelligence Poor Reputation IP TCP group 36 [Classification: Misc Attack] [Priority: 2] {TCP} 51.15.157.223:43485 -> x.x.x.x:8022
  400. May 11 01:37:50 server kernel: [111335.898828] IN=ppp0 OUT= MAC= SRC=51.15.157.223 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=32326 PROTO=TCP SPT=43485 DPT=8022 WINDOW=1024 RES=0x00 SYN URGP=0
  401. May 11 03:52:39 server kernel: [119425.252258] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=57160 PROTO=TCP SPT=49023 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  402. May 11 04:18:28 server kernel: [120974.410049] IN=ppp0 OUT= MAC= SRC=163.172.119.161 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=121 ID=32728 DF PROTO=TCP SPT=49169 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  403. May 11 05:39:50 server snort[8496]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 62.210.177.44:5069 -> x.x.x.x:5060
  404. May 11 05:39:50 server snort[8496]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 62.210.177.44:5069 -> x.x.x.x:5060
  405. May 11 05:39:50 server snort[8496]: [1:2403405:40447] ET CINS Active Threat Intelligence Poor Reputation IP UDP group 53 [Classification: Misc Attack] [Priority: 2] {UDP} 62.210.177.44:5069 -> x.x.x.x:5060
  406. May 11 05:39:50 server kernel: [125855.799312] IN=ppp0 OUT= MAC= SRC=62.210.177.44 DST=x.x.x.x LEN=441 TOS=0x00 PREC=0x00 TTL=57 ID=40550 DF PROTO=UDP SPT=5069 DPT=5060 LEN=421
  407. May 11 05:39:50 server kernel: [125855.799363] IN=ppp0 OUT= MAC= SRC=62.210.177.44 DST=x.x.x.x LEN=441 TOS=0x00 PREC=0x00 TTL=57 ID=40551 DF PROTO=UDP SPT=5069 DPT=5070 LEN=421
  408. May 11 05:39:50 server kernel: [125855.799733] IN=ppp0 OUT= MAC= SRC=62.210.177.44 DST=x.x.x.x LEN=441 TOS=0x00 PREC=0x00 TTL=57 ID=40552 DF PROTO=UDP SPT=5069 DPT=5080 LEN=421
  409. May 11 07:10:48 server kernel: [131313.780350] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=241 ID=39229 PROTO=TCP SPT=49178 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  410. May 11 07:12:12 server snort[8496]: [1:2403404:40447] ET CINS Active Threat Intelligence Poor Reputation IP TCP group 53 [Classification: Misc Attack] [Priority: 2] {TCP} 62.210.8.51:18549 -> x.x.x.x:5060
  411. May 11 07:12:12 server kernel: [131398.306688] IN=ppp0 OUT= MAC= SRC=62.210.8.51 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=1800 DF PROTO=TCP SPT=18549 DPT=5060 WINDOW=512 RES=0x00 SYN URGP=0
  412. May 11 11:38:47 server kernel: [147393.171318] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=52386 PROTO=TCP SPT=44191 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  413. May 11 14:05:42 server snort[8496]: [1:2010935:3] ET SCAN Suspicious inbound to MSSQL port 1433 [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 212.129.41.33:40226 -> x.x.x.x:1433
  414. May 11 14:05:42 server kernel: [156208.100343] IN=ppp0 OUT= MAC= SRC=212.129.41.33 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=11525 PROTO=TCP SPT=40226 DPT=1433 WINDOW=1024 RES=0x00 SYN URGP=0
  415. May 11 15:36:51 server kernel: [161676.808915] IN=ppp0 OUT= MAC= SRC=163.172.70.102 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=120 ID=20406 DF PROTO=TCP SPT=54984 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  416. May 11 15:36:51 server kernel: [161677.001921] IN=ppp0 OUT= MAC= SRC=212.129.60.91 DST=x.x.x.x LEN=731 TOS=0x00 PREC=0x00 TTL=120 ID=25987 PROTO=UDP SPT=54875 DPT=5060 LEN=711
  417. May 11 15:36:54 server kernel: [161679.794345] IN=ppp0 OUT= MAC= SRC=163.172.70.102 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=120 ID=22909 DF PROTO=TCP SPT=54984 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  418. May 11 16:07:43 server kernel: [163528.687698] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=30528 PROTO=TCP SPT=59170 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  419. May 11 16:44:24 server kernel: [165729.875346] IN=ppp0 OUT= MAC= SRC=51.15.70.60 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=25774 PROTO=TCP SPT=40046 DPT=5922 WINDOW=1024 RES=0x00 SYN URGP=0
  420. May 11 17:25:45 server kernel: [168210.989642] IN=ppp0 OUT= MAC= SRC=163.172.119.161 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=121 ID=21169 DF PROTO=TCP SPT=51364 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  421. May 11 20:05:12 server kernel: [177778.145329] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=48043 PROTO=TCP SPT=54946 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  422. May 11 20:19:38 server kernel: [178644.215514] IN=ppp0 OUT= MAC= SRC=62.210.136.46 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=9911 PROTO=TCP SPT=24724 DPT=23 WINDOW=46461 RES=0x00 SYN URGP=0
  423. May 11 20:43:49 server kernel: [180094.712931] IN=ppp0 OUT= MAC= SRC=51.15.141.209 DST=x.x.x.x LEN=138 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=UDP SPT=39260 DPT=53413 LEN=118
  424. May 11 20:59:45 server kernel: [181050.838605] IN=ppp0 OUT= MAC= SRC=51.15.68.2 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=45868 PROTO=TCP SPT=53754 DPT=69 WINDOW=1024 RES=0x00 SYN URGP=0
  425. May 11 22:56:42 server kernel: [188068.428059] IN=ppp0 OUT= MAC= SRC=51.15.68.2 DST=x.x.x.x LEN=28 TOS=0x00 PREC=0x00 TTL=243 ID=2355 PROTO=UDP SPT=53754 DPT=69 LEN=8
  426. May 12 00:29:08 server kernel: [193613.471438] IN=ppp0 OUT= MAC= SRC=51.15.70.60 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=15846 PROTO=TCP SPT=40046 DPT=5923 WINDOW=1024 RES=0x00 SYN URGP=0
  427. May 12 00:41:13 server snort[4859]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 51.15.214.192:5305 -> x.x.x.x:5060
  428. May 12 00:41:13 server snort[4859]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 51.15.214.192:5305 -> x.x.x.x:5060
  429. May 12 00:41:13 server kernel: [194338.912213] IN=ppp0 OUT= MAC= SRC=51.15.214.192 DST=x.x.x.x LEN=433 TOS=0x00 PREC=0x00 TTL=52 ID=15037 DF PROTO=UDP SPT=5305 DPT=5060 LEN=413
  430. May 12 01:12:42 server kernel: [196227.903514] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=243 ID=26604 PROTO=TCP SPT=50419 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  431. May 12 01:42:17 server kernel: [198002.683965] IN=ppp0 OUT= MAC= SRC=163.172.70.102 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=120 ID=23329 DF PROTO=TCP SPT=61591 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  432. May 12 01:42:20 server kernel: [198005.683025] IN=ppp0 OUT= MAC= SRC=163.172.70.102 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=120 ID=25748 DF PROTO=TCP SPT=61591 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  433. May 12 03:56:23 server kernel: [206049.072084] IN=ppp0 OUT= MAC= SRC=163.172.127.23 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=49151 PROTO=TCP SPT=58933 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0
  434. May 12 03:57:20 server kernel: [206105.793008] IN=ppp0 OUT= MAC= SRC=163.172.127.23 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=56673 PROTO=TCP SPT=58933 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0
  435. May 12 04:07:52 server kernel: [206737.941334] IN=ppp0 OUT= MAC= SRC=163.172.127.23 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=19485 PROTO=TCP SPT=59095 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0
  436. May 12 04:10:19 server kernel: [206885.240270] IN=ppp0 OUT= MAC= SRC=51.15.228.19 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=2704 PROTO=TCP SPT=59773 DPT=5038 WINDOW=1024 RES=0x00 SYN URGP=0
  437. May 12 04:11:43 server kernel: [206968.770108] IN=ppp0 OUT= MAC= SRC=163.172.127.23 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=8730 PROTO=TCP SPT=59095 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  438. May 12 04:32:22 server snort[4859]: [1:2403398:40471] ET CINS Active Threat Intelligence Poor Reputation IP TCP group 50 [Classification: Misc Attack] [Priority: 2] {TCP} 62.210.136.46:24228 -> x.x.x.x:23
  439. May 12 04:32:22 server kernel: [208208.328624] IN=ppp0 OUT= MAC= SRC=62.210.136.46 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=39865 PROTO=TCP SPT=24228 DPT=23 WINDOW=49933 RES=0x00 SYN URGP=0
  440. May 12 04:34:43 server kernel: [208349.009399] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=63255 PROTO=TCP SPT=45465 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  441. May 12 04:43:29 server kernel: [208874.544400] IN=ppp0 OUT= MAC= SRC=163.172.127.23 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=44330 PROTO=TCP SPT=41247 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  442. May 12 04:45:43 server kernel: [209009.333628] IN=ppp0 OUT= MAC= SRC=163.172.127.23 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=2667 PROTO=TCP SPT=41247 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0
  443. May 12 04:54:40 server kernel: [209545.973124] IN=ppp0 OUT= MAC= SRC=51.15.70.60 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=32080 PROTO=TCP SPT=40046 DPT=5924 WINDOW=1024 RES=0x00 SYN URGP=0
