Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2404763 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2404760 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2404761 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2404758 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2404759 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2404772 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2404773 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2404770 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2404771 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2404768 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2404769 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2404766 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2404767 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2022617 type=Limit tracking=src count=1 seconds=30 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2022618 type=Limit tracking=src count=1 seconds=30 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2022615 type=Limit tracking=src count=1 seconds=30 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2022616 type=Limit tracking=src count=1 seconds=30 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2022291 type=Limit tracking=src count=1 seconds=60 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2500097 type=Limit tracking=src count=1 seconds=60 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2500098 type=Limit tracking=src count=1 seconds=60 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2500096 type=Limit tracking=src count=1 seconds=60 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2500101 type=Limit tracking=src count=1 seconds=60 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2500099 type=Limit tracking=src count=1 seconds=60 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2500100 type=Limit tracking=src count=1 seconds=60 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2003566 type=Limit tracking=src count=3 seconds=300 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2003585 type=Limit tracking=src count=3 seconds=300 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2003583 type=Limit tracking=src count=3 seconds=300 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2018568 type=Limit tracking=src count=1 seconds=120 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2018569 type=Limit tracking=src count=1 seconds=120 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2003497 type=Limit tracking=src count=3 seconds=300 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2001855 type=Limit tracking=src count=1 seconds=360 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2001864 type=Limit tracking=src count=1 seconds=360 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2001858 type=Limit tracking=src count=1 seconds=360 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2001872 type=Limit tracking=src count=1 seconds=360 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2008549 type=Limit tracking=src count=1 seconds=60 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2003493 type=Limit tracking=src count=2 seconds=360 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403573 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403574 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403571 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403572 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403569 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403570 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403567 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403568 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403581 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403582 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2000031 type=Limit tracking=dst count=1 seconds=60 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403579 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403580 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403577 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403578 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403575 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403576 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403583 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2000049 type=Limit tracking=dst count=1 seconds=60 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2000048 type=Limit tracking=dst count=1 seconds=60 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2021575 type=Limit tracking=src count=1 seconds=60 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2021573 type=Limit tracking=src count=1 seconds=60 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2021574 type=Limit tracking=src count=1 seconds=60 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2021572 type=Limit tracking=src count=1 seconds=60 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2008085 type=Limit tracking=src count=2 seconds=300 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2021409 type=Both tracking=src count=10 seconds=120 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2021410 type=Both tracking=src count=10 seconds=120 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2011146 type=Limit tracking=src count=1 seconds=60 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2019778 type=Both tracking=dst count=1 seconds=60 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2021443 type=Both tracking=src count=10 seconds=120 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2021444 type=Both tracking=src count=10 seconds=120 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2023180 type=Limit tracking=src count=1 seconds=30 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403306 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403307 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403304 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403305 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403302 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403303 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403300 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403301 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403314 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403315 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403312 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403313 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403310 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403311 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403308 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403309 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403322 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403323 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403320 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403321 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403318 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403319 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403316 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403317 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403326 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403327 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403324 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403325 type=Limit tracking=src count=1 seconds=3600 Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: +-----------------------[suppression]------------------------------------------ Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=129 sig-id=12 tracking=none Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: | gen-id=129 sig-id=20 tracking=none Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: ------------------------------------------------------------------------------- Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: Rule application order: activation->dynamic->pass->drop->sdrop->reject->alert->log Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: Verifying Preprocessor Configurations! Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: WARNING: flowbits key 'ET.Symantec.Site.Download' is checked but not ever set. Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: WARNING: flowbits key 'ET.ZoneAlarm.Site.Download' is checked but not ever set. Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: WARNING: flowbits key 'et.MS.XMLHTTP.ip.request' is checked but not ever set. Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: WARNING: flowbits key 'FlimKit.SWF.Redirect' is checked but not ever set. Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: WARNING: flowbits key 'ET.Adobe.Site.Download' is checked but not ever set. Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: WARNING: flowbits key 'et.MS.WinHttpRequest.no.exe.request' is checked but not ever set. Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: WARNING: flowbits key 'ET.http.javaclient.vulnerable' is checked but not ever set. Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: WARNING: flowbits key 'ET_EDGE_UA' is set but not ever checked. Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: WARNING: flowbits key 'et.JavaArchiveOrClass' is checked but not ever set. Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: WARNING: flowbits key 'et.http.PK' is checked but not ever set. Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: WARNING: flowbits key 'EXE2' is set but not ever checked. Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: WARNING: flowbits key 'NuclearEK' is set but not ever checked. Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: WARNING: flowbits key 'ETPRO.RTF' is set but not ever checked. Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: WARNING: flowbits key 'ET.wininet.UA' is checked but not ever set. Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: WARNING: flowbits key 'ET.http.rtf.download' is set but not ever checked. Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: WARNING: flowbits key 'ET.http.binary' is checked but not ever set. Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: WARNING: flowbits key 'ET.http.javaclient.SakuraPorts' is checked but not ever set. Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: WARNING: flowbits key 'ET.http.javaclient' is checked but not ever set. Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: WARNING: flowbits key 'ET.pdf.in.http' is checked but not ever set. Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: WARNING: flowbits key 'AnglerEK' is set but not ever checked. Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: WARNING: flowbits key 'ET.CompIP' is set but not ever checked. Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: WARNING: flowbits key 'SunDown.EK' is set but not ever checked. Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: WARNING: flowbits key 'ET.JS.Obfus.Func' is checked but not ever set. Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: WARNING: flowbits key 'et.MCOFF' is checked but not ever set. Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: WARNING: flowbits key 'ET.DshieldIP' is set but not ever checked. Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: WARNING: flowbits key 'ET.RIGEKExploit' is set but not ever checked. Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: WARNING: flowbits key 'et.MS.XMLHTTP.no.exe.request' is checked but not ever set. Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: WARNING: flowbits key 'ET.BotccIP' is set but not ever checked. Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: WARNING: flowbits key 'ET.Evil' is set but not ever checked. Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: WARNING: flowbits key 'et.WinHttpRequest' is checked but not ever set. Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: WARNING: flowbits key 'ET.QuickenUpdater' is checked but not ever set. Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: WARNING: flowbits key 'ET.CottonCastle.Exploit' is set but not ever checked. Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: WARNING: flowbits key 'et.DocVBAProject' is set but not ever checked. Sat Nov 5 14:25:08 2016 daemon.notice snort[17895]: 87 out of 1024 flowbits in use. Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: [ Port Based Pattern Matching Memory ] Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: +- [ Aho-Corasick Summary ] ------------------------------------- Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: | Storage Format : Full Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: | Finite Automaton : DFA Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: | Alphabet Size : 256 Chars Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: | Sizeof State : Variable (1,2,4 bytes) Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: | Instances : 89 Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: | 1 byte states : 79 Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: | 2 byte states : 10 Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: | 4 byte states : 0 Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: | Characters : 55505 Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: | States : 36690 Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: | Transitions : 2008701 Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: | State Density : 21.4% Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: | Patterns : 4174 Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: | Match States : 4183 Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: | Memory (MB) : 19.46 Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: | Patterns : 0.42 Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: | Match Lists : 1.08 Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: | DFA Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: | 1 byte states : 0.54 Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: | 2 byte states : 17.26 Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: | 4 byte states : 0.00 Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: +---------------------------------------------------------------- Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: [ Number of patterns truncated to 18 bytes: 1311 ] Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: afpacket DAQ configured to inline. Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: Acquiring network traffic from "eth0:eth2". Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: Initializing daemon mode Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: Daemon initialized, signaled parent pid: 1 Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: Reload thread starting... Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: Reload thread started, thread 0xfff33bf210 (17896) Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: Checking PID path... Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: PID path stat checked out ok, PID path set to /var/snort/ Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: Writing PID "17895" to file "/var/snort//snort_eth0:eth2.pid" Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: --== Initialization Complete ==-- Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: ,,_ -*> Snort! <*- Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: o" )~ Version 2.9.7.2 GRE (Build 177) Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: '''' By Martin Roesch & The Snort Team: http://www.snort.org/contact#team Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: Copyright (C) 2014 Cisco and/or its affiliates. All rights reserved. Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: Copyright (C) 1998-2013 Sourcefire, Inc., et al. Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: Using libpcap version 1.5.3 Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: Using PCRE version: 8.36 2014-09-26 Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: Using ZLIB version: 1.2.8 Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: Rules Engine: SF_SNORT_DETECTION_ENGINE Version 2.4 Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: Preprocessor Object: SF_SSLPP Version 1.1 Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: Commencing packet processing (pid=17895) Sat Nov 5 14:25:19 2016 daemon.notice snort[17895]: Decoding Ethernet Sat Nov 5 19:37:37 2016 daemon.err uhttpd[5057]: cat: can't open '/.shield_mode': No such file or directory Sat Nov 5 19:37:37 2016 daemon.err uhttpd[5057]: cat: can't open '/.shield_mode': No such file or directory Sat Nov 5 21:45:59 2016 daemon.notice snort[17895]: S5: Session exceeded configured max bytes to queue 3550531 using 3551944 bytes (client queue). 86.19.221.206 53334 --> 37.77.186.138 80 (0) : LWstate 0x9 LWFlags 0x406007 Sat Nov 5 21:48:19 2016 daemon.notice snort[17895]: S5: Session exceeded configured max bytes to queue 3550531 using 3550904 bytes (client queue). 86.19.221.206 53333 --> 37.77.186.138 80 (0) : LWstate 0x9 LWFlags 0x406007 Sat Nov 5 21:50:28 2016 daemon.notice snort[17895]: S5: Pruned 5 sessions from cache for memcap. 66 scbs remain. memcap: 10485672/10388608 Sat Nov 5 21:50:28 2016 daemon.notice snort[17895]: S5: Pruned 5 sessions from cache for memcap. 61 scbs remain. memcap: 10486731/10388608 Sat Nov 5 21:50:28 2016 daemon.notice snort[17895]: S5: Pruned 5 sessions from cache for memcap. 56 scbs remain. memcap: 10488324/10388608 Sat Nov 5 21:50:28 2016 daemon.notice snort[17895]: S5: Pruned 5 sessions from cache for memcap. 51 scbs remain. memcap: 10489917/10388608 Sat Nov 5 21:50:28 2016 daemon.notice snort[17895]: S5: Pruned 5 sessions from cache for memcap. 46 scbs remain. memcap: 10491510/10388608 Sat Nov 5 21:50:28 2016 daemon.notice snort[17895]: S5: Pruned 5 sessions from cache for memcap. 41 scbs remain. memcap: 10491423/10388608 Sat Nov 5 21:50:28 2016 daemon.notice snort[17895]: S5: Pruned 5 sessions from cache for memcap. 36 scbs remain. memcap: 10490768/10388608 Sat Nov 5 21:50:28 2016 daemon.notice snort[17895]: S5: Pruned 5 sessions from cache for memcap. 31 scbs remain. memcap: 10492172/10388608 Sat Nov 5 21:50:28 2016 daemon.notice snort[17895]: S5: Pruned 5 sessions from cache for memcap. 26 scbs remain. memcap: 10492805/10388608 Sat Nov 5 21:50:28 2016 daemon.notice snort[17895]: S5: Pruned 5 sessions from cache for memcap. 21 scbs remain. memcap: 10494398/10388608 Sat Nov 5 21:50:28 2016 daemon.notice snort[17895]: S5: Pruned 5 sessions from cache for memcap. 16 scbs remain. memcap: 10478489/10388608 Sat Nov 5 21:50:28 2016 daemon.notice snort[17895]: S5: Pruned 5 sessions from cache for memcap. 11 scbs remain. memcap: 10473369/10388608 Sat Nov 5 21:50:28 2016 daemon.notice snort[17895]: S5: Pruned 5 sessions from cache for memcap. 6 scbs remain. memcap: 10472216/10388608 Sat Nov 5 21:50:28 2016 daemon.notice snort[17895]: S5: Pruned session from cache that was using 3736396 bytes (memcap/check). 86.19.221.206 53333 --> 37.77.186.138 80 (0) : LWstate 0x9 LWFlags 0x6007 Sat Nov 5 21:50:28 2016 daemon.notice snort[17895]: S5: Pruned 3 sessions from cache for memcap. 3 scbs remain. memcap: 6737413/10388608 Sat Nov 5 22:55:31 2016 daemon.err uhttpd[5057]: cat: can't open '/.shield_mode': No such file or directory Sat Nov 5 22:55:31 2016 daemon.err uhttpd[5057]: cat: can't open '/.shield_mode': No such file or directory Sun Nov 6 00:00:00 2016 cron.info crond[3187]: USER root pid 18198 cmd /usr/sbin/ntpclient -s -p 123 -h 0.us.pool.ntp.org || /etc/init.d/ntpclient restart Sun Nov 6 01:00:00 2016 cron.info crond[3187]: USER root pid 18200 cmd sh /sbin/fw_upgrade Sun Nov 6 01:01:24 2016 user.notice Updated redirect ip address: 192.168.1.112: update_blacklist Sun Nov 6 01:01:25 2016 daemon.crit dnsmasq[18514]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf Sun Nov 6 01:01:25 2016 daemon.crit dnsmasq[18514]: FAILED to start up Sun Nov 6 01:01:28 2016 daemon.err snort[17895]: *** Caught Term-Signal Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: =============================================================================== Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Run time for packet processing was 38168.887694 seconds Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Snort processed 27326092 packets. Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Snort ran for 0 days 10 hours 36 minutes 8 seconds Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Pkts/hr: 2732609 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Pkts/min: 42965 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Pkts/sec: 715 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: =============================================================================== Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Memory usage summary: Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Total non-mmapped bytes (arena): 77162528 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Bytes in mapped regions (hblkhd): 14483456 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Total allocated space (uordblks): 57225776 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Total free space (fordblks): 19936752 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Topmost releasable block (keepcost): 133472 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: =============================================================================== Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Packet I/O Totals: Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Received: 27326084 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Analyzed: 27326092 (100.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Dropped: 0 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Filtered: 0 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Outstanding: 0 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Injected: 211 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: =============================================================================== Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Breakdown by protocol (includes rebuilt packets): Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Eth: 27327097 (100.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: VLAN: 0 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: IP4: 27326173 ( 99.997%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Frag: 0 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: ICMP: 455 ( 0.002%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: UDP: 253866 ( 0.929%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: TCP: 27071852 ( 99.066%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: IP6: 66 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: IP6 Ext: 66 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: IP6 Opts: 0 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Frag6: 0 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: ICMP6: 66 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: UDP6: 0 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: TCP6: 0 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Teredo: 66 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: ICMP-IP: 0 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: IP4/IP4: 0 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: IP4/IP6: 0 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: IP6/IP4: 0 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: IP6/IP6: 0 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: GRE: 0 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: GRE Eth: 0 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: GRE VLAN: 0 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: GRE IP4: 0 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: GRE IP6: 0 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: GRE IP6 Ext: 0 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: GRE PPTP: 0 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: GRE ARP: 0 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: GRE IPX: 0 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: GRE Loop: 0 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: MPLS: 0 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: ARP: 924 ( 0.003%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: IPX: 0 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Eth Loop: 0 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Eth Disc: 0 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: IP4 Disc: 0 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: IP6 Disc: 0 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: TCP Disc: 0 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: UDP Disc: 0 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: ICMP Disc: 0 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: All Discard: 0 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Other: 0 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Bad Chk Sum: 4 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Bad TTL: 0 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: S5 G 1: 348 ( 0.001%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: S5 G 2: 657 ( 0.002%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Total: 27327097 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: =============================================================================== Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Action Stats: Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Alerts: 117 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Logged: 117 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Passed: 0 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Limits: Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Match: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Queue: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Log: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Event: 28 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Alert: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Verdicts: Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Allow: 26238451 ( 96.020%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Block: 21 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Replace: 73 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Whitelist: 1087241 ( 3.979%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Blacklist: 306 ( 0.001%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Ignore: 0 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Retry: 0 ( 0.000%) Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: =============================================================================== Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Normalizer statistics: Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: ip4::trim: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Would ip4::trim: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: ip4::tos: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Would ip4::tos: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: ip4::df: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Would ip4::df: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: ip4::rf: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Would ip4::rf: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: ip4::ttl: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Would ip4::ttl: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: ip4::opts: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Would ip4::opts: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: icmp4::echo: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Would icmp4::echo: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: ip6::ttl: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Would ip6::ttl: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: ip6::opts: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Would ip6::opts: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: icmp6::echo: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Would icmp6::echo: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: tcp::syn_opt: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Would tcp::syn_opt: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: tcp::opt: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Would tcp::opt: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: tcp::pad: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Would tcp::pad: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: tcp::rsv: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Would tcp::rsv: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: tcp::ns: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Would tcp::ns: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: tcp::urp: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Would tcp::urp: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: tcp::ecn_pkt: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Would tcp::ecn_pkt: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: tcp::ts_ecr: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Would tcp::ts_ecr: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: tcp::req_urg: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Would tcp::req_urg: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: tcp::req_pay: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Would tcp::req_pay: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: tcp::req_urp: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Would tcp::req_urp: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: tcp::ecn_ssn: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Would tcp::ecn_ssn: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: tcp::ts_nop: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Would tcp::ts_nop: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: tcp::ips_data: 111 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Would tcp::ips_data: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: tcp::block: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Would tcp::block: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: tcp::trim_syn: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Would tcp::trim_syn: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: tcp::trim_rst: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Would tcp::trim_rst: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: tcp::trim_win: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Would tcp::trim_win: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: tcp::trim_mss: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Would tcp::trim_mss: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: =============================================================================== Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Frag3 statistics: Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Total Fragments: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Frags Reassembled: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Discards: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Memory Faults: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Timeouts: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Overlaps: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Anomalies: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Alerts: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Drops: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: FragTrackers Added: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: FragTrackers Dumped: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: FragTrackers Auto Freed: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Frag Nodes Inserted: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Frag Nodes Deleted: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: =============================================================================== Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: =============================================================================== Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Stream statistics: Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Total sessions: 25535 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: TCP sessions: 24568 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: UDP sessions: 967 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: ICMP sessions: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: IP sessions: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: TCP Prunes: 1477 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: UDP Prunes: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: ICMP Prunes: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: IP Prunes: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: TCP StreamTrackers Created: 24641 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: TCP StreamTrackers Deleted: 24641 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: TCP Timeouts: 1027 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: TCP Overlaps: 111 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: TCP Segments Queued: 15022417 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: TCP Segments Released: 15022417 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: TCP Rebuilt Packets: 1313916 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: TCP Segments Used: 15012945 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: TCP Discards: 16269 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: TCP Gaps: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: UDP Sessions Created: 1314 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: UDP Sessions Deleted: 1314 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: UDP Timeouts: 347 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: UDP Discards: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Events: 1895246 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Internal Events: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: TCP Port Filter Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Filtered: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Inspected: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Tracked: 27070648 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: UDP Port Filter Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Filtered: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Inspected: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Tracked: 967 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: =============================================================================== Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: HTTP Inspect - encodings (Note: stream-reassembled packets included): Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: POST methods: 6581 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: GET methods: 18350 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: HTTP Request Headers extracted: 70718 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: HTTP Request Cookies extracted: 1498 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Post parameters extracted: 6516 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: HTTP response Headers extracted: 22528 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: HTTP Response Cookies extracted: 2066 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Unicode: 1689 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Double unicode: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Non-ASCII representable: 21422 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Directory traversals: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Extra slashes ("//"): 499 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Self-referencing paths ("./"): 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: HTTP Response Gzip packets extracted: 456 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Gzip Compressed Data Processed: 2962348.00 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Gzip Decompressed Data Processed: 11896278.00 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Total packets processed: 18559659 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: =============================================================================== Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: SSL Preprocessor: Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: SSL packets decoded: 88210 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Client Hello: 11402 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Server Hello: 11338 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Certificate: 7555 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Server Done: 23730 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Client Key Exchange: 7055 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Server Key Exchange: 5262 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Change Cipher: 22200 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Finished: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Client Application: 14145 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Server Application: 7573 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Alert: 911 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Unrecognized records: 30586 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Completed handshakes: 0 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Bad handshakes: 1 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Sessions ignored: 5379 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Detection disabled: 2618 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: =============================================================================== Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: +-----------------------[filtered events]-------------------------------------- Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2402000 type=Limit tracking=src count=1 seconds=3600 filtered=12 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403406 type=Limit tracking=src count=1 seconds=3600 filtered=8 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403334 type=Limit tracking=src count=1 seconds=3600 filtered=1 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403346 type=Limit tracking=src count=1 seconds=3600 filtered=1 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403356 type=Limit tracking=src count=1 seconds=3600 filtered=3 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403352 type=Limit tracking=src count=1 seconds=3600 filtered=1 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403556 type=Limit tracking=src count=1 seconds=3600 filtered=1 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: | gen-id=1 sig-id=2403580 type=Limit tracking=src count=1 seconds=3600 filtered=1 Sun Nov 6 01:01:28 2016 daemon.notice snort[17895]: Snort exiting Sun Nov 6 01:01:30 2016 daemon.crit dnsmasq[18550]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf Sun Nov 6 01:01:30 2016 daemon.crit dnsmasq[18550]: FAILED to start up Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Enabling inline operation Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Found pid path directive (/var/snort/) Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Running in IDS mode Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: --== Initializing Snort ==-- Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Initializing Output Plugins! Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Initializing Preprocessors! Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Initializing Plug-ins! Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Parsing Rules file "/etc/snort/snort_bridge.conf" Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: PortVar 'HTTP_PORTS' defined : Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: [ 36 80:90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 33300 34412Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: PortVar 'SHELLCODE_PORTS' defined : Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: [ 1:65535 ] Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: PortVar 'ORACLE_PORTS' defined : Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: [ 1024:65535 ] Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: PortVar 'SSH_PORTS' defined : Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: [ 22 ] Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: PortVar 'FTP_PORTS' defined : Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: [ 21 2100 3535 ] Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: PortVar 'SIP_PORTS' defined : Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: [ 5060:5061 5600 ] Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: PortVar 'FILE_DATA_PORTS' defined : Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: [ 36 80:90 110 143 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 333Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: PortVar 'GTP_PORTS' defined : Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: [ 2123 2152 3386 ] Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Detection: Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Search-Method = AC-Full Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Split Any/Any group = enabled Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Search-Method-Optimizations = enabled Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Maximum pattern length = 18 Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Found pid path directive (/var/snort/) Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Tagged Packet Limit: 256 Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so... Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: done Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/... Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: done Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/ Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Log directory = /tmp/snort/ Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Normalizer config: Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: ip4: on Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: ip4::df: off Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: ip4::rf: off Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: ip4::tos: off Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: ip4::trim: off Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: ip4::ttl: on (min=1, new=5) Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Normalizer config: Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: tcp: on Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: tcp::ecn: stream Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: tcp::block: off Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: tcp::rsv: off Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: tcp::pad: off Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: tcp::req_urg: off Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: tcp::req_pay: off Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: tcp::req_urp: off Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: tcp::urp: off Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: tcp::opt: off Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: tcp::ips: on Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: tcp::trim_syn: off Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: tcp::trim_rst: off Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: tcp::trim_win: off Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: tcp::trim_mss: off Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Normalizer config: Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: icmp4: on Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Normalizer config: Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: ip6: on Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: ip6::hops: on (min=1, new=5) Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Normalizer config: Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: icmp6: on Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Frag3 global config: Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Max frags: 65536 Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Fragment memory cap: 4194304 bytes Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Frag3 engine config: Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Bound Address: default Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Target-based policy: WINDOWS Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Fragment timeout: 180 seconds Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Fragment min_ttl: 1 Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Fragment Anomalies: Alert Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Overlap Limit: 10 Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Min fragment Length: 100 Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Max Expected Streams: 39 Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Stream global config: Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Track TCP sessions: ACTIVE Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Max TCP sessions: 10000 Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: TCP cache pruning timeout: 30 seconds Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: TCP cache nominal timeout: 3600 seconds Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Memcap (for reassembly packet storage): 10388608 Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Track UDP sessions: ACTIVE Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Max UDP sessions: 10000 Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: UDP cache pruning timeout: 30 seconds Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: UDP cache nominal timeout: 180 seconds Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Track ICMP sessions: ACTIVE Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Max ICMP sessions: 65536 Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Track IP sessions: INACTIVE Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Log info if session memory consumption exceeds 3579067 Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Send up to 2 active responses Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Wait at least 5 seconds between responses Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Protocol Aware Flushing: ACTIVE Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Maximum Flush Point: 16000 Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Stream TCP Policy config: Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Bound Address: default Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Reassembly Policy: WINDOWS Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Timeout: 180 seconds Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Limit on TCP Overlaps: 10 Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Maximum number of bytes to queue per session: 3550531 Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Maximum number of segs to queue per session: 3621 Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Options: Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Require 3-Way Handshake: YES Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: 3-Way Handshake Timeout: 180 Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Detect Anomalies: YES Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Reassembly Ports: Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: 21 client (Footprint-IPS) Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: 22 client (Footprint-IPS) Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: 23 client (Footprint-IPS) Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: 25 client (Footprint-IPS) Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: 36 client (Footprint-IPS) server (Footprint-IPS) Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: 42 client (Footprint-IPS) Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: 53 client (Footprint-IPS) Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: 70 client (Footprint-IPS) Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: 79 client (Footprint-IPS) Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: 80 client (Footprint-IPS) server (Footprint-IPS) Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: 81 client (Footprint-IPS) server (Footprint-IPS) Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: 82 client (Footprint-IPS) server (Footprint-IPS) Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: 83 client (Footprint-IPS) server (Footprint-IPS) Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: 84 client (Footprint-IPS) server (Footprint-IPS) Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: 85 client (Footprint-IPS) server (Footprint-IPS) Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: 86 client (Footprint-IPS) server (Footprint-IPS) Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: 87 client (Footprint-IPS) server (Footprint-IPS) Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: 88 client (Footprint-IPS) server (Footprint-IPS) Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: 89 client (Footprint-IPS) server (Footprint-IPS) Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: 90 client (Footprint-IPS) server (Footprint-IPS) Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: additional ports configured but not printed. Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Stream UDP Policy config: Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Timeout: 180 seconds Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: HttpInspect Config: Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: GLOBAL CONFIG Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Detect Proxy Usage: NO Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: IIS Unicode Map Filename: /etc/snort/unicode.map Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: IIS Unicode Map Codepage: 1252 Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Memcap used for logging URI and Hostname: 150994944 Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Max Gzip Memory: 838860 Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Max Gzip Sessions: 1807 Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Gzip Compress Depth: 65535 Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Gzip Decompress Depth: 65535 Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: DEFAULT SERVER CONFIG: Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Server profile: All Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Ports (PAF): 36 80 81 82 83 84 85 86 87 88 89 90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000 7001 7071 7144 7145 7510 7770 7777 7778 7779 8000 8008 8014 8028 8080 8081 8082 8085 8088 8090 8118 8123 8180 8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090 9091 9111 9290 9443Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Server Flow Depth: 0 Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Client Flow Depth: 0 Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Max Chunk Length: 500000 Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Small Chunk Length Evasion: chunk size <= 10, threshold >= 5 times Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Max Header Field Length: 750 Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Max Number Header Fields: 100 Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Max Number of WhiteSpaces allowed with header folding: 200 Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Inspect Pipeline Requests: YES Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: URI Discovery Strict Mode: NO Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Allow Proxy Usage: NO Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Disable Alerting: NO Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Oversize Dir Length: 500 Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Only inspect URI: NO Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Normalize HTTP Headers: NO Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Inspect HTTP Cookies: YES Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Inspect HTTP Responses: YES Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Extract Gzip from responses: YES Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Decompress response files: Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Unlimited decompression of gzip data from responses: YES Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Normalize Javascripts in HTTP Responses: YES Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Max Number of WhiteSpaces allowed with Javascript Obfuscation in HTTP responses: 200 Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Normalize HTTP Cookies: NO Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Enable XFF and True Client IP: NO Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Log HTTP URI data: NO Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Log HTTP Hostname data: NO Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Extended ASCII code support in URI: NO Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Ascii: YES alert: NO Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Double Decoding: YES alert: NO Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: %U Encoding: YES alert: YES Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Bare Byte: YES alert: NO Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: UTF 8: YES alert: NO Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: IIS Unicode: YES alert: NO Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Multiple Slash: YES alert: NO Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: IIS Backslash: YES alert: NO Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Directory Traversal: YES alert: NO Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Web Root Traversal: YES alert: NO Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Apache WhiteSpace: YES alert: NO Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: IIS Delimiter: YES alert: NO Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Whitespace Characters: 0x09 0x0b 0x0c 0x0d Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: rpc_decode arguments: Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: alert_fragments: INACTIVE Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: alert_large_fragments: INACTIVE Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: alert_incomplete: INACTIVE Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: alert_multiple_requests: INACTIVE Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: SSLPP config: Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Encrypted packets: not inspected Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Ports: Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: 443 465 563 587 636 Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: 989 992 993 994 995 Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: 7801 7802 7900 7901 7902 Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: 7903 7904 7905 7906 7907 Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: 7908 7909 7910 7911 7912 Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: 7913 7914 7915 7916 7917 Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: 7918 7919 7920 Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Server side data is trusted Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Maximum SSL Heartbeat length: 0 Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: +++++++++++++++++++++++++++++++++++++++++++++++++++ Sun Nov 6 01:01:32 2016 daemon.notice snort[18557]: Initializing rule chains... Sun Nov 6 01:01:33 2016 daemon.notice snort[18557]: WARNING: /etc/snort/rules/snort.rules(1232) threshold (in rule) is deprecated; use detection_filter instead. Sun Nov 6 01:01:36 2016 daemon.crit dnsmasq[18564]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf Sun Nov 6 01:01:36 2016 daemon.crit dnsmasq[18564]: FAILED to start up Sun Nov 6 01:01:39 2016 daemon.notice snort[18557]: 5034 Snort rules read Sun Nov 6 01:01:39 2016 daemon.notice snort[18557]: 5034 detection rules Sun Nov 6 01:01:39 2016 daemon.notice snort[18557]: 0 decoder rules Sun Nov 6 01:01:39 2016 daemon.notice snort[18557]: 0 preprocessor rules Sun Nov 6 01:01:39 2016 daemon.notice snort[18557]: 5034 Option Chains linked into 1037 Chain Headers Sun Nov 6 01:01:39 2016 daemon.notice snort[18557]: 0 Dynamic rules Sun Nov 6 01:01:39 2016 daemon.notice snort[18557]: +++++++++++++++++++++++++++++++++++++++++++++++++++ Sun Nov 6 01:01:39 2016 daemon.notice snort[18557]: Sun Nov 6 01:01:41 2016 daemon.crit dnsmasq[18565]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf Sun Nov 6 01:01:41 2016 daemon.crit dnsmasq[18565]: FAILED to start up Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: +-------------------[Rule Port Counts]--------------------------------------- Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | tcp udp icmp ip Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | src 1465 8 0 0 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | dst 2337 125 0 0 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | any 647 452 0 0 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | nc 446 446 0 0 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | s+d 28 0 0 0 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: +---------------------------------------------------------------------------- Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: +-----------------------[detection-filter-config]------------------------------ Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | memory-cap : 1048576 bytes Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: +-----------------------[detection-filter-rules]------------------------------- Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: ------------------------------------------------------------------------------- Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: +-----------------------[rate-filter-config]----------------------------------- Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | memory-cap : 1048576 bytes Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: +-----------------------[rate-filter-rules]------------------------------------ Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | none Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: ------------------------------------------------------------------------------- Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: +-----------------------[event-filter-config]---------------------------------- Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | memory-cap : 1048576 bytes Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: +-----------------------[event-filter-global]---------------------------------- Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | none Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: +-----------------------[event-filter-local]----------------------------------- Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2023066 type=Limit tracking=src count=1 seconds=30 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2023092 type=Limit tracking=src count=1 seconds=30 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500033 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500032 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500031 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500030 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500037 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500036 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500035 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500034 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500041 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500040 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500039 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500038 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500045 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500044 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500043 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500042 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500049 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2018569 type=Limit tracking=src count=1 seconds=120 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2018568 type=Limit tracking=src count=1 seconds=120 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500048 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500047 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500046 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500053 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500052 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500051 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500050 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500057 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500056 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500055 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500054 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500061 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500060 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500059 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500058 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500065 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500064 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500063 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500062 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500069 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500068 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500067 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500066 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500073 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500072 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500071 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500070 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500077 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500076 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500075 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500074 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500081 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500080 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500079 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500078 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500085 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500084 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500083 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500082 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500089 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500088 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500087 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500086 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500093 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500092 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500091 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500090 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500095 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500094 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404687 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404686 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404685 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404684 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404691 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404690 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404689 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404688 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404695 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404694 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404693 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404692 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404699 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404698 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404697 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404696 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404703 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404702 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404701 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404700 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404707 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404706 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404705 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404704 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404711 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404710 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404709 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404708 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404715 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404714 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404713 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2018372 type=Limit tracking=src count=1 seconds=120 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404712 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404719 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2020661 type=Limit tracking=dst count=1 seconds=1200 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404718 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404717 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404716 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404723 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2018374 type=Limit tracking=src count=1 seconds=120 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404722 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404721 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2018373 type=Limit tracking=src count=1 seconds=120 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404720 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404727 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2018378 type=Limit tracking=src count=1 seconds=120 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404726 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404725 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2018377 type=Limit tracking=src count=1 seconds=120 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404724 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404731 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2018383 type=Limit tracking=src count=1 seconds=120 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404730 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2018382 type=Limit tracking=dst count=1 seconds=120 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404729 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2018388 type=Limit tracking=src count=1 seconds=120 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404728 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404735 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404734 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404733 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404732 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404739 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404738 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404737 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2018389 type=Limit tracking=src count=1 seconds=120 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404736 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404743 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404742 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404741 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404740 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404747 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404746 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404745 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404744 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404751 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404750 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404749 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404748 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404755 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404754 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404753 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404752 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404759 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404758 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404757 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404756 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404763 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404762 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404761 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404760 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404767 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404766 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404765 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404764 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404771 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404770 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404769 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2020712 type=Limit tracking=src count=2 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404768 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404775 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404774 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404773 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404772 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2018432 type=Limit tracking=src count=1 seconds=300 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404779 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2018431 type=Limit tracking=src count=1 seconds=300 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404778 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2018430 type=Limit tracking=src count=1 seconds=300 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404777 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404776 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404783 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404782 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404781 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2018433 type=Limit tracking=src count=1 seconds=300 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404780 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404787 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404786 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2001562 type=Limit tracking=src count=2 seconds=300 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404785 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404784 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404791 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404790 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404789 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404788 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2001564 type=Limit tracking=src count=5 seconds=300 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404795 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404794 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404793 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404792 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404799 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404798 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404797 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404796 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2008085 type=Limit tracking=src count=2 seconds=300 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2019418 type=Both tracking=src count=50 seconds=300 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500001 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500000 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500005 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500004 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500003 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2021410 type=Both tracking=src count=10 seconds=120 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2021409 type=Both tracking=src count=10 seconds=120 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500002 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500009 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500008 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500007 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500006 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500013 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500012 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500011 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500010 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500017 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500016 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500015 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500014 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500021 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500020 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500019 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500018 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500025 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500024 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500023 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500022 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500029 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500028 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500027 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500026 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2021444 type=Both tracking=src count=10 seconds=120 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2021443 type=Both tracking=src count=10 seconds=120 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404611 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404610 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404609 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404608 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404615 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404614 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404613 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404612 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404619 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404618 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404617 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404616 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404623 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404622 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404621 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404620 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404627 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404626 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404625 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404624 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404631 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404630 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404629 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404628 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404635 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404634 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404633 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404632 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404639 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404638 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404637 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404636 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404643 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404642 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404641 