root@OpenWrt:/etc/snort/rules# snort -v -c /etc/snort/snort.conf --daq-dir /usr/
lib/daq &
root@OpenWrt:/etc/snort/rules# Running in IDS mode
--== Initializing Snort ==--
Initializing Output Plugins!
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file "/etc/snort/snort.conf"
PortVar 'HTTP_PORTS' defined : [ 80:81 311 383 591 593 901 1220 1414 1741 1830 2301 2381 2809 3037 3128 3702 4343 4848 5250 6988 7000:7001 7144:7]
PortVar 'SHELLCODE_PORTS' defined : [ 0:79 81:65535 ]
PortVar 'ORACLE_PORTS' defined : [ 1024:65535 ]
PortVar 'SSH_PORTS' defined : [ 22 ]
PortVar 'FTP_PORTS' defined : [ 21 2100 3535 ]
PortVar 'SIP_PORTS' defined : [ 5060:5061 5600 ]
PortVar 'FILE_DATA_PORTS' defined : [ 80:81 110 143 311 383 591 593 901 1220 1414 1741 1830 2301 2381 2809 3037 3128 3702 4343 4848 5250 6988 700]
PortVar 'GTP_PORTS' defined : [ 2123 2152 3386 ]
Detection:
Search-Method = AC-Full-Q
Split Any/Any group = enabled
Search-Method-Optimizations = enabled
Maximum pattern length = 20
Tagged Packet Limit: 256
Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so... done
Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/...
Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... done
Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so... done
Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so... done
Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sip_preproc.so... done
Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so... done
Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_reputation_preproc.so... done
Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_pop_preproc.so... done
Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_modbus_preproc.so... done
Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_imap_preproc.so... done
Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_gtp_preproc.so... done
Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so... done
Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so... done
Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dnp3_preproc.so... done
Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so... done
Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/
Log directory = /var/log/snort
WARNING: ip4 normalizations disabled because not inline.
WARNING: tcp normalizations disabled because not inline.
WARNING: icmp4 normalizations disabled because not inline.
WARNING: ip6 normalizations disabled because not inline.
WARNING: icmp6 normalizations disabled because not inline.
Frag3 global config:
Max frags: 65536
Fragment memory cap: 4194304 bytes
Frag3 engine config:
Bound Address: default
Target-based policy: WINDOWS
Fragment timeout: 180 seconds
Fragment min_ttl: 1
Fragment Anomalies: Alert
Overlap Limit: 10
Min fragment Length: 100
Max Expected Streams: 768
Stream global config:
Track TCP sessions: ACTIVE
Max TCP sessions: 262144
TCP cache pruning timeout: 30 seconds
TCP cache nominal timeout: 3600 seconds
Memcap (for reassembly packet storage): 8388608
Track UDP sessions: ACTIVE
Max UDP sessions: 131072
UDP cache pruning timeout: 30 seconds
UDP cache nominal timeout: 180 seconds
Track ICMP sessions: INACTIVE
Track IP sessions: INACTIVE
Log info if session memory consumption exceeds 1048576
Send up to 2 active responses
Wait at least 5 seconds between responses
Protocol Aware Flushing: ACTIVE
Maximum Flush Point: 16000
Stream TCP Policy config:
Bound Address: default
Reassembly Policy: WINDOWS
Timeout: 180 seconds
Limit on TCP Overlaps: 10
Maximum number of bytes to queue per session: 1048576
Maximum number of segs to queue per session: 2621
Options:
Require 3-Way Handshake: YES
3-Way Handshake Timeout: 180
Detect Anomalies: YES
Reassembly Ports:
21 client (Footprint)
22 client (Footprint)
23 client (Footprint)
25 client (Footprint)
42 client (Footprint)
53 client (Footprint)
79 client (Footprint)
80 client (Footprint) server (Footprint)
81 client (Footprint) server (Footprint)
109 client (Footprint)
110 client (Footprint)
111 client (Footprint)
113 client (Footprint)
119 client (Footprint)
135 client (Footprint)
136 client (Footprint)
137 client (Footprint)
139 client (Footprint)
143 client (Footprint)
161 client (Footprint)
additional ports configured but not printed.
Stream UDP Policy config:
Timeout: 180 seconds
HttpInspect Config:
GLOBAL CONFIG
Detect Proxy Usage: NO
IIS Unicode Map Filename: /etc/snort/unicode.map
IIS Unicode Map Codepage: 1252
Memcap used for logging URI and Hostname: 150994944
Max Gzip Memory: 838860
Max Gzip Sessions: 1807
Gzip Compress Depth: 65535
Gzip Decompress Depth: 65535
DEFAULT SERVER CONFIG:
Server profile: All
Ports (PAF): 80 81 311 383 591 593 901 1220 1414 1741 1830 2301 2381 2809 3037 3128 3702 4343 4848 5250 6988 7000 7001 7144 7145 7510 7777 7
Server Flow Depth: 0
Client Flow Depth: 0
Max Chunk Length: 500000
Small Chunk Length Evasion: chunk size <= 10, threshold >= 5 times
Max Header Field Length: 750
Max Number Header Fields: 100
Max Number of WhiteSpaces allowed with header folding: 200
Inspect Pipeline Requests: YES
URI Discovery Strict Mode: NO
Allow Proxy Usage: NO
Disable Alerting: NO
Oversize Dir Length: 500
Only inspect URI: NO
Normalize HTTP Headers: NO
Inspect HTTP Cookies: YES
Inspect HTTP Responses: YES
Extract Gzip from responses: YES
Decompress response files:
Unlimited decompression of gzip data from responses: YES
Normalize Javascripts in HTTP Responses: YES
Max Number of WhiteSpaces allowed with Javascript Obfuscation in HTTP responses: 200
Normalize HTTP Cookies: NO
Enable XFF and True Client IP: NO
Log HTTP URI data: NO
Log HTTP Hostname data: NO
Extended ASCII code support in URI: NO
Ascii: YES alert: NO
Double Decoding: YES alert: NO