  444. May 12 05:14:12 server kernel: [210718.253534] IN=ppp0 OUT= MAC= SRC=163.172.127.23 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=45967 PROTO=TCP SPT=43474 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  445. May 12 05:14:40 server kernel: [210746.029290] IN=ppp0 OUT= MAC= SRC=163.172.127.23 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54733 PROTO=TCP SPT=43474 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0
  446. May 12 05:39:46 server snort[4859]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 62.4.15.172:5099 -> x.x.x.x:5060
  447. May 12 05:39:46 server snort[4859]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 62.4.15.172:5099 -> x.x.x.x:5060
  448. May 12 05:39:46 server snort[4859]: [1:2403401:40471] ET CINS Active Threat Intelligence Poor Reputation IP UDP group 51 [Classification: Misc Attack] [Priority: 2] {UDP} 62.4.15.172:5099 -> x.x.x.x:5060
  449. May 12 05:39:46 server kernel: [212252.057691] IN=ppp0 OUT= MAC= SRC=62.4.15.172 DST=x.x.x.x LEN=438 TOS=0x08 PREC=0x20 TTL=53 ID=4320 DF PROTO=UDP SPT=5099 DPT=5060 LEN=418
  450. May 12 06:00:24 server kernel: [213489.752450] IN=ppp0 OUT= MAC= SRC=163.172.127.23 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=55761 PROTO=TCP SPT=46045 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  451. May 12 06:04:09 server kernel: [213714.581406] IN=ppp0 OUT= MAC= SRC=163.172.127.23 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=53523 PROTO=TCP SPT=46045 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0
  452. May 12 06:27:45 server kernel: [215131.404585] IN=ppp0 OUT= MAC= SRC=51.15.70.60 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=51485 PROTO=TCP SPT=40046 DPT=5921 WINDOW=1024 RES=0x00 SYN URGP=0
  453. May 12 07:05:39 server kernel: [217405.172296] IN=ppp0 OUT= MAC= SRC=51.15.254.213 DST=x.x.x.x LEN=44 TOS=0x00 PREC=0x00 TTL=53 ID=0 DF PROTO=TCP SPT=32005 DPT=20367 WINDOW=29200 RES=0x00 ACK SYN URGP=0
  454. May 12 07:24:57 server kernel: [218563.143065] IN=ppp0 OUT= MAC= SRC=163.172.127.23 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=34778 PROTO=TCP SPT=51444 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0
  455. May 12 07:33:59 server kernel: [219104.659107] IN=ppp0 OUT= MAC= SRC=163.172.127.23 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=35179 PROTO=TCP SPT=51444 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  456. May 12 07:57:30 server snort[4859]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 51.15.243.59:12557 -> x.x.x.x:5060
  457. May 12 07:57:30 server snort[4859]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 51.15.243.59:12557 -> x.x.x.x:5060
  458. May 12 07:57:30 server kernel: [220516.021718] IN=ppp0 OUT= MAC= SRC=51.15.243.59 DST=x.x.x.x LEN=432 TOS=0x00 PREC=0x00 TTL=53 ID=35863 DF PROTO=UDP SPT=12557 DPT=5060 LEN=412
  459. May 12 08:12:51 server kernel: [221436.706803] IN=ppp0 OUT= MAC= SRC=163.172.127.23 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=32760 PROTO=TCP SPT=53672 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  460. May 12 08:15:13 server kernel: [221578.523608] IN=ppp0 OUT= MAC= SRC=163.172.127.23 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=59506 PROTO=TCP SPT=53672 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0
  461. May 12 08:40:40 server kernel: [223105.975682] IN=ppp0 OUT= MAC= SRC=51.15.70.60 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=48471 PROTO=TCP SPT=53573 DPT=5927 WINDOW=1024 RES=0x00 SYN URGP=0
  462. May 12 08:43:50 server kernel: [223296.166264] IN=ppp0 OUT= MAC= SRC=163.172.70.102 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=120 ID=26454 DF PROTO=TCP SPT=52974 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  463. May 12 08:43:53 server kernel: [223299.170226] IN=ppp0 OUT= MAC= SRC=163.172.70.102 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=120 ID=28212 DF PROTO=TCP SPT=52974 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  464. May 12 08:45:26 server kernel: [223392.113897] IN=ppp0 OUT= MAC= SRC=163.172.127.23 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=17996 PROTO=TCP SPT=55892 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0
  465. May 12 08:49:21 server kernel: [223626.653181] IN=ppp0 OUT= MAC= SRC=163.172.127.23 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=13895 PROTO=TCP SPT=55892 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  466. May 12 09:07:18 server snort[4859]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.83.174.25:5283 -> x.x.x.x:5060
  467. May 12 09:07:18 server snort[4859]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.83.174.25:5283 -> x.x.x.x:5060
  468. May 12 09:07:18 server kernel: [224703.601036] IN=ppp0 OUT= MAC= SRC=212.83.174.25 DST=x.x.x.x LEN=438 TOS=0x08 PREC=0x20 TTL=50 ID=10911 DF PROTO=UDP SPT=5283 DPT=5060 LEN=418
  469. May 12 09:18:05 server kernel: [225350.770265] IN=ppp0 OUT= MAC= SRC=51.15.70.60 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=29058 PROTO=TCP SPT=53573 DPT=5925 WINDOW=1024 RES=0x00 SYN URGP=0
  470. May 12 09:28:46 server kernel: [225992.373080] IN=ppp0 OUT= MAC= SRC=163.172.127.23 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=63862 PROTO=TCP SPT=57917 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0
  471. May 12 09:28:47 server kernel: [225992.966691] IN=ppp0 OUT= MAC= SRC=163.172.127.23 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54667 PROTO=TCP SPT=57917 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  472. May 12 09:54:02 server kernel: [227507.653085] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=873 PROTO=TCP SPT=40341 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  473. May 12 10:03:45 server snort[4859]: [1:2403398:40471] ET CINS Active Threat Intelligence Poor Reputation IP TCP group 50 [Classification: Misc Attack] [Priority: 2] {TCP} 62.210.136.46:22289 -> x.x.x.x:23
  474. May 12 10:03:45 server kernel: [228091.309537] IN=ppp0 OUT= MAC= SRC=62.210.136.46 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=47759 PROTO=TCP SPT=22289 DPT=23 WINDOW=36817 RES=0x00 SYN URGP=0
  475. May 12 10:52:17 server kernel: [231002.923819] IN=ppp0 OUT= MAC= SRC=51.15.147.86 DST=x.x.x.x LEN=439 TOS=0x00 PREC=0x00 TTL=57 ID=46211 DF PROTO=UDP SPT=5141 DPT=5060 LEN=419
  476. May 12 10:52:17 server snort[4859]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 51.15.147.86:5141 -> x.x.x.x:5060
  477. May 12 10:52:17 server snort[4859]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 51.15.147.86:5141 -> x.x.x.x:5060
  478. May 12 12:12:59 server snort[4859]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.6.216:5348 -> x.x.x.x:5060
  479. May 12 12:12:59 server snort[4859]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.6.216:5348 -> x.x.x.x:5060
  480. May 12 12:12:59 server kernel: [235845.230984] IN=ppp0 OUT= MAC= SRC=212.129.6.216 DST=x.x.x.x LEN=442 TOS=0x00 PREC=0x00 TTL=57 ID=6667 DF PROTO=UDP SPT=5348 DPT=5060 LEN=422
  481. May 12 13:09:55 server snort[4859]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 62.4.15.172:5107 -> x.x.x.x:5060
  482. May 12 13:09:55 server snort[4859]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 62.4.15.172:5107 -> x.x.x.x:5060
  483. May 12 13:09:55 server snort[4859]: [1:2403401:40471] ET CINS Active Threat Intelligence Poor Reputation IP UDP group 51 [Classification: Misc Attack] [Priority: 2] {UDP} 62.4.15.172:5107 -> x.x.x.x:5060
  484. May 12 13:09:55 server kernel: [239260.968502] IN=ppp0 OUT= MAC= SRC=62.4.15.172 DST=x.x.x.x LEN=442 TOS=0x08 PREC=0x20 TTL=52 ID=24066 DF PROTO=UDP SPT=5107 DPT=5060 LEN=422
  485. May 12 13:17:57 server kernel: [239743.263103] IN=ppp0 OUT= MAC= SRC=163.172.127.23 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=121 ID=5468 DF PROTO=TCP SPT=49958 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  486. May 12 13:18:00 server kernel: [239746.267447] IN=ppp0 OUT= MAC= SRC=163.172.127.23 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=121 ID=9225 DF PROTO=TCP SPT=49958 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  487. May 12 14:07:18 server kernel: [242703.681185] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=243 ID=57044 PROTO=TCP SPT=55928 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  488. May 12 15:40:09 server kernel: [248274.953998] IN=ppp0 OUT= MAC= SRC=163.172.127.23 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=121 ID=5714 DF PROTO=TCP SPT=51035 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  489. May 12 15:40:12 server kernel: [248277.956770] IN=ppp0 OUT= MAC= SRC=163.172.127.23 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=121 ID=9151 DF PROTO=TCP SPT=51035 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  490. May 12 16:10:02 server kernel: [250068.344857] IN=ppp0 OUT= MAC= SRC=62.4.8.135 DST=x.x.x.x LEN=44 TOS=0x00 PREC=0x00 TTL=58 ID=32776 PROTO=TCP SPT=80 DPT=44704 WINDOW=16384 RES=0x00 ACK SYN URGP=0