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404640 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404647 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404646 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404645 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404644 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404651 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404650 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404649 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404648 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404655 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404654 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404653 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404652 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404659 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404658 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404657 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404656 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404663 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404662 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404661 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404660 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404667 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404666 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404665 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404664 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404671 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404670 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404669 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404668 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404675 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404674 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404673 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404672 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404679 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404678 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404677 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404676 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404683 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404682 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404681 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404680 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404402 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404401 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404400 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404406 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404405 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404404 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404403 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404410 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404409 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404408 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404407 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404414 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404413 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404412 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404411 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:43 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404418 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404417 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404416 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404415 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404422 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404421 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404420 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404419 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404426 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404425 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404424 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404423 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404430 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2021572 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404429 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404428 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404427 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404434 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404433 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2021575 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404432 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2021574 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404431 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2021573 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404438 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404437 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404436 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404435 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404442 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404441 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404440 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404439 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404446 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404445 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404444 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2001316 type=Limit tracking=src count=1 seconds=360 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404443 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2001315 type=Limit tracking=src count=1 seconds=360 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404450 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404449 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404448 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404447 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404454 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404453 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404452 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404451 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404458 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404457 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404456 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404455 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404462 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404461 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404460 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404459 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404466 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404465 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404464 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404463 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404470 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404469 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404468 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404467 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404474 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404473 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404472 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404471 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404478 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404477 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2021327 type=Both tracking=src count=10 seconds=120 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404476 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2021326 type=Limit tracking=src count=3 seconds=60 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404475 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404482 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404481 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2021331 type=Both tracking=src count=10 seconds=120 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404480 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2021330 type=Both tracking=src count=10 seconds=120 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404479 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2021329 type=Both tracking=src count=10 seconds=120 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404486 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2021328 type=Both tracking=src count=10 seconds=120 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404485 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404484 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404483 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2021333 type=Both tracking=src count=10 seconds=120 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404490 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2021332 type=Both tracking=src count=10 seconds=120 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404489 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404488 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404487 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404494 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404493 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404492 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404491 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404498 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404497 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404496 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404495 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404502 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404501 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404500 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404499 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404506 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404505 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404504 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404503 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404510 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404509 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404508 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404507 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404514 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404513 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404512 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404511 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404518 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404517 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404516 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404515 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404522 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404521 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404520 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404519 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404526 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404525 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404524 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404523 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404530 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2003493 type=Limit tracking=src count=2 seconds=360 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404529 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404528 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404527 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404534 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2003497 type=Limit tracking=src count=3 seconds=300 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404533 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404532 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404531 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404538 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404537 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404536 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404535 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404542 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404541 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404540 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404539 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404546 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404545 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404544 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404543 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404550 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404549 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404548 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404547 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404554 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404553 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404552 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404551 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404558 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404557 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404556 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404555 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404562 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404561 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404560 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404559 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404566 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404565 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404564 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404563 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404570 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404569 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404568 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404567 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404574 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404573 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404572 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404571 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404578 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404577 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404576 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404575 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404582 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404581 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404580 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404579 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404586 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404585 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404584 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404583 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404590 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404589 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404588 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404587 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404594 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404593 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404592 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404591 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404598 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404597 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404596 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404595 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2003566 type=Limit tracking=src count=3 seconds=300 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404602 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404601 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404600 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404599 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404606 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404605 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404604 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404603 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404607 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2003585 type=Limit tracking=src count=3 seconds=300 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2003583 type=Limit tracking=src count=3 seconds=300 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403301 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403300 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403305 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403304 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403303 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403302 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403309 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403308 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403307 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403306 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403313 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403312 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403311 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403310 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403317 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2003384 type=Limit tracking=src count=1 seconds=300 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403316 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403315 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403314 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403321 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403320 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2003387 type=Limit tracking=src count=5 seconds=60 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403319 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403318 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403325 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403324 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403323 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403322 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2003397 type=Both tracking=src count=1 seconds=300 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403327 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403326 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2019897 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2019922 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2019950 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2008549 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2001855 type=Limit tracking=src count=1 seconds=360 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2001858 type=Limit tracking=src count=1 seconds=360 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2001864 type=Limit tracking=src count=1 seconds=360 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2001872 type=Limit tracking=src count=1 seconds=360 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2021691 type=Limit tracking=src count=3 seconds=60 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2019778 type=Both tracking=dst count=1 seconds=60 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403585 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403584 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403458 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403457 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403456 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403455 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403462 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403461 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403460 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403459 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403466 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403465 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403464 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403463 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403470 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403469 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403468 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403467 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403474 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403473 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403472 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403471 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403478 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403477 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403476 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403475 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403482 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403481 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403480 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403479 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403486 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403485 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403484 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403483 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403490 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403489 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403488 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403487 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403494 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403493 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403492 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403491 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403498 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403497 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403496 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403495 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403502 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403501 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403500 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403499 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403506 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403505 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403504 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403503 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403510 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403509 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403508 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403507 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403514 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403513 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403512 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403511 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403518 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403517 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403516 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403515 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403522 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403521 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403520 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403519 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403526 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403525 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403524 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403523 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403530 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403529 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403528 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403527 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403534 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403533 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403532 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403531 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2022775 type=Limit tracking=dst count=1 seconds=300 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403538 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403537 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403536 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403535 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403542 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403541 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403540 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403539 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403546 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403545 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403544 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403543 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403550 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403549 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403548 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403547 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403554 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403553 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403552 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403551 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403558 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403557 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403556 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403555 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403562 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403561 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403560 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403559 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403566 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403565 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403564 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403563 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403570 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403569 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403568 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403567 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403574 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403573 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403572 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403571 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403578 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403577 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403576 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403575 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403582 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403581 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403580 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403579 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403583 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2022616 type=Limit tracking=src count=1 seconds=30 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2022615 type=Limit tracking=src count=1 seconds=30 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2022618 type=Limit tracking=src count=1 seconds=30 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2022617 type=Limit tracking=src count=1 seconds=30 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2018090 type=Limit tracking=src count=1 seconds=300 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403330 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2018088 type=Limit tracking=src count=1 seconds=300 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403329 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403328 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403334 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403333 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403332 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403331 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403338 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403337 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403336 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403335 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403342 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403341 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403340 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403339 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403346 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403345 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403344 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403343 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403350 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403349 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403348 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403347 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403354 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403353 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403352 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403351 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403358 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403357 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403356 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403355 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403362 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403361 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403360 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403359 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403366 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403365 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403364 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403363 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403370 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403369 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403368 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403367 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403374 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403373 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403372 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403371 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403378 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403377 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403376 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403375 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403382 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403381 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403380 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403379 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403386 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403385 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403384 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403383 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403390 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403389 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403388 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403387 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403394 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403393 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403392 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403391 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403398 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403397 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403396 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403395 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403402 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403401 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403400 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403399 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403406 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403405 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403404 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403403 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403410 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403409 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403408 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403407 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403414 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403413 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403412 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403411 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403418 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403417 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403416 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403415 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403422 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403421 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403420 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403419 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403426 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403425 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403424 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403423 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403430 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403429 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403428 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403427 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403434 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403433 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403432 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403431 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403438 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403437 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403436 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403435 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403442 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403441 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403440 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403439 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403446 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403445 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403444 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403443 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403450 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403449 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403448 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403447 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403454 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403453 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403452 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2403451 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2020240 type=Limit tracking=src count=1 seconds=180 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404349 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404348 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404347 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404346 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2000031 type=Limit tracking=dst count=1 seconds=60 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2000048 type=Limit tracking=dst count=1 seconds=60 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2000049 type=Limit tracking=dst count=1 seconds=60 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2011146 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2022291 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2000929 type=Limit tracking=src count=1 seconds=360 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2402000 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2402001 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2002400 type=Limit tracking=src count=2 seconds=360 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2002402 type=Limit tracking=src count=1 seconds=360 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404153 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404152 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404151 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404150 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404157 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404156 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404155 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404154 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404161 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404160 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404159 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404158 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404165 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404164 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404163 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404162 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404169 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404168 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404167 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404166 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404173 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404172 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404171 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404170 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404177 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404176 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404175 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404174 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404181 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404180 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404179 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404178 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404185 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404184 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404183 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404182 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404189 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404188 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404187 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404186 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404193 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404192 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404191 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404190 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404201 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404200 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404205 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404204 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404203 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404202 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404207 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404206 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2003257 type=Both tracking=src count=2 seconds=900 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2003256 type=Both tracking=src count=2 seconds=900 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2003255 type=Both tracking=src count=1 seconds=900 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2003254 type=Both tracking=src count=1 seconds=900 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2003261 type=Both tracking=src count=1 seconds=900 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2003260 type=Both tracking=src count=1 seconds=900 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2003259 type=Both tracking=src count=1 seconds=900 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2003258 type=Both tracking=src count=1 seconds=900 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404301 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404300 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2003263 type=Both tracking=src count=1 seconds=900 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2003262 type=Both tracking=src count=1 seconds=900 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2003269 type=Both tracking=src count=1 seconds=900 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404305 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2003268 type=Both tracking=src count=1 seconds=900 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404304 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2003267 type=Both tracking=src count=1 seconds=900 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404303 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2003266 type=Both tracking=src count=1 seconds=900 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404302 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2003273 type=Both tracking=src count=1 seconds=900 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404309 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2003272 type=Both tracking=src count=1 seconds=900 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404308 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2003271 type=Both tracking=src count=1 seconds=900 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404307 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2003270 type=Both tracking=src count=1 seconds=900 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404306 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2003277 type=Both tracking=src count=1 seconds=900 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404313 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2003276 type=Both tracking=src count=1 seconds=900 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404312 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2003275 type=Both tracking=src count=1 seconds=900 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404311 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2003274 type=Both tracking=src count=1 seconds=900 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404310 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2003281 type=Both tracking=src count=1 seconds=900 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404317 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2003280 type=Both tracking=src count=1 seconds=900 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404316 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2003279 type=Both tracking=src count=1 seconds=900 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404315 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2003278 type=Both tracking=src count=1 seconds=900 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404314 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404321 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404320 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404319 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404318 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404325 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404324 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404323 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404322 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404329 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404328 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404327 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404326 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404333 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404332 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404331 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404330 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404337 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404336 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404335 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404334 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404341 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404340 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404339 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404338 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404345 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404344 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404343 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2404342 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2023180 type=Limit tracking=src count=1 seconds=30 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2021018 type=Both tracking=dst count=10 seconds=60 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500098 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500097 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500096 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500101 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500100 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=1 sig-id=2500099 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: +-----------------------[suppression]------------------------------------------ Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=129 sig-id=12 tracking=none Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: | gen-id=129 sig-id=20 tracking=none Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: ------------------------------------------------------------------------------- Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: Rule application order: activation->dynamic->pass->drop->sdrop->reject->alert->log Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: Verifying Preprocessor Configurations! Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: WARNING: flowbits key 'et.MS.XMLHTTP.no.exe.request' is checked but not ever set. Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: WARNING: flowbits key 'FlimKit.SWF.Redirect' is checked but not ever set. Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: WARNING: flowbits key 'ET.BotccIP' is set but not ever checked. Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: WARNING: flowbits key 'ET.QuickenUpdater' is checked but not ever set. Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: WARNING: flowbits key 'et.WinHttpRequest' is checked but not ever set. Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: WARNING: flowbits key 'ET.http.javaclient.vulnerable' is checked but not ever set. Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: WARNING: flowbits key 'et.http.PK' is checked but not ever set. Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: WARNING: flowbits key 'ET.Adobe.Site.Download' is checked but not ever set. Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: WARNING: flowbits key 'ET.wininet.UA' is checked but not ever set. Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: WARNING: flowbits key 'ET.http.javaclient.SakuraPorts' is checked but not ever set. Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: WARNING: flowbits key 'SunDown.EK' is set but not ever checked. Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: WARNING: flowbits key 'ET.DshieldIP' is set but not ever checked. Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: WARNING: flowbits key 'ET.http.binary' is checked but not ever set. Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: WARNING: flowbits key 'ET.CompIP' is set but not ever checked. Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: WARNING: flowbits key 'ETPRO.RTF' is set but not ever checked. Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: WARNING: flowbits key 'ET.Evil' is set but not ever checked. Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: WARNING: flowbits key 'ET_EDGE_UA' is set but not ever checked. Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: WARNING: flowbits key 'et.MS.XMLHTTP.ip.request' is checked but not ever set. Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: WARNING: flowbits key 'ET.pdf.in.http' is checked but not ever set. Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: WARNING: flowbits key 'NuclearEK' is set but not ever checked. Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: WARNING: flowbits key 'ET.RIGEKExploit' is set but not ever checked. Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: WARNING: flowbits key 'et.JavaArchiveOrClass' is checked but not ever set. Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: WARNING: flowbits key 'ET.ZoneAlarm.Site.Download' is checked but not ever set. Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: WARNING: flowbits key 'ET.JS.Obfus.Func' is checked but not ever set. Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: WARNING: flowbits key 'EXE2' is set but not ever checked. Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: WARNING: flowbits key 'ET.http.rtf.download' is set but not ever checked. Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: WARNING: flowbits key 'ET.Symantec.Site.Download' is checked but not ever set. Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: WARNING: flowbits key 'et.MCOFF' is checked but not ever set. Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: WARNING: flowbits key 'et.DocVBAProject' is set but not ever checked. Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: WARNING: flowbits key 'et.MS.WinHttpRequest.no.exe.request' is checked but not ever set. Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: WARNING: flowbits key 'ET.CottonCastle.Exploit' is set but not ever checked. Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: WARNING: flowbits key 'ET.http.javaclient' is checked but not ever set. Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: WARNING: flowbits key 'AnglerEK' is set but not ever checked. Sun Nov 6 01:01:44 2016 daemon.notice snort[18557]: 87 out of 1024 flowbits in use. Sun Nov 6 01:01:46 2016 daemon.crit dnsmasq[18566]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf Sun Nov 6 01:01:46 2016 daemon.crit dnsmasq[18566]: FAILED to start up Sun Nov 6 01:01:51 2016 daemon.crit dnsmasq[18567]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf Sun Nov 6 01:01:51 2016 daemon.crit dnsmasq[18567]: FAILED to start up Sun Nov 6 01:01:51 2016 daemon.info procd: Instance dnsmasq::instance1 s in a crash loop 6 crashes, 0 seconds since last crash Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: [ Port Based Pattern Matching Memory ] Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: +- [ Aho-Corasick Summary ] ------------------------------------- Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: | Storage Format : Full Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: | Finite Automaton : DFA Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: | Alphabet Size : 256 Chars Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: | Sizeof State : Variable (1,2,4 bytes) Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: | Instances : 89 Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: | 1 byte states : 79 Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: | 2 byte states : 10 Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: | 4 byte states : 0 Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: | Characters : 55505 Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: | States : 36690 Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: | Transitions : 2008701 Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: | State Density : 21.4% Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: | Patterns : 4174 Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: | Match States : 4183 Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: | Memory (MB) : 19.46 Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: | Patterns : 0.42 Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: | Match Lists : 1.08 Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: | DFA Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: | 1 byte states : 0.54 Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: | 2 byte states : 17.26 Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: | 4 byte states : 0.00 Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: +---------------------------------------------------------------- Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: [ Number of patterns truncated to 18 bytes: 1311 ] Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: afpacket DAQ configured to inline. Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: Acquiring network traffic from "eth0:eth2". Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: Initializing daemon mode Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: Daemon initialized, signaled parent pid: 1 Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: Reload thread starting... Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: Reload thread started, thread 0xffefa5f210 (18568) Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: Checking PID path... Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: PID path stat checked out ok, PID path set to /var/snort/ Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: Writing PID "18557" to file "/var/snort//snort_eth0:eth2.pid" Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: --== Initialization Complete ==-- Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: ,,_ -*> Snort! <*- Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: o" )~ Version 2.9.7.2 GRE (Build 177) Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: '''' By Martin Roesch & The Snort Team: http://www.snort.org/contact#team Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: Copyright (C) 2014 Cisco and/or its affiliates. All rights reserved. Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: Copyright (C) 1998-2013 Sourcefire, Inc., et al. Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: Using libpcap version 1.5.3 Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: Using PCRE version: 8.36 2014-09-26 Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: Using ZLIB version: 1.2.8 Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: Rules Engine: SF_SNORT_DETECTION_ENGINE Version 2.4 Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: Preprocessor Object: SF_SSLPP Version 1.1 Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: Commencing packet processing (pid=18557) Sun Nov 6 01:01:54 2016 daemon.notice snort[18557]: Decoding Ethernet Sun Nov 6 03:01:00 2016 cron.info crond[3187]: USER root pid 18570 cmd > /tmp/snort/alert.fast Sun Nov 6 07:29:43 2016 daemon.err uhttpd[5057]: cat: can't open '/.shield_mode': No such file or directory Sun Nov 6 07:29:43 2016 daemon.err uhttpd[5057]: cat: can't open '/.shield_mode': No such file or directory Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Enabling inline operation Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Found pid path directive (/var/snort/) Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Running in IDS mode Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: --== Initializing Snort ==-- Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Initializing Output Plugins! Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Initializing Preprocessors! Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Initializing Plug-ins! Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Parsing Rules file "/etc/snort/snort_bridge.conf" Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: PortVar 'HTTP_PORTS' defined : Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: [ 36 80:90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 33300 34412Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: PortVar 'SHELLCODE_PORTS' defined : Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: [ 1:65535 ] Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: PortVar 'ORACLE_PORTS' defined : Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: [ 1024:65535 ] Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: PortVar 'SSH_PORTS' defined : Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: [ 22 ] Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: PortVar 'FTP_PORTS' defined : Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: [ 21 2100 3535 ] Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: PortVar 'SIP_PORTS' defined : Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: [ 5060:5061 5600 ] Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: PortVar 'FILE_DATA_PORTS' defined : Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: [ 36 80:90 110 143 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 333Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: PortVar 'GTP_PORTS' defined : Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: [ 2123 2152 3386 ] Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Detection: Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Search-Method = AC-Full Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Split Any/Any group = enabled Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Search-Method-Optimizations = enabled Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Maximum pattern length = 18 Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Found pid path directive (/var/snort/) Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Tagged Packet Limit: 256 Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so... Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: done Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/... Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: done Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/ Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Log directory = /tmp/snort/ Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Normalizer config: Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: ip4: on Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: ip4::df: off Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: ip4::rf: off Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: ip4::tos: off Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: ip4::trim: off Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: ip4::ttl: on (min=1, new=5) Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Normalizer config: Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: tcp: on Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: tcp::ecn: stream Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: tcp::block: off Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: tcp::rsv: off Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: tcp::pad: off Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: tcp::req_urg: off Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: tcp::req_pay: off Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: tcp::req_urp: off Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: tcp::urp: off Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: tcp::opt: off Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: tcp::ips: on Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: tcp::trim_syn: off Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: tcp::trim_rst: off Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: tcp::trim_win: off Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: tcp::trim_mss: off Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Normalizer config: Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: icmp4: on Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Normalizer config: Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: ip6: on Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: ip6::hops: on (min=1, new=5) Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Normalizer config: Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: icmp6: on Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Frag3 global config: Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Max frags: 65536 Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Fragment memory cap: 4194304 bytes Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Frag3 engine config: Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Bound Address: default Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Target-based policy: WINDOWS Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Fragment timeout: 180 seconds Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Fragment min_ttl: 1 Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Fragment Anomalies: Alert Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Overlap Limit: 10 Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Min fragment Length: 100 Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Max Expected Streams: 39 Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Stream global config: Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Track TCP sessions: ACTIVE Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Max TCP sessions: 10000 Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: TCP cache pruning timeout: 30 seconds Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: TCP cache nominal timeout: 3600 seconds Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Memcap (for reassembly packet storage): 10388608 Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Track UDP sessions: ACTIVE Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Max UDP sessions: 10000 Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: UDP cache pruning timeout: 30 seconds Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: UDP cache nominal timeout: 180 seconds Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Track ICMP sessions: ACTIVE Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Max ICMP sessions: 65536 Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Track IP sessions: INACTIVE Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Log info if session memory consumption exceeds 3579067 Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Send up to 2 active responses Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Wait at least 5 seconds between responses Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Protocol Aware Flushing: ACTIVE Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Maximum Flush Point: 16000 Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Stream TCP Policy config: Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Bound Address: default Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Reassembly Policy: WINDOWS Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Timeout: 180 seconds Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Limit on TCP Overlaps: 10 Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Maximum number of bytes to queue per session: 3550531 Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Maximum number of segs to queue per session: 3621 Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Options: Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Require 3-Way Handshake: YES Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: 3-Way Handshake Timeout: 180 Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Detect Anomalies: YES Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Reassembly Ports: Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: 21 client (Footprint-IPS) Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: 22 client (Footprint-IPS) Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: 23 client (Footprint-IPS) Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: 25 client (Footprint-IPS) Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: 36 client (Footprint-IPS) server (Footprint-IPS) Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: 42 client (Footprint-IPS) Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: 53 client (Footprint-IPS) Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: 70 client (Footprint-IPS) Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: 79 client (Footprint-IPS) Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: 80 client (Footprint-IPS) server (Footprint-IPS) Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: 81 client (Footprint-IPS) server (Footprint-IPS) Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: 82 client (Footprint-IPS) server (Footprint-IPS) Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: 83 client (Footprint-IPS) server (Footprint-IPS) Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: 84 client (Footprint-IPS) server (Footprint-IPS) Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: 85 client (Footprint-IPS) server (Footprint-IPS) Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: 86 client (Footprint-IPS) server (Footprint-IPS) Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: 87 client (Footprint-IPS) server (Footprint-IPS) Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: 88 client (Footprint-IPS) server (Footprint-IPS) Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: 89 client (Footprint-IPS) server (Footprint-IPS) Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: 90 client (Footprint-IPS) server (Footprint-IPS) Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: additional ports configured but not printed. Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Stream UDP Policy config: Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Timeout: 180 seconds Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: HttpInspect Config: Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: GLOBAL CONFIG Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Detect Proxy Usage: NO Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: IIS Unicode Map Filename: /etc/snort/unicode.map Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: IIS Unicode Map Codepage: 1252 Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Memcap used for logging URI and Hostname: 150994944 Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Max Gzip Memory: 838860 Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Max Gzip Sessions: 1807 Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Gzip Compress Depth: 65535 Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Gzip Decompress Depth: 65535 Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: DEFAULT SERVER CONFIG: Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Server profile: All Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Ports (PAF): 36 80 81 82 83 84 85 86 87 88 89 90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000 7001 7071 7144 7145 7510 7770 7777 7778 7779 8000 8008 8014 8028 8080 8081 8082 8085 8088 8090 8118 8123 8180 8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090 9091 9111 9290 9443Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Server Flow Depth: 0 Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Client Flow Depth: 0 Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Max Chunk Length: 500000 Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Small Chunk Length Evasion: chunk size <= 10, threshold >= 5 times Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Max Header Field Length: 750 Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Max Number Header Fields: 100 Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Max Number of WhiteSpaces allowed with header folding: 200 Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Inspect Pipeline Requests: YES Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: URI Discovery Strict Mode: NO Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Allow Proxy Usage: NO Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Disable Alerting: NO Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Oversize Dir Length: 500 Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Only inspect URI: NO Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Normalize HTTP Headers: NO Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Inspect HTTP Cookies: YES Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Inspect HTTP Responses: YES Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Extract Gzip from responses: YES Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Decompress response files: Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Unlimited decompression of gzip data from responses: YES Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Normalize Javascripts in HTTP Responses: YES Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Max Number of WhiteSpaces allowed with Javascript Obfuscation in HTTP responses: 200 Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Normalize HTTP Cookies: NO Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Enable XFF and True Client IP: NO Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Log HTTP URI data: NO Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Log HTTP Hostname data: NO Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Extended ASCII code support in URI: NO Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Ascii: YES alert: NO Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Double Decoding: YES alert: NO Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: %U Encoding: YES alert: YES Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Bare Byte: YES alert: NO Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: UTF 8: YES alert: NO Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: IIS Unicode: YES alert: NO Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Multiple Slash: YES alert: NO Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: IIS Backslash: YES alert: NO Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Directory Traversal: YES alert: NO Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Web Root Traversal: YES alert: NO Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Apache WhiteSpace: YES alert: NO Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: IIS Delimiter: YES alert: NO Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Whitespace Characters: 0x09 0x0b 0x0c 0x0d Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: rpc_decode arguments: Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: alert_fragments: INACTIVE Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: alert_large_fragments: INACTIVE Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: alert_incomplete: INACTIVE Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: alert_multiple_requests: INACTIVE Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: SSLPP config: Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Encrypted packets: not inspected Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Ports: Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: 443 465 563 587 636 Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: 989 992 993 994 995 Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: 7801 7802 7900 7901 7902 Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: 7903 7904 7905 7906 7907 Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: 7908 7909 7910 7911 7912 Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: 7913 7914 7915 7916 7917 Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: 7918 7919 7920 Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Server side data is trusted Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Maximum SSL Heartbeat length: 0 Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: +++++++++++++++++++++++++++++++++++++++++++++++++++ Sun Nov 6 07:33:37 2016 daemon.notice snort[18713]: Initializing rule chains... Sun Nov 6 07:33:38 2016 daemon.notice snort[18713]: WARNING: /etc/snort/rules/snort.rules(1232) threshold (in rule) is deprecated; use detection_filter instead. Sun Nov 6 07:33:44 2016 daemon.notice snort[18713]: 5034 Snort rules read Sun Nov 6 07:33:44 2016 daemon.notice snort[18713]: 5034 detection rules Sun Nov 6 07:33:44 2016 daemon.notice snort[18713]: 0 decoder rules Sun Nov 6 07:33:44 2016 daemon.notice snort[18713]: 0 preprocessor rules Sun Nov 6 07:33:44 2016 daemon.notice snort[18713]: 5034 Option Chains linked into 1037 Chain Headers Sun Nov 6 07:33:44 2016 daemon.notice snort[18713]: 0 Dynamic rules Sun Nov 6 07:33:44 2016 daemon.notice snort[18713]: +++++++++++++++++++++++++++++++++++++++++++++++++++ Sun Nov 6 07:33:44 2016 daemon.notice snort[18713]: Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: +-------------------[Rule Port Counts]--------------------------------------- Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | tcp udp icmp ip Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | src 1465 8 0 0 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | dst 2337 125 0 0 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | any 647 452 0 0 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | nc 446 446 0 0 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | s+d 28 0 0 0 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: +---------------------------------------------------------------------------- Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: +-----------------------[detection-filter-config]------------------------------ Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | memory-cap : 1048576 bytes Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: +-----------------------[detection-filter-rules]------------------------------- Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: ------------------------------------------------------------------------------- Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: +-----------------------[rate-filter-config]----------------------------------- Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | memory-cap : 1048576 bytes Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: +-----------------------[rate-filter-rules]------------------------------------ Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | none Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: ------------------------------------------------------------------------------- Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: +-----------------------[event-filter-config]---------------------------------- Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | memory-cap : 1048576 bytes Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: +-----------------------[event-filter-global]---------------------------------- Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | none Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: +-----------------------[event-filter-local]----------------------------------- Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403560 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403559 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403562 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403561 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403556 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403555 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403558 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403557 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403568 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403567 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403570 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403569 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403564 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403563 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403566 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403565 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403544 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403543 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403546 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403545 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403540 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403539 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403542 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403541 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403552 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403551 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403554 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403553 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403548 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403547 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403550 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403549 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403576 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403575 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403578 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403577 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403572 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403571 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403574 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403573 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403583 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403580 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403579 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403582 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403581 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403432 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403431 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403434 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403433 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403428 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403427 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403430 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403429 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403440 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403439 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403442 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403441 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403436 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403435 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403438 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403437 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403416 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403415 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403418 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403417 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403412 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403411 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403414 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403413 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403424 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403423 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403426 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403425 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403420 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403419 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403422 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403421 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403464 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403463 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403466 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403465 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403460 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403459 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403462 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403461 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403472 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403471 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403474 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403473 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403468 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403467 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403470 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403469 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403448 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403447 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403450 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403449 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403444 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403443 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403446 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403445 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403456 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403455 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403458 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403457 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403452 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403451 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403454 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403453 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403496 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403495 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403498 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403497 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403492 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403491 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403494 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403493 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403504 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403503 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403506 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403505 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403500 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403499 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403502 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403501 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403480 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403479 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403482 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403481 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403476 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403475 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403478 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403477 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403488 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403487 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403490 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403489 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403484 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403483 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2018382 type=Limit tracking=dst count=1 seconds=120 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403486 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403485 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403528 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2018383 type=Limit tracking=src count=1 seconds=120 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403527 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2018378 type=Limit tracking=src count=1 seconds=120 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403530 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2018377 type=Limit tracking=src count=1 seconds=120 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403529 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403524 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403523 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2018389 type=Limit tracking=src count=1 seconds=120 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403526 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403525 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403536 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403535 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403538 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403537 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2018388 type=Limit tracking=src count=1 seconds=120 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403532 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403531 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403534 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403533 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403512 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403511 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403514 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403513 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403508 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403507 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2018374 type=Limit tracking=src count=1 seconds=120 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403510 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2018373 type=Limit tracking=src count=1 seconds=120 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403509 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403520 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403519 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403522 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403521 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2018372 type=Limit tracking=src count=1 seconds=120 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403516 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403515 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403518 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403517 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403336 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403335 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403338 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403337 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403332 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403331 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403334 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403333 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403344 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403343 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403346 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403345 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2021691 type=Limit tracking=src count=3 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403340 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403339 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2018430 type=Limit tracking=src count=1 seconds=300 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403342 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403341 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2018432 type=Limit tracking=src count=1 seconds=300 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2018431 type=Limit tracking=src count=1 seconds=300 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403328 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403330 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2018433 type=Limit tracking=src count=1 seconds=300 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403329 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403368 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403367 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403370 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403369 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403364 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403363 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403366 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2008549 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403365 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403376 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403375 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403378 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403377 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403372 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403371 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403374 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403373 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403352 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403351 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403354 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403353 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403348 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403347 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403350 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403349 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403360 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403359 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403362 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403361 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403356 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403355 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403358 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403357 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403400 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403399 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403402 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403401 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403396 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403395 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403398 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403397 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403408 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403407 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403410 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403409 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403404 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403403 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403406 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403405 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403384 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403383 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403386 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403385 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403380 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403379 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403382 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403381 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403392 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403391 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403394 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403393 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403388 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2023066 type=Limit tracking=src count=1 seconds=30 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403387 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403390 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403389 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404733 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404732 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404735 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404734 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404729 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404728 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404731 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404730 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404741 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404740 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404743 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404742 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404737 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404736 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404739 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404738 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404717 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404716 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404719 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404718 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404713 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404712 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404715 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404714 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404725 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2023092 type=Limit tracking=src count=1 seconds=30 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404724 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404727 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404726 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404721 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404720 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404723 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404722 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404765 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404764 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404767 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404766 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404761 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404760 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404763 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404762 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404773 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404772 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404775 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404774 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404769 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404768 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404771 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404770 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404749 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404748 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404751 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404750 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404745 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404744 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404747 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404746 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404757 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404756 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404759 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404758 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404753 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404752 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404755 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404754 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404797 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404796 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404799 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404798 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404793 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404792 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404795 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404794 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404781 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404780 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404783 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404782 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404777 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404776 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404779 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404778 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404789 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404788 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404791 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404790 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404785 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404784 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404787 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2001855 type=Limit tracking=src count=1 seconds=360 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404786 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2001858 type=Limit tracking=src count=1 seconds=360 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404613 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404612 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404615 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404614 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404609 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404608 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404611 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2019778 type=Both tracking=dst count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404610 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2001864 type=Limit tracking=src count=1 seconds=360 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2001872 type=Limit tracking=src count=1 seconds=360 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404637 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404636 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404639 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404638 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404633 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404632 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404635 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404634 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404645 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404644 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404647 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404646 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404641 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404640 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404643 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404642 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404621 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404620 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404623 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404622 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404617 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404616 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404619 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404618 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404629 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404628 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404631 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404630 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404625 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404624 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404627 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404626 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404669 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404668 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404671 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404670 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404665 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404664 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404667 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404666 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404677 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404676 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404679 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404678 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404673 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404672 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404675 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404674 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404653 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404652 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404655 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404654 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404649 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404648 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404651 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404650 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404661 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404660 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404663 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404662 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404657 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404656 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404659 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404658 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404701 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404700 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404703 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404702 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404697 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404696 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404699 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404698 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404709 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404708 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404711 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404710 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404705 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404704 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404707 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404706 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404685 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404684 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404687 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404686 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404681 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404680 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404683 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404682 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404693 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404692 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404695 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404694 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404689 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404688 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404691 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404690 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500079 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500078 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500081 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500080 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500075 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500074 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500077 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500076 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500087 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500086 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500089 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500088 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500083 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500082 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500085 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500084 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500063 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500062 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500065 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500064 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500059 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500058 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500061 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500060 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500071 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500070 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500073 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500072 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500067 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500066 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500069 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500068 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2021018 type=Both tracking=dst count=10 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500095 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500094 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500091 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500090 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500093 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500092 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500015 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500014 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500017 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500016 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500011 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500010 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500013 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500012 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500023 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500022 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500025 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500024 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500019 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500018 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500021 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500020 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500001 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500000 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500007 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500006 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500009 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500008 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500003 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500002 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500005 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500004 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500047 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500046 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500049 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500048 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500043 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500042 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500045 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500044 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500055 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500054 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500057 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500056 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500051 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500050 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500053 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500052 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500031 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500030 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500033 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500032 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500027 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500026 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500029 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500028 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500039 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500038 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500041 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500040 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500035 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500034 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500037 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500036 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2022291 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2002400 type=Limit tracking=src count=2 seconds=360 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2020240 type=Limit tracking=src count=1 seconds=180 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2002402 type=Limit tracking=src count=1 seconds=360 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2402001 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2402000 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2000929 type=Limit tracking=src count=1 seconds=360 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2021572 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2021574 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2021573 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2021575 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2021410 type=Both tracking=src count=10 seconds=120 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2021409 type=Both tracking=src count=10 seconds=120 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403319 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403318 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403321 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403320 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403315 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403314 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403317 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403316 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403327 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403326 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403323 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2021444 type=Both tracking=src count=10 seconds=120 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2021443 type=Both tracking=src count=10 seconds=120 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403322 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403325 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403324 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403303 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403302 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403305 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403304 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403301 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403300 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403311 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403310 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403313 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403312 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403307 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403306 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403309 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403308 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2003566 type=Limit tracking=src count=3 seconds=300 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2003583 type=Limit tracking=src count=3 seconds=300 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2003585 type=Limit tracking=src count=3 seconds=300 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404524 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404523 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404526 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404525 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404520 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404519 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404522 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404521 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404532 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404531 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404534 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404533 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404528 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404527 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404530 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404529 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404508 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404507 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404510 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404509 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404504 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404503 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404506 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404505 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404516 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404515 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404518 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404517 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404512 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404511 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404514 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404513 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404556 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404555 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404558 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404557 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404552 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404551 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404554 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404553 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404564 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404563 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404566 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404565 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404560 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404559 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404562 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404561 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404540 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404539 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404542 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2018088 type=Limit tracking=src count=1 seconds=300 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404541 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404536 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2018090 type=Limit tracking=src count=1 seconds=300 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404535 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404538 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404537 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404548 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404547 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404550 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404549 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404544 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404543 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404546 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404545 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404588 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404587 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404590 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404589 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404584 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404583 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404586 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404585 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404596 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404595 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404598 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404597 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404592 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404591 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404594 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404593 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404572 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404571 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404574 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404573 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404568 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404567 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404570 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404569 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404580 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404579 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404582 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404581 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404576 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404575 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404578 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404577 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2003493 type=Limit tracking=src count=2 seconds=360 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404604 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404603 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404606 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404605 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404600 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404599 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404602 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404601 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2003497 type=Limit tracking=src count=3 seconds=300 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404607 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404404 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404403 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404406 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2022775 type=Limit tracking=dst count=1 seconds=300 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404405 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404400 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404402 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404401 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404428 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404427 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404430 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404429 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404424 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404423 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404426 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404425 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404436 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404435 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404438 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404437 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404432 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404431 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404434 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404433 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404412 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404411 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404414 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404413 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404408 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404407 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404410 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404409 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404420 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404419 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404422 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404421 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404416 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404415 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404418 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404417 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404460 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404459 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2008085 type=Limit tracking=src count=2 seconds=300 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404462 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404461 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404456 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404455 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404458 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404457 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404468 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404467 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404470 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404469 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404464 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404463 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404466 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404465 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404444 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404443 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404446 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404445 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404440 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404439 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404442 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404441 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404452 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404451 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404454 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404453 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404448 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404447 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404450 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404449 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404492 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404491 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404494 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404493 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404488 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404487 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404490 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404489 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404500 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404499 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404502 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404501 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404496 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404495 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404498 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404497 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404476 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404475 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404478 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404477 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404472 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404471 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404474 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404473 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404484 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404483 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404486 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404485 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2019418 type=Both tracking=src count=50 seconds=300 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404480 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404479 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404482 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404481 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2001564 type=Limit tracking=src count=5 seconds=300 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2001562 type=Limit tracking=src count=2 seconds=300 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2020661 type=Limit tracking=dst count=1 seconds=1200 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2020712 type=Limit tracking=src count=2 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403585 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2403584 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2019897 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2018569 type=Limit tracking=src count=1 seconds=120 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2018568 type=Limit tracking=src count=1 seconds=120 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2019922 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2023180 type=Limit tracking=src count=1 seconds=30 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2019950 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2021329 type=Both tracking=src count=10 seconds=120 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2021328 type=Both tracking=src count=10 seconds=120 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2021331 type=Both tracking=src count=10 seconds=120 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2021330 type=Both tracking=src count=10 seconds=120 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2021327 type=Both tracking=src count=10 seconds=120 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2021326 type=Limit tracking=src count=3 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2021333 type=Both tracking=src count=10 seconds=120 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2021332 type=Both tracking=src count=10 seconds=120 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2003397 type=Both tracking=src count=1 seconds=300 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2022618 type=Limit tracking=src count=1 seconds=30 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2022617 type=Limit tracking=src count=1 seconds=30 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2003387 type=Limit tracking=src count=5 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2003384 type=Limit tracking=src count=1 seconds=300 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2022616 type=Limit tracking=src count=1 seconds=30 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2022615 type=Limit tracking=src count=1 seconds=30 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404315 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404314 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404317 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404316 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404311 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404310 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404313 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2000048 type=Limit tracking=dst count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404312 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404323 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404322 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404325 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404324 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404319 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404318 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404321 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404320 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404301 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404300 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2000031 type=Limit tracking=dst count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404307 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404306 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404309 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404308 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404303 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404302 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404305 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404304 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404347 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404346 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404349 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404348 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404343 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404342 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404345 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404344 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404331 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404330 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2000049 type=Limit tracking=dst count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404333 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404332 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404327 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404326 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404329 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404328 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404339 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404338 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404341 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404340 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2003267 type=Both tracking=src count=1 seconds=900 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404335 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2003266 type=Both tracking=src count=1 seconds=900 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404334 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2003269 type=Both tracking=src count=1 seconds=900 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404337 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2003268 type=Both tracking=src count=1 seconds=900 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404336 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2003263 type=Both tracking=src count=1 seconds=900 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2003262 type=Both tracking=src count=1 seconds=900 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2003275 type=Both tracking=src count=1 seconds=900 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2003274 type=Both tracking=src count=1 seconds=900 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2003277 type=Both tracking=src count=1 seconds=900 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2003276 type=Both tracking=src count=1 seconds=900 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2003271 type=Both tracking=src count=1 seconds=900 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2003270 type=Both tracking=src count=1 seconds=900 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2003273 type=Both tracking=src count=1 seconds=900 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2003272 type=Both tracking=src count=1 seconds=900 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2003259 type=Both tracking=src count=1 seconds=900 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2003258 type=Both tracking=src count=1 seconds=900 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2003261 type=Both tracking=src count=1 seconds=900 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2003260 type=Both tracking=src count=1 seconds=900 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2003255 type=Both tracking=src count=1 seconds=900 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2003254 type=Both tracking=src count=1 seconds=900 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2003257 type=Both tracking=src count=2 seconds=900 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2003256 type=Both tracking=src count=2 seconds=900 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2003279 type=Both tracking=src count=1 seconds=900 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2003278 type=Both tracking=src count=1 seconds=900 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2003281 type=Both tracking=src count=1 seconds=900 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2003280 type=Both tracking=src count=1 seconds=900 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500096 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500098 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500097 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404187 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404186 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404189 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404188 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404183 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404182 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404185 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404184 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500100 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500099 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2500101 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404191 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404190 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404193 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404192 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404171 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404170 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404173 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404172 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404167 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404166 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404169 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404168 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404179 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404178 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404181 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404180 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404175 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404174 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404177 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404176 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404203 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404202 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404205 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404204 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404201 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404200 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404207 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404206 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2011146 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2001315 type=Limit tracking=src count=1 seconds=360 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2001316 type=Limit tracking=src count=1 seconds=360 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404155 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404154 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404157 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404156 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404151 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404150 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404153 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404152 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404163 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404162 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404165 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404164 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404159 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404158 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404161 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=1 sig-id=2404160 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: +-----------------------[suppression]------------------------------------------ Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=129 sig-id=12 tracking=none Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: | gen-id=129 sig-id=20 tracking=none Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: ------------------------------------------------------------------------------- Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: Rule application order: activation->dynamic->pass->drop->sdrop->reject->alert->log Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: Verifying Preprocessor Configurations! Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: WARNING: flowbits key 'ET.http.binary' is checked but not ever set. Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: WARNING: flowbits key 'ET.wininet.UA' is checked but not ever set. Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: WARNING: flowbits key 'et.MS.WinHttpRequest.no.exe.request' is checked but not ever set. Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: WARNING: flowbits key 'et.http.PK' is checked but not ever set. Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: WARNING: flowbits key 'et.MCOFF' is checked but not ever set. Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: WARNING: flowbits key 'ET.Adobe.Site.Download' is checked but not ever set. Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: WARNING: flowbits key 'ET.QuickenUpdater' is checked but not ever set. Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: WARNING: flowbits key 'ET.pdf.in.http' is checked but not ever set. Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: WARNING: flowbits key 'ET.Evil' is set but not ever checked. Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: WARNING: flowbits key 'ET.RIGEKExploit' is set but not ever checked. Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: WARNING: flowbits key 'ET.CompIP' is set but not ever checked. Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: WARNING: flowbits key 'et.MS.XMLHTTP.ip.request' is checked but not ever set. Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: WARNING: flowbits key 'et.MS.XMLHTTP.no.exe.request' is checked but not ever set. Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: WARNING: flowbits key 'ETPRO.RTF' is set but not ever checked. Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: WARNING: flowbits key 'et.JavaArchiveOrClass' is checked but not ever set. Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: WARNING: flowbits key 'ET.http.javaclient' is checked but not ever set. Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: WARNING: flowbits key 'ET_EDGE_UA' is set but not ever checked. Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: WARNING: flowbits key 'NuclearEK' is set but not ever checked. Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: WARNING: flowbits key 'ET.http.javaclient.vulnerable' is checked but not ever set. Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: WARNING: flowbits key 'ET.Symantec.Site.Download' is checked but not ever set. Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: WARNING: flowbits key 'et.WinHttpRequest' is checked but not ever set. Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: WARNING: flowbits key 'ET.ZoneAlarm.Site.Download' is checked but not ever set. Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: WARNING: flowbits key 'ET.BotccIP' is set but not ever checked. Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: WARNING: flowbits key 'AnglerEK' is set but not ever checked. Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: WARNING: flowbits key 'FlimKit.SWF.Redirect' is checked but not ever set. Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: WARNING: flowbits key 'ET.http.rtf.download' is set but not ever checked. Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: WARNING: flowbits key 'ET.DshieldIP' is set but not ever checked. Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: WARNING: flowbits key 'et.DocVBAProject' is set but not ever checked. Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: WARNING: flowbits key 'EXE2' is set but not ever checked. Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: WARNING: flowbits key 'ET.CottonCastle.Exploit' is set but not ever checked. Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: WARNING: flowbits key 'ET.JS.Obfus.Func' is checked but not ever set. Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: WARNING: flowbits key 'ET.http.javaclient.SakuraPorts' is checked but not ever set. Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: WARNING: flowbits key 'SunDown.EK' is set but not ever checked. Sun Nov 6 07:33:49 2016 daemon.notice snort[18713]: 87 out of 1024 flowbits in use. Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: [ Port Based Pattern Matching Memory ] Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: +- [ Aho-Corasick Summary ] ------------------------------------- Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: | Storage Format : Full Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: | Finite Automaton : DFA Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: | Alphabet Size : 256 Chars Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: | Sizeof State : Variable (1,2,4 bytes) Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: | Instances : 89 Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: | 1 byte states : 79 Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: | 2 byte states : 10 Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: | 4 byte states : 0 Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: | Characters : 55505 Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: | States : 36690 Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: | Transitions : 2008701 Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: | State Density : 21.4% Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: | Patterns : 4174 Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: | Match States : 4183 Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: | Memory (MB) : 19.46 Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: | Patterns : 0.42 Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: | Match Lists : 1.08 Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: | DFA Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: | 1 byte states : 0.54 Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: | 2 byte states : 17.26 Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: | 4 byte states : 0.00 Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: +---------------------------------------------------------------- Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: [ Number of patterns truncated to 18 bytes: 1311 ] Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: afpacket DAQ configured to inline. Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: Acquiring network traffic from "eth0:eth2". Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: Initializing daemon mode Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: Daemon initialized, signaled parent pid: 1 Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: Reload thread starting... Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: Reload thread started, thread 0xffefbaf210 (18714) Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: Checking PID path... Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: PID path stat checked out ok, PID path set to /var/snort/ Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: Writing PID "18713" to file "/var/snort//snort_eth0:eth2.pid" Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: --== Initialization Complete ==-- Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: ,,_ -*> Snort! <*- Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: o" )~ Version 2.9.7.2 GRE (Build 177) Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: '''' By Martin Roesch & The Snort Team: http://www.snort.org/contact#team Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: Copyright (C) 2014 Cisco and/or its affiliates. All rights reserved. Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: Copyright (C) 1998-2013 Sourcefire, Inc., et al. Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: Using libpcap version 1.5.3 Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: Using PCRE version: 8.36 2014-09-26 Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: Using ZLIB version: 1.2.8 Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: Rules Engine: SF_SNORT_DETECTION_ENGINE Version 2.4 Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: Preprocessor Object: SF_SSLPP Version 1.1 Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: Commencing packet processing (pid=18713) Sun Nov 6 07:33:59 2016 daemon.notice snort[18713]: Decoding Ethernet Sun Nov 6 08:15:30 2016 daemon.err uhttpd[5057]: cat: can't open '/.shield_mode': No such file or directory Sun Nov 6 08:15:31 2016 daemon.err uhttpd[5057]: cat: can't open '/.shield_mode': No such file or directory Sun Nov 6 08:20:14 2016 daemon.err uhttpd[5057]: cat: can't open '/.shield_mode': No such file or directory Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Enabling inline operation Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Found pid path directive (/var/snort/) Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Running in IDS mode Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: --== Initializing Snort ==-- Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Initializing Output Plugins! Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Initializing Preprocessors! Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Initializing Plug-ins! Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Parsing Rules file "/etc/snort/snort_bridge.conf" Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: PortVar 'HTTP_PORTS' defined : Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: [ 36 80:90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 33300 34412Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: PortVar 'SHELLCODE_PORTS' defined : Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: [ 1:65535 ] Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: PortVar 'ORACLE_PORTS' defined : Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: [ 1024:65535 ] Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: PortVar 'SSH_PORTS' defined : Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: [ 22 ] Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: PortVar 'FTP_PORTS' defined : Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: [ 21 2100 3535 ] Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: PortVar 'SIP_PORTS' defined : Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: [ 5060:5061 5600 ] Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: PortVar 'FILE_DATA_PORTS' defined : Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: [ 36 80:90 110 143 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 333Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: PortVar 'GTP_PORTS' defined : Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: [ 2123 2152 3386 ] Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Detection: Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Search-Method = AC-Full Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Split Any/Any group = enabled Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Search-Method-Optimizations = enabled Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Maximum pattern length = 18 Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Found pid path directive (/var/snort/) Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Tagged Packet Limit: 256 Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so... Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: done Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/... Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: done Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/ Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Log directory = /tmp/snort/ Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Normalizer config: Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: ip4: on Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: ip4::df: off Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: ip4::rf: off Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: ip4::tos: off Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: ip4::trim: off Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: ip4::ttl: on (min=1, new=5) Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Normalizer config: Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: tcp: on Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: tcp::ecn: stream Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: tcp::block: off Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: tcp::rsv: off Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: tcp::pad: off Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: tcp::req_urg: off Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: tcp::req_pay: off Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: tcp::req_urp: off Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: tcp::urp: off Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: tcp::opt: off Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: tcp::ips: on Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: tcp::trim_syn: off Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: tcp::trim_rst: off Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: tcp::trim_win: off Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: tcp::trim_mss: off Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Normalizer config: Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: icmp4: on Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Normalizer config: Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: ip6: on Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: ip6::hops: on (min=1, new=5) Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Normalizer config: Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: icmp6: on Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Frag3 global config: Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Max frags: 65536 Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Fragment memory cap: 4194304 bytes Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Frag3 engine config: Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Bound Address: default Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Target-based policy: WINDOWS Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Fragment timeout: 180 seconds Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Fragment min_ttl: 1 Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Fragment Anomalies: Alert Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Overlap Limit: 10 Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Min fragment Length: 100 Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Max Expected Streams: 39 Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Stream global config: Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Track TCP sessions: ACTIVE Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Max TCP sessions: 10000 Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: TCP cache pruning timeout: 30 seconds Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: TCP cache nominal timeout: 3600 seconds Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Memcap (for reassembly packet storage): 10388608 Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Track UDP sessions: ACTIVE Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Max UDP sessions: 10000 Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: UDP cache pruning timeout: 30 seconds Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: UDP cache nominal timeout: 180 seconds Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Track ICMP sessions: ACTIVE Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Max ICMP sessions: 65536 Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Track IP sessions: INACTIVE Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Log info if session memory consumption exceeds 3579067 Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Send up to 2 active responses Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Wait at least 5 seconds between responses Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Protocol Aware Flushing: ACTIVE Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Maximum Flush Point: 16000 Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Stream TCP Policy config: Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Bound Address: default Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Reassembly Policy: WINDOWS Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Timeout: 180 seconds Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Limit on TCP Overlaps: 10 Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Maximum number of bytes to queue per session: 3550531 Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Maximum number of segs to queue per session: 3621 Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Options: Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Require 3-Way Handshake: YES Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: 3-Way Handshake Timeout: 180 Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Detect Anomalies: YES Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Reassembly Ports: Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: 21 client (Footprint-IPS) Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: 22 client (Footprint-IPS) Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: 23 client (Footprint-IPS) Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: 25 client (Footprint-IPS) Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: 36 client (Footprint-IPS) server (Footprint-IPS) Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: 42 client (Footprint-IPS) Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: 53 client (Footprint-IPS) Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: 70 client (Footprint-IPS) Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: 79 client (Footprint-IPS) Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: 80 client (Footprint-IPS) server (Footprint-IPS) Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: 81 client (Footprint-IPS) server (Footprint-IPS) Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: 82 client (Footprint-IPS) server (Footprint-IPS) Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: 83 client (Footprint-IPS) server (Footprint-IPS) Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: 84 client (Footprint-IPS) server (Footprint-IPS) Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: 85 client (Footprint-IPS) server (Footprint-IPS) Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: 86 client (Footprint-IPS) server (Footprint-IPS) Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: 87 client (Footprint-IPS) server (Footprint-IPS) Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: 88 client (Footprint-IPS) server (Footprint-IPS) Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: 89 client (Footprint-IPS) server (Footprint-IPS) Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: 90 client (Footprint-IPS) server (Footprint-IPS) Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: additional ports configured but not printed. Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Stream UDP Policy config: Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Timeout: 180 seconds Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: HttpInspect Config: Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: GLOBAL CONFIG Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Detect Proxy Usage: NO Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: IIS Unicode Map Filename: /etc/snort/unicode.map Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: IIS Unicode Map Codepage: 1252 Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Memcap used for logging URI and Hostname: 150994944 Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Max Gzip Memory: 838860 Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Max Gzip Sessions: 1807 Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Gzip Compress Depth: 65535 Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Gzip Decompress Depth: 65535 Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: DEFAULT SERVER CONFIG: Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Server profile: All Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Ports (PAF): 36 80 81 82 83 84 85 86 87 88 89 90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000 7001 7071 7144 7145 7510 7770 7777 7778 7779 8000 8008 8014 8028 8080 8081 8082 8085 8088 8090 8118 8123 8180 8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090 9091 9111 9290 9443Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Server Flow Depth: 0 Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Client Flow Depth: 0 Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Max Chunk Length: 500000 Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Small Chunk Length Evasion: chunk size <= 10, threshold >= 5 times Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Max Header Field Length: 750 Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Max Number Header Fields: 100 Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Max Number of WhiteSpaces allowed with header folding: 200 Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Inspect Pipeline Requests: YES Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: URI Discovery Strict Mode: NO Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Allow Proxy Usage: NO Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Disable Alerting: NO Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Oversize Dir Length: 500 Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Only inspect URI: NO Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Normalize HTTP Headers: NO Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Inspect HTTP Cookies: YES Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Inspect HTTP Responses: YES Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Extract Gzip from responses: YES Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Decompress response files: Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Unlimited decompression of gzip data from responses: YES Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Normalize Javascripts in HTTP Responses: YES Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Max Number of WhiteSpaces allowed with Javascript Obfuscation in HTTP responses: 200 Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Normalize HTTP Cookies: NO Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Enable XFF and True Client IP: NO Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Log HTTP URI data: NO Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Log HTTP Hostname data: NO Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Extended ASCII code support in URI: NO Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Ascii: YES alert: NO Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Double Decoding: YES alert: NO Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: %U Encoding: YES alert: YES Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Bare Byte: YES alert: NO Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: UTF 8: YES alert: NO Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: IIS Unicode: YES alert: NO Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Multiple Slash: YES alert: NO Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: IIS Backslash: YES alert: NO Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Directory Traversal: YES alert: NO Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Web Root Traversal: YES alert: NO Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Apache WhiteSpace: YES alert: NO Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: IIS Delimiter: YES alert: NO Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Whitespace Characters: 0x09 0x0b 0x0c 0x0d Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: rpc_decode arguments: Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: alert_fragments: INACTIVE Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: alert_large_fragments: INACTIVE Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: alert_incomplete: INACTIVE Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: alert_multiple_requests: INACTIVE Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: SSLPP config: Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Encrypted packets: not inspected Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Ports: Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: 443 465 563 587 636 Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: 989 992 993 994 995 Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: 7801 7802 7900 7901 7902 Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: 7903 7904 7905 7906 7907 Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: 7908 7909 7910 7911 7912 Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: 7913 7914 7915 7916 7917 Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: 7918 7919 7920 Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Server side data is trusted Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Maximum SSL Heartbeat length: 0 Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: +++++++++++++++++++++++++++++++++++++++++++++++++++ Sun Nov 6 14:24:55 2016 daemon.notice snort[18889]: Initializing rule chains... Sun Nov 6 14:24:56 2016 daemon.notice snort[18889]: WARNING: /etc/snort/rules/snort.rules(1232) threshold (in rule) is deprecated; use detection_filter instead. Sun Nov 6 14:25:02 2016 daemon.notice snort[18889]: 5034 Snort rules read Sun Nov 6 14:25:02 2016 daemon.notice snort[18889]: 5034 detection rules Sun Nov 6 14:25:02 2016 daemon.notice snort[18889]: 0 decoder rules Sun Nov 6 14:25:02 2016 daemon.notice snort[18889]: 0 preprocessor rules Sun Nov 6 14:25:02 2016 daemon.notice snort[18889]: 5034 Option Chains linked into 1037 Chain Headers Sun Nov 6 14:25:02 2016 daemon.notice snort[18889]: 0 Dynamic rules Sun Nov 6 14:25:02 2016 daemon.notice snort[18889]: +++++++++++++++++++++++++++++++++++++++++++++++++++ Sun Nov 6 14:25:02 2016 daemon.notice snort[18889]: Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: +-------------------[Rule Port Counts]--------------------------------------- Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | tcp udp icmp ip Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | src 1465 8 0 0 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | dst 2337 125 0 0 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | any 647 452 0 0 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | nc 446 446 0 0 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | s+d 28 0 0 0 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: +---------------------------------------------------------------------------- Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: +-----------------------[detection-filter-config]------------------------------ Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | memory-cap : 1048576 bytes Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: +-----------------------[detection-filter-rules]------------------------------- Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: ------------------------------------------------------------------------------- Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: +-----------------------[rate-filter-config]----------------------------------- Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | memory-cap : 1048576 bytes Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: +-----------------------[rate-filter-rules]------------------------------------ Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | none Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: ------------------------------------------------------------------------------- Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: +-----------------------[event-filter-config]---------------------------------- Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | memory-cap : 1048576 bytes Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: +-----------------------[event-filter-global]---------------------------------- Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | none Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: +-----------------------[event-filter-local]----------------------------------- Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2011146 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404777 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404776 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404779 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404778 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404781 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404780 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404783 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404782 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404769 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404768 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404771 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404770 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404773 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404772 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404775 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404774 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404793 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404792 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404795 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404794 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404797 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404796 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404799 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404798 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404785 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404784 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404787 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404786 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404789 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404788 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404791 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404790 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404745 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404744 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404747 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404746 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404749 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404748 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404751 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404750 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404737 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404736 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404739 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404738 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404741 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404740 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404743 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404742 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404761 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404760 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404763 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404762 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404765 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404764 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404767 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404766 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404753 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404752 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404755 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404754 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404757 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404756 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404759 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404758 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404713 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404712 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404715 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404714 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404717 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404716 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404719 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404718 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404705 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404704 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404707 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404706 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404709 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404708 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404711 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404710 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404729 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404728 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404731 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404730 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404733 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404732 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404735 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404734 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404721 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404720 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404723 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404722 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404725 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404724 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404727 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404726 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404681 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404680 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404683 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404682 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404685 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404684 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404687 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404686 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404673 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404672 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2008085 type=Limit tracking=src count=2 seconds=300 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404675 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404674 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404677 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404676 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404679 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404678 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404697 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404696 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404699 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404698 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404701 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404700 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404703 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404702 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404689 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404688 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404691 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404690 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404693 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404692 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404695 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404694 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404649 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404648 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404651 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404650 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404653 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404652 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404655 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404654 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404641 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404640 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404643 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404642 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404645 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404644 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404647 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404646 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404665 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404664 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404667 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404666 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404669 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404668 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404671 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404670 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404657 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404656 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404659 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404658 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404661 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404660 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404663 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404662 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404617 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404616 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404619 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404618 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404621 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404620 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404623 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404622 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404609 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404608 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404611 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404610 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404613 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404612 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404615 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404614 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404633 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404632 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404635 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404634 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404637 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404636 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404639 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404638 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2022775 type=Limit tracking=dst count=1 seconds=300 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404625 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404624 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404627 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404626 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404629 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404628 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404631 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404630 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2020712 type=Limit tracking=src count=2 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2019778 type=Both tracking=dst count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403585 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403584 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2021691 type=Limit tracking=src count=3 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2020661 type=Limit tracking=dst count=1 seconds=1200 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2000048 type=Limit tracking=dst count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2000049 type=Limit tracking=dst count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2018569 type=Limit tracking=src count=1 seconds=120 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2018568 type=Limit tracking=src count=1 seconds=120 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2000031 type=Limit tracking=dst count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2000929 type=Limit tracking=src count=1 seconds=360 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2008549 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500083 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500082 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500085 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500084 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500087 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500086 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500089 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500088 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500075 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500074 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500077 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500076 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500079 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500078 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500081 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500080 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2023092 type=Limit tracking=src count=1 seconds=30 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500091 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500090 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500093 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500092 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500095 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500094 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500051 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500050 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500053 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500052 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2402000 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500055 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500054 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500057 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2402001 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500056 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500043 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500042 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500045 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500044 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500047 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500046 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500049 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500048 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500067 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500066 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500069 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500068 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500071 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500070 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500073 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500072 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500059 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500058 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500061 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500060 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500063 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500062 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500065 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500064 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500019 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500018 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500021 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500020 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500023 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2003397 type=Both tracking=src count=1 seconds=300 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500022 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500025 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500024 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500011 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2023066 type=Limit tracking=src count=1 seconds=30 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500010 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2003384 type=Limit tracking=src count=1 seconds=300 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500013 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2003387 type=Limit tracking=src count=5 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500012 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500015 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500014 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500017 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500016 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500035 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500034 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500037 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500036 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500039 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500038 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500041 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500040 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500027 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500026 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500029 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500028 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500031 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500030 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500033 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500032 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500003 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500002 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500005 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500004 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500007 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500006 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500009 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500008 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500001 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500000 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2003279 type=Both tracking=src count=1 seconds=900 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2003278 type=Both tracking=src count=1 seconds=900 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2003281 type=Both tracking=src count=1 seconds=900 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2003280 type=Both tracking=src count=1 seconds=900 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2021018 type=Both tracking=dst count=10 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2003271 type=Both tracking=src count=1 seconds=900 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2003270 type=Both tracking=src count=1 seconds=900 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2003273 type=Both tracking=src count=1 seconds=900 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2003272 type=Both tracking=src count=1 seconds=900 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2003275 type=Both tracking=src count=1 seconds=900 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2003274 type=Both tracking=src count=1 seconds=900 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2003277 type=Both tracking=src count=1 seconds=900 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2003276 type=Both tracking=src count=1 seconds=900 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2002402 type=Limit tracking=src count=1 seconds=360 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2002400 type=Limit tracking=src count=2 seconds=360 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2003263 type=Both tracking=src count=1 seconds=900 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2003262 type=Both tracking=src count=1 seconds=900 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2003267 type=Both tracking=src count=1 seconds=900 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2003266 type=Both tracking=src count=1 seconds=900 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2003269 type=Both tracking=src count=1 seconds=900 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2003268 type=Both tracking=src count=1 seconds=900 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2003255 type=Both tracking=src count=1 seconds=900 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2003254 type=Both tracking=src count=1 seconds=900 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2003257 type=Both tracking=src count=2 seconds=900 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2003256 type=Both tracking=src count=2 seconds=900 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2003259 type=Both tracking=src count=1 seconds=900 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2003258 type=Both tracking=src count=1 seconds=900 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2003261 type=Both tracking=src count=1 seconds=900 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2003260 type=Both tracking=src count=1 seconds=900 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2001315 type=Limit tracking=src count=1 seconds=360 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2001316 type=Limit tracking=src count=1 seconds=360 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2019950 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2019897 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2019922 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403311 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403310 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403313 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403312 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403315 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403314 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403317 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403316 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403303 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403302 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403305 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403304 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403307 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403306 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403309 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403308 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403327 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403326 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403319 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403318 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403321 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403320 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403323 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403322 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403325 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403324 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403301 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403300 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404331 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404330 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404333 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404332 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404335 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404334 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404337 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404336 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404323 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404322 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404325 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404324 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404327 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404326 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404329 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404328 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404347 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404346 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404349 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404348 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404339 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404338 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404341 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404340 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404343 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404342 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404345 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404344 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404301 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404300 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404303 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404302 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404305 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404304 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404315 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404314 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404317 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404316 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404319 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404318 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404321 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404320 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404307 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404306 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404309 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404308 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404311 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404310 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404313 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404312 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404203 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404202 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404205 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404204 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404207 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404206 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404201 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404200 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2003583 type=Limit tracking=src count=3 seconds=300 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2003585 type=Limit tracking=src count=3 seconds=300 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2021327 type=Both tracking=src count=10 seconds=120 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2021326 type=Limit tracking=src count=3 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404171 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404170 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404173 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404172 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404175 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404174 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404177 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404176 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404163 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404162 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404165 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404164 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404167 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404166 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2021329 type=Both tracking=src count=10 seconds=120 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404169 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2021328 type=Both tracking=src count=10 seconds=120 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404168 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2021331 type=Both tracking=src count=10 seconds=120 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404187 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2021330 type=Both tracking=src count=10 seconds=120 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404186 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2021333 type=Both tracking=src count=10 seconds=120 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404189 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2021332 type=Both tracking=src count=10 seconds=120 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404188 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404191 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404190 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404193 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404192 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404179 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404178 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404181 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404180 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404183 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404182 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404185 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404184 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2003566 type=Limit tracking=src count=3 seconds=300 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404155 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404154 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404157 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404156 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404159 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2022291 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404158 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404161 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404160 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404151 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404150 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404153 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404152 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2003493 type=Limit tracking=src count=2 seconds=360 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2003497 type=Limit tracking=src count=3 seconds=300 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2023180 type=Limit tracking=src count=1 seconds=30 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500098 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500097 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500100 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500099 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500101 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2020240 type=Limit tracking=src count=1 seconds=180 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2500096 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2001562 type=Limit tracking=src count=2 seconds=300 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2001564 type=Limit tracking=src count=5 seconds=300 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2018088 type=Limit tracking=src count=1 seconds=300 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2018090 type=Limit tracking=src count=1 seconds=300 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404602 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404601 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404604 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404603 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404606 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404605 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404607 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404594 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404593 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404596 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404595 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404598 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404597 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404600 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404599 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404570 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404569 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404572 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404571 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404574 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404573 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404576 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404575 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404562 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404561 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404564 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404563 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404566 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404565 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404568 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404567 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404586 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404585 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404588 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404587 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404590 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404589 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404592 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404591 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404578 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404577 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404580 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404579 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404582 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404581 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404584 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404583 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404538 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404537 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404540 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404539 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403582 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403581 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404542 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404541 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403583 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404544 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404543 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404530 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404529 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404532 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404531 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403574 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403573 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404534 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404533 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403576 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403575 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404536 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404535 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403578 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403577 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404554 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404553 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403580 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403579 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404556 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404555 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404558 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404557 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404560 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404559 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404546 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404545 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404548 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404547 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404550 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404549 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404552 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404551 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404506 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404505 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404508 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404507 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403550 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403549 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404510 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404509 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403552 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403551 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404512 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404511 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403554 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403553 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404498 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404497 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403556 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403555 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404500 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404499 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403542 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403541 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404502 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404501 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403544 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403543 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404504 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404503 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403546 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403545 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404522 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404521 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403548 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403547 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404524 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404523 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403566 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403565 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404526 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404525 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403568 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403567 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404528 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404527 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403570 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403569 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404514 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404513 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403572 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403571 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404516 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404515 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403558 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403557 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404518 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404517 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403560 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403559 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404520 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2022616 type=Limit tracking=src count=1 seconds=30 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404519 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403562 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2022615 type=Limit tracking=src count=1 seconds=30 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403561 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404474 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2022618 type=Limit tracking=src count=1 seconds=30 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404473 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403564 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2022617 type=Limit tracking=src count=1 seconds=30 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403563 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404476 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404475 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403518 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403517 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404478 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404477 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403520 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403519 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404480 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404479 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403522 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403521 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404466 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404465 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403524 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403523 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404468 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404467 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403510 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403509 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404470 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404469 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403512 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403511 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404472 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404471 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403514 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403513 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404490 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404489 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403516 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403515 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404492 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404491 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403534 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403533 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404494 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404493 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403536 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403535 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404496 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404495 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403538 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403537 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404482 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404481 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403540 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403539 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404484 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404483 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403526 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403525 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404486 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404485 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403528 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403527 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404488 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404487 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403530 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403529 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404442 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404441 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403532 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403531 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404444 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404443 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403486 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403485 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404446 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404445 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403488 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403487 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404448 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404447 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403490 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403489 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404434 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404433 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403492 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403491 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404436 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404435 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403478 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403477 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404438 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404437 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403480 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403479 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404440 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404439 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403482 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403481 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404458 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404457 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403484 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403483 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404460 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404459 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403502 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403501 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404462 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404461 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403504 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403503 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404464 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404463 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403506 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403505 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404450 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404449 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403508 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403507 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404452 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404451 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403494 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403493 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404454 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404453 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403496 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403495 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404456 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404455 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403498 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403497 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404410 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404409 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403500 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403499 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404412 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404411 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403454 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403453 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404414 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404413 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403456 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403455 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404416 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404415 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403458 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403457 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404402 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404401 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403460 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403459 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404404 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404403 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403446 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403445 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404406 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404405 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403448 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403447 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404408 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404407 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403450 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403449 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404426 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404425 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403452 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403451 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404428 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404427 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403470 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403469 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404430 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404429 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403472 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403471 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404432 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404431 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403474 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403473 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404418 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404417 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403476 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403475 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404420 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404419 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403462 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403461 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404422 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404421 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403464 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403463 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404424 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404423 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403466 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403465 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403468 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403467 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403422 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403421 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403424 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403423 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403426 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403425 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403428 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403427 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403414 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403413 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403416 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2021575 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403415 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403418 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403417 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403420 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403419 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403438 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403437 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403440 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403439 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2404400 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403442 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403441 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2021572 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403444 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403443 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2021574 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403430 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2021573 type=Limit tracking=src count=1 seconds=60 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403429 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403432 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403431 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403434 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403433 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403436 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403435 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403390 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403389 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403392 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403391 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403394 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403393 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403396 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403395 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403382 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403381 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403384 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403383 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403386 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403385 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403388 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403387 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403406 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403405 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403408 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403407 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403410 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403409 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2001872 type=Limit tracking=src count=1 seconds=360 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403412 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403411 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403398 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403397 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403400 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403399 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403402 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403401 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403404 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403403 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403358 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403357 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403360 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403359 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403362 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403361 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403364 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403363 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403350 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403349 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403352 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403351 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403354 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403353 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403356 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403355 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403374 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403373 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403376 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403375 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403378 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403377 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403380 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403379 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403366 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403365 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403368 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403367 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403370 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403369 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2001864 type=Limit tracking=src count=1 seconds=360 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403372 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403371 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403328 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2001855 type=Limit tracking=src count=1 seconds=360 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403330 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403329 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2018430 type=Limit tracking=src count=1 seconds=300 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403332 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403331 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2018432 type=Limit tracking=src count=1 seconds=300 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2001858 type=Limit tracking=src count=1 seconds=360 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2018431 type=Limit tracking=src count=1 seconds=300 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2018433 type=Limit tracking=src count=1 seconds=300 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403342 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403341 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403344 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403343 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403346 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403345 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403348 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403347 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403334 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403333 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403336 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403335 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403338 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403337 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403340 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403339 type=Limit tracking=src count=1 seconds=3600 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2021444 type=Both tracking=src count=10 seconds=120 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2021443 type=Both tracking=src count=10 seconds=120 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2018372 type=Limit tracking=src count=1 seconds=120 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2018374 type=Limit tracking=src count=1 seconds=120 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2018373 type=Limit tracking=src count=1 seconds=120 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2018378 type=Limit tracking=src count=1 seconds=120 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2018377 type=Limit tracking=src count=1 seconds=120 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2018388 type=Limit tracking=src count=1 seconds=120 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2018389 type=Limit tracking=src count=1 seconds=120 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2021410 type=Both tracking=src count=10 seconds=120 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2021409 type=Both tracking=src count=10 seconds=120 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2018382 type=Limit tracking=dst count=1 seconds=120 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2018383 type=Limit tracking=src count=1 seconds=120 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2019418 type=Both tracking=src count=50 seconds=300 Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: +-----------------------[suppression]------------------------------------------ Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=129 sig-id=12 tracking=none Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: | gen-id=129 sig-id=20 tracking=none Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: ------------------------------------------------------------------------------- Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: Rule application order: activation->dynamic->pass->drop->sdrop->reject->alert->log Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: Verifying Preprocessor Configurations! Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: WARNING: flowbits key 'et.JavaArchiveOrClass' is checked but not ever set. Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: WARNING: flowbits key 'ET.Adobe.Site.Download' is checked but not ever set. Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: WARNING: flowbits key 'et.MS.XMLHTTP.ip.request' is checked but not ever set. Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: WARNING: flowbits key 'ET.http.binary' is checked but not ever set. Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: WARNING: flowbits key 'FlimKit.SWF.Redirect' is checked but not ever set. Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: WARNING: flowbits key 'et.DocVBAProject' is set but not ever checked. Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: WARNING: flowbits key 'SunDown.EK' is set but not ever checked. Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: WARNING: flowbits key 'EXE2' is set but not ever checked. Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: WARNING: flowbits key 'ET.JS.Obfus.Func' is checked but not ever set. Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: WARNING: flowbits key 'ET.Symantec.Site.Download' is checked but not ever set. Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: WARNING: flowbits key 'ET.ZoneAlarm.Site.Download' is checked but not ever set. Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: WARNING: flowbits key 'AnglerEK' is set but not ever checked. Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: WARNING: flowbits key 'ET.DshieldIP' is set but not ever checked. Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: WARNING: flowbits key 'et.MCOFF' is checked but not ever set. Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: WARNING: flowbits key 'ET.QuickenUpdater' is checked but not ever set. Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: WARNING: flowbits key 'et.http.PK' is checked but not ever set. Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: WARNING: flowbits key 'ET_EDGE_UA' is set but not ever checked. Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: WARNING: flowbits key 'ETPRO.RTF' is set but not ever checked. Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: WARNING: flowbits key 'NuclearEK' is set but not ever checked. Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: WARNING: flowbits key 'ET.wininet.UA' is checked but not ever set. Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: WARNING: flowbits key 'ET.pdf.in.http' is checked but not ever set. Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: WARNING: flowbits key 'et.MS.XMLHTTP.no.exe.request' is checked but not ever set. Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: WARNING: flowbits key 'ET.BotccIP' is set but not ever checked. Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: WARNING: flowbits key 'ET.http.javaclient.vulnerable' is checked but not ever set. Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: WARNING: flowbits key 'et.WinHttpRequest' is checked but not ever set. Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: WARNING: flowbits key 'ET.Evil' is set but not ever checked. Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: WARNING: flowbits key 'et.MS.WinHttpRequest.no.exe.request' is checked but not ever set. Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: WARNING: flowbits key 'ET.http.rtf.download' is set but not ever checked. Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: WARNING: flowbits key 'ET.http.javaclient.SakuraPorts' is checked but not ever set. Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: WARNING: flowbits key 'ET.RIGEKExploit' is set but not ever checked. Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: WARNING: flowbits key 'ET.CottonCastle.Exploit' is set but not ever checked. Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: WARNING: flowbits key 'ET.CompIP' is set but not ever checked. Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: WARNING: flowbits key 'ET.http.javaclient' is checked but not ever set. Sun Nov 6 14:25:07 2016 daemon.notice snort[18889]: 87 out of 1024 flowbits in use. Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: [ Port Based Pattern Matching Memory ] Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: +- [ Aho-Corasick Summary ] ------------------------------------- Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: | Storage Format : Full Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: | Finite Automaton : DFA Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: | Alphabet Size : 256 Chars Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: | Sizeof State : Variable (1,2,4 bytes) Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: | Instances : 89 Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: | 1 byte states : 79 Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: | 2 byte states : 10 Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: | 4 byte states : 0 Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: | Characters : 55505 Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: | States : 36690 Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: | Transitions : 2008701 Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: | State Density : 21.4% Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: | Patterns : 4174 Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: | Match States : 4183 Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: | Memory (MB) : 19.46 Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: | Patterns : 0.42 Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: | Match Lists : 1.08 Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: | DFA Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: | 1 byte states : 0.54 Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: | 2 byte states : 17.26 Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: | 4 byte states : 0.00 Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: +---------------------------------------------------------------- Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: [ Number of patterns truncated to 18 bytes: 1311 ] Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: afpacket DAQ configured to inline. Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: Acquiring network traffic from "eth0:eth2". Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: Initializing daemon mode Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: Daemon initialized, signaled parent pid: 1 Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: Reload thread starting... Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: Reload thread started, thread 0xfff425f210 (18890) Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: Checking PID path... Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: PID path stat checked out ok, PID path set to /var/snort/ Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: Writing PID "18889" to file "/var/snort//snort_eth0:eth2.pid" Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: --== Initialization Complete ==-- Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: ,,_ -*> Snort! <*- Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: o" )~ Version 2.9.7.2 GRE (Build 177) Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: '''' By Martin Roesch & The Snort Team: http://www.snort.org/contact#team Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: Copyright (C) 2014 Cisco and/or its affiliates. All rights reserved. Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: Copyright (C) 1998-2013 Sourcefire, Inc., et al. Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: Using libpcap version 1.5.3 Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: Using PCRE version: 8.36 2014-09-26 Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: Using ZLIB version: 1.2.8 Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: Rules Engine: SF_SNORT_DETECTION_ENGINE Version 2.4 Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: Preprocessor Object: SF_SSLPP Version 1.1 Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: Commencing packet processing (pid=18889) Sun Nov 6 14:25:18 2016 daemon.notice snort[18889]: Decoding Ethernet Mon Nov 7 00:00:00 2016 cron.info crond[3187]: USER root pid 18894 cmd /usr/sbin/ntpclient -s -p 123 -h 0.us.pool.ntp.org || /etc/init.d/ntpclient restart Mon Nov 7 01:00:00 2016 cron.info crond[3187]: USER root pid 18897 cmd sh /sbin/fw_upgrade Mon Nov 7 01:01:20 2016 user.notice Updated redirect ip address: 192.168.1.112: update_blacklist Mon Nov 7 01:01:22 2016 daemon.crit dnsmasq[19211]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf Mon Nov 7 01:01:22 2016 daemon.crit dnsmasq[19211]: FAILED to start up Mon Nov 7 01:01:24 2016 daemon.err snort[18889]: *** Caught Term-Signal Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: =============================================================================== Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Run time for packet processing was 38166.545416 seconds Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Snort processed 26982836 packets. Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Snort ran for 0 days 10 hours 36 minutes 6 seconds Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Pkts/hr: 2698283 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Pkts/min: 42425 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Pkts/sec: 706 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: =============================================================================== Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Memory usage summary: Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Total non-mmapped bytes (arena): 75851808 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Bytes in mapped regions (hblkhd): 14483456 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Total allocated space (uordblks): 57227360 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Total free space (fordblks): 18624448 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Topmost releasable block (keepcost): 150816 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: =============================================================================== Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Packet I/O Totals: Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Received: 26982836 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Analyzed: 26982836 (100.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Dropped: 0 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Filtered: 0 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Outstanding: 0 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Injected: 172 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: =============================================================================== Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Breakdown by protocol (includes rebuilt packets): Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Eth: 26983743 (100.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: VLAN: 0 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: IP4: 26982846 ( 99.997%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Frag: 0 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: ICMP: 866 ( 0.003%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: UDP: 732847 ( 2.716%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: TCP: 26249133 ( 97.278%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: IP6: 29 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: IP6 Ext: 29 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: IP6 Opts: 0 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Frag6: 0 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: ICMP6: 29 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: UDP6: 0 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: TCP6: 0 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Teredo: 29 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: ICMP-IP: 0 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: IP4/IP4: 0 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: IP4/IP6: 0 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: IP6/IP4: 0 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: IP6/IP6: 0 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: GRE: 0 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: GRE Eth: 0 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: GRE VLAN: 0 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: GRE IP4: 0 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: GRE IP6: 0 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: GRE IP6 Ext: 0 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: GRE PPTP: 0 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: GRE ARP: 0 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: GRE IPX: 0 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: GRE Loop: 0 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: MPLS: 0 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: ARP: 897 ( 0.003%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: IPX: 0 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Eth Loop: 0 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Eth Disc: 0 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: IP4 Disc: 0 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: IP6 Disc: 0 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: TCP Disc: 0 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: UDP Disc: 0 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: ICMP Disc: 0 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: All Discard: 0 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Other: 0 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Bad Chk Sum: 4 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Bad TTL: 0 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: S5 G 1: 221 ( 0.001%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: S5 G 2: 686 ( 0.003%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Total: 26983743 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: =============================================================================== Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Action Stats: Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Alerts: 108 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Logged: 108 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Passed: 0 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Limits: Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Match: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Queue: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Log: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Event: 10 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Alert: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Verdicts: Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Allow: 23810521 ( 88.243%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Block: 23 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Replace: 75 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Whitelist: 3172102 ( 11.756%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Blacklist: 115 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Ignore: 0 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Retry: 0 ( 0.000%) Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: =============================================================================== Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Normalizer statistics: Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: ip4::trim: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Would ip4::trim: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: ip4::tos: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Would ip4::tos: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: ip4::df: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Would ip4::df: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: ip4::rf: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Would ip4::rf: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: ip4::ttl: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Would ip4::ttl: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: ip4::opts: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Would ip4::opts: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: icmp4::echo: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Would icmp4::echo: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: ip6::ttl: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Would ip6::ttl: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: ip6::opts: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Would ip6::opts: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: icmp6::echo: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Would icmp6::echo: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: tcp::syn_opt: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Would tcp::syn_opt: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: tcp::opt: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Would tcp::opt: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: tcp::pad: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Would tcp::pad: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: tcp::rsv: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Would tcp::rsv: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: tcp::ns: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Would tcp::ns: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: tcp::urp: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Would tcp::urp: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: tcp::ecn_pkt: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Would tcp::ecn_pkt: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: tcp::ts_ecr: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Would tcp::ts_ecr: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: tcp::req_urg: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Would tcp::req_urg: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: tcp::req_pay: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Would tcp::req_pay: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: tcp::req_urp: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Would tcp::req_urp: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: tcp::ecn_ssn: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Would tcp::ecn_ssn: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: tcp::ts_nop: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Would tcp::ts_nop: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: tcp::ips_data: 123 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Would tcp::ips_data: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: tcp::block: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Would tcp::block: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: tcp::trim_syn: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Would tcp::trim_syn: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: tcp::trim_rst: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Would tcp::trim_rst: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: tcp::trim_win: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Would tcp::trim_win: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: tcp::trim_mss: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Would tcp::trim_mss: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: =============================================================================== Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Frag3 statistics: Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Total Fragments: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Frags Reassembled: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Discards: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Memory Faults: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Timeouts: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Overlaps: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Anomalies: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Alerts: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Drops: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: FragTrackers Added: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: FragTrackers Dumped: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: FragTrackers Auto Freed: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Frag Nodes Inserted: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Frag Nodes Deleted: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: =============================================================================== Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: =============================================================================== Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Stream statistics: Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Total sessions: 25194 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: TCP sessions: 24214 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: UDP sessions: 980 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: ICMP sessions: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: IP sessions: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: TCP Prunes: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: UDP Prunes: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: ICMP Prunes: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: IP Prunes: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: TCP StreamTrackers Created: 24332 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: TCP StreamTrackers Deleted: 24332 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: TCP Timeouts: 1084 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: TCP Overlaps: 123 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: TCP Segments Queued: 15044322 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: TCP Segments Released: 15044322 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: TCP Rebuilt Packets: 1300011 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: TCP Segments Used: 15035636 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: TCP Discards: 21376 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: TCP Gaps: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: UDP Sessions Created: 1282 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: UDP Sessions Deleted: 1282 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: UDP Timeouts: 302 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: UDP Discards: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Events: 7693 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Internal Events: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: TCP Port Filter Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Filtered: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Inspected: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Tracked: 26248203 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: UDP Port Filter Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Filtered: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Inspected: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Tracked: 980 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: =============================================================================== Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: HTTP Inspect - encodings (Note: stream-reassembled packets included): Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: POST methods: 6220 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: GET methods: 15250 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: HTTP Request Headers extracted: 35362 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: HTTP Request Cookies extracted: 1094 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Post parameters extracted: 6276 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: HTTP response Headers extracted: 21124 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: HTTP Response Cookies extracted: 1562 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Unicode: 645 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Double unicode: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Non-ASCII representable: 6546 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Directory traversals: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Extra slashes ("//"): 116 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Self-referencing paths ("./"): 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: HTTP Response Gzip packets extracted: 577 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Gzip Compressed Data Processed: 7933115.00 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Gzip Decompressed Data Processed: 24687188.00 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Total packets processed: 16265566 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: =============================================================================== Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: SSL Preprocessor: Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: SSL packets decoded: 91468 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Client Hello: 11467 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Server Hello: 11414 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Certificate: 8499 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Server Done: 23772 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Client Key Exchange: 7848 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Server Key Exchange: 6118 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Change Cipher: 22351 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Finished: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Client Application: 14212 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Server Application: 7416 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Alert: 834 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Unrecognized records: 32074 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Completed handshakes: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Bad handshakes: 0 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Sessions ignored: 5452 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: Detection disabled: 2183 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: =============================================================================== Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: +-----------------------[filtered events]-------------------------------------- Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2402000 type=Limit tracking=src count=1 seconds=3600 filtered=4 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403556 type=Limit tracking=src count=1 seconds=3600 filtered=2 Mon Nov 7 01:01:24 2016 daemon.notice snort[18889]: | gen-id=1 sig-id=2403356 type=Limit tracking=src count=1 seconds=3600 filtered=4 Mon Nov 7 01:01:25 2016 daemon.notice snort[18889]: Snort exiting Mon Nov 7 01:01:27 2016 daemon.crit dnsmasq[19247]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf Mon Nov 7 01:01:27 2016 daemon.crit dnsmasq[19247]: FAILED to start up Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Enabling inline operation Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Found pid path directive (/var/snort/) Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Running in IDS mode Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: --== Initializing Snort ==-- Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Initializing Output Plugins! Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Initializing Preprocessors! Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Initializing Plug-ins! Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Parsing Rules file "/etc/snort/snort_bridge.conf" Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: PortVar 'HTTP_PORTS' defined : Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: [ 36 80:90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 33300 34412Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: PortVar 'SHELLCODE_PORTS' defined : Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: [ 1:65535 ] Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: PortVar 'ORACLE_PORTS' defined : Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: [ 1024:65535 ] Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: PortVar 'SSH_PORTS' defined : Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: [ 22 ] Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: PortVar 'FTP_PORTS' defined : Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: [ 21 2100 3535 ] Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: PortVar 'SIP_PORTS' defined : Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: [ 5060:5061 5600 ] Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: PortVar 'FILE_DATA_PORTS' defined : Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: [ 36 80:90 110 143 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 333Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: PortVar 'GTP_PORTS' defined : Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: [ 2123 2152 3386 ] Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Detection: Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Search-Method = AC-Full Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Split Any/Any group = enabled Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Search-Method-Optimizations = enabled Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Maximum pattern length = 18 Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Found pid path directive (/var/snort/) Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Tagged Packet Limit: 256 Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so... Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: done Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/... Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: done Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/ Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Log directory = /tmp/snort/ Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Normalizer config: Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: ip4: on Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: ip4::df: off Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: ip4::rf: off Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: ip4::tos: off Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: ip4::trim: off Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: ip4::ttl: on (min=1, new=5) Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Normalizer config: Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: tcp: on Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: tcp::ecn: stream Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: tcp::block: off Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: tcp::rsv: off Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: tcp::pad: off Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: tcp::req_urg: off Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: tcp::req_pay: off Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: tcp::req_urp: off Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: tcp::urp: off Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: tcp::opt: off Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: tcp::ips: on Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: tcp::trim_syn: off Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: tcp::trim_rst: off Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: tcp::trim_win: off Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: tcp::trim_mss: off Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Normalizer config: Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: icmp4: on Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Normalizer config: Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: ip6: on Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: ip6::hops: on (min=1, new=5) Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Normalizer config: Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: icmp6: on Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Frag3 global config: Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Max frags: 65536 Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Fragment memory cap: 4194304 bytes Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Frag3 engine config: Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Bound Address: default Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Target-based policy: WINDOWS Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Fragment timeout: 180 seconds Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Fragment min_ttl: 1 Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Fragment Anomalies: Alert Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Overlap Limit: 10 Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Min fragment Length: 100 Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Max Expected Streams: 39 Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Stream global config: Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Track TCP sessions: ACTIVE Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Max TCP sessions: 10000 Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: TCP cache pruning timeout: 30 seconds Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: TCP cache nominal timeout: 3600 seconds Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Memcap (for reassembly packet storage): 10388608 Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Track UDP sessions: ACTIVE Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Max UDP sessions: 10000 Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: UDP cache pruning timeout: 30 seconds Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: UDP cache nominal timeout: 180 seconds Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Track ICMP sessions: ACTIVE Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Max ICMP sessions: 65536 Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Track IP sessions: INACTIVE Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Log info if session memory consumption exceeds 3579067 Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Send up to 2 active responses Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Wait at least 5 seconds between responses Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Protocol Aware Flushing: ACTIVE Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Maximum Flush Point: 16000 Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Stream TCP Policy config: Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Bound Address: default Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Reassembly Policy: WINDOWS Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Timeout: 180 seconds Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Limit on TCP Overlaps: 10 Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Maximum number of bytes to queue per session: 3550531 Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Maximum number of segs to queue per session: 3621 Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Options: Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Require 3-Way Handshake: YES Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: 3-Way Handshake Timeout: 180 Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Detect Anomalies: YES Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Reassembly Ports: Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: 21 client (Footprint-IPS) Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: 22 client (Footprint-IPS) Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: 23 client (Footprint-IPS) Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: 25 client (Footprint-IPS) Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: 36 client (Footprint-IPS) server (Footprint-IPS) Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: 42 client (Footprint-IPS) Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: 53 client (Footprint-IPS) Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: 70 client (Footprint-IPS) Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: 79 client (Footprint-IPS) Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: 80 client (Footprint-IPS) server (Footprint-IPS) Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: 81 client (Footprint-IPS) server (Footprint-IPS) Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: 82 client (Footprint-IPS) server (Footprint-IPS) Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: 83 client (Footprint-IPS) server (Footprint-IPS) Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: 84 client (Footprint-IPS) server (Footprint-IPS) Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: 85 client (Footprint-IPS) server (Footprint-IPS) Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: 86 client (Footprint-IPS) server (Footprint-IPS) Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: 87 client (Footprint-IPS) server (Footprint-IPS) Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: 88 client (Footprint-IPS) server (Footprint-IPS) Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: 89 client (Footprint-IPS) server (Footprint-IPS) Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: 90 client (Footprint-IPS) server (Footprint-IPS) Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: additional ports configured but not printed. Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Stream UDP Policy config: Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Timeout: 180 seconds Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: HttpInspect Config: Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: GLOBAL CONFIG Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Detect Proxy Usage: NO Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: IIS Unicode Map Filename: /etc/snort/unicode.map Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: IIS Unicode Map Codepage: 1252 Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Memcap used for logging URI and Hostname: 150994944 Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Max Gzip Memory: 838860 Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Max Gzip Sessions: 1807 Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Gzip Compress Depth: 65535 Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Gzip Decompress Depth: 65535 Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: DEFAULT SERVER CONFIG: Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Server profile: All Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Ports (PAF): 36 80 81 82 83 84 85 86 87 88 89 90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000 7001 7071 7144 7145 7510 7770 7777 7778 7779 8000 8008 8014 8028 8080 8081 8082 8085 8088 8090 8118 8123 8180 8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090 9091 9111 9290 9443Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Server Flow Depth: 0 Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Client Flow Depth: 0 Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Max Chunk Length: 500000 Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Small Chunk Length Evasion: chunk size <= 10, threshold >= 5 times Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Max Header Field Length: 750 Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Max Number Header Fields: 100 Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Max Number of WhiteSpaces allowed with header folding: 200 Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Inspect Pipeline Requests: YES Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: URI Discovery Strict Mode: NO Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Allow Proxy Usage: NO Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Disable Alerting: NO Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Oversize Dir Length: 500 Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Only inspect URI: NO Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Normalize HTTP Headers: NO Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Inspect HTTP Cookies: YES Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Inspect HTTP Responses: YES Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Extract Gzip from responses: YES Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Decompress response files: Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Unlimited decompression of gzip data from responses: YES Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Normalize Javascripts in HTTP Responses: YES Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Max Number of WhiteSpaces allowed with Javascript Obfuscation in HTTP responses: 200 Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Normalize HTTP Cookies: NO Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Enable XFF and True Client IP: NO Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Log HTTP URI data: NO Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Log HTTP Hostname data: NO Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Extended ASCII code support in URI: NO Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Ascii: YES alert: NO Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Double Decoding: YES alert: NO Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: %U Encoding: YES alert: YES Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Bare Byte: YES alert: NO Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: UTF 8: YES alert: NO Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: IIS Unicode: YES alert: NO Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Multiple Slash: YES alert: NO Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: IIS Backslash: YES alert: NO Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Directory Traversal: YES alert: NO Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Web Root Traversal: YES alert: NO Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Apache WhiteSpace: YES alert: NO Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: IIS Delimiter: YES alert: NO Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Whitespace Characters: 0x09 0x0b 0x0c 0x0d Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: rpc_decode arguments: Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: alert_fragments: INACTIVE Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: alert_large_fragments: INACTIVE Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: alert_incomplete: INACTIVE Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: alert_multiple_requests: INACTIVE Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: SSLPP config: Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Encrypted packets: not inspected Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Ports: Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: 443 465 563 587 636 Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: 989 992 993 994 995 Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: 7801 7802 7900 7901 7902 Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: 7903 7904 7905 7906 7907 Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: 7908 7909 7910 7911 7912 Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: 7913 7914 7915 7916 7917 Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: 7918 7919 7920 Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Server side data is trusted Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Maximum SSL Heartbeat length: 0 Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: +++++++++++++++++++++++++++++++++++++++++++++++++++ Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: Initializing rule chains... Mon Nov 7 01:01:29 2016 daemon.notice snort[19254]: WARNING: /etc/snort/rules/snort.rules(1232) threshold (in rule) is deprecated; use detection_filter instead. Mon Nov 7 01:01:32 2016 daemon.crit dnsmasq[19261]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf Mon Nov 7 01:01:32 2016 daemon.crit dnsmasq[19261]: FAILED to start up Mon Nov 7 01:01:35 2016 daemon.notice snort[19254]: 5034 Snort rules read Mon Nov 7 01:01:35 2016 daemon.notice snort[19254]: 5034 detection rules Mon Nov 7 01:01:35 2016 daemon.notice snort[19254]: 0 decoder rules Mon Nov 7 01:01:35 2016 daemon.notice snort[19254]: 0 preprocessor rules Mon Nov 7 01:01:35 2016 daemon.notice snort[19254]: 5034 Option Chains linked into 1037 Chain Headers Mon Nov 7 01:01:35 2016 daemon.notice snort[19254]: 0 Dynamic rules Mon Nov 7 01:01:35 2016 daemon.notice snort[19254]: +++++++++++++++++++++++++++++++++++++++++++++++++++ Mon Nov 7 01:01:35 2016 daemon.notice snort[19254]: Mon Nov 7 01:01:38 2016 daemon.crit dnsmasq[19262]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf Mon Nov 7 01:01:38 2016 daemon.crit dnsmasq[19262]: FAILED to start up Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: +-------------------[Rule Port Counts]--------------------------------------- Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | tcp udp icmp ip Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | src 1465 8 0 0 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | dst 2337 125 0 0 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | any 647 452 0 0 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | nc 446 446 0 0 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | s+d 28 0 0 0 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: +---------------------------------------------------------------------------- Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: +-----------------------[detection-filter-config]------------------------------ Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | memory-cap : 1048576 bytes Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: +-----------------------[detection-filter-rules]------------------------------- Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: ------------------------------------------------------------------------------- Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: +-----------------------[rate-filter-config]----------------------------------- Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | memory-cap : 1048576 bytes Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: +-----------------------[rate-filter-rules]------------------------------------ Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | none Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: ------------------------------------------------------------------------------- Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: +-----------------------[event-filter-config]---------------------------------- Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | memory-cap : 1048576 bytes Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: +-----------------------[event-filter-global]---------------------------------- Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | none Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: +-----------------------[event-filter-local]----------------------------------- Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404173 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404172 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404175 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404174 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404169 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404168 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404171 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404170 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404181 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404180 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404183 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404182 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404177 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404176 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404179 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404178 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404157 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404156 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404159 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404158 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404153 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404152 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2000929 type=Limit tracking=src count=1 seconds=360 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404155 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404154 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404165 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404164 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404167 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404166 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404161 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404160 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404163 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404162 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404151 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404150 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404604 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404603 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404606 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404605 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404600 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404599 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404602 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404601 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404607 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404588 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404587 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404590 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404589 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404584 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404583 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404586 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404585 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404596 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404595 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404598 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404597 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404592 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404591 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404594 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404593 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404572 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404571 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404574 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404573 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404568 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404567 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404570 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404569 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404580 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404579 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404582 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404581 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404576 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404575 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404578 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404577 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2021018 type=Both tracking=dst count=10 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2020712 type=Limit tracking=src count=2 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2022616 type=Limit tracking=src count=1 seconds=30 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2022615 type=Limit tracking=src count=1 seconds=30 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2022618 type=Limit tracking=src count=1 seconds=30 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2022617 type=Limit tracking=src count=1 seconds=30 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500085 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500084 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500087 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500086 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500081 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500080 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500083 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500082 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500093 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500092 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500095 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500094 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500089 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500088 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500091 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500090 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500069 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500068 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500071 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500070 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500065 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500064 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500067 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500066 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500077 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500076 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500079 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500078 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500073 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500072 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500075 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500074 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404205 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404204 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404207 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404206 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404201 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404200 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404203 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404202 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404189 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404188 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404191 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404190 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404185 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404184 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404187 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2020661 type=Limit tracking=dst count=1 seconds=1200 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404186 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404193 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404192 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404301 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404300 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404303 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404302 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404309 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404308 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404311 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404310 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404305 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404304 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404307 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404306 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404349 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404348 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404345 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404344 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404347 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404346 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404333 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404332 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404335 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404334 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404329 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404328 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404331 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404330 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404341 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404340 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404343 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404342 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404337 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404336 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404339 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404338 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404317 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404316 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404319 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404318 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404313 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404312 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404315 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404314 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404325 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404324 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404327 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404326 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404321 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404320 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404323 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404322 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500053 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500052 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500055 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500054 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500049 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500048 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500051 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500050 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500061 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500060 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500063 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500062 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500057 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500056 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500059 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500058 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500037 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500036 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500039 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500038 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500033 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500032 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500035 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500034 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500045 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500044 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500047 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500046 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500041 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500040 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500043 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500042 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500021 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500020 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500023 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500022 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500017 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500016 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500019 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500018 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500029 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500028 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500031 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500030 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500025 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500024 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500027 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500026 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500005 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500004 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500007 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500006 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500001 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500000 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500003 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500002 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500013 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500012 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500015 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500014 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500009 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500008 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500011 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500010 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2022291 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2002400 type=Limit tracking=src count=2 seconds=360 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2002402 type=Limit tracking=src count=1 seconds=360 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2018569 type=Limit tracking=src count=1 seconds=120 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2018568 type=Limit tracking=src count=1 seconds=120 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403585 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403584 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2021691 type=Limit tracking=src count=3 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403344 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2018430 type=Limit tracking=src count=1 seconds=300 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403343 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403346 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2018432 type=Limit tracking=src count=1 seconds=300 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403345 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2018431 type=Limit tracking=src count=1 seconds=300 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403340 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403339 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403342 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403341 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403352 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403351 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403354 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403353 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403348 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403347 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403350 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403349 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403328 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403330 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403329 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403336 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403335 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2018389 type=Limit tracking=src count=1 seconds=120 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403338 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403337 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403332 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403331 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2018388 type=Limit tracking=src count=1 seconds=120 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403334 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403333 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2018374 type=Limit tracking=src count=1 seconds=120 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2018373 type=Limit tracking=src count=1 seconds=120 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2018372 type=Limit tracking=src count=1 seconds=120 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2018382 type=Limit tracking=dst count=1 seconds=120 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2023180 type=Limit tracking=src count=1 seconds=30 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2018383 type=Limit tracking=src count=1 seconds=120 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2018378 type=Limit tracking=src count=1 seconds=120 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2018377 type=Limit tracking=src count=1 seconds=120 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403408 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403407 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403410 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403409 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403404 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403403 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403406 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403405 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403416 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403415 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403418 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403417 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403412 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403411 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403414 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403413 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403392 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403391 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403394 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403393 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403388 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403387 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403390 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403389 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403400 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403399 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403402 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403401 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403396 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403395 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403398 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403397 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403376 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403375 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403378 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403377 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403372 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403371 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403374 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403373 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403384 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403383 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403386 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403385 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403380 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403379 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2018433 type=Limit tracking=src count=1 seconds=300 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403382 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403381 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403360 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403359 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403362 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403361 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403356 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403355 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403358 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403357 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403368 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403367 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403370 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403369 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403364 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403363 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403366 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403365 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403472 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403471 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403474 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403473 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403468 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403467 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403470 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403469 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403480 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403479 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403482 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403481 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403476 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403475 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403478 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403477 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403456 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403455 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403458 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403457 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403452 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403451 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403454 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403453 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403464 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403463 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403466 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403465 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403460 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403459 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403462 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403461 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403440 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403439 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403442 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403441 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403436 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403435 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403438 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403437 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403448 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403447 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2008549 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403450 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403449 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403444 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403443 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403446 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403445 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403424 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403423 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403426 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403425 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403420 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403419 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403422 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403421 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403432 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403431 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403434 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403433 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403428 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403427 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403430 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403429 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403536 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403535 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403538 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403537 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403532 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403531 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403534 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403533 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403544 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403543 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2020240 type=Limit tracking=src count=1 seconds=180 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403546 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403545 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403540 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403539 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403542 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403541 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403520 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403519 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403522 