%U Encoding: YES alert: YES
Bare Byte: YES alert: NO
UTF 8: YES alert: NO
IIS Unicode: YES alert: NO
Multiple Slash: YES alert: NO
IIS Backslash: YES alert: NO
Directory Traversal: YES alert: NO
Web Root Traversal: YES alert: NO
Apache WhiteSpace: YES alert: NO
IIS Delimiter: YES alert: NO
IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07
Whitespace Characters: 0x09 0x0b 0x0c 0x0d
Legacy mode: NO
rpc_decode arguments:
Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779
alert_fragments: INACTIVE
alert_large_fragments: INACTIVE
alert_incomplete: INACTIVE
alert_multiple_requests: INACTIVE
FTPTelnet Config:
GLOBAL CONFIG
Memcap 0
Inspection Type: stateful
Check for Encrypted Traffic: YES alert: NO
Continue to check encrypted data: YES
TELNET CONFIG:
Ports: 23
Are You There Threshold: 20
Normalize: YES
Detect Anomalies: YES
FTP CONFIG:
FTP Server: default
Ports (PAF): 21 2100 3535
Check for Telnet Cmds: YES alert: YES
Ignore Telnet Cmd Operations: YES alert: YES
Ignore open data channels: NO
FTP Client: default
Check for Bounce Attacks: YES alert: YES
Check for Telnet Cmds: YES alert: YES
Ignore Telnet Cmd Operations: YES alert: YES
Max Response Length: 256
SMTP Config:
Ports: 25 465 587 691
Inspection Type: Stateful
Normalize: ATRN AUTH BDAT DATA DEBUG EHLO EMAL ESAM ESND ESOM ETRN EVFY EXPN HELO HELP IDENT MAIL NOOP ONEX QUEU QUIT RCPT RSET SAML SEND STAR
Ignore Data: No
Ignore TLS Data: No
Ignore SMTP Alerts: No
Max Command Line Length: 512
Max auth Command Line Length: 1000
Max Specific Command Line Length:
ATRN:255 AUTH:246 BDAT:255 DATA:246 DEBUG:255
EHLO:500 EMAL:255 ESAM:255 ESND:255 ESOM:255
ETRN:246 EVFY:255 EXPN:255 HELO:500 HELP:500
IDENT:255 MAIL:260 NOOP:255 ONEX:246 QUEU:246
QUIT:246 RCPT:300 RSET:246 SAML:246 SEND:246
SIZE:255 STARTTLS:246 SOML:246 TICK:246 TIME:246
TURN:246 TURNME:246 VERB:246 VRFY:255 X-EXPS:246
XADR:246 XAUTH:246 XCIR:246 XEXCH50:246 XGEN:246
XLICENSE:246 X-LINK2STATE:246 XQUE:246 XSTA:246 XTRN:246
XUSR:246
Max Header Line Length: 1000
Max Response Line Length: 512
X-Link2State Alert: Yes
Drop on X-Link2State Alert: No
Alert on commands: None
Alert on unknown commands: No
SMTP Memcap: 838860
MIME Max Mem: 838860
Base64 Decoding: Enabled
Base64 Decoding Depth: Unlimited
Quoted-Printable Decoding: Enabled
Quoted-Printable Decoding Depth: Unlimited
Unix-to-Unix Decoding: Enabled
Unix-to-Unix Decoding Depth: Unlimited
Non-Encoded MIME attachment Extraction: Enabled
Non-Encoded MIME attachment Extraction Depth: Unlimited
Log Attachment filename: Enabled
Log MAIL FROM Address: Enabled
Log RCPT TO Addresses: Enabled
Log Email Headers: Enabled
Email Hdrs Log Depth: 1464
SSH config:
Autodetection: ENABLED
Challenge-Response Overflow Alert: ENABLED
SSH1 CRC32 Alert: ENABLED
Server Version String Overflow Alert: ENABLED
Protocol Mismatch Alert: ENABLED
Bad Message Direction Alert: DISABLED
Bad Payload Size Alert: DISABLED
Unrecognized Version Alert: DISABLED
Max Encrypted Packets: 20
Max Server Version String Length: 100
MaxClientBytes: 19600 (Default)
Ports:
22
DCE/RPC 2 Preprocessor Configuration
Global Configuration
DCE/RPC Defragmentation: Enabled
Memcap: 102400 KB
Events: co
SMB Fingerprint policy: Disabled
Server Default Configuration
Policy: WinXP
Detect ports (PAF)
SMB: 139 445
TCP: 135
UDP: 135
RPC over HTTP server: 593
RPC over HTTP proxy: None
Autodetect ports (PAF)
SMB: None
TCP: 1025-65535
UDP: 1025-65535
RPC over HTTP server: 1025-65535
RPC over HTTP proxy: None
Invalid SMB shares: C$ D$ ADMIN$
Maximum SMB command chaining: 3 commands
SMB file inspection: Disabled
DNS config:
DNS Client rdata txt Overflow Alert: ACTIVE
Obsolete DNS RR Types Alert: INACTIVE
Experimental DNS RR Types Alert: INACTIVE
Ports: 53
SSLPP config:
Encrypted packets: not inspected
Ports:
443 465 563 636 989
992 993 994 995 7801
7802 7900 7901 7902 7903
7904 7905 7906 7907 7908
7909 7910 7911 7912 7913
7914 7915 7916 7917 7918
7919 7920
Server side data is trusted
Maximum SSL Heartbeat length: 0
Sensitive Data preprocessor config:
Global Alert Threshold: 25
Masked Output: DISABLED
SIP config:
Max number of sessions: 40000
Max number of dialogs in a session: 4 (Default)
Status: ENABLED
Ignore media channel: DISABLED
Max URI length: 512
Max Call ID length: 80
Max Request name length: 20 (Default)
Max From length: 256 (Default)
Max To length: 256 (Default)
Max Via length: 1024 (Default)
Max Contact length: 512
Max Content length: 2048
Ports:
5060 5061 5600
Methods:
invite cancel ack bye register options refer subscribe update join info message notify benotify do qauth sprack publish service unsubscrk
IMAP Config:
Ports: 143
IMAP Memcap: 838860
MIME Max Mem: 838860
Base64 Decoding: Enabled
Base64 Decoding Depth: Unlimited
Quoted-Printable Decoding: Enabled
Quoted-Printable Decoding Depth: Unlimited
Unix-to-Unix Decoding: Enabled
Unix-to-Unix Decoding Depth: Unlimited
Non-Encoded MIME attachment Extraction: Enabled
Non-Encoded MIME attachment Extraction Depth: Unlimited
POP Config:
Ports: 110
POP Memcap: 838860
MIME Max Mem: 838860
Base64 Decoding: Enabled
Base64 Decoding Depth: Unlimited
Quoted-Printable Decoding: Enabled
Quoted-Printable Decoding Depth: Unlimited
Unix-to-Unix Decoding: Enabled
Unix-to-Unix Decoding Depth: Unlimited
Non-Encoded MIME attachment Extraction: Enabled
Non-Encoded MIME attachment Extraction Depth: Unlimited
Modbus config:
Ports:
502
DNP3 config:
Memcap: 262144
Check Link-Layer CRCs: ENABLED
Ports:
20000
Reputation config:
WARNING: Can't find any whitelist/blacklist entries. Reputation Preprocessor disabled.
+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
WARNING: /etc/snort/./rules/emerging-all.rules(629) threshold (in rule) is deprecated; use detection_filter instead.