  491. May 12 16:52:46 server kernel: [252632.155501] IN=ppp0 OUT= MAC= SRC=51.15.241.47 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=56925 PROTO=TCP SPT=7715 DPT=23 WINDOW=41867 RES=0x00 SYN URGP=0
  492. May 12 17:27:50 server kernel: [254736.315795] IN=ppp0 OUT= MAC= SRC=51.15.70.60 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=3805 PROTO=TCP SPT=53573 DPT=5929 WINDOW=1024 RES=0x00 SYN URGP=0
  493. May 12 17:43:08 server kernel: [255653.974881] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=243 ID=1374 PROTO=TCP SPT=51685 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  494. May 12 18:01:56 server kernel: [256782.056573] IN=ppp0 OUT= MAC= SRC=163.172.127.23 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=121 ID=24610 DF PROTO=TCP SPT=53358 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  495. May 12 18:01:59 server kernel: [256785.056078] IN=ppp0 OUT= MAC= SRC=163.172.127.23 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=121 ID=28234 DF PROTO=TCP SPT=53358 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  496. May 12 18:10:55 server kernel: [257321.346094] IN=ppp0 OUT= MAC= SRC=51.15.241.47 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=42832 PROTO=TCP SPT=28747 DPT=23 WINDOW=40635 RES=0x00 SYN URGP=0
  497. May 12 18:22:44 server kernel: [258030.441505] IN=ppp0 OUT= MAC= SRC=51.15.243.154 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=16033 PROTO=TCP SPT=34653 DPT=23 WINDOW=25732 RES=0x00 SYN URGP=0
  498. May 12 19:26:47 server kernel: [261873.020471] IN=ppp0 OUT= MAC= SRC=163.172.4.153 DST=x.x.x.x LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=59796 DF PROTO=TCP SPT=48994 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
  499. May 12 19:26:48 server kernel: [261874.022513] IN=ppp0 OUT= MAC= SRC=163.172.4.153 DST=x.x.x.x LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=59797 DF PROTO=TCP SPT=48994 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
  500. May 12 19:26:50 server kernel: [261876.028634] IN=ppp0 OUT= MAC= SRC=163.172.4.153 DST=x.x.x.x LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=59798 DF PROTO=TCP SPT=48994 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
  501. May 12 19:26:54 server kernel: [261880.036117] IN=ppp0 OUT= MAC= SRC=163.172.4.153 DST=x.x.x.x LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=59799 DF PROTO=TCP SPT=48994 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
  502. May 12 19:27:02 server kernel: [261888.052286] IN=ppp0 OUT= MAC= SRC=163.172.4.153 DST=x.x.x.x LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=59800 DF PROTO=TCP SPT=48994 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
  503. May 12 19:27:18 server kernel: [261904.068367] IN=ppp0 OUT= MAC= SRC=163.172.4.153 DST=x.x.x.x LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=59801 DF PROTO=TCP SPT=48994 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
  504. May 12 20:23:17 server kernel: [265263.007932] IN=ppp0 OUT= MAC= SRC=163.172.127.23 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=121 ID=20421 DF PROTO=TCP SPT=61493 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  505. May 12 20:23:20 server kernel: [265266.003731] IN=ppp0 OUT= MAC= SRC=163.172.127.23 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=121 ID=24070 DF PROTO=TCP SPT=61493 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  506. May 12 20:29:22 server kernel: [265628.067725] IN=ppp0 OUT= MAC= SRC=51.15.243.154 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=54851 PROTO=TCP SPT=55357 DPT=23 WINDOW=36989 RES=0x00 SYN URGP=0
  507. May 12 22:03:10 server kernel: [271256.221706] IN=ppp0 OUT= MAC= SRC=163.172.127.23 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=58824 PROTO=TCP SPT=43932 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  508. May 12 22:10:43 server kernel: [271709.374337] IN=ppp0 OUT= MAC= SRC=163.172.127.23 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=33224 PROTO=TCP SPT=43932 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0
  509. May 12 22:57:01 server kernel: [274486.561152] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=243 ID=17623 PROTO=TCP SPT=47305 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  510. May 12 23:25:54 server snort[4859]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.83.174.25:5291 -> x.x.x.x:5060
  511. May 12 23:25:54 server snort[4859]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.83.174.25:5291 -> x.x.x.x:5060
  512. May 12 23:25:54 server kernel: [276219.562933] IN=ppp0 OUT= MAC= SRC=212.83.174.25 DST=x.x.x.x LEN=441 TOS=0x08 PREC=0x20 TTL=53 ID=47321 DF PROTO=UDP SPT=5291 DPT=5060 LEN=421
  513. May 13 00:34:49 server kernel: [280355.308720] IN=ppp0 OUT= MAC= SRC=51.15.68.2 DST=x.x.x.x LEN=28 TOS=0x00 PREC=0x00 TTL=243 ID=5684 PROTO=UDP SPT=49239 DPT=69 LEN=8
  514. May 13 00:36:22 server kernel: [280447.754897] IN=ppp0 OUT= MAC= SRC=51.15.255.246 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=56309 PROTO=TCP SPT=53365 DPT=5038 WINDOW=1024 RES=0x00 SYN URGP=0
  515. May 13 00:53:29 server kernel: [281474.693985] IN=ppp0 OUT= MAC= SRC=51.15.68.2 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=30769 PROTO=TCP SPT=49239 DPT=69 WINDOW=1024 RES=0x00 SYN URGP=0
  516. May 13 01:52:06 server kernel: [284991.983080] IN=ppp0 OUT= MAC= SRC=51.15.70.60 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=26215 PROTO=TCP SPT=53573 DPT=5926 WINDOW=1024 RES=0x00 SYN URGP=0
  517. May 13 02:00:18 server snort[1521]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 195.154.53.30:6429 -> x.x.x.x:5060
  518. May 13 02:00:18 server snort[1521]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 195.154.53.30:6429 -> x.x.x.x:5060
  519. May 13 02:00:18 server kernel: [285484.361927] IN=ppp0 OUT= MAC= SRC=195.154.53.30 DST=x.x.x.x LEN=415 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=UDP SPT=6429 DPT=5060 LEN=395
  520. May 13 02:43:03 server kernel: [288048.457354] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=16277 PROTO=TCP SPT=42853 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  521. May 13 02:43:20 server kernel: [288065.686249] IN=ppp0 OUT= MAC= SRC=51.15.241.47 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=53658 PROTO=TCP SPT=29987 DPT=2323 WINDOW=64464 RES=0x00 SYN URGP=0
  522. May 13 03:36:51 server kernel: [291277.029924] IN=ppp0 OUT= MAC= SRC=163.172.70.102 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=120 ID=29033 DF PROTO=TCP SPT=57448 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  523. May 13 03:36:54 server kernel: [291280.028841] IN=ppp0 OUT= MAC= SRC=163.172.70.102 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=120 ID=31536 DF PROTO=TCP SPT=57448 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  524. May 13 03:39:24 server snort[1521]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 51.15.224.49:12248 -> x.x.x.x:5060
  525. May 13 03:39:24 server snort[1521]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 51.15.224.49:12248 -> x.x.x.x:5060
  526. May 13 03:39:24 server kernel: [291430.216462] IN=ppp0 OUT= MAC= SRC=51.15.224.49 DST=x.x.x.x LEN=433 TOS=0x00 PREC=0x00 TTL=53 ID=23510 DF PROTO=UDP SPT=12248 DPT=5060 LEN=413
  527. May 13 03:40:56 server kernel: [291522.311621] IN=ppp0 OUT= MAC= SRC=195.154.102.181 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=28032 PROTO=TCP SPT=62910 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  528. May 13 05:54:01 server kernel: [299507.019867] IN=ppp0 OUT= MAC= SRC=212.83.162.62 DST=x.x.x.x LEN=441 TOS=0x08 PREC=0x20 TTL=53 ID=42965 DF PROTO=UDP SPT=5061 DPT=5060 LEN=421
  529. May 13 05:54:01 server snort[1521]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.83.162.62:5061 -> x.x.x.x:5060
  530. May 13 05:54:01 server snort[1521]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.83.162.62:5061 -> x.x.x.x:5060
  531. May 13 06:39:52 server kernel: [302257.894043] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=32265 PROTO=TCP SPT=58574 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  532. May 13 06:59:23 server kernel: [303428.462674] IN=ppp0 OUT= MAC= SRC=212.83.187.201 DST=x.x.x.x LEN=52 TOS=0x0A PREC=0x20 TTL=116 ID=268 DF PROTO=TCP SPT=50585 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  533. May 13 11:30:14 server kernel: [319680.340812] IN=ppp0 OUT= MAC= SRC=163.172.70.102 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=120 ID=31876 DF PROTO=TCP SPT=58012 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  534. May 13 11:30:17 server kernel: [319683.340267] IN=ppp0 OUT= MAC= SRC=163.172.70.102 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=120 ID=1558 DF PROTO=TCP SPT=58012 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  535. May 13 11:41:18 server kernel: [320343.806965] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=243 ID=52502 PROTO=TCP SPT=53693 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  536. May 13 12:18:03 server kernel: [322549.237141] IN=ppp0 OUT= MAC= SRC=51.15.70.60 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=53556 PROTO=TCP SPT=53573 DPT=5928 WINDOW=1024 RES=0x00 SYN URGP=0