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403521 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403516 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403515 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403518 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403517 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403528 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403527 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403530 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403529 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403524 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403523 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403526 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403525 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403504 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403503 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403506 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403505 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403500 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403499 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403502 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403501 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403512 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403511 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403514 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403513 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403508 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403507 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403510 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403509 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403488 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403487 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403490 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403489 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403484 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403483 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403486 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403485 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403496 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403495 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403498 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403497 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403492 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403491 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403494 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403493 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2003497 type=Limit tracking=src count=3 seconds=300 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2003493 type=Limit tracking=src count=2 seconds=360 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2021410 type=Both tracking=src count=10 seconds=120 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2021409 type=Both tracking=src count=10 seconds=120 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2402001 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2003566 type=Limit tracking=src count=3 seconds=300 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2402000 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2021444 type=Both tracking=src count=10 seconds=120 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2021443 type=Both tracking=src count=10 seconds=120 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2003583 type=Limit tracking=src count=3 seconds=300 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2003585 type=Limit tracking=src count=3 seconds=300 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2018088 type=Limit tracking=src count=1 seconds=300 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2018090 type=Limit tracking=src count=1 seconds=300 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2008085 type=Limit tracking=src count=2 seconds=300 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2003384 type=Limit tracking=src count=1 seconds=300 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2003387 type=Limit tracking=src count=5 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2019897 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2019950 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2003397 type=Both tracking=src count=1 seconds=300 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403583 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2019922 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403580 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403579 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403582 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403581 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403568 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403567 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403570 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403569 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403564 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403563 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403566 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403565 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403576 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403575 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403578 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403577 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403572 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403571 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403574 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403573 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403552 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403551 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403554 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403553 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403548 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403547 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403550 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403549 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403560 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403559 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403562 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403561 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403556 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403555 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403558 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403557 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2000048 type=Limit tracking=dst count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2000049 type=Limit tracking=dst count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2000031 type=Limit tracking=dst count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2023092 type=Limit tracking=src count=1 seconds=30 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2001855 type=Limit tracking=src count=1 seconds=360 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404747 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404746 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404749 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404748 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404743 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404742 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404745 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404744 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404755 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404754 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404757 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404756 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404751 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404750 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404753 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404752 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404731 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404730 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404733 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404732 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404727 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404726 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404729 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404728 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404739 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404738 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404741 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404740 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404735 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404734 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404737 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404736 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404715 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404714 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404717 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2001864 type=Limit tracking=src count=1 seconds=360 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2003257 type=Both tracking=src count=2 seconds=900 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404716 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2003256 type=Both tracking=src count=2 seconds=900 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404711 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2001858 type=Limit tracking=src count=1 seconds=360 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2003259 type=Both tracking=src count=1 seconds=900 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404710 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2003258 type=Both tracking=src count=1 seconds=900 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404713 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404712 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404723 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2003255 type=Both tracking=src count=1 seconds=900 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404722 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2003254 type=Both tracking=src count=1 seconds=900 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404725 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2001872 type=Limit tracking=src count=1 seconds=360 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2019778 type=Both tracking=dst count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404724 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404719 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404718 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404721 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404720 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404699 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404698 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404701 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404700 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404695 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404694 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404697 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404696 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404707 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404706 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404709 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404708 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404703 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404702 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404705 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404704 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404795 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404794 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404797 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404796 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404791 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404790 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404793 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404792 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404799 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404798 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404779 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404778 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404781 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404780 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404775 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2011146 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404774 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404777 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404776 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404787 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404786 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404789 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404788 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404783 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404782 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404785 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404784 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404763 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404762 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404765 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404764 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404759 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404758 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404761 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404760 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404771 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404770 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404773 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2003281 type=Both tracking=src count=1 seconds=900 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404772 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2003280 type=Both tracking=src count=1 seconds=900 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404767 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404766 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404769 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2003277 type=Both tracking=src count=1 seconds=900 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404768 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2003276 type=Both tracking=src count=1 seconds=900 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2003279 type=Both tracking=src count=1 seconds=900 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2003278 type=Both tracking=src count=1 seconds=900 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2021574 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2021573 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2003267 type=Both tracking=src count=1 seconds=900 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2021575 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2003266 type=Both tracking=src count=1 seconds=900 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2003261 type=Both tracking=src count=1 seconds=900 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2003260 type=Both tracking=src count=1 seconds=900 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2003263 type=Both tracking=src count=1 seconds=900 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2003262 type=Both tracking=src count=1 seconds=900 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2003273 type=Both tracking=src count=1 seconds=900 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2003272 type=Both tracking=src count=1 seconds=900 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2003275 type=Both tracking=src count=1 seconds=900 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2003274 type=Both tracking=src count=1 seconds=900 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2003269 type=Both tracking=src count=1 seconds=900 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2003268 type=Both tracking=src count=1 seconds=900 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2003271 type=Both tracking=src count=1 seconds=900 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2003270 type=Both tracking=src count=1 seconds=900 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2021572 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2023066 type=Limit tracking=src count=1 seconds=30 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404619 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404618 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404621 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404620 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404615 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404614 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404617 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404616 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404627 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404626 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404629 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404628 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404623 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404622 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404625 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404624 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404611 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404610 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404613 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404612 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403325 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404609 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403324 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403327 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404608 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403326 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403313 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403312 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403315 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403314 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403309 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403308 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403311 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403310 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403321 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403320 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403323 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403322 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403317 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403316 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403319 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403318 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404683 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403305 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404682 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404685 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403304 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403307 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404684 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404679 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403306 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403301 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404678 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404681 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403300 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403303 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404680 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404691 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2403302 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404690 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404693 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404692 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404687 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2022775 type=Limit tracking=dst count=1 seconds=300 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404686 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404689 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404688 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404667 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404666 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404669 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404668 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404663 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404662 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404665 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404664 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404675 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404674 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404677 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404676 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404671 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404670 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404673 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404672 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404651 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404650 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404653 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404652 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404647 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404646 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404649 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404648 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404659 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404658 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404661 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404660 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404655 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404654 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404657 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404656 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404635 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404634 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404637 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404636 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404631 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404630 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404633 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404632 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404643 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404642 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404645 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404644 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404639 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404638 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404641 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404640 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2019418 type=Both tracking=src count=50 seconds=300 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404428 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404427 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404430 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404429 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404424 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404423 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404426 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404425 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404436 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404435 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404438 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404437 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404432 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404431 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404434 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404433 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404412 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404411 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404414 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404413 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404408 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2001562 type=Limit tracking=src count=2 seconds=300 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404407 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404410 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404409 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404420 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404419 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404422 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404421 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404416 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404415 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404418 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2001564 type=Limit tracking=src count=5 seconds=300 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404417 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404404 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404403 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404406 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404405 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404400 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404402 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404401 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404492 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404491 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404494 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404493 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404488 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404487 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404490 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404489 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404500 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404499 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404502 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404501 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404496 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404495 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404498 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404497 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404476 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404475 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404478 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404477 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404472 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404471 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404474 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404473 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404484 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404483 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404486 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404485 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404480 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404479 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404482 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404481 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404460 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404459 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404462 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404461 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404456 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404455 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404458 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404457 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404468 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404467 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404470 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404469 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404464 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404463 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404466 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404465 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404444 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404443 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404446 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404445 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404440 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404439 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404442 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404441 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404452 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404451 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404454 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404453 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404448 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404447 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404450 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404449 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404556 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404555 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404558 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404557 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404552 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404551 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404554 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404553 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404564 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404563 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404566 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404565 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404560 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404559 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2001316 type=Limit tracking=src count=1 seconds=360 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404562 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404561 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404540 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404539 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404542 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404541 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404536 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404535 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404538 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404537 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404548 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404547 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404550 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404549 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404544 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404543 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404546 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404545 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404524 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404523 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404526 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2001315 type=Limit tracking=src count=1 seconds=360 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404525 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404520 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404519 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404522 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404521 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404532 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404531 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404534 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404533 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404528 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404527 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404530 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404529 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404508 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404507 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404510 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404509 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404504 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404503 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404506 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404505 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404516 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404515 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404518 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404517 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404512 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404511 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404514 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2404513 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2021331 type=Both tracking=src count=10 seconds=120 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2021330 type=Both tracking=src count=10 seconds=120 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2021333 type=Both tracking=src count=10 seconds=120 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2021332 type=Both tracking=src count=10 seconds=120 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2021327 type=Both tracking=src count=10 seconds=120 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2021326 type=Limit tracking=src count=3 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2021329 type=Both tracking=src count=10 seconds=120 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2021328 type=Both tracking=src count=10 seconds=120 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500100 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500099 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500101 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500096 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500098 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=1 sig-id=2500097 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: +-----------------------[suppression]------------------------------------------ Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=129 sig-id=12 tracking=none Mon Nov 7 01:01:40 2016 daemon.notice snort[19254]: | gen-id=129 sig-id=20 tracking=none Mon Nov 7 01:01:41 2016 daemon.notice snort[19254]: ------------------------------------------------------------------------------- Mon Nov 7 01:01:41 2016 daemon.notice snort[19254]: Rule application order: activation->dynamic->pass->drop->sdrop->reject->alert->log Mon Nov 7 01:01:41 2016 daemon.notice snort[19254]: Verifying Preprocessor Configurations! Mon Nov 7 01:01:41 2016 daemon.notice snort[19254]: WARNING: flowbits key 'ET.wininet.UA' is checked but not ever set. Mon Nov 7 01:01:41 2016 daemon.notice snort[19254]: WARNING: flowbits key 'EXE2' is set but not ever checked. Mon Nov 7 01:01:41 2016 daemon.notice snort[19254]: WARNING: flowbits key 'ET.Symantec.Site.Download' is checked but not ever set. Mon Nov 7 01:01:41 2016 daemon.notice snort[19254]: WARNING: flowbits key 'et.MS.WinHttpRequest.no.exe.request' is checked but not ever set. Mon Nov 7 01:01:41 2016 daemon.notice snort[19254]: WARNING: flowbits key 'ET.http.javaclient.vulnerable' is checked but not ever set. Mon Nov 7 01:01:41 2016 daemon.notice snort[19254]: WARNING: flowbits key 'NuclearEK' is set but not ever checked. Mon Nov 7 01:01:41 2016 daemon.notice snort[19254]: WARNING: flowbits key 'ET.JS.Obfus.Func' is checked but not ever set. Mon Nov 7 01:01:41 2016 daemon.notice snort[19254]: WARNING: flowbits key 'ET.CompIP' is set but not ever checked. Mon Nov 7 01:01:41 2016 daemon.notice snort[19254]: WARNING: flowbits key 'ETPRO.RTF' is set but not ever checked. Mon Nov 7 01:01:41 2016 daemon.notice snort[19254]: WARNING: flowbits key 'FlimKit.SWF.Redirect' is checked but not ever set. Mon Nov 7 01:01:41 2016 daemon.notice snort[19254]: WARNING: flowbits key 'ET.http.binary' is checked but not ever set. Mon Nov 7 01:01:41 2016 daemon.notice snort[19254]: WARNING: flowbits key 'SunDown.EK' is set but not ever checked. Mon Nov 7 01:01:41 2016 daemon.notice snort[19254]: WARNING: flowbits key 'et.WinHttpRequest' is checked but not ever set. Mon Nov 7 01:01:41 2016 daemon.notice snort[19254]: WARNING: flowbits key 'et.DocVBAProject' is set but not ever checked. Mon Nov 7 01:01:41 2016 daemon.notice snort[19254]: WARNING: flowbits key 'ET_EDGE_UA' is set but not ever checked. Mon Nov 7 01:01:41 2016 daemon.notice snort[19254]: WARNING: flowbits key 'et.http.PK' is checked but not ever set. Mon Nov 7 01:01:41 2016 daemon.notice snort[19254]: WARNING: flowbits key 'ET.QuickenUpdater' is checked but not ever set. Mon Nov 7 01:01:41 2016 daemon.notice snort[19254]: WARNING: flowbits key 'et.MCOFF' is checked but not ever set. Mon Nov 7 01:01:41 2016 daemon.notice snort[19254]: WARNING: flowbits key 'ET.BotccIP' is set but not ever checked. Mon Nov 7 01:01:41 2016 daemon.notice snort[19254]: WARNING: flowbits key 'ET.pdf.in.http' is checked but not ever set. Mon Nov 7 01:01:41 2016 daemon.notice snort[19254]: WARNING: flowbits key 'ET.http.rtf.download' is set but not ever checked. Mon Nov 7 01:01:41 2016 daemon.notice snort[19254]: WARNING: flowbits key 'et.MS.XMLHTTP.no.exe.request' is checked but not ever set. Mon Nov 7 01:01:41 2016 daemon.notice snort[19254]: WARNING: flowbits key 'ET.Evil' is set but not ever checked. Mon Nov 7 01:01:41 2016 daemon.notice snort[19254]: WARNING: flowbits key 'ET.CottonCastle.Exploit' is set but not ever checked. Mon Nov 7 01:01:41 2016 daemon.notice snort[19254]: WARNING: flowbits key 'et.MS.XMLHTTP.ip.request' is checked but not ever set. Mon Nov 7 01:01:41 2016 daemon.notice snort[19254]: WARNING: flowbits key 'et.JavaArchiveOrClass' is checked but not ever set. Mon Nov 7 01:01:41 2016 daemon.notice snort[19254]: WARNING: flowbits key 'ET.Adobe.Site.Download' is checked but not ever set. Mon Nov 7 01:01:41 2016 daemon.notice snort[19254]: WARNING: flowbits key 'ET.DshieldIP' is set but not ever checked. Mon Nov 7 01:01:41 2016 daemon.notice snort[19254]: WARNING: flowbits key 'ET.http.javaclient.SakuraPorts' is checked but not ever set. Mon Nov 7 01:01:41 2016 daemon.notice snort[19254]: WARNING: flowbits key 'ET.RIGEKExploit' is set but not ever checked. Mon Nov 7 01:01:41 2016 daemon.notice snort[19254]: WARNING: flowbits key 'ET.http.javaclient' is checked but not ever set. Mon Nov 7 01:01:41 2016 daemon.notice snort[19254]: WARNING: flowbits key 'ET.ZoneAlarm.Site.Download' is checked but not ever set. Mon Nov 7 01:01:41 2016 daemon.notice snort[19254]: WARNING: flowbits key 'AnglerEK' is set but not ever checked. Mon Nov 7 01:01:41 2016 daemon.notice snort[19254]: 87 out of 1024 flowbits in use. Mon Nov 7 01:01:43 2016 daemon.crit dnsmasq[19263]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf Mon Nov 7 01:01:43 2016 daemon.crit dnsmasq[19263]: FAILED to start up Mon Nov 7 01:01:48 2016 daemon.crit dnsmasq[19264]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf Mon Nov 7 01:01:48 2016 daemon.crit dnsmasq[19264]: FAILED to start up Mon Nov 7 01:01:48 2016 daemon.info procd: Instance dnsmasq::instance1 s in a crash loop 6 crashes, 0 seconds since last crash Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: [ Port Based Pattern Matching Memory ] Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: +- [ Aho-Corasick Summary ] ------------------------------------- Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: | Storage Format : Full Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: | Finite Automaton : DFA Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: | Alphabet Size : 256 Chars Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: | Sizeof State : Variable (1,2,4 bytes) Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: | Instances : 89 Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: | 1 byte states : 79 Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: | 2 byte states : 10 Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: | 4 byte states : 0 Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: | Characters : 55505 Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: | States : 36690 Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: | Transitions : 2008701 Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: | State Density : 21.4% Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: | Patterns : 4174 Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: | Match States : 4183 Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: | Memory (MB) : 19.46 Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: | Patterns : 0.42 Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: | Match Lists : 1.08 Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: | DFA Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: | 1 byte states : 0.54 Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: | 2 byte states : 17.26 Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: | 4 byte states : 0.00 Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: +---------------------------------------------------------------- Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: [ Number of patterns truncated to 18 bytes: 1311 ] Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: afpacket DAQ configured to inline. Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: Acquiring network traffic from "eth0:eth2". Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: Initializing daemon mode Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: Daemon initialized, signaled parent pid: 1 Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: Reload thread starting... Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: Reload thread started, thread 0xffe700f210 (19265) Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: Checking PID path... Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: PID path stat checked out ok, PID path set to /var/snort/ Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: Writing PID "19254" to file "/var/snort//snort_eth0:eth2.pid" Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: --== Initialization Complete ==-- Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: ,,_ -*> Snort! <*- Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: o" )~ Version 2.9.7.2 GRE (Build 177) Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: '''' By Martin Roesch & The Snort Team: http://www.snort.org/contact#team Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: Copyright (C) 2014 Cisco and/or its affiliates. All rights reserved. Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: Copyright (C) 1998-2013 Sourcefire, Inc., et al. Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: Using libpcap version 1.5.3 Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: Using PCRE version: 8.36 2014-09-26 Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: Using ZLIB version: 1.2.8 Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: Rules Engine: SF_SNORT_DETECTION_ENGINE Version 2.4 Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: Preprocessor Object: SF_SSLPP Version 1.1 Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: Commencing packet processing (pid=19254) Mon Nov 7 01:01:51 2016 daemon.notice snort[19254]: Decoding Ethernet Mon Nov 7 03:01:00 2016 cron.info crond[3187]: USER root pid 19267 cmd > /tmp/snort/alert.fast Mon Nov 7 05:45:55 2016 daemon.err uhttpd[5057]: cat: can't open '/.shield_mode': No such file or directory Mon Nov 7 05:45:55 2016 daemon.err uhttpd[5057]: cat: can't open '/.shield_mode': No such file or directory Mon Nov 7 07:19:40 2016 daemon.notice snort[19254]: S5: Session exceeded configured max bytes to queue 3550531 using 3551844 bytes (client queue). 86.19.221.206 56452 --> 66.225.197.197 80 (0) : LWstate 0x9 LWFlags 0x406007 Mon Nov 7 07:22:17 2016 daemon.notice snort[19254]: S5: Session exceeded configured max bytes to queue 3550531 using 3551844 bytes (client queue). 86.19.221.206 56470 --> 66.225.197.197 80 (0) : LWstate 0x9 LWFlags 0x6007 Mon Nov 7 07:23:46 2016 daemon.notice snort[19254]: S5: Session exceeded configured max bytes to queue 3550531 using 3551844 bytes (client queue). 86.19.221.206 56477 --> 66.225.197.197 80 (0) : LWstate 0x9 LWFlags 0x6007 Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Enabling inline operation Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Found pid path directive (/var/snort/) Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Running in IDS mode Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: --== Initializing Snort ==-- Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Initializing Output Plugins! Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Initializing Preprocessors! Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Initializing Plug-ins! Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Parsing Rules file "/etc/snort/snort_bridge.conf" Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: PortVar 'HTTP_PORTS' defined : Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: [ 36 80:90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 33300 34412Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: PortVar 'SHELLCODE_PORTS' defined : Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: [ 1:65535 ] Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: PortVar 'ORACLE_PORTS' defined : Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: [ 1024:65535 ] Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: PortVar 'SSH_PORTS' defined : Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: [ 22 ] Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: PortVar 'FTP_PORTS' defined : Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: [ 21 2100 3535 ] Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: PortVar 'SIP_PORTS' defined : Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: [ 5060:5061 5600 ] Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: PortVar 'FILE_DATA_PORTS' defined : Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: [ 36 80:90 110 143 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 333Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: PortVar 'GTP_PORTS' defined : Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: [ 2123 2152 3386 ] Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Detection: Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Search-Method = AC-Full Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Split Any/Any group = enabled Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Search-Method-Optimizations = enabled Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Maximum pattern length = 18 Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Found pid path directive (/var/snort/) Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Tagged Packet Limit: 256 Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so... Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: done Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/... Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: done Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/ Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Log directory = /tmp/snort/ Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Normalizer config: Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: ip4: on Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: ip4::df: off Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: ip4::rf: off Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: ip4::tos: off Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: ip4::trim: off Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: ip4::ttl: on (min=1, new=5) Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Normalizer config: Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: tcp: on Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: tcp::ecn: stream Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: tcp::block: off Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: tcp::rsv: off Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: tcp::pad: off Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: tcp::req_urg: off Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: tcp::req_pay: off Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: tcp::req_urp: off Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: tcp::urp: off Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: tcp::opt: off Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: tcp::ips: on Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: tcp::trim_syn: off Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: tcp::trim_rst: off Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: tcp::trim_win: off Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: tcp::trim_mss: off Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Normalizer config: Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: icmp4: on Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Normalizer config: Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: ip6: on Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: ip6::hops: on (min=1, new=5) Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Normalizer config: Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: icmp6: on Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Frag3 global config: Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Max frags: 65536 Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Fragment memory cap: 4194304 bytes Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Frag3 engine config: Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Bound Address: default Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Target-based policy: WINDOWS Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Fragment timeout: 180 seconds Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Fragment min_ttl: 1 Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Fragment Anomalies: Alert Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Overlap Limit: 10 Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Min fragment Length: 100 Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Max Expected Streams: 39 Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Stream global config: Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Track TCP sessions: ACTIVE Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Max TCP sessions: 10000 Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: TCP cache pruning timeout: 30 seconds Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: TCP cache nominal timeout: 3600 seconds Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Memcap (for reassembly packet storage): 10388608 Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Track UDP sessions: ACTIVE Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Max UDP sessions: 10000 Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: UDP cache pruning timeout: 30 seconds Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: UDP cache nominal timeout: 180 seconds Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Track ICMP sessions: ACTIVE Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Max ICMP sessions: 65536 Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Track IP sessions: INACTIVE Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Log info if session memory consumption exceeds 3579067 Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Send up to 2 active responses Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Wait at least 5 seconds between responses Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Protocol Aware Flushing: ACTIVE Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Maximum Flush Point: 16000 Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Stream TCP Policy config: Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Bound Address: default Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Reassembly Policy: WINDOWS Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Timeout: 180 seconds Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Limit on TCP Overlaps: 10 Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Maximum number of bytes to queue per session: 3550531 Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Maximum number of segs to queue per session: 3621 Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Options: Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Require 3-Way Handshake: YES Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: 3-Way Handshake Timeout: 180 Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Detect Anomalies: YES Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Reassembly Ports: Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: 21 client (Footprint-IPS) Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: 22 client (Footprint-IPS) Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: 23 client (Footprint-IPS) Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: 25 client (Footprint-IPS) Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: 36 client (Footprint-IPS) server (Footprint-IPS) Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: 42 client (Footprint-IPS) Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: 53 client (Footprint-IPS) Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: 70 client (Footprint-IPS) Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: 79 client (Footprint-IPS) Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: 80 client (Footprint-IPS) server (Footprint-IPS) Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: 81 client (Footprint-IPS) server (Footprint-IPS) Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: 82 client (Footprint-IPS) server (Footprint-IPS) Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: 83 client (Footprint-IPS) server (Footprint-IPS) Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: 84 client (Footprint-IPS) server (Footprint-IPS) Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: 85 client (Footprint-IPS) server (Footprint-IPS) Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: 86 client (Footprint-IPS) server (Footprint-IPS) Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: 87 client (Footprint-IPS) server (Footprint-IPS) Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: 88 client (Footprint-IPS) server (Footprint-IPS) Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: 89 client (Footprint-IPS) server (Footprint-IPS) Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: 90 client (Footprint-IPS) server (Footprint-IPS) Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: additional ports configured but not printed. Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Stream UDP Policy config: Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Timeout: 180 seconds Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: HttpInspect Config: Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: GLOBAL CONFIG Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Detect Proxy Usage: NO Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: IIS Unicode Map Filename: /etc/snort/unicode.map Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: IIS Unicode Map Codepage: 1252 Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Memcap used for logging URI and Hostname: 150994944 Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Max Gzip Memory: 838860 Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Max Gzip Sessions: 1807 Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Gzip Compress Depth: 65535 Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Gzip Decompress Depth: 65535 Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: DEFAULT SERVER CONFIG: Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Server profile: All Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Ports (PAF): 36 80 81 82 83 84 85 86 87 88 89 90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000 7001 7071 7144 7145 7510 7770 7777 7778 7779 8000 8008 8014 8028 8080 8081 8082 8085 8088 8090 8118 8123 8180 8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090 9091 9111 9290 9443Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Server Flow Depth: 0 Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Client Flow Depth: 0 Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Max Chunk Length: 500000 Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Small Chunk Length Evasion: chunk size <= 10, threshold >= 5 times Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Max Header Field Length: 750 Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Max Number Header Fields: 100 Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Max Number of WhiteSpaces allowed with header folding: 200 Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Inspect Pipeline Requests: YES Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: URI Discovery Strict Mode: NO Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Allow Proxy Usage: NO Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Disable Alerting: NO Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Oversize Dir Length: 500 Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Only inspect URI: NO Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Normalize HTTP Headers: NO Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Inspect HTTP Cookies: YES Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Inspect HTTP Responses: YES Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Extract Gzip from responses: YES Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Decompress response files: Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Unlimited decompression of gzip data from responses: YES Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Normalize Javascripts in HTTP Responses: YES Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Max Number of WhiteSpaces allowed with Javascript Obfuscation in HTTP responses: 200 Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Normalize HTTP Cookies: NO Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Enable XFF and True Client IP: NO Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Log HTTP URI data: NO Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Log HTTP Hostname data: NO Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Extended ASCII code support in URI: NO Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Ascii: YES alert: NO Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Double Decoding: YES alert: NO Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: %U Encoding: YES alert: YES Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Bare Byte: YES alert: NO Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: UTF 8: YES alert: NO Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: IIS Unicode: YES alert: NO Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Multiple Slash: YES alert: NO Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: IIS Backslash: YES alert: NO Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Directory Traversal: YES alert: NO Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Web Root Traversal: YES alert: NO Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Apache WhiteSpace: YES alert: NO Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: IIS Delimiter: YES alert: NO Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Whitespace Characters: 0x09 0x0b 0x0c 0x0d Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: rpc_decode arguments: Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: alert_fragments: INACTIVE Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: alert_large_fragments: INACTIVE Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: alert_incomplete: INACTIVE Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: alert_multiple_requests: INACTIVE Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: SSLPP config: Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Encrypted packets: not inspected Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Ports: Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: 443 465 563 587 636 Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: 989 992 993 994 995 Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: 7801 7802 7900 7901 7902 Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: 7903 7904 7905 7906 7907 Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: 7908 7909 7910 7911 7912 Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: 7913 7914 7915 7916 7917 Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: 7918 7919 7920 Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Server side data is trusted Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Maximum SSL Heartbeat length: 0 Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: +++++++++++++++++++++++++++++++++++++++++++++++++++ Mon Nov 7 07:33:37 2016 daemon.notice snort[19523]: Initializing rule chains... Mon Nov 7 07:33:38 2016 daemon.notice snort[19523]: WARNING: /etc/snort/rules/snort.rules(1232) threshold (in rule) is deprecated; use detection_filter instead. Mon Nov 7 07:33:44 2016 daemon.notice snort[19523]: 5034 Snort rules read Mon Nov 7 07:33:44 2016 daemon.notice snort[19523]: 5034 detection rules Mon Nov 7 07:33:44 2016 daemon.notice snort[19523]: 0 decoder rules Mon Nov 7 07:33:44 2016 daemon.notice snort[19523]: 0 preprocessor rules Mon Nov 7 07:33:44 2016 daemon.notice snort[19523]: 5034 Option Chains linked into 1037 Chain Headers Mon Nov 7 07:33:44 2016 daemon.notice snort[19523]: 0 Dynamic rules Mon Nov 7 07:33:44 2016 daemon.notice snort[19523]: +++++++++++++++++++++++++++++++++++++++++++++++++++ Mon Nov 7 07:33:44 2016 daemon.notice snort[19523]: Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: +-------------------[Rule Port Counts]--------------------------------------- Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | tcp udp icmp ip Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | src 1465 8 0 0 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | dst 2337 125 0 0 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | any 647 452 0 0 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | nc 446 446 0 0 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | s+d 28 0 0 0 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: +---------------------------------------------------------------------------- Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: +-----------------------[detection-filter-config]------------------------------ Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | memory-cap : 1048576 bytes Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: +-----------------------[detection-filter-rules]------------------------------- Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: ------------------------------------------------------------------------------- Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: +-----------------------[rate-filter-config]----------------------------------- Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | memory-cap : 1048576 bytes Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: +-----------------------[rate-filter-rules]------------------------------------ Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | none Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: ------------------------------------------------------------------------------- Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: +-----------------------[event-filter-config]---------------------------------- Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | memory-cap : 1048576 bytes Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: +-----------------------[event-filter-global]---------------------------------- Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | none Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: +-----------------------[event-filter-local]----------------------------------- Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2008549 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2003497 type=Limit tracking=src count=3 seconds=300 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2003493 type=Limit tracking=src count=2 seconds=360 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2003585 type=Limit tracking=src count=3 seconds=300 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2003583 type=Limit tracking=src count=3 seconds=300 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2003566 type=Limit tracking=src count=3 seconds=300 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500101 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500100 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500099 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500098 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500097 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500096 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403325 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403324 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403323 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403322 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403321 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403320 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403319 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403318 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403327 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403326 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403309 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403308 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403307 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403306 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403305 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403304 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403303 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403302 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403317 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403316 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403315 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403314 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403313 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403312 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403311 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403310 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403301 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403300 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404305 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404304 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404303 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404302 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404301 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404300 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404313 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404312 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404311 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404310 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404309 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404308 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404307 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404306 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403585 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403584 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404349 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404348 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404347 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404346 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404337 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404336 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404335 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404334 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404333 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404332 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404331 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404330 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404345 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404344 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404343 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2019778 type=Both tracking=dst count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404342 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404341 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404340 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404339 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404338 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404321 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404320 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404319 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404318 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404317 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404316 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404315 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404314 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404329 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404328 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404327 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404326 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404325 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404324 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404323 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404322 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404402 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404401 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404400 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404410 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404409 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404408 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404407 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404406 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404405 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404404 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404403 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404466 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404465 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404464 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404463 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404462 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404461 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404460 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404459 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404474 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404473 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404472 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404471 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404470 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404469 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404468 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404467 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404450 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404449 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404448 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404447 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404446 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404445 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404444 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404443 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404458 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404457 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404456 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404455 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404454 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404453 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404452 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404451 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404434 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404433 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404432 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404431 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404430 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404429 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404428 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2020240 type=Limit tracking=src count=1 seconds=180 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404427 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404442 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404441 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404440 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404439 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404438 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404437 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404436 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404435 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404418 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404417 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404416 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404415 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404414 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404413 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404412 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404411 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404426 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404425 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404424 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404423 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404422 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404421 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404420 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404419 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404530 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404529 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404528 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404527 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404526 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404525 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404524 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404523 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404538 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404537 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404536 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404535 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404534 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404533 