18443 Snort rules read
18443 detection rules
0 decoder rules
0 preprocessor rules
18443 Option Chains linked into 489 Chain Headers
0 Dynamic rules
+++++++++++++++++++++++++++++++++++++++++++++++++++
+-------------------[Rule Port Counts]---------------------------------------
| tcp udp icmp ip
| src 3118 117 0 0
| dst 11314 2130 0 0
| any 1646 114 65 26
| nc 24 3 0 1
| s+d 59 34 0 0
+----------------------------------------------------------------------------
+-----------------------[detection-filter-config]------------------------------
| memory-cap : 1048576 bytes
+-----------------------[detection-filter-rules]-------------------------------
-------------------------------------------------------------------------------
+-----------------------[rate-filter-config]-----------------------------------
| memory-cap : 1048576 bytes
+-----------------------[rate-filter-rules]------------------------------------
| none
-------------------------------------------------------------------------------
+-----------------------[event-filter-config]----------------------------------
| memory-cap : 1048576 bytes
+-----------------------[event-filter-global]----------------------------------
| none
+-----------------------[event-filter-local]-----------------------------------
| gen-id=1 sig-id=2008510 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2008504 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2020064 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2008514 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2006546 type=Both tracking=src count=5 seconds=30
| gen-id=1 sig-id=2008513 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2008512 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2024265 type=Limit tracking=dst count=3 seconds=60
| gen-id=1 sig-id=2002383 type=Threshold tracking=dst count=5 seconds=300
| gen-id=1 sig-id=2020069 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2014703 type=Limit tracking=dst count=1 seconds=120
| gen-id=1 sig-id=2014702 type=Limit tracking=dst count=1 seconds=120
| gen-id=1 sig-id=2014701 type=Limit tracking=dst count=1 seconds=120
| gen-id=1 sig-id=2002402 type=Limit tracking=src count=1 seconds=360
| gen-id=1 sig-id=2002400 type=Limit tracking=src count=2 seconds=360
| gen-id=1 sig-id=2008544 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2008571 type=Threshold tracking=dst count=2 seconds=5
| gen-id=1 sig-id=2008564 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2008560 type=Threshold tracking=dst count=4 seconds=15
| gen-id=1 sig-id=2018208 type=Both tracking=src count=100 seconds=300
| gen-id=1 sig-id=2024379 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2012080 type=Both tracking=dst count=1 seconds=300
| gen-id=1 sig-id=2016292 type=Both tracking=src count=1 seconds=60
| gen-id=1 sig-id=2012079 type=Both tracking=dst count=1 seconds=300
| gen-id=1 sig-id=2012078 type=Both tracking=dst count=1 seconds=300
| gen-id=1 sig-id=2010142 type=Limit tracking=dst count=10 seconds=600
| gen-id=1 sig-id=2010140 type=Limit tracking=src count=1 seconds=120
| gen-id=1 sig-id=2010139 type=Limit tracking=src count=10 seconds=600
| gen-id=1 sig-id=2018277 type=Both tracking=src count=5 seconds=90
| gen-id=1 sig-id=2024416 type=Limit tracking=src count=1 seconds=300
| gen-id=1 sig-id=2022477 type=Both tracking=src count=9 seconds=60
| gen-id=1 sig-id=2010144 type=Limit tracking=src count=1 seconds=120
| gen-id=1 sig-id=2018292 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2012141 type=Both tracking=dst count=1 seconds=60
| gen-id=1 sig-id=2024435 type=Both tracking=src count=3 seconds=1
| gen-id=1 sig-id=2018283 type=Threshold tracking=src count=3 seconds=60
| gen-id=1 sig-id=2024430 type=Both tracking=src count=10 seconds=1
| gen-id=1 sig-id=2020240 type=Limit tracking=src count=1 seconds=180
| gen-id=1 sig-id=2024452 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2026418 type=Both tracking=src count=200 seconds=10
| gen-id=1 sig-id=2026415 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2026414 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2026413 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2018316 type=Both tracking=dst count=12 seconds=120
| gen-id=1 sig-id=2024464 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2014141 type=Both tracking=src count=5 seconds=60
| gen-id=1 sig-id=2014140 type=Both tracking=src count=5 seconds=60
| gen-id=1 sig-id=2024497 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2008343 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2020306 type=Both tracking=dst count=30 seconds=60
| gen-id=1 sig-id=2020305 type=Both tracking=src count=30 seconds=60
| gen-id=1 sig-id=2014153 type=Both tracking=src count=225 seconds=60
| gen-id=1 sig-id=2024511 type=Both tracking=dst count=30 seconds=300
| gen-id=1 sig-id=2024504 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2020323 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2012204 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2018382 type=Limit tracking=dst count=1 seconds=120
| gen-id=1 sig-id=2026495 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2018378 type=Limit tracking=src count=1 seconds=120
| gen-id=1 sig-id=2026494 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2018377 type=Limit tracking=src count=1 seconds=120
| gen-id=1 sig-id=2018374 type=Limit tracking=src count=1 seconds=120
| gen-id=1 sig-id=2008043 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2018373 type=Limit tracking=src count=1 seconds=120
| gen-id=1 sig-id=2018372 type=Limit tracking=src count=1 seconds=120
| gen-id=1 sig-id=2020338 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2018389 type=Limit tracking=src count=1 seconds=120
| gen-id=1 sig-id=2018388 type=Limit tracking=src count=1 seconds=120
| gen-id=1 sig-id=2018383 type=Limit tracking=src count=1 seconds=120
| gen-id=1 sig-id=2008051 type=Limit tracking=src count=2 seconds=360
| gen-id=1 sig-id=2008048 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2100877 type=Limit tracking=src count=1 seconds=300
| gen-id=1 sig-id=2018430 type=Limit tracking=src count=1 seconds=300
| gen-id=1 sig-id=2024585 type=Both tracking=src count=200 seconds=60
| gen-id=1 sig-id=2024584 type=Both tracking=src count=100 seconds=60
| gen-id=1 sig-id=2018433 type=Limit tracking=src count=1 seconds=300
| gen-id=1 sig-id=2018432 type=Limit tracking=src count=1 seconds=300
| gen-id=1 sig-id=2018431 type=Limit tracking=src count=1 seconds=300
| gen-id=1 sig-id=2018455 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2012306 type=Limit tracking=dst count=1 seconds=60
| gen-id=1 sig-id=2012305 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2012304 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2012303 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2012297 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2012296 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2022679 type=Threshold tracking=src count=20 seconds=120
| gen-id=1 sig-id=2023883 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2023882 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2023901 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2016571 type=Limit tracking=src count=1 seconds=300
| gen-id=1 sig-id=2016570 type=Limit tracking=src count=1 seconds=300
| gen-id=1 sig-id=2016569 type=Limit tracking=src count=1 seconds=300
| gen-id=1 sig-id=2003622 type=Limit tracking=src count=3 seconds=300
| gen-id=1 sig-id=2014002 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2014020 type=Both tracking=src count=5 seconds=60
| gen-id=1 sig-id=2003657 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2020167 type=Both tracking=src count=1 seconds=10