  537. May 13 12:53:55 server kernel: [324701.018255] IN=ppp0 OUT= MAC= SRC=51.15.70.60 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=61527 PROTO=TCP SPT=53573 DPT=5930 WINDOW=1024 RES=0x00 SYN URGP=0
  538. May 13 13:12:26 server snort[1521]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 163.172.113.157:5085 -> x.x.x.x:5060
  539. May 13 13:12:26 server snort[1521]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 163.172.113.157:5085 -> x.x.x.x:5060
  540. May 13 13:12:26 server kernel: [325811.476191] IN=ppp0 OUT= MAC= SRC=163.172.113.157 DST=x.x.x.x LEN=442 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=UDP SPT=5085 DPT=5060 LEN=422
  541. May 13 13:18:34 server kernel: [326179.520034] IN=ppp0 OUT= MAC= SRC=62.4.8.135 DST=x.x.x.x LEN=44 TOS=0x00 PREC=0x00 TTL=58 ID=35008 PROTO=TCP SPT=80 DPT=1615 WINDOW=16384 RES=0x00 ACK SYN URGP=0
  542. May 13 15:30:56 server kernel: [334122.376965] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=243 ID=5209 PROTO=TCP SPT=48686 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  543. May 13 17:31:24 server kernel: [341350.075134] IN=ppp0 OUT= MAC= SRC=163.172.70.102 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=120 ID=2061 DF PROTO=TCP SPT=64427 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  544. May 13 17:31:27 server kernel: [341353.074592] IN=ppp0 OUT= MAC= SRC=163.172.70.102 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=120 ID=4644 DF PROTO=TCP SPT=64427 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  545. May 13 19:04:13 server kernel: [346918.615692] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=62175 PROTO=TCP SPT=44435 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  546. May 13 20:36:17 server kernel: [352442.457346] IN=ppp0 OUT= MAC= SRC=212.83.187.201 DST=x.x.x.x LEN=52 TOS=0x0A PREC=0x20 TTL=117 ID=15209 DF PROTO=TCP SPT=58898 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  547. May 14 00:36:24 server kernel: [366850.329820] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=243 ID=29527 PROTO=TCP SPT=59427 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  548. May 14 00:39:58 server kernel: [367064.419493] IN=ppp0 OUT= MAC= SRC=212.129.33.114 DST=x.x.x.x LEN=442 TOS=0x08 PREC=0x20 TTL=117 ID=22738 PROTO=UDP SPT=5061 DPT=5060 LEN=422
  549. May 14 00:39:59 server snort[26829]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.33.114:5061 -> x.x.x.x:5060
  550. May 14 00:39:59 server snort[26829]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.33.114:5061 -> x.x.x.x:5060
  551. May 14 01:18:34 server kernel: [369379.945399] IN=ppp0 OUT= MAC= SRC=212.83.187.201 DST=x.x.x.x LEN=52 TOS=0x0A PREC=0x20 TTL=117 ID=22588 DF PROTO=TCP SPT=61572 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  552. May 14 01:18:37 server kernel: [369382.943180] IN=ppp0 OUT= MAC= SRC=212.83.187.201 DST=x.x.x.x LEN=52 TOS=0x0A PREC=0x20 TTL=117 ID=22694 DF PROTO=TCP SPT=61572 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  553. May 14 01:29:04 server kernel: [370009.759363] IN=ppp0 OUT= MAC= SRC=195.154.181.114 DST=x.x.x.x LEN=445 TOS=0x00 PREC=0x00 TTL=57 ID=41111 DF PROTO=UDP SPT=53312 DPT=5060 LEN=425
  554. May 14 01:29:04 server snort[26829]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 195.154.181.114:53312 -> x.x.x.x:5060
  555. May 14 01:29:04 server snort[26829]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 195.154.181.114:53312 -> x.x.x.x:5060
  556. May 14 01:29:04 server kernel: [370009.765728] IN=ppp0 OUT= MAC= SRC=195.154.181.114 DST=x.x.x.x LEN=446 TOS=0x00 PREC=0x00 TTL=57 ID=41117 DF PROTO=UDP SPT=53312 DPT=6060 LEN=426
  557. May 14 01:40:49 server kernel: [370714.935764] IN=ppp0 OUT= MAC= SRC=51.15.0.122 DST=x.x.x.x LEN=48 TOS=0x08 PREC=0x20 TTL=116 ID=36981 PROTO=TCP SPT=65152 DPT=5900 WINDOW=65535 RES=0x00 SYN URGP=0
  558. May 14 01:40:49 server snort[26829]: [1:2403368:40471] ET CINS Active Threat Intelligence Poor Reputation IP TCP group 35 [Classification: Misc Attack] [Priority: 2] {TCP} 51.15.0.122:65152 -> x.x.x.x:5900
  559. May 14 02:38:29 server kernel: [374174.483759] IN=ppp0 OUT= MAC= SRC=212.83.176.116 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=121 ID=1737 DF PROTO=TCP SPT=21955 DPT=80 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  560. May 14 02:38:32 server kernel: [374177.560772] IN=ppp0 OUT= MAC= SRC=212.83.176.116 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=121 ID=1738 DF PROTO=TCP SPT=21955 DPT=80 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  561. May 14 04:40:32 server kernel: [381497.980850] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=243 ID=6953 PROTO=TCP SPT=55276 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  562. May 14 06:44:48 server kernel: [388954.285338] IN=ppp0 OUT= MAC= SRC=51.15.70.60 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54371 PROTO=TCP SPT=58910 DPT=5934 WINDOW=1024 RES=0x00 SYN URGP=0
  563. May 14 06:49:01 server kernel: [389206.523282] IN=ppp0 OUT= MAC= SRC=212.83.187.201 DST=x.x.x.x LEN=52 TOS=0x0A PREC=0x20 TTL=116 ID=237 DF PROTO=TCP SPT=64676 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  564. May 14 08:27:10 server kernel: [395095.751215] IN=ppp0 OUT= MAC= SRC=163.172.70.102 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=120 ID=4920 DF PROTO=TCP SPT=51466 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  565. May 14 08:27:13 server kernel: [395098.761374] IN=ppp0 OUT= MAC= SRC=163.172.70.102 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=120 ID=7397 DF PROTO=TCP SPT=51466 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  566. May 14 08:51:33 server kernel: [396559.181980] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=241 ID=26147 PROTO=TCP SPT=50983 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  567. May 14 09:32:43 server kernel: [399028.824817] IN=ppp0 OUT= MAC= SRC=51.15.70.60 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=14923 PROTO=TCP SPT=50416 DPT=5936 WINDOW=1024 RES=0x00 SYN URGP=0
  568. May 14 12:48:11 server kernel: [410756.605059] IN=ppp0 OUT= MAC= SRC=51.15.70.60 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=5063 PROTO=TCP SPT=50416 DPT=5931 WINDOW=1024 RES=0x00 SYN URGP=0
  569. May 14 13:01:53 server kernel: [411579.176176] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=27209 PROTO=TCP SPT=46683 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  570. May 14 14:40:17 server snort[26829]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.3.62:5073 -> x.x.x.x:5060
  571. May 14 14:40:17 server snort[26829]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.3.62:5073 -> x.x.x.x:5060
  572. May 14 14:40:17 server kernel: [417483.401424] IN=ppp0 OUT= MAC= SRC=212.129.3.62 DST=x.x.x.x LEN=440 TOS=0x00 PREC=0x00 TTL=57 ID=42486 DF PROTO=UDP SPT=5073 DPT=5060 LEN=420
  573. May 14 16:25:02 server kernel: [423767.842311] IN=ppp0 OUT= MAC= SRC=51.15.70.60 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=13543 PROTO=TCP SPT=50416 DPT=5935 WINDOW=1024 RES=0x00 SYN URGP=0
  574. May 14 17:40:04 server kernel: [428270.038366] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=242 ID=13066 PROTO=TCP SPT=41690 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  575. May 14 18:19:44 server kernel: [430650.185012] IN=ppp0 OUT= MAC= SRC=163.172.103.247 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=26048 DPT=1026 WINDOW=65535 RES=0x00 SYN URGP=0
  576. May 14 18:27:16 server kernel: [431102.373524] IN=ppp0 OUT= MAC= SRC=163.172.103.250 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=26048 DPT=520 WINDOW=65535 RES=0x00 SYN URGP=0
  577. May 14 18:36:16 server kernel: [431641.778471] IN=ppp0 OUT= MAC= SRC=163.172.101.126 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=26048 DPT=1899 WINDOW=65535 RES=0x00 SYN URGP=0
  578. May 14 19:10:53 server kernel: [433719.166625] IN=ppp0 OUT= MAC= SRC=212.83.187.201 DST=x.x.x.x LEN=52 TOS=0x0A PREC=0x20 TTL=115 ID=15145 DF PROTO=TCP SPT=49379 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  579. May 14 20:04:32 server kernel: [436938.179733] IN=ppp0 OUT= MAC= SRC=163.172.103.145 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=26048 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
  580. May 14 20:50:51 server kernel: [439716.517217] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=55026 PROTO=TCP SPT=56582 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  581. May 14 21:58:52 server snort[26829]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 163.172.197.89:5062 -> x.x.x.x:5060