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404532 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404531 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404514 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404513 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404512 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404511 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404510 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404509 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404508 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404507 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404522 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404521 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404520 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404519 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404518 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404517 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404516 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404515 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404498 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404497 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404496 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404495 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404494 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404493 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404492 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404491 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404506 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404505 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404504 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404503 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404502 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404501 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404500 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404499 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404482 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404481 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404480 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404479 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404478 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404477 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404476 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404475 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404490 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404489 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404488 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404487 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404486 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404485 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404484 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404483 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404594 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404593 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404592 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404591 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404590 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404589 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404588 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404587 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404602 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404601 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404600 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404599 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404598 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404597 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404596 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404595 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404578 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404577 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404576 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404575 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404574 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404573 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404572 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404571 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404586 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404585 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404584 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404583 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404582 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404581 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404580 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404579 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404562 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404561 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404560 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404559 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404558 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404557 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404556 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404555 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404570 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404569 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404568 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404567 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404566 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404565 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404564 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404563 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404546 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404545 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404544 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404543 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404542 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404541 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404540 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404539 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404554 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404553 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404552 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404551 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404550 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404549 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404548 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404547 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2020661 type=Limit tracking=dst count=1 seconds=1200 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2021327 type=Both tracking=src count=10 seconds=120 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2021326 type=Limit tracking=src count=3 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2021333 type=Both tracking=src count=10 seconds=120 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2021332 type=Both tracking=src count=10 seconds=120 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2021331 type=Both tracking=src count=10 seconds=120 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2021330 type=Both tracking=src count=10 seconds=120 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2021329 type=Both tracking=src count=10 seconds=120 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2021328 type=Both tracking=src count=10 seconds=120 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2020712 type=Limit tracking=src count=2 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2021410 type=Both tracking=src count=10 seconds=120 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2021409 type=Both tracking=src count=10 seconds=120 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2021444 type=Both tracking=src count=10 seconds=120 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2021443 type=Both tracking=src count=10 seconds=120 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2011146 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2022618 type=Limit tracking=src count=1 seconds=30 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2022617 type=Limit tracking=src count=1 seconds=30 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2022616 type=Limit tracking=src count=1 seconds=30 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2022615 type=Limit tracking=src count=1 seconds=30 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2001562 type=Limit tracking=src count=2 seconds=300 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2001564 type=Limit tracking=src count=5 seconds=300 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500095 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500094 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500085 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500084 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500083 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500082 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500081 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500080 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500079 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500078 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500093 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500092 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500091 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500090 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500089 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500088 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500087 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500086 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500069 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500068 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500067 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500066 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500065 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500064 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2023066 type=Limit tracking=src count=1 seconds=30 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500063 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500062 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500077 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500076 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500075 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500074 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500073 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500072 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500071 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500070 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500053 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500052 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500051 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500050 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500049 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500048 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500047 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500046 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500061 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500060 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500059 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500058 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500057 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500056 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500055 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500054 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2018090 type=Limit tracking=src count=1 seconds=300 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2018088 type=Limit tracking=src count=1 seconds=300 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2023092 type=Limit tracking=src count=1 seconds=30 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2402001 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2402000 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2008085 type=Limit tracking=src count=2 seconds=300 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2001316 type=Limit tracking=src count=1 seconds=360 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2001315 type=Limit tracking=src count=1 seconds=360 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2003397 type=Both tracking=src count=1 seconds=300 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500037 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500036 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500035 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500034 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500033 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500032 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500031 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500030 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500045 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500044 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500043 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500042 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500041 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500040 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500039 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500038 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500021 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500020 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500019 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500018 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500017 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500016 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500015 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500014 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500029 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500028 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500027 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500026 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500025 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500024 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500023 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500022 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500005 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500004 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500003 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500002 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500001 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500000 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500013 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500012 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500011 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500010 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500009 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500008 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500007 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2500006 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403502 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403501 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403500 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403499 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403498 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403497 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403496 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403495 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403510 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403509 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403508 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403507 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403506 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403505 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403504 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403503 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403486 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403485 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403484 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403483 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403482 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403481 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403480 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403479 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403494 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403493 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403492 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403491 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403490 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403489 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403488 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403487 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403470 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403469 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403468 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403467 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403466 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403465 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403464 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403463 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403478 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403477 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403476 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403475 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403474 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403473 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403472 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403471 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403454 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403453 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403452 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403451 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403450 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403449 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403448 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403447 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403462 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403461 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403460 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403459 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403458 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403457 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403456 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403455 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403566 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403565 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403564 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403563 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403562 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403561 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403560 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403559 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403574 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403573 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403572 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403571 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403570 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403569 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403568 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403567 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403550 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403549 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2003257 type=Both tracking=src count=2 seconds=900 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403548 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2003256 type=Both tracking=src count=2 seconds=900 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403547 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2003255 type=Both tracking=src count=1 seconds=900 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403546 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2003254 type=Both tracking=src count=1 seconds=900 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403545 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403544 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403543 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403558 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403557 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403556 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403555 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2003263 type=Both tracking=src count=1 seconds=900 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403554 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2003262 type=Both tracking=src count=1 seconds=900 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403553 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2003261 type=Both tracking=src count=1 seconds=900 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403552 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2003260 type=Both tracking=src count=1 seconds=900 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403551 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2003259 type=Both tracking=src count=1 seconds=900 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403534 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2003258 type=Both tracking=src count=1 seconds=900 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403533 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403532 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403531 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403530 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403529 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403528 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403527 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403542 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403541 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403540 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403539 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403538 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403537 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403536 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403535 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403518 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403517 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403516 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403515 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403514 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403513 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403512 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403511 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403526 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403525 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403524 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403523 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403522 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403521 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403520 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403519 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2019950 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403582 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403581 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403580 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403579 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403578 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403577 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403576 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403575 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403583 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2003273 type=Both tracking=src count=1 seconds=900 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2003272 type=Both tracking=src count=1 seconds=900 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2003271 type=Both tracking=src count=1 seconds=900 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2003270 type=Both tracking=src count=1 seconds=900 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2003269 type=Both tracking=src count=1 seconds=900 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2003268 type=Both tracking=src count=1 seconds=900 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2003267 type=Both tracking=src count=1 seconds=900 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2003266 type=Both tracking=src count=1 seconds=900 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2003281 type=Both tracking=src count=1 seconds=900 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2003280 type=Both tracking=src count=1 seconds=900 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2003279 type=Both tracking=src count=1 seconds=900 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2003278 type=Both tracking=src count=1 seconds=900 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2003277 type=Both tracking=src count=1 seconds=900 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2003276 type=Both tracking=src count=1 seconds=900 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2003275 type=Both tracking=src count=1 seconds=900 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2003274 type=Both tracking=src count=1 seconds=900 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2003384 type=Limit tracking=src count=1 seconds=300 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2003387 type=Limit tracking=src count=5 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2019418 type=Both tracking=src count=50 seconds=300 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404607 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404606 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404605 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404604 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404603 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403374 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403373 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403372 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403371 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403370 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403369 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403368 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403367 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403382 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403381 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403380 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403379 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403378 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403377 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403376 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403375 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403358 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403357 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403356 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403355 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403354 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403353 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403352 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403351 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403366 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403365 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403364 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403363 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403362 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403361 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403360 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403359 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403342 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403341 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403340 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403339 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403338 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403337 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403336 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403335 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403350 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403349 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403348 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403347 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403346 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403345 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403344 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403343 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403334 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403333 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403332 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403331 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403330 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403329 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403328 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403438 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403437 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403436 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403435 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403434 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403433 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403432 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403431 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403446 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403445 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403444 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403443 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403442 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403441 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403440 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403439 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403422 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403421 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403420 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403419 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403418 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403417 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403416 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403415 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403430 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403429 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403428 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403427 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403426 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403425 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403424 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403423 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403406 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403405 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403404 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403403 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403402 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403401 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403400 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403399 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403414 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403413 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403412 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403411 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403410 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403409 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403408 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403407 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403390 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403389 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403388 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403387 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403386 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403385 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403384 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403383 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403398 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403397 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404755 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403396 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403395 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404754 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404753 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403394 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403393 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404752 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404751 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403392 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2403391 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404750 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404749 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404748 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404763 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404762 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404761 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404760 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404759 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404758 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404757 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404756 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404739 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404738 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404737 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404736 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404735 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404734 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404733 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404732 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404747 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404746 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404745 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404744 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404743 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404742 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404741 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404740 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404723 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404722 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404721 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404720 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404719 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404718 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404717 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404716 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404731 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404730 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404729 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404728 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404727 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404726 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404725 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404724 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404707 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404706 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404705 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404704 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404703 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404702 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404701 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404700 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404715 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404714 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404713 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404712 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404711 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404710 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404709 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404708 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2019922 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404799 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2019897 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404798 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404797 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404796 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404787 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404786 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404785 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404784 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404783 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404782 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404781 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404780 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404795 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404794 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404793 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404792 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404791 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404790 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404789 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404788 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404771 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404770 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404769 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404768 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404767 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404766 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404765 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404764 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404779 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404778 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404777 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404776 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404775 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404774 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404773 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404772 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404177 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404176 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404175 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404174 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404173 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404172 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404171 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404170 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404185 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404184 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404183 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404182 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404181 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404180 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404179 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404178 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404161 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2021575 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404160 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2021574 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404159 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2021573 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404158 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2021572 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404157 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404156 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404155 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404154 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404169 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404168 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404167 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404166 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404165 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404164 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404163 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404162 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404153 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404152 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404151 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404150 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404207 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404206 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404205 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404204 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404203 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404202 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2021018 type=Both tracking=dst count=10 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404193 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404192 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404191 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404190 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404189 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404188 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404187 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404186 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404201 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404200 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2021691 type=Limit tracking=src count=3 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404627 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404626 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404625 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404624 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404623 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404622 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404621 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404620 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404635 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404634 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404633 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404632 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404631 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404630 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404629 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404628 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404611 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404610 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404609 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404608 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404619 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404618 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404617 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404616 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404615 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404614 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404613 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404612 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404691 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404690 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404689 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404688 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404687 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404686 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404685 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404684 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404699 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404698 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404697 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404696 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404695 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404694 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404693 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404692 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404675 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404674 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404673 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404672 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404671 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404670 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404669 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404668 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404683 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404682 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404681 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404680 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404679 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404678 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404677 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404676 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404659 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404658 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404657 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404656 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404655 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404654 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404653 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404652 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404667 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404666 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404665 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404664 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404663 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404662 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404661 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404660 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404643 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404642 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404641 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404640 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404639 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404638 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404637 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404636 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404651 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404650 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404649 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404648 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404647 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404646 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404645 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2404644 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2000049 type=Limit tracking=dst count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2000048 type=Limit tracking=dst count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2022291 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2000031 type=Limit tracking=dst count=1 seconds=60 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2001872 type=Limit tracking=src count=1 seconds=360 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2001858 type=Limit tracking=src count=1 seconds=360 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2001855 type=Limit tracking=src count=1 seconds=360 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2001864 type=Limit tracking=src count=1 seconds=360 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2018388 type=Limit tracking=src count=1 seconds=120 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2018383 type=Limit tracking=src count=1 seconds=120 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2018382 type=Limit tracking=dst count=1 seconds=120 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2018389 type=Limit tracking=src count=1 seconds=120 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2018372 type=Limit tracking=src count=1 seconds=120 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2018378 type=Limit tracking=src count=1 seconds=120 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2018377 type=Limit tracking=src count=1 seconds=120 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2018374 type=Limit tracking=src count=1 seconds=120 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2018373 type=Limit tracking=src count=1 seconds=120 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2018433 type=Limit tracking=src count=1 seconds=300 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2018432 type=Limit tracking=src count=1 seconds=300 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2018431 type=Limit tracking=src count=1 seconds=300 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2018430 type=Limit tracking=src count=1 seconds=300 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2022775 type=Limit tracking=dst count=1 seconds=300 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2002402 type=Limit tracking=src count=1 seconds=360 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2002400 type=Limit tracking=src count=2 seconds=360 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2023180 type=Limit tracking=src count=1 seconds=30 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2000929 type=Limit tracking=src count=1 seconds=360 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2018569 type=Limit tracking=src count=1 seconds=120 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=1 sig-id=2018568 type=Limit tracking=src count=1 seconds=120 Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: +-----------------------[suppression]------------------------------------------ Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=129 sig-id=12 tracking=none Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: | gen-id=129 sig-id=20 tracking=none Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: ------------------------------------------------------------------------------- Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: Rule application order: activation->dynamic->pass->drop->sdrop->reject->alert->log Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: Verifying Preprocessor Configurations! Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: WARNING: flowbits key 'EXE2' is set but not ever checked. Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: WARNING: flowbits key 'ET.Symantec.Site.Download' is checked but not ever set. Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: WARNING: flowbits key 'ET.http.javaclient.vulnerable' is checked but not ever set. Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: WARNING: flowbits key 'ET.http.javaclient.SakuraPorts' is checked but not ever set. Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: WARNING: flowbits key 'ET.CottonCastle.Exploit' is set but not ever checked. Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: WARNING: flowbits key 'ET_EDGE_UA' is set but not ever checked. Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: WARNING: flowbits key 'FlimKit.SWF.Redirect' is checked but not ever set. Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: WARNING: flowbits key 'ET.Adobe.Site.Download' is checked but not ever set. Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: WARNING: flowbits key 'ET.BotccIP' is set but not ever checked. Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: WARNING: flowbits key 'ET.Evil' is set but not ever checked. Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: WARNING: flowbits key 'ET.ZoneAlarm.Site.Download' is checked but not ever set. Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: WARNING: flowbits key 'ET.JS.Obfus.Func' is checked but not ever set. Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: WARNING: flowbits key 'SunDown.EK' is set but not ever checked. Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: WARNING: flowbits key 'ET.DshieldIP' is set but not ever checked. Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: WARNING: flowbits key 'et.MS.WinHttpRequest.no.exe.request' is checked but not ever set. Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: WARNING: flowbits key 'et.WinHttpRequest' is checked but not ever set. Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: WARNING: flowbits key 'et.DocVBAProject' is set but not ever checked. Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: WARNING: flowbits key 'ET.http.rtf.download' is set but not ever checked. Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: WARNING: flowbits key 'ETPRO.RTF' is set but not ever checked. Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: WARNING: flowbits key 'ET.QuickenUpdater' is checked but not ever set. Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: WARNING: flowbits key 'AnglerEK' is set but not ever checked. Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: WARNING: flowbits key 'et.http.PK' is checked but not ever set. Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: WARNING: flowbits key 'et.MS.XMLHTTP.no.exe.request' is checked but not ever set. Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: WARNING: flowbits key 'ET.pdf.in.http' is checked but not ever set. Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: WARNING: flowbits key 'et.MCOFF' is checked but not ever set. Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: WARNING: flowbits key 'ET.http.javaclient' is checked but not ever set. Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: WARNING: flowbits key 'et.JavaArchiveOrClass' is checked but not ever set. Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: WARNING: flowbits key 'et.MS.XMLHTTP.ip.request' is checked but not ever set. Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: WARNING: flowbits key 'ET.wininet.UA' is checked but not ever set. Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: WARNING: flowbits key 'ET.RIGEKExploit' is set but not ever checked. Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: WARNING: flowbits key 'NuclearEK' is set but not ever checked. Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: WARNING: flowbits key 'ET.http.binary' is checked but not ever set. Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: WARNING: flowbits key 'ET.CompIP' is set but not ever checked. Mon Nov 7 07:33:49 2016 daemon.notice snort[19523]: 87 out of 1024 flowbits in use. Mon Nov 7 07:33:59 2016 daemon.notice snort[19523]: Mon Nov 7 07:33:59 2016 daemon.notice snort[19523]: [ Port Based Pattern Matching Memory ] Mon Nov 7 07:33:59 2016 daemon.notice snort[19523]: +- [ Aho-Corasick Summary ] ------------------------------------- Mon Nov 7 07:33:59 2016 daemon.notice snort[19523]: | Storage Format : Full Mon Nov 7 07:33:59 2016 daemon.notice snort[19523]: | Finite Automaton : DFA Mon Nov 7 07:33:59 2016 daemon.notice snort[19523]: | Alphabet Size : 256 Chars Mon Nov 7 07:33:59 2016 daemon.notice snort[19523]: | Sizeof State : Variable (1,2,4 bytes) Mon Nov 7 07:33:59 2016 daemon.notice snort[19523]: | Instances : 89 Mon Nov 7 07:33:59 2016 daemon.notice snort[19523]: | 1 byte states : 79 Mon Nov 7 07:33:59 2016 daemon.notice snort[19523]: | 2 byte states : 10 Mon Nov 7 07:33:59 2016 daemon.notice snort[19523]: | 4 byte states : 0 Mon Nov 7 07:33:59 2016 daemon.notice snort[19523]: | Characters : 55505 Mon Nov 7 07:33:59 2016 daemon.notice snort[19523]: | States : 36690 Mon Nov 7 07:33:59 2016 daemon.notice snort[19523]: | Transitions : 2008701 Mon Nov 7 07:33:59 2016 daemon.notice snort[19523]: | State Density : 21.4% Mon Nov 7 07:33:59 2016 daemon.notice snort[19523]: | Patterns : 4174 Mon Nov 7 07:33:59 2016 daemon.notice snort[19523]: | Match States : 4183 Mon Nov 7 07:33:59 2016 daemon.notice snort[19523]: | Memory (MB) : 19.46 Mon Nov 7 07:33:59 2016 daemon.notice snort[19523]: | Patterns : 0.42 Mon Nov 7 07:33:59 2016 daemon.notice snort[19523]: | Match Lists : 1.08 Mon Nov 7 07:33:59 2016 daemon.notice snort[19523]: | DFA Mon Nov 7 07:33:59 2016 daemon.notice snort[19523]: | 1 byte states : 0.54 Mon Nov 7 07:33:59 2016 daemon.notice snort[19523]: | 2 byte states : 17.26 Mon Nov 7 07:33:59 2016 daemon.notice snort[19523]: | 4 byte states : 0.00 Mon Nov 7 07:33:59 2016 daemon.notice snort[19523]: +---------------------------------------------------------------- Mon Nov 7 07:33:59 2016 daemon.notice snort[19523]: [ Number of patterns truncated to 18 bytes: 1311 ] Mon Nov 7 07:33:59 2016 daemon.notice snort[19523]: afpacket DAQ configured to inline. Mon Nov 7 07:33:59 2016 daemon.notice snort[19523]: Acquiring network traffic from "eth0:eth2". Mon Nov 7 07:33:59 2016 daemon.notice snort[19523]: Initializing daemon mode Mon Nov 7 07:33:59 2016 daemon.notice snort[19523]: Daemon initialized, signaled parent pid: 1 Mon Nov 7 07:33:59 2016 daemon.notice snort[19523]: Reload thread starting... Mon Nov 7 07:33:59 2016 daemon.notice snort[19523]: Reload thread started, thread 0xffebdaf210 (19524) Mon Nov 7 07:33:59 2016 daemon.notice snort[19523]: Checking PID path... Mon Nov 7 07:34:00 2016 daemon.notice snort[19523]: PID path stat checked out ok, PID path set to /var/snort/ Mon Nov 7 07:34:00 2016 daemon.notice snort[19523]: Writing PID "19523" to file "/var/snort//snort_eth0:eth2.pid" Mon Nov 7 07:34:00 2016 daemon.notice snort[19523]: Mon Nov 7 07:34:00 2016 daemon.notice snort[19523]: --== Initialization Complete ==-- Mon Nov 7 07:34:00 2016 daemon.notice snort[19523]: Mon Nov 7 07:34:00 2016 daemon.notice snort[19523]: ,,_ -*> Snort! <*- Mon Nov 7 07:34:00 2016 daemon.notice snort[19523]: o" )~ Version 2.9.7.2 GRE (Build 177) Mon Nov 7 07:34:00 2016 daemon.notice snort[19523]: '''' By Martin Roesch & The Snort Team: http://www.snort.org/contact#team Mon Nov 7 07:34:00 2016 daemon.notice snort[19523]: Copyright (C) 2014 Cisco and/or its affiliates. All rights reserved. Mon Nov 7 07:34:00 2016 daemon.notice snort[19523]: Copyright (C) 1998-2013 Sourcefire, Inc., et al. Mon Nov 7 07:34:00 2016 daemon.notice snort[19523]: Using libpcap version 1.5.3 Mon Nov 7 07:34:00 2016 daemon.notice snort[19523]: Using PCRE version: 8.36 2014-09-26 Mon Nov 7 07:34:00 2016 daemon.notice snort[19523]: Using ZLIB version: 1.2.8 Mon Nov 7 07:34:00 2016 daemon.notice snort[19523]: Mon Nov 7 07:34:00 2016 daemon.notice snort[19523]: Rules Engine: SF_SNORT_DETECTION_ENGINE Version 2.4 Mon Nov 7 07:34:00 2016 daemon.notice snort[19523]: Preprocessor Object: SF_SSLPP Version 1.1 Mon Nov 7 07:34:00 2016 daemon.notice snort[19523]: Commencing packet processing (pid=19523) Mon Nov 7 07:34:00 2016 daemon.notice snort[19523]: Decoding Ethernet Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Enabling inline operation Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Found pid path directive (/var/snort/) Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Running in IDS mode Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: --== Initializing Snort ==-- Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Initializing Output Plugins! Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Initializing Preprocessors! Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Initializing Plug-ins! Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Parsing Rules file "/etc/snort/snort_bridge.conf" Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: PortVar 'HTTP_PORTS' defined : Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: [ 36 80:90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 33300 34412Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: PortVar 'SHELLCODE_PORTS' defined : Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: [ 1:65535 ] Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: PortVar 'ORACLE_PORTS' defined : Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: [ 1024:65535 ] Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: PortVar 'SSH_PORTS' defined : Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: [ 22 ] Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: PortVar 'FTP_PORTS' defined : Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: [ 21 2100 3535 ] Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: PortVar 'SIP_PORTS' defined : Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: [ 5060:5061 5600 ] Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: PortVar 'FILE_DATA_PORTS' defined : Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: [ 36 80:90 110 143 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 333Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: PortVar 'GTP_PORTS' defined : Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: [ 2123 2152 3386 ] Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Detection: Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Search-Method = AC-Full Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Split Any/Any group = enabled Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Search-Method-Optimizations = enabled Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Maximum pattern length = 18 Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Found pid path directive (/var/snort/) Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Tagged Packet Limit: 256 Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so... Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: done Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/... Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: done Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/ Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Log directory = /tmp/snort/ Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Normalizer config: Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: ip4: on Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: ip4::df: off Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: ip4::rf: off Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: ip4::tos: off Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: ip4::trim: off Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: ip4::ttl: on (min=1, new=5) Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Normalizer config: Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: tcp: on Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: tcp::ecn: stream Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: tcp::block: off Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: tcp::rsv: off Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: tcp::pad: off Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: tcp::req_urg: off Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: tcp::req_pay: off Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: tcp::req_urp: off Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: tcp::urp: off Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: tcp::opt: off Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: tcp::ips: on Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: tcp::trim_syn: off Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: tcp::trim_rst: off Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: tcp::trim_win: off Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: tcp::trim_mss: off Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Normalizer config: Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: icmp4: on Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Normalizer config: Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: ip6: on Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: ip6::hops: on (min=1, new=5) Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Normalizer config: Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: icmp6: on Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Frag3 global config: Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Max frags: 65536 Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Fragment memory cap: 4194304 bytes Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Frag3 engine config: Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Bound Address: default Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Target-based policy: WINDOWS Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Fragment timeout: 180 seconds Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Fragment min_ttl: 1 Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Fragment Anomalies: Alert Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Overlap Limit: 10 Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Min fragment Length: 100 Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Max Expected Streams: 39 Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Stream global config: Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Track TCP sessions: ACTIVE Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Max TCP sessions: 10000 Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: TCP cache pruning timeout: 30 seconds Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: TCP cache nominal timeout: 3600 seconds Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Memcap (for reassembly packet storage): 10388608 Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Track UDP sessions: ACTIVE Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Max UDP sessions: 10000 Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: UDP cache pruning timeout: 30 seconds Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: UDP cache nominal timeout: 180 seconds Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Track ICMP sessions: ACTIVE Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Max ICMP sessions: 65536 Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Track IP sessions: INACTIVE Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Log info if session memory consumption exceeds 3579067 Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Send up to 2 active responses Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Wait at least 5 seconds between responses Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Protocol Aware Flushing: ACTIVE Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Maximum Flush Point: 16000 Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Stream TCP Policy config: Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Bound Address: default Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Reassembly Policy: WINDOWS Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Timeout: 180 seconds Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Limit on TCP Overlaps: 10 Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Maximum number of bytes to queue per session: 3550531 Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Maximum number of segs to queue per session: 3621 Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Options: Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Require 3-Way Handshake: YES Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: 3-Way Handshake Timeout: 180 Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Detect Anomalies: YES Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Reassembly Ports: Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: 21 client (Footprint-IPS) Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: 22 client (Footprint-IPS) Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: 23 client (Footprint-IPS) Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: 25 client (Footprint-IPS) Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: 36 client (Footprint-IPS) server (Footprint-IPS) Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: 42 client (Footprint-IPS) Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: 53 client (Footprint-IPS) Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: 70 client (Footprint-IPS) Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: 79 client (Footprint-IPS) Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: 80 client (Footprint-IPS) server (Footprint-IPS) Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: 81 client (Footprint-IPS) server (Footprint-IPS) Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: 82 client (Footprint-IPS) server (Footprint-IPS) Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: 83 client (Footprint-IPS) server (Footprint-IPS) Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: 84 client (Footprint-IPS) server (Footprint-IPS) Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: 85 client (Footprint-IPS) server (Footprint-IPS) Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: 86 client (Footprint-IPS) server (Footprint-IPS) Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: 87 client (Footprint-IPS) server (Footprint-IPS) Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: 88 client (Footprint-IPS) server (Footprint-IPS) Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: 89 client (Footprint-IPS) server (Footprint-IPS) Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: 90 client (Footprint-IPS) server (Footprint-IPS) Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: additional ports configured but not printed. Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Stream UDP Policy config: Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Timeout: 180 seconds Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: HttpInspect Config: Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: GLOBAL CONFIG Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Detect Proxy Usage: NO Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: IIS Unicode Map Filename: /etc/snort/unicode.map Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: IIS Unicode Map Codepage: 1252 Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Memcap used for logging URI and Hostname: 150994944 Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Max Gzip Memory: 838860 Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Max Gzip Sessions: 1807 Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Gzip Compress Depth: 65535 Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Gzip Decompress Depth: 65535 Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: DEFAULT SERVER CONFIG: Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Server profile: All Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Ports (PAF): 36 80 81 82 83 84 85 86 87 88 89 90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000 7001 7071 7144 7145 7510 7770 7777 7778 7779 8000 8008 8014 8028 8080 8081 8082 8085 8088 8090 8118 8123 8180 8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090 9091 9111 9290 9443Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Server Flow Depth: 0 Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Client Flow Depth: 0 Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Max Chunk Length: 500000 Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Small Chunk Length Evasion: chunk size <= 10, threshold >= 5 times Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Max Header Field Length: 750 Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Max Number Header Fields: 100 Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Max Number of WhiteSpaces allowed with header folding: 200 Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Inspect Pipeline Requests: YES Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: URI Discovery Strict Mode: NO Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Allow Proxy Usage: NO Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Disable Alerting: NO Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Oversize Dir Length: 500 Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Only inspect URI: NO Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Normalize HTTP Headers: NO Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Inspect HTTP Cookies: YES Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Inspect HTTP Responses: YES Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Extract Gzip from responses: YES Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Decompress response files: Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Unlimited decompression of gzip data from responses: YES Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Normalize Javascripts in HTTP Responses: YES Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Max Number of WhiteSpaces allowed with Javascript Obfuscation in HTTP responses: 200 Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Normalize HTTP Cookies: NO Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Enable XFF and True Client IP: NO Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Log HTTP URI data: NO Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Log HTTP Hostname data: NO Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Extended ASCII code support in URI: NO Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Ascii: YES alert: NO Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Double Decoding: YES alert: NO Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: %U Encoding: YES alert: YES Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Bare Byte: YES alert: NO Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: UTF 8: YES alert: NO Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: IIS Unicode: YES alert: NO Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Multiple Slash: YES alert: NO Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: IIS Backslash: YES alert: NO Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Directory Traversal: YES alert: NO Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Web Root Traversal: YES alert: NO Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Apache WhiteSpace: YES alert: NO Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: IIS Delimiter: YES alert: NO Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Whitespace Characters: 0x09 0x0b 0x0c 0x0d Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: rpc_decode arguments: Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: alert_fragments: INACTIVE Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: alert_large_fragments: INACTIVE Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: alert_incomplete: INACTIVE Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: alert_multiple_requests: INACTIVE Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: SSLPP config: Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Encrypted packets: not inspected Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Ports: Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: 443 465 563 587 636 Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: 989 992 993 994 995 Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: 7801 7802 7900 7901 7902 Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: 7903 7904 7905 7906 7907 Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: 7908 7909 7910 7911 7912 Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: 7913 7914 7915 7916 7917 Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: 7918 7919 7920 Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Server side data is trusted Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Maximum SSL Heartbeat length: 0 Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: +++++++++++++++++++++++++++++++++++++++++++++++++++ Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: Initializing rule chains... Mon Nov 7 14:24:55 2016 daemon.notice snort[19527]: WARNING: /etc/snort/rules/snort.rules(1232) threshold (in rule) is deprecated; use detection_filter instead. Mon Nov 7 14:25:01 2016 daemon.notice snort[19527]: 5034 Snort rules read Mon Nov 7 14:25:01 2016 daemon.notice snort[19527]: 5034 detection rules Mon Nov 7 14:25:01 2016 daemon.notice snort[19527]: 0 decoder rules Mon Nov 7 14:25:01 2016 daemon.notice snort[19527]: 0 preprocessor rules Mon Nov 7 14:25:01 2016 daemon.notice snort[19527]: 5034 Option Chains linked into 1037 Chain Headers Mon Nov 7 14:25:01 2016 daemon.notice snort[19527]: 0 Dynamic rules Mon Nov 7 14:25:01 2016 daemon.notice snort[19527]: +++++++++++++++++++++++++++++++++++++++++++++++++++ Mon Nov 7 14:25:01 2016 daemon.notice snort[19527]: Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: +-------------------[Rule Port Counts]--------------------------------------- Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | tcp udp icmp ip Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | src 1465 8 0 0 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | dst 2337 125 0 0 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | any 647 452 0 0 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | nc 446 446 0 0 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | s+d 28 0 0 0 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: +---------------------------------------------------------------------------- Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: +-----------------------[detection-filter-config]------------------------------ Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | memory-cap : 1048576 bytes Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: +-----------------------[detection-filter-rules]------------------------------- Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: ------------------------------------------------------------------------------- Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: +-----------------------[rate-filter-config]----------------------------------- Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | memory-cap : 1048576 bytes Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: +-----------------------[rate-filter-rules]------------------------------------ Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | none Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: ------------------------------------------------------------------------------- Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: +-----------------------[event-filter-config]---------------------------------- Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | memory-cap : 1048576 bytes Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: +-----------------------[event-filter-global]---------------------------------- Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | none Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: +-----------------------[event-filter-local]----------------------------------- Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2000031 type=Limit tracking=dst count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2000049 type=Limit tracking=dst count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2000048 type=Limit tracking=dst count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2022291 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2020240 type=Limit tracking=src count=1 seconds=180 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404609 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404608 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404613 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404612 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404611 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404610 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404617 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404616 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404615 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404614 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404621 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404620 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404619 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404618 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404625 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404624 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404623 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404622 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404629 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404628 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404627 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404626 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404633 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404632 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404631 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404630 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404637 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404636 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404635 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404634 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404705 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404704 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404703 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404702 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404709 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404708 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404707 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404706 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404713 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404712 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404711 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404710 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404717 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404716 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404715 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404714 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404721 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404720 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404719 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404718 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404725 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404724 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404723 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404722 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404729 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404728 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404727 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404726 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404733 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404732 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404731 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404730 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404737 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404736 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404735 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404734 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404741 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404740 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404739 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404738 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404745 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404744 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404743 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404742 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404749 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404748 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404747 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404746 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404753 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404752 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404751 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404750 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404757 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404756 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404755 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404754 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404761 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404760 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404759 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404758 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404765 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404764 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404763 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404762 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404641 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404640 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404639 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404638 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404645 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404644 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404643 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404642 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404649 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404648 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404647 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404646 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404653 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404652 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404651 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404650 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404657 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404656 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404655 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404654 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404661 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404660 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404659 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404658 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404665 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404664 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404663 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404662 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404669 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404668 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404667 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404666 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404673 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404672 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404671 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404670 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404677 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404676 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404675 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404674 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404681 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404680 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404679 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404678 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404685 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404684 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404683 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404682 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404689 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404688 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404687 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404686 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404693 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404692 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404691 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404690 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404697 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404696 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404695 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404694 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404701 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404700 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404699 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404698 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2001855 type=Limit tracking=src count=1 seconds=360 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2001858 type=Limit tracking=src count=1 seconds=360 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2001864 type=Limit tracking=src count=1 seconds=360 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2001872 type=Limit tracking=src count=1 seconds=360 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404769 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404768 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404767 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404766 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404773 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404772 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404771 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404770 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404777 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404776 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404775 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404774 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404781 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404780 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404779 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404778 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404785 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404784 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404783 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404782 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404789 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404788 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404787 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404786 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404793 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404792 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404791 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404790 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404797 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404796 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404795 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404794 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404799 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404798 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2023066 type=Limit tracking=src count=1 seconds=30 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2023092 type=Limit tracking=src count=1 seconds=30 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2021018 type=Both tracking=dst count=10 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403328 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403332 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403331 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403330 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403329 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403400 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403399 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403398 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403397 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403404 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403403 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403402 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403401 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403408 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403407 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403406 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403405 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403412 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403411 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403410 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403409 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403416 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403415 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403414 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403413 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403420 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403419 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403418 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403417 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403424 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403423 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403422 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403421 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403428 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403427 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403426 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403425 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403432 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403431 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403430 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403429 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403436 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403435 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403434 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403433 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403440 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403439 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403438 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403437 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403444 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403443 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403442 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403441 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403448 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403447 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403446 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403445 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403452 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403451 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403450 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403449 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403456 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403455 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403454 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403453 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403460 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403459 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403458 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403457 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403336 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403335 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403334 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403333 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403340 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403339 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403338 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403337 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403344 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403343 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403342 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403341 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403348 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403347 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403346 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403345 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403352 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403351 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403350 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403349 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403356 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403355 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403354 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403353 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403360 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403359 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403358 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403357 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403364 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403363 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403362 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403361 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403368 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403367 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403366 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403365 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403372 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403371 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403370 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403369 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403376 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403375 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403374 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403373 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403380 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403379 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403378 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403377 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403384 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403383 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403382 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403381 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403388 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403387 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403386 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403385 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403392 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403391 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403390 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403389 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403396 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403395 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403394 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403393 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403528 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403527 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403526 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403525 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403532 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403531 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403530 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403529 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403536 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403535 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403534 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403533 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403540 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403539 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403538 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403537 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403544 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403543 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403542 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403541 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403548 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403547 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403546 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403545 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403552 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403551 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403550 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403549 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403556 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403555 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403554 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403553 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403560 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403559 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403558 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403557 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403564 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403563 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403562 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403561 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403568 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403567 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403566 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403565 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403572 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403571 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403570 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403569 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403576 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403575 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403574 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403573 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403580 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403579 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403578 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403577 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403583 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403582 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403581 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403464 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403463 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403462 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403461 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403468 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403467 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403466 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403465 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403472 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403471 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403470 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403469 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403476 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403475 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403474 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403473 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403480 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403479 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403478 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403477 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403484 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403483 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403482 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403481 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403488 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403487 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403486 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403485 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403492 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403491 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403490 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403489 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403496 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403495 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403494 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403493 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403500 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403499 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403498 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403497 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403504 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403503 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403502 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403501 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403508 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403507 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403506 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403505 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403512 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403511 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403510 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403509 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403516 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403515 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403514 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403513 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403520 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403519 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403518 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403517 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403524 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403523 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403522 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403521 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2021691 type=Limit tracking=src count=3 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2020712 type=Limit tracking=src count=2 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500096 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500100 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500099 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500098 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500097 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500101 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2008549 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403303 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403302 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403301 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403300 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403307 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403306 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403305 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403304 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403311 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403310 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403309 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2021444 type=Both tracking=src count=10 seconds=120 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2021443 type=Both tracking=src count=10 seconds=120 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403308 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403315 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403314 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403313 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403312 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403319 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403318 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403317 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403316 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403323 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403322 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403321 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403320 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403327 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403326 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403325 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403324 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2002402 type=Limit tracking=src count=1 seconds=360 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2002400 type=Limit tracking=src count=2 seconds=360 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2021410 type=Both tracking=src count=10 seconds=120 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2021409 type=Both tracking=src count=10 seconds=120 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2021574 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2021573 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2021572 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2021575 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2011146 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2019418 type=Both tracking=src count=50 seconds=300 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500003 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500002 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500001 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500000 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500007 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500006 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500005 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500004 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500011 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500010 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500009 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500008 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500015 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500014 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500013 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500012 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2402001 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2402000 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2000929 type=Limit tracking=src count=1 seconds=360 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500083 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500082 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500081 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500080 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500087 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500086 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500085 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500084 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500091 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500090 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500089 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500088 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2018088 type=Limit tracking=src count=1 seconds=300 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500095 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500094 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500093 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500092 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2018090 type=Limit tracking=src count=1 seconds=300 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500019 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500018 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500017 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500016 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500023 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500022 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500021 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500020 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500027 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500026 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500025 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500024 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500031 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500030 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500029 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500028 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500035 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500034 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500033 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500032 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500039 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500038 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500037 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500036 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500043 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500042 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500041 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500040 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500047 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500046 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500045 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500044 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500051 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500050 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500049 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500048 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500055 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500054 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500053 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500052 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500059 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500058 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500057 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500056 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500063 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500062 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500061 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500060 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500067 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500066 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500065 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2021329 type=Both tracking=src count=10 seconds=120 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500064 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500071 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2021328 type=Both tracking=src count=10 seconds=120 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2021327 type=Both tracking=src count=10 seconds=120 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500070 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500069 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2021326 type=Limit tracking=src count=3 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2021333 type=Both tracking=src count=10 seconds=120 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500068 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500075 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2021332 type=Both tracking=src count=10 seconds=120 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2021331 type=Both tracking=src count=10 seconds=120 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500074 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500073 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2021330 type=Both tracking=src count=10 seconds=120 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500072 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500079 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500078 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500077 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2500076 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403585 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2403584 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2019897 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2019922 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2019950 type=Limit tracking=src count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404444 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404443 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404442 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404441 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404448 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404447 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404446 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404445 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404452 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404451 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404450 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404449 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404456 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404455 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404454 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404453 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404460 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404459 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404458 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404457 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404464 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404463 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404462 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404461 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404468 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404467 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404466 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404465 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404472 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404471 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404470 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404469 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404476 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404475 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404474 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404473 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404480 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404479 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404478 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404477 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404484 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404483 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404482 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2003566 type=Limit tracking=src count=3 seconds=300 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404481 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404488 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404487 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404486 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404485 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404492 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404491 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404490 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404489 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404496 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404495 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404494 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404493 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404500 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404499 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2003583 type=Limit tracking=src count=3 seconds=300 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404498 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404497 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404504 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404503 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404502 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404501 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2003585 type=Limit tracking=src count=3 seconds=300 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404400 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404404 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404403 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404402 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404401 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404408 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404407 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404406 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404405 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404412 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404411 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404410 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404409 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2003493 type=Limit tracking=src count=2 seconds=360 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404416 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2022775 type=Limit tracking=dst count=1 seconds=300 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404415 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404414 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404413 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2003497 type=Limit tracking=src count=3 seconds=300 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404420 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404419 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404418 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404417 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404424 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404423 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404422 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404421 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404428 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404427 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404426 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404425 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404432 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404431 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404430 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404429 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404436 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404435 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404434 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404433 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404440 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404439 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404438 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404437 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404572 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404571 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404570 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404569 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404576 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404575 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404574 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404573 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2020661 type=Limit tracking=dst count=1 seconds=1200 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404580 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404579 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404578 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404577 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404584 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404583 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404582 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404581 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404588 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404587 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404586 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404585 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404592 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404591 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404590 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404589 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2018569 type=Limit tracking=src count=1 seconds=120 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404596 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404595 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2018568 type=Limit tracking=src count=1 seconds=120 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404594 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404593 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404600 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404599 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404598 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404597 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404604 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404603 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404602 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404601 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404607 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404606 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404605 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404508 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404507 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404506 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404505 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404512 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404511 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404510 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404509 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404516 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404515 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404514 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404513 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404520 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404519 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404518 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404517 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404524 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404523 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404522 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404521 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404528 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404527 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404526 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404525 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404532 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404531 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404530 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404529 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404536 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404535 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404534 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404533 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404540 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404539 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404538 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404537 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404544 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404543 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404542 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404541 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404548 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404547 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404546 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404545 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404552 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404551 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404550 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404549 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404556 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404555 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404554 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404553 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404560 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404559 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404558 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404557 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404564 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404563 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404562 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404561 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404568 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404567 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404566 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404565 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2001564 type=Limit tracking=src count=5 seconds=300 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2001562 type=Limit tracking=src count=2 seconds=300 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2019778 type=Both tracking=dst count=1 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404183 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404182 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404181 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404180 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404187 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404186 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404185 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404184 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404191 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404190 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404189 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404188 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404193 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404192 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404203 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404202 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404201 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404200 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404207 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404206 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404205 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404204 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404151 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404150 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404155 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404154 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404153 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404152 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404159 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404158 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404157 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404156 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404163 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404162 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404161 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404160 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404167 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404166 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404165 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404164 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404171 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2003255 type=Both tracking=src count=1 seconds=900 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404170 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2003254 type=Both tracking=src count=1 seconds=900 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404169 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404168 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404175 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2003259 type=Both tracking=src count=1 seconds=900 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404174 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2003258 type=Both tracking=src count=1 seconds=900 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404173 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2003257 type=Both tracking=src count=2 seconds=900 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404172 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2003256 type=Both tracking=src count=2 seconds=900 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404179 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2003263 type=Both tracking=src count=1 seconds=900 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404178 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2003262 type=Both tracking=src count=1 seconds=900 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404177 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2003261 type=Both tracking=src count=1 seconds=900 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404176 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2003260 type=Both tracking=src count=1 seconds=900 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404311 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2003267 type=Both tracking=src count=1 seconds=900 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404310 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2003266 type=Both tracking=src count=1 seconds=900 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404309 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404308 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404315 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2003271 type=Both tracking=src count=1 seconds=900 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404314 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2003270 type=Both tracking=src count=1 seconds=900 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404313 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2003269 type=Both tracking=src count=1 seconds=900 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404312 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2003268 type=Both tracking=src count=1 seconds=900 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404319 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2003275 type=Both tracking=src count=1 seconds=900 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404318 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2003274 type=Both tracking=src count=1 seconds=900 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404317 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2003273 type=Both tracking=src count=1 seconds=900 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404316 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2003272 type=Both tracking=src count=1 seconds=900 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404323 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2003279 type=Both tracking=src count=1 seconds=900 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404322 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2003278 type=Both tracking=src count=1 seconds=900 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404321 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2003277 type=Both tracking=src count=1 seconds=900 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404320 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2003276 type=Both tracking=src count=1 seconds=900 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404327 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404326 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404325 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2003281 type=Both tracking=src count=1 seconds=900 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404324 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2003280 type=Both tracking=src count=1 seconds=900 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404331 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404330 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404329 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404328 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404335 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404334 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404333 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404332 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404339 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404338 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404337 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404336 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404343 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404342 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404341 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404340 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404347 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404346 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404345 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404344 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404349 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404348 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2022618 type=Limit tracking=src count=1 seconds=30 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2022617 type=Limit tracking=src count=1 seconds=30 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2022616 type=Limit tracking=src count=1 seconds=30 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2022615 type=Limit tracking=src count=1 seconds=30 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404303 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2003387 type=Limit tracking=src count=5 seconds=60 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404302 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404301 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404300 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2003384 type=Limit tracking=src count=1 seconds=300 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404307 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404306 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404305 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2404304 type=Limit tracking=src count=1 seconds=3600 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2003397 type=Both tracking=src count=1 seconds=300 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2018430 type=Limit tracking=src count=1 seconds=300 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2001315 type=Limit tracking=src count=1 seconds=360 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2018433 type=Limit tracking=src count=1 seconds=300 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2018432 type=Limit tracking=src count=1 seconds=300 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2018431 type=Limit tracking=src count=1 seconds=300 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2001316 type=Limit tracking=src count=1 seconds=360 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2018374 type=Limit tracking=src count=1 seconds=120 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2018373 type=Limit tracking=src count=1 seconds=120 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2018372 type=Limit tracking=src count=1 seconds=120 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2018378 type=Limit tracking=src count=1 seconds=120 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2018377 type=Limit tracking=src count=1 seconds=120 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2018382 type=Limit tracking=dst count=1 seconds=120 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2018383 type=Limit tracking=src count=1 seconds=120 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2018389 type=Limit tracking=src count=1 seconds=120 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2018388 type=Limit tracking=src count=1 seconds=120 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2023180 type=Limit tracking=src count=1 seconds=30 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=1 sig-id=2008085 type=Limit tracking=src count=2 seconds=300 Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: +-----------------------[suppression]------------------------------------------ Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=129 sig-id=12 tracking=none Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: | gen-id=129 sig-id=20 tracking=none Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: ------------------------------------------------------------------------------- Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: Rule application order: activation->dynamic->pass->drop->sdrop->reject->alert->log Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: Verifying Preprocessor Configurations! Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: WARNING: flowbits key 'et.WinHttpRequest' is checked but not ever set. Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: WARNING: flowbits key 'ET.wininet.UA' is checked but not ever set. Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: WARNING: flowbits key 'ET.BotccIP' is set but not ever checked. Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: WARNING: flowbits key 'ET.http.javaclient.SakuraPorts' is checked but not ever set. Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: WARNING: flowbits key 'SunDown.EK' is set but not ever checked. Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: WARNING: flowbits key 'ET.http.javaclient.vulnerable' is checked but not ever set. Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: WARNING: flowbits key 'ET_EDGE_UA' is set but not ever checked. Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: WARNING: flowbits key 'ET.ZoneAlarm.Site.Download' is checked but not ever set. Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: WARNING: flowbits key 'FlimKit.SWF.Redirect' is checked but not ever set. Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: WARNING: flowbits key 'ET.CompIP' is set but not ever checked. Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: WARNING: flowbits key 'ET.Evil' is set but not ever checked. Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: WARNING: flowbits key 'EXE2' is set but not ever checked. Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: WARNING: flowbits key 'ET.http.binary' is checked but not ever set. Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: WARNING: flowbits key 'NuclearEK' is set but not ever checked. Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: WARNING: flowbits key 'ET.Symantec.Site.Download' is checked but not ever set. Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: WARNING: flowbits key 'AnglerEK' is set but not ever checked. Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: WARNING: flowbits key 'ET.CottonCastle.Exploit' is set but not ever checked. Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: WARNING: flowbits key 'ET.http.rtf.download' is set but not ever checked. Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: WARNING: flowbits key 'ET.QuickenUpdater' is checked but not ever set. Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: WARNING: flowbits key 'ET.Adobe.Site.Download' is checked but not ever set. Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: WARNING: flowbits key 'et.MS.XMLHTTP.no.exe.request' is checked but not ever set. Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: WARNING: flowbits key 'ET.pdf.in.http' is checked but not ever set. Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: WARNING: flowbits key 'ET.RIGEKExploit' is set but not ever checked. Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: WARNING: flowbits key 'et.JavaArchiveOrClass' is checked but not ever set. Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: WARNING: flowbits key 'ETPRO.RTF' is set but not ever checked. Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: WARNING: flowbits key 'et.MCOFF' is checked but not ever set. Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: WARNING: flowbits key 'et.MS.XMLHTTP.ip.request' is checked but not ever set. Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: WARNING: flowbits key 'et.MS.WinHttpRequest.no.exe.request' is checked but not ever set. Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: WARNING: flowbits key 'et.http.PK' is checked but not ever set. Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: WARNING: flowbits key 'ET.DshieldIP' is set but not ever checked. Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: WARNING: flowbits key 'ET.http.javaclient' is checked but not ever set. Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: WARNING: flowbits key 'ET.JS.Obfus.Func' is checked but not ever set. Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: WARNING: flowbits key 'et.DocVBAProject' is set but not ever checked. Mon Nov 7 14:25:06 2016 daemon.notice snort[19527]: 87 out of 1024 flowbits in use. Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: [ Port Based Pattern Matching Memory ] Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: +- [ Aho-Corasick Summary ] ------------------------------------- Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: | Storage Format : Full Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: | Finite Automaton : DFA Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: | Alphabet Size : 256 Chars Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: | Sizeof State : Variable (1,2,4 bytes) Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: | Instances : 89 Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: | 1 byte states : 79 Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: | 2 byte states : 10 Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: | 4 byte states : 0 Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: | Characters : 55505 Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: | States : 36690 Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: | Transitions : 2008701 Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: | State Density : 21.4% Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: | Patterns : 4174 Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: | Match States : 4183 Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: | Memory (MB) : 19.46 Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: | Patterns : 0.42 Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: | Match Lists : 1.08 Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: | DFA Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: | 1 byte states : 0.54 Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: | 2 byte states : 17.26 Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: | 4 byte states : 0.00 Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: +---------------------------------------------------------------- Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: [ Number of patterns truncated to 18 bytes: 1311 ] Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: afpacket DAQ configured to inline. Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: Acquiring network traffic from "eth0:eth2". Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: Initializing daemon mode Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: Daemon initialized, signaled parent pid: 1 Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: Reload thread starting... Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: Reload thread started, thread 0xffee57f210 (19528) Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: Checking PID path... Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: PID path stat checked out ok, PID path set to /var/snort/ Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: Writing PID "19527" to file "/var/snort//snort_eth0:eth2.pid" Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: --== Initialization Complete ==-- Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: ,,_ -*> Snort! <*- Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: o" )~ Version 2.9.7.2 GRE (Build 177) Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: '''' By Martin Roesch & The Snort Team: http://www.snort.org/contact#team Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: Copyright (C) 2014 Cisco and/or its affiliates. All rights reserved. Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: Copyright (C) 1998-2013 Sourcefire, Inc., et al. Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: Using libpcap version 1.5.3 Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: Using PCRE version: 8.36 2014-09-26 Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: Using ZLIB version: 1.2.8 Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: Rules Engine: SF_SNORT_DETECTION_ENGINE Version 2.4 Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: Preprocessor Object: SF_SSLPP Version 1.1 Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: Commencing packet processing (pid=19527) Mon Nov 7 14:25:17 2016 daemon.notice snort[19527]: Decoding Ethernet Mon Nov 7 15:03:09 2016 daemon.err uhttpd[5057]: cat: can't open '/.shield_mode': No such file or directory Mon Nov 7 15:03:09 2016 daemon.err uhttpd[5057]: cat: can't open '/.shield_mode': No such file or directory