| gen-id=1 sig-id=2015986 type=Both tracking=src count=100 seconds=1
| gen-id=1 sig-id=2009833 type=Threshold tracking=dst count=2 seconds=30
| gen-id=1 sig-id=2015993 type=Both tracking=dst count=10 seconds=1
| gen-id=1 sig-id=2027155 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2001796 type=Threshold tracking=src count=10 seconds=60
| gen-id=1 sig-id=2021018 type=Both tracking=dst count=10 seconds=60
| gen-id=1 sig-id=2001809 type=Both tracking=src count=1 seconds=360
| gen-id=1 sig-id=2014103 type=Both tracking=src count=15 seconds=30
| gen-id=1 sig-id=2025221 type=Both tracking=dst count=1 seconds=120
| gen-id=1 sig-id=2025253 type=Both tracking=src count=2 seconds=60
| gen-id=1 sig-id=2027219 type=Limit tracking=src count=1 seconds=180
| gen-id=1 sig-id=2019102 type=Both tracking=src count=2 seconds=60
| gen-id=1 sig-id=2001858 type=Limit tracking=src count=1 seconds=360
| gen-id=1 sig-id=2001855 type=Limit tracking=src count=1 seconds=360
| gen-id=1 sig-id=2001872 type=Limit tracking=src count=1 seconds=360
| gen-id=1 sig-id=2001864 type=Limit tracking=src count=1 seconds=360
| gen-id=1 sig-id=2008797 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2008795 type=Limit tracking=src count=1 seconds=120
| gen-id=1 sig-id=2019177 type=Both tracking=src count=1 seconds=30
| gen-id=1 sig-id=2001906 type=Both tracking=src count=5 seconds=60
| gen-id=1 sig-id=2025321 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2013017 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2019166 type=Both tracking=src count=5 seconds=300
| gen-id=1 sig-id=2025314 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2013013 type=Both tracking=src count=2 seconds=300
| gen-id=1 sig-id=2002677 type=Both tracking=src count=5 seconds=60
| gen-id=1 sig-id=2013037 type=Limit tracking=src count=1 seconds=3
| gen-id=1 sig-id=2013036 type=Limit tracking=src count=1 seconds=3
| gen-id=1 sig-id=2025370 type=Limit tracking=dst count=1 seconds=30
| gen-id=1 sig-id=2019211 type=Both tracking=src count=1 seconds=60
| gen-id=1 sig-id=2025391 type=Both tracking=src count=10 seconds=30
| gen-id=1 sig-id=2013059 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2019230 type=Both tracking=src count=50 seconds=10
| gen-id=1 sig-id=2011146 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2022738 type=Limit tracking=src count=1 seconds=600
| gen-id=1 sig-id=2024701 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2022750 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2022775 type=Limit tracking=dst count=1 seconds=300
| gen-id=1 sig-id=2102924 type=Threshold tracking=dst count=10 seconds=60
| gen-id=1 sig-id=2102923 type=Threshold tracking=dst count=10 seconds=60
| gen-id=1 sig-id=2010494 type=Threshold tracking=src count=5 seconds=120
| gen-id=1 sig-id=2010513 type=Threshold tracking=src count=10 seconds=60
| gen-id=1 sig-id=2010508 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2008584 type=Both tracking=src count=1 seconds=300
| gen-id=1 sig-id=2008583 type=Both tracking=src count=1 seconds=300
| gen-id=1 sig-id=2008582 type=Both tracking=src count=1 seconds=300
| gen-id=1 sig-id=2008581 type=Both tracking=src count=1 seconds=300
| gen-id=1 sig-id=2008579 type=Threshold tracking=dst count=20 seconds=15
| gen-id=1 sig-id=2008578 type=Limit tracking=src count=1 seconds=10
| gen-id=1 sig-id=2014726 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2008577 type=Threshold tracking=dst count=5 seconds=15
| gen-id=1 sig-id=2022842 type=Limit tracking=src count=1 seconds=300
| gen-id=1 sig-id=2022883 type=Both tracking=src count=5 seconds=30
| gen-id=1 sig-id=2008585 type=Both tracking=src count=1 seconds=300
| gen-id=1 sig-id=2022882 type=Both tracking=src count=5 seconds=30
| gen-id=1 sig-id=2008609 type=Threshold tracking=src count=3 seconds=10
| gen-id=1 sig-id=2022903 type=Limit tracking=src count=1 seconds=600
| gen-id=1 sig-id=2022902 type=Limit tracking=src count=1 seconds=600
| gen-id=1 sig-id=2008603 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2022901 type=Limit tracking=src count=1 seconds=600
| gen-id=1 sig-id=2014784 type=Limit tracking=src count=1 seconds=300
| gen-id=1 sig-id=2022900 type=Limit tracking=src count=1 seconds=600
| gen-id=1 sig-id=2014783 type=Limit tracking=src count=1 seconds=300
| gen-id=1 sig-id=2014782 type=Limit tracking=src count=1 seconds=300
| gen-id=1 sig-id=2014781 type=Limit tracking=src count=1 seconds=300
| gen-id=1 sig-id=2014779 type=Limit tracking=src count=1 seconds=300
| gen-id=1 sig-id=2004443 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2008643 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2014786 type=Limit tracking=src count=1 seconds=300
| gen-id=1 sig-id=2008663 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2008658 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2008657 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2024834 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2014869 type=Limit tracking=src count=1 seconds=300
| gen-id=1 sig-id=2008734 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2024904 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2018755 type=Both tracking=src count=5 seconds=120
| gen-id=1 sig-id=2008756 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2008749 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2101991 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2010643 type=Threshold tracking=src count=5 seconds=60
| gen-id=1 sig-id=2010642 type=Threshold tracking=src count=5 seconds=60
| gen-id=1 sig-id=2024930 type=Limit tracking=src count=1 seconds=3600
| gen-id=1 sig-id=2024955 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2012648 type=Limit tracking=src count=1 seconds=3600
| gen-id=1 sig-id=2012647 type=Limit tracking=src count=1 seconds=300
| gen-id=1 sig-id=2016872 type=Limit tracking=src count=2 seconds=60
| gen-id=1 sig-id=2002664 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2016871 type=Limit tracking=src count=2 seconds=60
| gen-id=1 sig-id=2023019 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2016870 type=Limit tracking=src count=2 seconds=60
| gen-id=1 sig-id=2023016 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2016867 type=Limit tracking=src count=1 seconds=600
| gen-id=1 sig-id=2010715 type=Limit tracking=src count=1 seconds=180
| gen-id=1 sig-id=2016879 type=Limit tracking=src count=2 seconds=60
| gen-id=1 sig-id=2016878 type=Limit tracking=src count=2 seconds=60
| gen-id=1 sig-id=2016877 type=Limit tracking=src count=2 seconds=60
| gen-id=1 sig-id=2016876 type=Limit tracking=src count=2 seconds=60
| gen-id=1 sig-id=2016875 type=Limit tracking=src count=2 seconds=60
| gen-id=1 sig-id=2016874 type=Limit tracking=src count=2 seconds=60
| gen-id=1 sig-id=2010725 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2023054 type=Both tracking=dst count=5 seconds=60
| gen-id=1 sig-id=2016873 type=Limit tracking=src count=2 seconds=60
| gen-id=1 sig-id=2023053 type=Both tracking=dst count=5 seconds=60
| gen-id=1 sig-id=2016898 type=Limit tracking=src count=2 seconds=60
| gen-id=1 sig-id=2016897 type=Limit tracking=src count=2 seconds=60
| gen-id=1 sig-id=2023066 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2026508 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2026507 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2026506 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2026505 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2026504 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2026503 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2026502 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2026501 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2026500 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2026499 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2026498 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2026497 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2026496 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2023092 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2014997 type=Limit tracking=src count=1 seconds=3600