  582. May 14 21:58:52 server snort[26829]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 163.172.197.89:5062 -> x.x.x.x:5060
  583. May 14 21:58:52 server kernel: [443798.217478] IN=ppp0 OUT= MAC= SRC=163.172.197.89 DST=x.x.x.x LEN=444 TOS=0x08 PREC=0x20 TTL=52 ID=29222 DF PROTO=UDP SPT=5062 DPT=5060 LEN=424
  584. May 14 23:01:27 server kernel: [447552.821145] IN=ppp0 OUT= MAC= SRC=62.210.26.217 DST=x.x.x.x LEN=441 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=UDP SPT=5635 DPT=5060 LEN=421
  585. May 14 23:01:27 server snort[26829]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 62.210.26.217:5635 -> x.x.x.x:5060
  586. May 14 23:01:27 server snort[26829]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 62.210.26.217:5635 -> x.x.x.x:5060
  587. May 14 23:07:27 server kernel: [447912.880319] IN=ppp0 OUT= MAC= SRC=51.15.70.60 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=41917 PROTO=TCP SPT=50416 DPT=5933 WINDOW=1024 RES=0x00 SYN URGP=0
  588. May 15 00:12:13 server kernel: [451799.169095] IN=ppp0 OUT= MAC= SRC=163.172.104.81 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=26048 DPT=110 WINDOW=65535 RES=0x00 SYN URGP=0
  589. May 15 00:34:40 server kernel: [453145.503440] IN=ppp0 OUT= MAC= SRC=163.172.70.102 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=120 ID=7862 DF PROTO=TCP SPT=50183 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  590. May 15 00:34:43 server kernel: [453148.510731] IN=ppp0 OUT= MAC= SRC=163.172.70.102 DST=x.x.x.x LEN=52 TOS=0x02 PREC=0x00 TTL=120 ID=10445 DF PROTO=TCP SPT=50183 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  591. May 15 00:41:18 server kernel: [453543.681980] IN=ppp0 OUT= MAC= SRC=212.129.10.60 DST=x.x.x.x LEN=441 TOS=0x00 PREC=0x00 TTL=56 ID=21435 DF PROTO=UDP SPT=6851 DPT=5060 LEN=421
  592. May 15 01:12:41 server kernel: [455426.613681] IN=ppp0 OUT= MAC= SRC=163.172.104.81 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=26048 DPT=995 WINDOW=65535 RES=0x00 SYN URGP=0
  593. May 15 01:58:41 server kernel: [458187.182618] IN=ppp0 OUT= MAC= SRC=163.172.103.250 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=26048 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
  594. May 15 02:05:31 server kernel: [458597.002489] IN=ppp0 OUT= MAC= SRC=163.172.103.248 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=26048 DPT=1168 WINDOW=65535 RES=0x00 SYN URGP=0
  595. May 15 02:11:12 server kernel: [458938.444458] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=23884 PROTO=TCP SPT=51464 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  596. May 15 02:37:48 server kernel: [460533.603665] IN=ppp0 OUT= MAC= SRC=163.172.122.10 DST=x.x.x.x LEN=443 TOS=0x08 PREC=0x20 TTL=52 ID=41295 DF PROTO=UDP SPT=5514 DPT=5060 LEN=423
  597. May 15 02:37:48 server snort[24427]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 163.172.122.10:5514 -> x.x.x.x:5060
  598. May 15 02:37:48 server snort[24427]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 163.172.122.10:5514 -> x.x.x.x:5060
  599. May 15 02:55:21 server snort[24427]: [1:2403372:40543] ET CINS Active Threat Intelligence Poor Reputation IP TCP group 37 [Classification: Misc Attack] [Priority: 2] {TCP} 51.15.70.60:50416 -> x.x.x.x:5932
  600. May 15 02:55:21 server kernel: [461586.480270] IN=ppp0 OUT= MAC= SRC=51.15.70.60 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=28419 PROTO=TCP SPT=50416 DPT=5932 WINDOW=1024 RES=0x00 SYN URGP=0
  601. May 15 02:58:35 server kernel: [461780.892548] IN=ppp0 OUT= MAC= SRC=51.15.70.60 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=43046 PROTO=TCP SPT=50416 DPT=5934 WINDOW=1024 RES=0x00 SYN URGP=0
  602. May 15 03:05:46 server kernel: [462212.117207] IN=ppp0 OUT= MAC= SRC=163.172.104.80 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=26048 DPT=3128 WINDOW=65535 RES=0x00 SYN URGP=0
  603. May 15 05:13:23 server kernel: [469869.161421] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=241 ID=33943 PROTO=TCP SPT=47094 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  604. May 15 05:25:02 server kernel: [470568.200253] IN=ppp0 OUT= MAC= SRC=163.172.101.126 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=26048 DPT=1275 WINDOW=65535 RES=0x00 SYN URGP=0
  605. May 15 06:22:13 server kernel: [473999.186345] IN=ppp0 OUT= MAC= SRC=212.83.187.201 DST=x.x.x.x LEN=52 TOS=0x0A PREC=0x20 TTL=117 ID=27384 DF PROTO=TCP SPT=56020 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  606. May 15 08:20:05 server kernel: [481070.665812] IN=ppp0 OUT= MAC= SRC=163.172.101.177 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=26048 DPT=3100 WINDOW=65535 RES=0x00 SYN URGP=0
  607. May 15 09:30:24 server snort[24427]: [1:2403372:40543] ET CINS Active Threat Intelligence Poor Reputation IP TCP group 37 [Classification: Misc Attack] [Priority: 2] {TCP} 51.15.70.60:57630 -> x.x.x.x:5938
  608. May 15 09:30:24 server kernel: [485290.425291] IN=ppp0 OUT= MAC= SRC=51.15.70.60 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=8252 PROTO=TCP SPT=57630 DPT=5938 WINDOW=1024 RES=0x00 SYN URGP=0
  609. May 15 09:32:36 server kernel: [485421.605265] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=54718 PROTO=TCP SPT=42129 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  610. May 15 09:39:18 server kernel: [485823.823815] IN=ppp0 OUT= MAC= SRC=51.15.70.60 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=11055 PROTO=TCP SPT=57630 DPT=5940 WINDOW=1024 RES=0x00 SYN URGP=0
  611. May 15 10:11:32 server kernel: [487758.438337] IN=ppp0 OUT= MAC= SRC=163.172.103.247 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=26048 DPT=161 WINDOW=65535 RES=0x00 SYN URGP=0
  612. May 15 11:21:57 server kernel: [491982.792974] IN=ppp0 OUT= MAC= SRC=163.172.101.126 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=26048 DPT=1091 WINDOW=65535 RES=0x00 SYN URGP=0
  613. May 15 11:23:09 server kernel: [492055.087451] IN=ppp0 OUT= MAC= SRC=195.154.53.30 DST=x.x.x.x LEN=416 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=UDP SPT=5562 DPT=5060 LEN=396
  614. May 15 11:23:09 server snort[24427]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 195.154.53.30:5562 -> x.x.x.x:5060
  615. May 15 11:23:09 server snort[24427]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 195.154.53.30:5562 -> x.x.x.x:5060
  616. May 15 11:35:02 server kernel: [492768.203641] IN=ppp0 OUT= MAC= SRC=51.15.70.60 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=21681 PROTO=TCP SPT=57630 DPT=5939 WINDOW=1024 RES=0x00 SYN URGP=0
  617. May 15 11:35:02 server snort[24427]: [1:2403372:40543] ET CINS Active Threat Intelligence Poor Reputation IP TCP group 37 [Classification: Misc Attack] [Priority: 2] {TCP} 51.15.70.60:57630 -> x.x.x.x:5939
  618. May 15 12:02:44 server kernel: [494429.614210] IN=ppp0 OUT= MAC= SRC=163.172.101.177 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=26048 DPT=1465 WINDOW=65535 RES=0x00 SYN URGP=0
  619. May 15 13:16:12 server snort[24427]: [1:2403372:40543] ET CINS Active Threat Intelligence Poor Reputation IP TCP group 37 [Classification: Misc Attack] [Priority: 2] {TCP} 51.15.70.60:57630 -> x.x.x.x:5941
  620. May 15 13:16:12 server kernel: [498837.784358] IN=ppp0 OUT= MAC= SRC=51.15.70.60 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=22287 PROTO=TCP SPT=57630 DPT=5941 WINDOW=1024 RES=0x00 SYN URGP=0
  621. May 15 13:20:51 server snort[24427]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.54.38:5068 -> x.x.x.x:5060
  622. May 15 13:20:51 server kernel: [499117.227157] IN=ppp0 OUT= MAC= SRC=212.129.54.38 DST=x.x.x.x LEN=439 TOS=0x08 PREC=0x20 TTL=53 ID=12708 DF PROTO=UDP SPT=5068 DPT=5060 LEN=419
  623. May 15 13:20:51 server snort[24427]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.54.38:5068 -> x.x.x.x:5060
  624. May 15 13:40:37 server kernel: [500302.673046] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=38418 PROTO=TCP SPT=57224 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  625. May 15 13:45:07 server kernel: [500572.723106] IN=ppp0 OUT= MAC= SRC=51.15.70.60 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=57315 PROTO=TCP SPT=57630 DPT=5937 WINDOW=1024 RES=0x00 SYN URGP=0
  626. May 15 14:37:31 server kernel: [503717.131800] IN=ppp0 OUT= MAC= SRC=212.129.54.38 DST=x.x.x.x LEN=441 TOS=0x08 PREC=0x20 TTL=53 ID=26275 DF PROTO=UDP SPT=5066 DPT=5060 LEN=421
  627. May 15 14:37:31 server snort[24427]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.54.38:5066 -> x.x.x.x:5060
  628. May 15 14:37:31 server snort[24427]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.54.38:5066 -> x.x.x.x:5060
  629. May 15 15:06:44 server kernel: [505469.743711] IN=ppp0 OUT= MAC= SRC=163.172.103.249 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=26048 DPT=1886 WINDOW=65535 RES=0x00 SYN URGP=0
  630. May 15 16:24:05 server kernel: [510111.232806] IN=ppp0 OUT= MAC= SRC=163.172.102.132 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=26048 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0
  631. May 15 18:01:16 server kernel: [515942.295035] IN=ppp0 OUT= MAC= SRC=163.172.103.249 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=26048 DPT=444 WINDOW=65535 RES=0x00 SYN URGP=0
  632. May 15 18:08:27 server kernel: [516372.894193] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=11709 PROTO=TCP SPT=52162 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  633. May 15 18:33:18 server snort[24427]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 163.172.122.10:5560 -> x.x.x.x:5060
  634. May 15 18:33:18 server snort[24427]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 163.172.122.10:5560 -> x.x.x.x:5060
  635. May 15 18:33:18 server kernel: [517864.038171] IN=ppp0 OUT= MAC= SRC=163.172.122.10 DST=x.x.x.x LEN=443 TOS=0x08 PREC=0x20 TTL=52 ID=64713 DF PROTO=UDP SPT=5560 DPT=5060 LEN=423
  636. May 15 18:36:10 server kernel: [518036.144126] IN=ppp0 OUT= MAC= SRC=212.83.187.201 DST=x.x.x.x LEN=52 TOS=0x0A PREC=0x20 TTL=117 ID=10034 DF PROTO=TCP SPT=56701 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  637. May 15 20:08:53 server kernel: [523599.151234] IN=ppp0 OUT= MAC= SRC=212.129.54.38 DST=x.x.x.x LEN=440 TOS=0x08 PREC=0x20 TTL=52 ID=19450 DF PROTO=UDP SPT=5094 DPT=5060 LEN=420
  638. May 15 20:08:53 server snort[24427]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.54.38:5094 -> x.x.x.x:5060
  639. May 15 20:08:53 server snort[24427]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.54.38:5094 -> x.x.x.x:5060
  640. May 15 22:10:28 server snort[24427]: [1:2403372:40543] ET CINS Active Threat Intelligence Poor Reputation IP TCP group 37 [Classification: Misc Attack] [Priority: 2] {TCP} 51.15.70.60:43817 -> x.x.x.x:5944
  641. May 15 22:10:28 server kernel: [530893.638899] IN=ppp0 OUT= MAC= SRC=51.15.70.60 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=42164 PROTO=TCP SPT=43817 DPT=5944 WINDOW=1024 RES=0x00 SYN URGP=0
  642. May 15 22:14:14 server snort[24427]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.6.216:5195 -> x.x.x.x:5060
  643. May 15 22:14:14 server snort[24427]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.6.216:5195 -> x.x.x.x:5060
  644. May 15 22:14:14 server kernel: [531119.577411] IN=ppp0 OUT= MAC= SRC=212.129.6.216 DST=x.x.x.x LEN=440 TOS=0x00 PREC=0x00 TTL=57 ID=61251 DF PROTO=UDP SPT=5195 DPT=5060 LEN=420
  645. May 15 22:29:53 server kernel: [532058.821777] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=45643 PROTO=TCP SPT=47803 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  646. May 15 22:52:51 server snort[24427]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.83.174.25:5971 -> x.x.x.x:5060
  647. May 15 22:52:51 server snort[24427]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.83.174.25:5971 -> x.x.x.x:5060
  648. May 15 22:52:51 server kernel: [533436.475444] IN=ppp0 OUT= MAC= SRC=212.83.174.25 DST=x.x.x.x LEN=438 TOS=0x08 PREC=0x20 TTL=53 ID=218 DF PROTO=UDP SPT=5971 DPT=5060 LEN=418
  649. May 16 00:42:28 server snort[22815]: [1:2403370:40567] ET CINS Active Threat Intelligence Poor Reputation IP TCP group 36 [Classification: Misc Attack] [Priority: 2] {TCP} 51.15.70.60:43817 -> x.x.x.x:5945
  650. May 16 00:42:28 server kernel: [540014.212808] IN=ppp0 OUT= MAC= SRC=51.15.70.60 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=57637 PROTO=TCP SPT=43817 DPT=5945 WINDOW=1024 RES=0x00 SYN URGP=0
  651. May 16 03:19:18 server kernel: [549424.235456] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=16985 PROTO=TCP SPT=42884 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  652. May 16 04:35:32 server kernel: [553997.550959] IN=ppp0 OUT= MAC= SRC=212.83.187.201 DST=x.x.x.x LEN=52 TOS=0x0A PREC=0x20 TTL=116 ID=19051 DF PROTO=TCP SPT=57344 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  653. May 16 05:02:30 server kernel: [555615.688287] IN=ppp0 OUT= MAC= SRC=163.172.58.188 DST=x.x.x.x LEN=44 TOS=0x08 PREC=0x20 TTL=52 ID=45895 DF PROTO=UDP SPT=33981 DPT=11211 LEN=24
  654. May 16 05:31:00 server kernel: [557325.778205] IN=ppp0 OUT= MAC= SRC=51.15.250.227 DST=x.x.x.x LEN=28 TOS=0x00 PREC=0x00 TTL=244 ID=49904 PROTO=UDP SPT=49082 DPT=69 LEN=8
  655. May 16 06:08:33 server kernel: [559578.710682] IN=ppp0 OUT= MAC= SRC=51.15.113.135 DST=x.x.x.x LEN=28 TOS=0x00 PREC=0x00 TTL=244 ID=34952 PROTO=UDP SPT=52433 DPT=21 LEN=8
  656. May 16 06:54:33 server kernel: [562339.260820] IN=ppp0 OUT= MAC= SRC=62.210.205.141 DST=x.x.x.x LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=18399 DF PROTO=TCP SPT=60656 DPT=873 WINDOW=27600 RES=0x00 SYN URGP=0
  657. May 16 06:54:33 server kernel: [562339.263262] IN=ppp0 OUT= MAC= SRC=62.210.205.141 DST=x.x.x.x LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=60249 DF PROTO=TCP SPT=53382 DPT=21 WINDOW=27600 RES=0x00 SYN URGP=0
  658. May 16 06:54:33 server kernel: [562339.265019] IN=ppp0 OUT= MAC= SRC=62.210.205.141 DST=x.x.x.x LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=13165 DF PROTO=TCP SPT=53148 DPT=2222 WINDOW=27600 RES=0x00 SYN URGP=0
  659. May 16 06:54:33 server kernel: [562339.267128] IN=ppp0 OUT= MAC= SRC=62.210.205.141 DST=x.x.x.x LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=61294 DF PROTO=TCP SPT=56790 DPT=990 WINDOW=27600 RES=0x00 SYN URGP=0
  660. May 16 06:54:33 server kernel: [562339.271916] IN=ppp0 OUT= MAC= SRC=62.210.205.141 DST=x.x.x.x LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=44292 DF PROTO=TCP SPT=46512 DPT=139 WINDOW=27600 RES=0x00 SYN URGP=0
  661. May 16 06:54:33 server kernel: [562339.280078] IN=ppp0 OUT= MAC= SRC=62.210.205.141 DST=x.x.x.x LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=50585 DF PROTO=TCP SPT=33408 DPT=8873 WINDOW=27600 RES=0x00 SYN URGP=0
  662. May 16 06:54:33 server kernel: [562339.280102] IN=ppp0 OUT= MAC= SRC=62.210.205.141 DST=x.x.x.x LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=6967 DF PROTO=TCP SPT=49927 DPT=27017 WINDOW=27600 RES=0x00 SYN URGP=0
  663. May 16 06:54:33 server kernel: [562339.284120] IN=ppp0 OUT= MAC= SRC=62.210.205.141 DST=x.x.x.x LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=30347 DF PROTO=TCP SPT=49541 DPT=22 WINDOW=27600 RES=0x00 SYN URGP=0
  664. May 16 06:54:34 server kernel: [562340.264150] IN=ppp0 OUT= MAC= SRC=62.210.205.141 DST=x.x.x.x LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=18400 DF PROTO=TCP SPT=60656 DPT=873 WINDOW=27600 RES=0x00 SYN URGP=0
  665. May 16 06:54:34 server kernel: [562340.264263] IN=ppp0 OUT= MAC= SRC=62.210.205.141 DST=x.x.x.x LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=60250 DF PROTO=TCP SPT=53382 DPT=21 WINDOW=27600 RES=0x00 SYN URGP=0
  666. May 16 06:54:34 server kernel: [562340.267902] IN=ppp0 OUT= MAC= SRC=62.210.205.141 DST=x.x.x.x LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=13166 DF PROTO=TCP SPT=53148 DPT=2222 WINDOW=27600 RES=0x00 SYN URGP=0
  667. May 16 06:54:34 server kernel: [562340.268394] IN=ppp0 OUT= MAC= SRC=62.210.205.141 DST=x.x.x.x LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=61295 DF PROTO=TCP SPT=56790 DPT=990 WINDOW=27600 RES=0x00 SYN URGP=0
  668. May 16 06:54:34 server kernel: [562340.274424] IN=ppp0 OUT= MAC= SRC=62.210.205.141 DST=x.x.x.x LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=44293 DF PROTO=TCP SPT=46512 DPT=139 WINDOW=27600 RES=0x00 SYN URGP=0
  669. May 16 06:54:34 server kernel: [562340.282057] IN=ppp0 OUT= MAC= SRC=62.210.205.141 DST=x.x.x.x LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=6968 DF PROTO=TCP SPT=49927 DPT=27017 WINDOW=27600 RES=0x00 SYN URGP=0
  670. May 16 06:54:34 server kernel: [562340.282080] IN=ppp0 OUT= MAC= SRC=62.210.205.141 DST=x.x.x.x LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=50586 DF PROTO=TCP SPT=33408 DPT=8873 WINDOW=27600 RES=0x00 SYN URGP=0
  671. May 16 06:54:34 server kernel: [562340.286901] IN=ppp0 OUT= MAC= SRC=62.210.205.141 DST=x.x.x.x LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=30348 DF PROTO=TCP SPT=49541 DPT=22 WINDOW=27600 RES=0x00 SYN URGP=0
  672. May 16 07:39:05 server kernel: [565011.102205] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=14499 PROTO=TCP SPT=58690 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  673. May 16 11:16:04 server kernel: [578030.112313] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=243 ID=41585 PROTO=TCP SPT=53811 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  674. May 16 14:33:18 server kernel: [589863.927282] IN=ppp0 OUT= MAC= SRC=212.129.54.38 DST=x.x.x.x LEN=438 TOS=0x08 PREC=0x20 TTL=52 ID=13327 DF PROTO=UDP SPT=5062 DPT=5060 LEN=418
  675. May 16 14:33:18 server snort[22815]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.54.38:5062 -> x.x.x.x:5060
  676. May 16 14:33:18 server snort[22815]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.54.38:5062 -> x.x.x.x:5060
  677. May 16 15:55:10 server snort[22815]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.54.38:5098 -> x.x.x.x:5060