| gen-id=1 sig-id=2008847 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2026551 type=Limit tracking=dst count=1 seconds=30
| gen-id=1 sig-id=2026547 type=Limit tracking=dst count=1 seconds=30
| gen-id=1 sig-id=2022363 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2022360 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2010819 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2026565 type=Both tracking=dst count=1 seconds=30
| gen-id=1 sig-id=2026576 type=Limit tracking=dst count=1 seconds=30
| gen-id=1 sig-id=2008913 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2008912 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2002761 type=Both tracking=src count=5 seconds=3600
| gen-id=1 sig-id=2002760 type=Both tracking=src count=10 seconds=600
| gen-id=1 sig-id=2014297 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2008919 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2008916 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2008914 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2008941 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2002801 type=Limit tracking=src count=1 seconds=360
| gen-id=1 sig-id=2002825 type=Both tracking=src count=10 seconds=60
| gen-id=1 sig-id=2008184 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2002823 type=Both tracking=src count=10 seconds=60
| gen-id=1 sig-id=2008214 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2008211 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2008209 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2008208 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2008199 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2008228 type=Limit tracking=src count=3 seconds=300
| gen-id=1 sig-id=2014372 type=Both tracking=src count=2 seconds=60
| gen-id=1 sig-id=2024732 type=Both tracking=src count=1 seconds=5
| gen-id=1 sig-id=2002827 type=Both tracking=src count=10 seconds=60
| gen-id=1 sig-id=2008216 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2008215 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2018569 type=Limit tracking=src count=1 seconds=120
| gen-id=1 sig-id=2018568 type=Limit tracking=src count=1 seconds=120
| gen-id=1 sig-id=2002087 type=Threshold tracking=src count=10 seconds=60
| gen-id=1 sig-id=2008231 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2008262 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2008259 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2008257 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2008255 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2008253 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2018607 type=Limit tracking=src count=1 seconds=300
| gen-id=1 sig-id=2008276 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2008266 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2008264 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2024793 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2018666 type=Both tracking=dst count=12 seconds=120
| gen-id=1 sig-id=2006365 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2006380 type=Both tracking=src count=1 seconds=300
| gen-id=1 sig-id=2006402 type=Both tracking=src count=1 seconds=300
| gen-id=1 sig-id=2025638 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2025637 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2023688 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2023687 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2025650 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2025649 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2025673 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2000334 type=Limit tracking=dst count=1 seconds=300
| gen-id=1 sig-id=2013416 type=Threshold tracking=dst count=10 seconds=20
| gen-id=1 sig-id=2000328 type=Threshold tracking=src count=10 seconds=120
| gen-id=1 sig-id=2013408 type=Limit tracking=src count=1 seconds=600
| gen-id=1 sig-id=2103152 type=Threshold tracking=src count=5 seconds=2
| gen-id=1 sig-id=2023776 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2023775 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2000357 type=Limit tracking=src count=1 seconds=120
| gen-id=1 sig-id=2005320 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2011497 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2023819 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2027287 type=Limit tracking=src count=1 seconds=120
| gen-id=1 sig-id=2027280 type=Limit tracking=src count=1 seconds=120
| gen-id=1 sig-id=2027299 type=Limit tracking=src count=1 seconds=120
| gen-id=1 sig-id=2003458 type=Both tracking=src count=5 seconds=300
| gen-id=1 sig-id=2003457 type=Both tracking=src count=5 seconds=300
| gen-id=1 sig-id=2017722 type=Both tracking=src count=5 seconds=60
| gen-id=1 sig-id=2017721 type=Both tracking=src count=5 seconds=60
| gen-id=1 sig-id=2103273 type=Threshold tracking=src count=5 seconds=2
| gen-id=1 sig-id=2011585 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2011584 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2011582 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2011581 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2023149 type=Limit tracking=src count=10 seconds=60
| gen-id=1 sig-id=2021172 type=Both tracking=dst count=10 seconds=60
| gen-id=1 sig-id=2021171 type=Both tracking=src count=10 seconds=60
| gen-id=1 sig-id=2021170 type=Both tracking=src count=10 seconds=60
| gen-id=1 sig-id=2027369 type=Limit tracking=src count=2 seconds=600
| gen-id=1 sig-id=2003497 type=Limit tracking=src count=3 seconds=300
| gen-id=1 sig-id=2009646 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2003493 type=Limit tracking=src count=2 seconds=360
| gen-id=1 sig-id=2027397 type=Limit tracking=src count=1 seconds=300
| gen-id=1 sig-id=2009703 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2009700 type=Both tracking=src count=5 seconds=360
| gen-id=1 sig-id=2009699 type=Both tracking=src count=100 seconds=60
| gen-id=1 sig-id=2009698 type=Both tracking=src count=100 seconds=60
| gen-id=1 sig-id=2021260 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2003566 type=Limit tracking=src count=3 seconds=300
| gen-id=1 sig-id=2008956 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2003586 type=Limit tracking=src count=3 seconds=300
| gen-id=1 sig-id=2003583 type=Limit tracking=src count=3 seconds=300
| gen-id=1 sig-id=2027421 type=Limit tracking=dst count=1 seconds=120
| gen-id=1 sig-id=2027420 type=Limit tracking=dst count=1 seconds=120
| gen-id=1 sig-id=2027419 type=Limit tracking=dst count=1 seconds=120
| gen-id=1 sig-id=2027438 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2027437 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2019346 type=Both tracking=dst count=500 seconds=60
| gen-id=1 sig-id=2021329 type=Both tracking=src count=10 seconds=120
| gen-id=1 sig-id=2021328 type=Both tracking=src count=10 seconds=120
| gen-id=1 sig-id=2021327 type=Both tracking=src count=10 seconds=120
| gen-id=1 sig-id=2021326 type=Limit tracking=src count=3 seconds=60
| gen-id=1 sig-id=2002842 type=Both tracking=src count=5 seconds=60
| gen-id=1 sig-id=2019350 type=Both tracking=dst count=500 seconds=60
| gen-id=1 sig-id=2019349 type=Both tracking=dst count=500 seconds=60