  678. May 16 15:55:10 server snort[22815]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.54.38:5098 -> x.x.x.x:5060
  679. May 16 15:55:10 server kernel: [594776.332754] IN=ppp0 OUT= MAC= SRC=212.129.54.38 DST=x.x.x.x LEN=440 TOS=0x08 PREC=0x20 TTL=51 ID=19479 DF PROTO=UDP SPT=5098 DPT=5060 LEN=420
  680. May 16 16:01:52 server kernel: [595177.689127] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=28060 PROTO=TCP SPT=48924 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  681. May 16 16:19:38 server kernel: [596244.351144] IN=ppp0 OUT= MAC= SRC=51.15.109.157 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=6775 PROTO=TCP SPT=49025 DPT=69 WINDOW=1024 RES=0x00 SYN URGP=0
  682. May 16 16:39:37 server kernel: [597442.692971] IN=ppp0 OUT= MAC= SRC=212.83.187.201 DST=x.x.x.x LEN=52 TOS=0x0A PREC=0x20 TTL=117 ID=29470 DF PROTO=TCP SPT=53995 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  683. May 16 16:39:40 server kernel: [597445.684729] IN=ppp0 OUT= MAC= SRC=212.83.187.201 DST=x.x.x.x LEN=52 TOS=0x0A PREC=0x20 TTL=117 ID=29538 DF PROTO=TCP SPT=53995 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  684. May 16 17:45:56 server kernel: [601422.327574] IN=ppp0 OUT= MAC= SRC=51.15.109.157 DST=x.x.x.x LEN=28 TOS=0x00 PREC=0x00 TTL=243 ID=12003 PROTO=UDP SPT=49025 DPT=69 LEN=8
  685. May 16 17:52:51 server kernel: [601836.623780] IN=ppp0 OUT= MAC= SRC=195.154.181.114 DST=x.x.x.x LEN=445 TOS=0x00 PREC=0x00 TTL=57 ID=30962 DF PROTO=UDP SPT=5074 DPT=7060 LEN=425
  686. May 16 18:57:36 server kernel: [605721.587256] IN=ppp0 OUT= MAC= SRC=51.15.109.157 DST=x.x.x.x LEN=28 TOS=0x00 PREC=0x00 TTL=243 ID=37481 PROTO=UDP SPT=58443 DPT=21 LEN=8
  687. May 16 19:09:04 server kernel: [606409.692662] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=243 ID=44215 PROTO=TCP SPT=44429 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  688. May 16 19:29:15 server kernel: [607621.402555] IN=ppp0 OUT= MAC= SRC=212.83.187.201 DST=x.x.x.x LEN=52 TOS=0x0A PREC=0x20 TTL=116 ID=7145 DF PROTO=TCP SPT=65015 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  689. May 16 20:11:02 server kernel: [610127.564850] IN=ppp0 OUT= MAC= SRC=51.15.109.157 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=11490 PROTO=TCP SPT=58443 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0
  690. May 16 21:32:11 server kernel: [614997.281105] IN=ppp0 OUT= MAC= SRC=51.15.109.157 DST=x.x.x.x LEN=28 TOS=0x00 PREC=0x00 TTL=243 ID=64462 PROTO=UDP SPT=46617 DPT=69 LEN=8
  691. May 16 21:32:56 server kernel: [615042.108584] IN=ppp0 OUT= MAC= SRC=195.154.181.114 DST=x.x.x.x LEN=445 TOS=0x00 PREC=0x00 TTL=57 ID=63916 DF PROTO=UDP SPT=5152 DPT=8060 LEN=425
  692. May 16 22:42:39 server kernel: [619224.620294] IN=ppp0 OUT= MAC= SRC=212.129.54.38 DST=x.x.x.x LEN=441 TOS=0x08 PREC=0x20 TTL=52 ID=51657 DF PROTO=UDP SPT=5073 DPT=5060 LEN=421
  693. May 16 22:42:39 server snort[22815]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.54.38:5073 -> x.x.x.x:5060
  694. May 16 22:42:39 server snort[22815]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.54.38:5073 -> x.x.x.x:5060
  695. May 16 22:44:40 server kernel: [619345.774880] IN=ppp0 OUT= MAC= SRC=163.172.58.188 DST=x.x.x.x LEN=80 TOS=0x08 PREC=0x20 TTL=52 ID=28673 DF PROTO=UDP SPT=38480 DPT=389 LEN=60
  696. May 16 23:22:35 server kernel: [621621.002601] IN=ppp0 OUT= MAC= SRC=51.15.109.157 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=55636 PROTO=TCP SPT=46617 DPT=69 WINDOW=1024 RES=0x00 SYN URGP=0
  697. May 16 23:45:08 server kernel: [622974.393669] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=243 ID=27279 PROTO=TCP SPT=40146 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  698. May 16 23:57:37 server kernel: [623723.185077] IN=ppp0 OUT= MAC= SRC=51.15.109.157 DST=x.x.x.x LEN=28 TOS=0x00 PREC=0x00 TTL=243 ID=46778 PROTO=UDP SPT=54728 DPT=20 LEN=8
  699. May 17 00:07:29 server kernel: [624314.469023] IN=ppp0 OUT= MAC= SRC=51.15.109.157 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=42134 PROTO=TCP SPT=54728 DPT=20 WINDOW=1024 RES=0x00 SYN URGP=0
  700. May 17 02:36:35 server kernel: [633261.090465] IN=ppp0 OUT= MAC= SRC=163.172.4.153 DST=x.x.x.x LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=16646 DF PROTO=TCP SPT=15716 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
  701. May 17 02:36:36 server kernel: [633262.091768] IN=ppp0 OUT= MAC= SRC=163.172.4.153 DST=x.x.x.x LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=16647 DF PROTO=TCP SPT=15716 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
  702. May 17 02:36:38 server kernel: [633264.098049] IN=ppp0 OUT= MAC= SRC=163.172.4.153 DST=x.x.x.x LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=16648 DF PROTO=TCP SPT=15716 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
  703. May 17 02:36:42 server kernel: [633268.105996] IN=ppp0 OUT= MAC= SRC=163.172.4.153 DST=x.x.x.x LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=16649 DF PROTO=TCP SPT=15716 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
  704. May 17 02:36:50 server kernel: [633276.133759] IN=ppp0 OUT= MAC= SRC=163.172.4.153 DST=x.x.x.x LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=16650 DF PROTO=TCP SPT=15716 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
  705. May 17 02:37:06 server kernel: [633292.161820] IN=ppp0 OUT= MAC= SRC=163.172.4.153 DST=x.x.x.x LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=16651 DF PROTO=TCP SPT=15716 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
  706. May 17 04:24:22 server kernel: [639727.506792] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=426 PROTO=TCP SPT=55195 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  707. May 17 04:24:39 server kernel: [639745.173593] IN=ppp0 OUT= MAC= SRC=195.154.102.181 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=53462 PROTO=TCP SPT=61766 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  708. May 17 04:40:32 server kernel: [640698.263422] IN=ppp0 OUT= MAC= SRC=212.129.10.60 DST=x.x.x.x LEN=441 TOS=0x00 PREC=0x00 TTL=56 ID=32011 DF PROTO=UDP SPT=6907 DPT=5060 LEN=421
  709. May 17 04:40:32 server snort[24587]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.10.60:6907 -> x.x.x.x:5060
  710. May 17 04:40:32 server snort[24587]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.10.60:6907 -> x.x.x.x:5060
  711. May 17 05:27:40 server kernel: [643526.359987] IN=ppp0 OUT= MAC= SRC=212.83.187.201 DST=x.x.x.x LEN=52 TOS=0x0A PREC=0x20 TTL=116 ID=16029 DF PROTO=TCP SPT=63787 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  712. May 17 05:57:34 server kernel: [645319.554056] IN=ppp0 OUT= MAC= SRC=195.154.181.114 DST=x.x.x.x LEN=446 TOS=0x00 PREC=0x00 TTL=57 ID=38858 DF PROTO=UDP SPT=5060 DPT=9060 LEN=426
  713. May 17 08:11:47 server kernel: [653372.672901] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=17614 PROTO=TCP SPT=50266 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  714. May 17 08:33:35 server snort[24587]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.83.135.137:5213 -> x.x.x.x:5060
  715. May 17 08:33:35 server snort[24587]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.83.135.137:5213 -> x.x.x.x:5060
  716. May 17 08:33:35 server kernel: [654681.321768] IN=ppp0 OUT= MAC= SRC=212.83.135.137 DST=x.x.x.x LEN=441 TOS=0x00 PREC=0x00 TTL=57 ID=18501 DF PROTO=UDP SPT=5213 DPT=5060 LEN=421
  717. May 17 09:21:47 server snort[24587]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 195.154.235.171:5064 -> x.x.x.x:5060
  718. May 17 09:21:47 server snort[24587]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 195.154.235.171:5064 -> x.x.x.x:5060
  719. May 17 09:21:47 server kernel: [657572.522074] IN=ppp0 OUT= MAC= SRC=195.154.235.171 DST=x.x.x.x LEN=433 TOS=0x00 PREC=0x00 TTL=56 ID=63784 DF PROTO=UDP SPT=5064 DPT=5060 LEN=413
  720. May 17 12:27:59 server kernel: [668744.570236] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=243 ID=46998 PROTO=TCP SPT=45966 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  721. May 17 14:45:12 server snort[24587]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.54.38:5095 -> x.x.x.x:5060
  722. May 17 14:45:12 server snort[24587]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.54.38:5095 -> x.x.x.x:5060
  723. May 17 14:45:12 server kernel: [676977.997290] IN=ppp0 OUT= MAC= SRC=212.129.54.38 DST=x.x.x.x LEN=441 TOS=0x08 PREC=0x20 TTL=52 ID=24365 DF PROTO=UDP SPT=5095 DPT=5060 LEN=421
  724. May 17 14:50:04 server kernel: [677270.339261] IN=ppp0 OUT= MAC= SRC=212.129.30.255 DST=x.x.x.x LEN=418 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=UDP SPT=5847 DPT=5060 LEN=398
  725. May 17 14:50:04 server snort[24587]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.30.255:5847 -> x.x.x.x:5060
  726. May 17 14:50:04 server snort[24587]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.30.255:5847 -> x.x.x.x:5060
  727. May 17 15:22:12 server kernel: [679197.954877] IN=ppp0 OUT= MAC= SRC=51.15.133.13 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=34399 PROTO=TCP SPT=48059 DPT=69 WINDOW=1024 RES=0x00 SYN URGP=0
  728. May 17 15:55:37 server kernel: [681203.207896] IN=ppp0 OUT= MAC= SRC=51.15.133.13 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=28476 PROTO=TCP SPT=52284 DPT=21 WINDOW=1024 RES=0x00 SYN URGP=0
  729. May 17 16:48:58 server kernel: [684404.377366] IN=ppp0 OUT= MAC= SRC=51.15.133.13 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=63579 PROTO=TCP SPT=56561 DPT=20 WINDOW=1024 RES=0x00 SYN URGP=0
  730. May 17 16:55:44 server kernel: [684809.614984] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=243 ID=52945 PROTO=TCP SPT=55779 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  731. May 17 17:26:28 server snort[24587]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 163.172.197.89:5069 -> x.x.x.x:5060
  732. May 17 17:26:28 server snort[24587]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 163.172.197.89:5069 -> x.x.x.x:5060
  733. May 17 17:26:28 server kernel: [686653.594482] IN=ppp0 OUT= MAC= SRC=163.172.197.89 DST=x.x.x.x LEN=443 TOS=0x08 PREC=0x20 TTL=53 ID=50329 DF PROTO=UDP SPT=5069 DPT=5060 LEN=423
  734. May 17 18:09:34 server snort[24587]: [136:1:1] (spp_reputation) packets blacklisted [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 51.15.86.162:41268 -> x.x.x.x:80
  735. May 17 18:09:34 server kernel: [689239.746255] IN=ppp0 OUT= MAC= SRC=51.15.86.162 DST=x.x.x.x LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=24248 DF PROTO=TCP SPT=41268 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
  736. May 17 18:09:35 server kernel: [689240.745656] IN=ppp0 OUT= MAC= SRC=51.15.86.162 DST=x.x.x.x LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=24249 DF PROTO=TCP SPT=41268 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
  737. May 17 18:09:37 server kernel: [689242.746070] IN=ppp0 OUT= MAC= SRC=51.15.86.162 DST=x.x.x.x LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=24250 DF PROTO=TCP SPT=41268 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
  738. May 17 18:09:41 server kernel: [689246.755665] IN=ppp0 OUT= MAC= SRC=51.15.86.162 DST=x.x.x.x LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=24251 DF PROTO=TCP SPT=41268 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0
  739. May 17 18:11:56 server kernel: [689381.899847] IN=ppp0 OUT= MAC= SRC=163.172.197.89 DST=x.x.x.x LEN=443 TOS=0x08 PREC=0x20 TTL=53 ID=37318 DF PROTO=UDP SPT=5080 DPT=5060 LEN=423
  740. May 17 18:11:56 server snort[24587]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 163.172.197.89:5080 -> x.x.x.x:5060
  741. May 17 18:11:56 server snort[24587]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 163.172.197.89:5080 -> x.x.x.x:5060
  742. May 17 18:53:59 server kernel: [691905.026752] IN=ppp0 OUT= MAC= SRC=51.15.133.13 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=57986 PROTO=TCP SPT=40805 DPT=69 WINDOW=1024 RES=0x00 SYN URGP=0
  743. May 17 19:24:09 server kernel: [693714.544646] IN=ppp0 OUT= MAC= SRC=212.83.143.187 DST=x.x.x.x LEN=725 TOS=0x08 PREC=0x20 TTL=117 ID=9585 PROTO=UDP SPT=56542 DPT=5060 LEN=705
  744. May 17 19:36:17 server kernel: [694442.490509] IN=ppp0 OUT= MAC= SRC=51.15.133.13 DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=25400 PROTO=TCP SPT=44999 DPT=6969 WINDOW=1024 RES=0x00 SYN URGP=0
  745. May 17 19:46:10 server kernel: [695036.324863] IN=ppp0 OUT= MAC= SRC=163.172.197.89 DST=x.x.x.x LEN=443 TOS=0x08 PREC=0x20 TTL=53 ID=39299 DF PROTO=UDP SPT=5069 DPT=5060 LEN=423
  746. May 17 19:46:10 server snort[24587]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 163.172.197.89:5069 -> x.x.x.x:5060
  747. May 17 19:46:10 server snort[24587]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 163.172.197.89:5069 -> x.x.x.x:5060
  748. May 17 20:11:55 server kernel: [696581.200800] IN=ppp0 OUT= MAC= SRC=51.15.133.13 DST=x.x.x.x LEN=28 TOS=0x00 PREC=0x00 TTL=243 ID=18639 PROTO=UDP SPT=44999 DPT=6969 LEN=8
  749. May 17 20:36:20 server kernel: [698046.149068] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=47038 PROTO=TCP SPT=56078 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  750. May 17 20:40:30 server kernel: [698295.999333] IN=ppp0 OUT= MAC= SRC=163.172.58.188 DST=x.x.x.x LEN=37 TOS=0x08 PREC=0x20 TTL=52 ID=50182 DF PROTO=UDP SPT=53158 DPT=123 LEN=17
  751. May 17 20:47:23 server snort[24587]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 163.172.197.89:5108 -> x.x.x.x:5060
  752. May 17 20:47:23 server snort[24587]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 163.172.197.89:5108 -> x.x.x.x:5060
  753. May 17 20:47:23 server kernel: [698709.264351] IN=ppp0 OUT= MAC= SRC=163.172.197.89 DST=x.x.x.x LEN=441 TOS=0x08 PREC=0x20 TTL=52 ID=44232 DF PROTO=UDP SPT=5108 DPT=5060 LEN=421
  754. May 17 21:48:36 server snort[24587]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 163.172.197.89:5072 -> x.x.x.x:5060
  755. May 17 21:48:36 server snort[24587]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 163.172.197.89:5072 -> x.x.x.x:5060
  756. May 17 21:48:36 server kernel: [702382.347422] IN=ppp0 OUT= MAC= SRC=163.172.197.89 DST=x.x.x.x LEN=442 TOS=0x08 PREC=0x20 TTL=53 ID=17458 DF PROTO=UDP SPT=5072 DPT=5060 LEN=422
  757. May 17 22:49:14 server kernel: [706019.984950] IN=ppp0 OUT= MAC= SRC=163.172.197.89 DST=x.x.x.x LEN=442 TOS=0x08 PREC=0x20 TTL=52 ID=56560 DF PROTO=UDP SPT=5096 DPT=5060 LEN=422
  758. May 17 22:49:14 server snort[24587]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 163.172.197.89:5096 -> x.x.x.x:5060
  759. May 17 22:49:14 server snort[24587]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 163.172.197.89:5096 -> x.x.x.x:5060
  760. May 17 23:50:44 server snort[24587]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 163.172.197.89:5070 -> x.x.x.x:5060
  761. May 17 23:50:44 server kernel: [709710.076018] IN=ppp0 OUT= MAC= SRC=163.172.197.89 DST=x.x.x.x LEN=443 TOS=0x08 PREC=0x20 TTL=52 ID=14237 DF PROTO=UDP SPT=5070 DPT=5060 LEN=423
  762. May 17 23:50:44 server snort[24587]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 163.172.197.89:5070 -> x.x.x.x:5060
  763. May 18 00:54:15 server snort[21326]: [1:2403399:40615] ET CINS Active Threat Intelligence Poor Reputation IP UDP group 50 [Classification: Misc Attack] [Priority: 2] {UDP} 62.210.86.34:5239 -> x.x.x.x:5070
  764. May 18 00:54:15 server kernel: [713520.772383] IN=ppp0 OUT= MAC= SRC=62.210.86.34 DST=x.x.x.x LEN=433 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=UDP SPT=5239 DPT=5070 LEN=413
  765. May 18 01:05:11 server kernel: [714176.782445] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=243 ID=25320 PROTO=TCP SPT=51125 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  766. May 18 04:18:05 server kernel: [725750.607583] IN=ppp0 OUT= MAC= SRC=212.83.187.201 DST=x.x.x.x LEN=52 TOS=0x0A PREC=0x20 TTL=114 ID=3880 DF PROTO=TCP SPT=54544 DPT=22 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0
  767. May 18 05:19:05 server kernel: [729411.425405] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=243 ID=35384 PROTO=TCP SPT=46213 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  768. May 18 06:55:11 server kernel: [735176.600746] IN=ppp0 OUT= MAC= SRC=163.172.58.188 DST=x.x.x.x LEN=44 TOS=0x08 PREC=0x20 TTL=52 ID=52443 DF PROTO=UDP SPT=45998 DPT=11211 LEN=24
  769. May 18 10:24:16 server kernel: [747722.015756] IN=ppp0 OUT= MAC= SRC=212.129.49.46 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x20 TTL=244 ID=24618 PROTO=TCP SPT=41345 DPT=22 WINDOW=1024 RES=0x00 SYN URGP=0
  770. May 18 10:45:38 server kernel: [749003.981760] IN=ppp0 OUT= MAC= SRC=212.129.30.255 DST=x.x.x.x LEN=418 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=UDP SPT=5549 DPT=5060 LEN=398
  771. May 18 10:45:38 server snort[21326]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.30.255:5549 -> x.x.x.x:5060
  772. May 18 10:45:38 server snort[21326]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 212.129.30.255:5549 -> x.x.x.x:5060
  773. May 18 11:06:15 server kernel: [750240.871933] IN=ppp0 OUT= MAC= SRC=62.210.12.50 DST=x.x.x.x LEN=439 TOS=0x00 PREC=0x00 TTL=121 ID=27376 PROTO=UDP SPT=5062 DPT=5060 LEN=419
  774. May 18 11:06:15 server snort[21326]: [1:2011716:4] ET SCAN Sipvicious User-Agent Detected (friendly-scanner) [Classification: Attempted Information Leak] [Priority: 2] {UDP} 62.210.12.50:5062 -> x.x.x.x:5060
  775. May 18 11:06:15 server snort[21326]: [1:2008578:6] ET SCAN Sipvicious Scan [Classification: Attempted Information Leak] [Priority: 2] {UDP} 62.210.12.50:5062 -> x.x.x.x:5060
  776. May 18 11:06:15 server snort[21326]: [1:2403399:40615] ET CINS Active Threat Intelligence Poor Reputation IP UDP group 50 [Classification: Misc Attack] [Priority: 2] {UDP} 62.210.12.50:5062 -> x.x.x.x:5060
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!