| gen-id=1 sig-id=2019348 type=Both tracking=dst count=500 seconds=60
| gen-id=1 sig-id=2019347 type=Both tracking=dst count=500 seconds=60
| gen-id=1 sig-id=2009040 type=Threshold tracking=src count=20 seconds=10
| gen-id=1 sig-id=2025518 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2025546 type=Both tracking=src count=1 seconds=120
| gen-id=1 sig-id=2021333 type=Both tracking=src count=10 seconds=120
| gen-id=1 sig-id=2021332 type=Both tracking=src count=10 seconds=120
| gen-id=1 sig-id=2021331 type=Both tracking=src count=10 seconds=120
| gen-id=1 sig-id=2021330 type=Both tracking=src count=10 seconds=120
| gen-id=1 sig-id=2002878 type=Limit tracking=src count=1 seconds=360
| gen-id=1 sig-id=2019383 type=Both tracking=src count=1 seconds=60
| gen-id=1 sig-id=2025553 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2019401 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2002911 type=Both tracking=src count=5 seconds=60
| gen-id=1 sig-id=2002910 type=Both tracking=src count=5 seconds=60
| gen-id=1 sig-id=2019418 type=Both tracking=src count=50 seconds=300
| gen-id=1 sig-id=2019416 type=Limit tracking=src count=1 seconds=300
| gen-id=1 sig-id=2019415 type=Limit tracking=src count=1 seconds=300
| gen-id=1 sig-id=2002935 type=Both tracking=src count=10 seconds=60
| gen-id=1 sig-id=2023304 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2002943 type=Both tracking=src count=10 seconds=60
| gen-id=1 sig-id=2013336 type=Limit tracking=src count=1 seconds=600
| gen-id=1 sig-id=2021410 type=Both tracking=src count=10 seconds=120
| gen-id=1 sig-id=2021409 type=Both tracking=src count=10 seconds=120
| gen-id=1 sig-id=2023400 type=Both tracking=src count=1 seconds=120
| gen-id=1 sig-id=2021444 type=Both tracking=src count=10 seconds=120
| gen-id=1 sig-id=2021443 type=Both tracking=src count=10 seconds=120
| gen-id=1 sig-id=2009159 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2003068 type=Threshold tracking=src count=5 seconds=120
| gen-id=1 sig-id=2019609 type=Both tracking=src count=50 seconds=10
| gen-id=1 sig-id=2021575 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2021574 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2021573 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2021572 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2025009 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2013479 type=Both tracking=src count=20 seconds=360
| gen-id=1 sig-id=2013505 type=Limit tracking=src count=1 seconds=300
| gen-id=1 sig-id=2020853 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2013492 type=Both tracking=src count=2 seconds=120
| gen-id=1 sig-id=2001219 type=Both tracking=src count=5 seconds=120
| gen-id=1 sig-id=2018908 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2018907 type=Limit tracking=dst count=1 seconds=120
| gen-id=1 sig-id=2018906 type=Limit tracking=dst count=1 seconds=120
| gen-id=1 sig-id=2018905 type=Limit tracking=dst count=1 seconds=120
| gen-id=1 sig-id=2018904 type=Limit tracking=dst count=1 seconds=120
| gen-id=1 sig-id=2003171 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2003194 type=Both tracking=src count=5 seconds=360
| gen-id=1 sig-id=2003193 type=Both tracking=src count=100 seconds=60
| gen-id=1 sig-id=2003192 type=Both tracking=src count=100 seconds=60
| gen-id=1 sig-id=2025107 type=Limit tracking=src count=1 seconds=120
| gen-id=1 sig-id=2025106 type=Limit tracking=src count=1 seconds=120
| gen-id=1 sig-id=2025105 type=Limit tracking=src count=1 seconds=120
| gen-id=1 sig-id=2025104 type=Limit tracking=src count=1 seconds=120
| gen-id=1 sig-id=2018984 type=Both tracking=src count=1 seconds=30
| gen-id=1 sig-id=2018978 type=Both tracking=dst count=1 seconds=60
| gen-id=1 sig-id=2018977 type=Both tracking=src count=1 seconds=60
| gen-id=1 sig-id=2023203 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2019022 type=Both tracking=src count=2 seconds=60
| gen-id=1 sig-id=2019021 type=Both tracking=dst count=2 seconds=60
| gen-id=1 sig-id=2019020 type=Both tracking=dst count=2 seconds=60
| gen-id=1 sig-id=2019019 type=Both tracking=dst count=2 seconds=60
| gen-id=1 sig-id=2019018 type=Both tracking=dst count=2 seconds=60
| gen-id=1 sig-id=2019017 type=Both tracking=dst count=2 seconds=60
| gen-id=1 sig-id=2019016 type=Both tracking=dst count=2 seconds=60
| gen-id=1 sig-id=2019015 type=Both tracking=src count=1 seconds=120
| gen-id=1 sig-id=2019014 type=Both tracking=src count=1 seconds=120
| gen-id=1 sig-id=2019013 type=Both tracking=src count=1 seconds=120
| gen-id=1 sig-id=2019012 type=Both tracking=src count=1 seconds=120
| gen-id=1 sig-id=2019011 type=Both tracking=src count=1 seconds=120
| gen-id=1 sig-id=2019010 type=Both tracking=src count=1 seconds=120
| gen-id=1 sig-id=2010937 type=Limit tracking=src count=5 seconds=60
| gen-id=1 sig-id=2010936 type=Limit tracking=src count=5 seconds=60
| gen-id=1 sig-id=2025202 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2010935 type=Limit tracking=src count=5 seconds=60
| gen-id=1 sig-id=2025200 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2025198 type=Both tracking=src count=5 seconds=120
| gen-id=1 sig-id=2010953 type=Limit tracking=src count=10 seconds=60
| gen-id=1 sig-id=2010939 type=Limit tracking=src count=5 seconds=60
| gen-id=1 sig-id=2010938 type=Limit tracking=src count=5 seconds=60
| gen-id=1 sig-id=2102275 type=Threshold tracking=dst count=5 seconds=60
| gen-id=1 sig-id=2017162 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2017161 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2011030 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2011029 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2009098 type=Limit tracking=src count=1 seconds=300
| gen-id=1 sig-id=2002945 type=Both tracking=src count=10 seconds=60
| gen-id=1 sig-id=2017967 type=Both tracking=src count=2 seconds=60
| gen-id=1 sig-id=2017966 type=Both tracking=src count=1 seconds=120
| gen-id=1 sig-id=2017965 type=Both tracking=src count=1 seconds=120
| gen-id=1 sig-id=2022197 type=Limit tracking=src count=1 seconds=600
| gen-id=1 sig-id=2016016 type=Both tracking=dst count=5 seconds=60
| gen-id=1 sig-id=2002953 type=Limit tracking=src count=1 seconds=120
| gen-id=1 sig-id=2002952 type=Limit tracking=src count=1 seconds=120
| gen-id=1 sig-id=2002951 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2009099 type=Limit tracking=src count=1 seconds=300
| gen-id=1 sig-id=2002950 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2016033 type=Limit tracking=src count=1 seconds=300
| gen-id=1 sig-id=2016031 type=Limit tracking=src count=1 seconds=300
| gen-id=1 sig-id=2016030 type=Limit tracking=src count=1 seconds=300
| gen-id=1 sig-id=2024177 type=Limit tracking=src count=1 seconds=600
| gen-id=1 sig-id=2024175 type=Limit tracking=src count=1 seconds=600
| gen-id=1 sig-id=2024174 type=Limit tracking=dst count=1 seconds=600
| gen-id=1 sig-id=2022206 type=Limit tracking=src count=1 seconds=3600
| gen-id=1 sig-id=2024173 type=Limit tracking=src count=1 seconds=600
| gen-id=1 sig-id=2022205 type=Limit tracking=src count=1 seconds=600
| gen-id=1 sig-id=2022204 type=Limit tracking=src count=1 seconds=600
| gen-id=1 sig-id=2022203 type=Limit tracking=src count=1 seconds=600
| gen-id=1 sig-id=2022202 type=Limit tracking=src count=1 seconds=600
| gen-id=1 sig-id=2022201 type=Limit tracking=src count=1 seconds=600
| gen-id=1 sig-id=2022200 type=Limit tracking=src count=1 seconds=600
| gen-id=1 sig-id=2022199 type=Limit tracking=src count=1 seconds=600
| gen-id=1 sig-id=2022198 type=Limit tracking=src count=1 seconds=600
| gen-id=1 sig-id=2002994 type=Both tracking=src count=30 seconds=60
| gen-id=1 sig-id=2002993 type=Both tracking=src count=30 seconds=120
| gen-id=1 sig-id=2002992 type=Both tracking=src count=30 seconds=120
| gen-id=1 sig-id=2011887 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2024182 type=Both tracking=src count=60 seconds=60
| gen-id=1 sig-id=2022243 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2002995 type=Both tracking=src count=30 seconds=60
| gen-id=1 sig-id=2016101 type=Limit tracking=src count=1 seconds=120
| gen-id=1 sig-id=2009972 type=Limit tracking=src count=5 seconds=600
| gen-id=1 sig-id=2009969 type=Limit tracking=src count=5 seconds=600
| gen-id=1 sig-id=2009968 type=Limit tracking=src count=5 seconds=600
| gen-id=1 sig-id=2009967 type=Limit tracking=src count=1 seconds=300
| gen-id=1 sig-id=2022291 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2009986 type=Both tracking=src count=2 seconds=60
| gen-id=1 sig-id=2010008 type=Limit tracking=src count=1 seconds=600
| gen-id=1 sig-id=2008085 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2008084 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2008073 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2008098 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2008097 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2008096 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2016212 type=Limit tracking=src count=1 seconds=300
| gen-id=1 sig-id=2025780 type=Threshold tracking=dst count=255 seconds=10
| gen-id=1 sig-id=2003930 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2003927 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2014272 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2014271 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2015482 type=Both tracking=src count=10 seconds=600
| gen-id=1 sig-id=2001972 type=Both tracking=src count=20 seconds=360
| gen-id=1 sig-id=2008147 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2019692 type=Both tracking=src count=12 seconds=120
| gen-id=1 sig-id=2008181 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2019749 type=Limit tracking=src count=1 seconds=600
| gen-id=1 sig-id=2019748 type=Limit tracking=src count=1 seconds=600
| gen-id=1 sig-id=2025894 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2025921 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2025919 type=Limit tracking=dst count=1 seconds=30
| gen-id=1 sig-id=2011668 type=Limit tracking=src count=1 seconds=300
| gen-id=1 sig-id=2019778 type=Both tracking=dst count=1 seconds=60
| gen-id=1 sig-id=2023996 type=Limit tracking=dst count=3 seconds=90
| gen-id=1 sig-id=2023995 type=Both tracking=dst count=3 seconds=90
| gen-id=1 sig-id=2011716 type=Limit tracking=src count=5 seconds=120
| gen-id=1 sig-id=2017921 type=Both tracking=src count=2 seconds=60
| gen-id=1 sig-id=2017920 type=Both tracking=src count=2 seconds=60
| gen-id=1 sig-id=2017919 type=Both tracking=dst count=2 seconds=60
| gen-id=1 sig-id=2017918 type=Both tracking=dst count=2 seconds=60
| gen-id=1 sig-id=2011766 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2025992 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2011809 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2025984 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2011808 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2026027 type=Threshold tracking=src count=1 seconds=35
| gen-id=1 sig-id=2019876 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2026020 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2026019 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2026018 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2026017 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2026016 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2009867 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2026040 type=Both tracking=dst count=10 seconds=90
| gen-id=1 sig-id=2019889 type=Both tracking=src count=12 seconds=120
| gen-id=1 sig-id=2019888 type=Both tracking=src count=12 seconds=120
| gen-id=1 sig-id=2019887 type=Both tracking=src count=12 seconds=120
| gen-id=1 sig-id=2026035 type=Both tracking=dst count=1 seconds=60
| gen-id=1 sig-id=2019886 type=Both tracking=src count=12 seconds=120
| gen-id=1 sig-id=2019885 type=Both tracking=src count=12 seconds=120
| gen-id=1 sig-id=2019884 type=Both tracking=src count=12 seconds=120
| gen-id=1 sig-id=2019883 type=Both tracking=src count=12 seconds=120
| gen-id=1 sig-id=2019882 type=Both tracking=src count=12 seconds=120
| gen-id=1 sig-id=2009547 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2009544 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2019897 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2019922 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2019919 type=Limit tracking=src count=1 seconds=120
| gen-id=1 sig-id=2021886 type=Limit tracking=src count=1 seconds=300
| gen-id=1 sig-id=2026098 type=Limit tracking=src count=1 seconds=300
| gen-id=1 sig-id=2026097 type=Limit tracking=src count=1 seconds=300
| gen-id=1 sig-id=2019966 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2019963 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2025403 type=Both tracking=dst count=100 seconds=60
| gen-id=1 sig-id=2001564 type=Limit tracking=src count=5 seconds=300
| gen-id=1 sig-id=2025402 type=Both tracking=dst count=100 seconds=60
| gen-id=1 sig-id=2025401 type=Both tracking=dst count=100 seconds=60
| gen-id=1 sig-id=2001562 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2011915 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2011914 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2023453 type=Both tracking=src count=1 seconds=60
| gen-id=1 sig-id=2102496 type=Both tracking=dst count=20 seconds=60
| gen-id=1 sig-id=2001580 type=Both tracking=src count=70 seconds=60
| gen-id=1 sig-id=2001579 type=Both tracking=src count=70 seconds=60
| gen-id=1 sig-id=2020026 type=Both tracking=src count=1 seconds=120
| gen-id=1 sig-id=2001569 type=Both tracking=src count=70 seconds=60
| gen-id=1 sig-id=2013894 type=Both tracking=src count=100 seconds=10
| gen-id=1 sig-id=2001583 type=Both tracking=src count=40 seconds=60
| gen-id=1 sig-id=2018094 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2025453 type=Both tracking=src count=1 seconds=120
| gen-id=1 sig-id=2001582 type=Both tracking=src count=40 seconds=60
| gen-id=1 sig-id=2025452 type=Both tracking=src count=1 seconds=120
| gen-id=1 sig-id=2001581 type=Both tracking=src count=70 seconds=60
| gen-id=1 sig-id=2018090 type=Limit tracking=src count=1 seconds=300
| gen-id=1 sig-id=2018088 type=Limit tracking=src count=1 seconds=300
| gen-id=1 sig-id=2025465 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2023495 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2011975 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2011974 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2007801 type=Both tracking=src count=5 seconds=360
| gen-id=1 sig-id=2023596 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2023618 type=Both tracking=src count=1 seconds=60
| gen-id=1 sig-id=2023617 type=Both tracking=src count=1 seconds=60
| gen-id=1 sig-id=2023616 type=Both tracking=src count=1 seconds=60
| gen-id=1 sig-id=2023615 type=Both tracking=src count=1 seconds=60
| gen-id=1 sig-id=2023614 type=Both tracking=src count=1 seconds=60
| gen-id=1 sig-id=2023613 type=Both tracking=src count=1 seconds=60
| gen-id=1 sig-id=2023612 type=Both tracking=src count=1 seconds=60
| gen-id=1 sig-id=2023627 type=Both tracking=src count=1 seconds=60
| gen-id=1 sig-id=2023626 type=Both tracking=src count=1 seconds=60
| gen-id=1 sig-id=2023625 type=Both tracking=src count=1 seconds=60
| gen-id=1 sig-id=2023624 type=Both tracking=src count=1 seconds=60
| gen-id=1 sig-id=2023623 type=Both tracking=src count=1 seconds=60
| gen-id=1 sig-id=2009356 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2023622 type=Both tracking=src count=1 seconds=60
| gen-id=1 sig-id=2009355 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2023621 type=Both tracking=src count=1 seconds=60
| gen-id=1 sig-id=2023620 type=Both tracking=src count=1 seconds=60
| gen-id=1 sig-id=2023619 type=Both tracking=src count=1 seconds=60
| gen-id=1 sig-id=2021691 type=Limit tracking=src count=3 seconds=60
| gen-id=1 sig-id=2023678 type=Both tracking=src count=10 seconds=60
| gen-id=1 sig-id=2023677 type=Both tracking=src count=10 seconds=60
| gen-id=1 sig-id=2003259 type=Both tracking=src count=1 seconds=900
| gen-id=1 sig-id=2003258 type=Both tracking=src count=1 seconds=900
| gen-id=1 sig-id=2003257 type=Both tracking=src count=2 seconds=900
| gen-id=1 sig-id=2003256 type=Both tracking=src count=2 seconds=900
| gen-id=1 sig-id=2003255 type=Both tracking=src count=1 seconds=900
| gen-id=1 sig-id=2003254 type=Both tracking=src count=1 seconds=900
| gen-id=1 sig-id=2015577 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2003275 type=Both tracking=src count=1 seconds=900
| gen-id=1 sig-id=2003274 type=Both tracking=src count=1 seconds=900
| gen-id=1 sig-id=2003273 type=Both tracking=src count=1 seconds=900
| gen-id=1 sig-id=2003272 type=Both tracking=src count=1 seconds=900
| gen-id=1 sig-id=2003271 type=Both tracking=src count=1 seconds=900
| gen-id=1 sig-id=2003270 type=Both tracking=src count=1 seconds=900
| gen-id=1 sig-id=2003269 type=Both tracking=src count=1 seconds=900
| gen-id=1 sig-id=2003268 type=Both tracking=src count=1 seconds=900
| gen-id=1 sig-id=2003267 type=Both tracking=src count=1 seconds=900
| gen-id=1 sig-id=2003266 type=Both tracking=src count=1 seconds=900
| gen-id=1 sig-id=2003263 type=Both tracking=src count=1 seconds=900
| gen-id=1 sig-id=2003262 type=Both tracking=src count=1 seconds=900
| gen-id=1 sig-id=2003261 type=Both tracking=src count=1 seconds=900
| gen-id=1 sig-id=2003260 type=Both tracking=src count=1 seconds=900
| gen-id=1 sig-id=2003281 type=Both tracking=src count=1 seconds=900
| gen-id=1 sig-id=2003280 type=Both tracking=src count=1 seconds=900
| gen-id=1 sig-id=2003279 type=Both tracking=src count=1 seconds=900
| gen-id=1 sig-id=2003278 type=Both tracking=src count=1 seconds=900
| gen-id=1 sig-id=2003277 type=Both tracking=src count=1 seconds=900
| gen-id=1 sig-id=2003276 type=Both tracking=src count=1 seconds=900
| gen-id=1 sig-id=2022540 type=Limit tracking=src count=1 seconds=60
| gen-id=1 sig-id=2009475 type=Limit tracking=src count=1 seconds=120
| gen-id=1 sig-id=2015633 type=Limit tracking=src count=1 seconds=300
| gen-id=1 sig-id=2009481 type=Threshold tracking=dst count=20 seconds=40
| gen-id=1 sig-id=2009480 type=Limit tracking=dst count=1 seconds=60
| gen-id=1 sig-id=2022564 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2026773 type=Both tracking=src count=10 seconds=60
| gen-id=1 sig-id=2022588 type=Limit tracking=dst count=1 seconds=600
| gen-id=1 sig-id=2014471 type=Limit tracking=src count=1 seconds=3
| gen-id=1 sig-id=2022587 type=Limit tracking=dst count=1 seconds=600
| gen-id=1 sig-id=2022586 type=Limit tracking=dst count=1 seconds=600
| gen-id=1 sig-id=2022585 type=Limit tracking=dst count=1 seconds=600
| gen-id=1 sig-id=2022584 type=Limit tracking=dst count=1 seconds=600
| gen-id=1 sig-id=2026762 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2009512 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2009538 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2009537 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2003387 type=Limit tracking=src count=5 seconds=60
| gen-id=1 sig-id=2009534 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2003384 type=Limit tracking=src count=1 seconds=300
| gen-id=1 sig-id=2022618 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2022617 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2022616 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2022615 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2007583 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2003397 type=Both tracking=src count=1 seconds=300
| gen-id=1 sig-id=2008363 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2020661 type=Limit tracking=dst count=1 seconds=1200
| gen-id=1 sig-id=2008361 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2008355 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2020702 type=Both tracking=src count=1 seconds=60
| gen-id=1 sig-id=2008391 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2020712 type=Limit tracking=src count=2 seconds=60
| gen-id=1 sig-id=2008413 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2008400 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2008429 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2008428 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2008427 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2008424 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2008423 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2026901 type=Limit tracking=src count=1 seconds=30
| gen-id=1 sig-id=2008422 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2020742 type=Both tracking=src count=3 seconds=60
| gen-id=1 sig-id=2020741 type=Both tracking=src count=3 seconds=60
| gen-id=1 sig-id=2008440 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2008463 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2008460 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2100163 type=Both tracking=src count=100 seconds=60
| gen-id=1 sig-id=2100162 type=Both tracking=dst count=100 seconds=60
| gen-id=1 sig-id=2008455 type=Threshold tracking=src count=5 seconds=30
| gen-id=1 sig-id=2008454 type=Threshold tracking=src count=5 seconds=30
| gen-id=1 sig-id=2100158 type=Both tracking=src count=100 seconds=60
| gen-id=1 sig-id=2008453 type=Threshold tracking=src count=5 seconds=30
| gen-id=1 sig-id=2024219 type=Threshold tracking=src count=20 seconds=1
| gen-id=1 sig-id=2008464 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2024217 type=Both tracking=src count=3 seconds=30
| gen-id=1 sig-id=2008495 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2008494 type=Limit tracking=src count=2 seconds=300
| gen-id=1 sig-id=2008488 type=Limit tracking=src count=2 seconds=300
+-----------------------[suppression]------------------------------------------
| none
-------------------------------------------------------------------------------
Rule application order: activation->dynamic->pass->drop->sdrop->reject->alert->log
Verifying Preprocessor Configurations!
WARNING: flowbits key 'ET.RIGEKExploit' is set but not ever checked.
WARNING: flowbits key 'http.dottedquadhost.ppt' is set but not ever checked.
WARNING: flowbits key 'http.dottedquadhost.pptx' is set but not ever checked.
WARNING: flowbits key 'ETPRO.Trojan.BAT.Qhost' is set but not ever checked.
WARNING: flowbits key 'et.trojan.valkik.kku' is set but not ever checked.
WARNING: flowbits key 'ET.http.rtf.download' is set but not ever checked.
WARNING: flowbits key 'ET.genericphish_Tesco' is set but not ever checked.
WARNING: flowbits key 'ET.PcClient' is set but not ever checked.
WARNING: flowbits key 'ET.000webhostpost' is set but not ever checked.
WARNING: flowbits key 'http.dottedquadhost.rar' is set but not ever checked.
WARNING: flowbits key 'ET.atf.in.http' is set but not ever checked.
WARNING: flowbits key 'ETPRO.Microsoft.Excel' is set but not ever checked.
WARNING: flowbits key 'ET.mp3.in.http' is set but not ever checked.
WARNING: flowbits key 'http.dottedquadhost.dll' is set but not ever checked.
WARNING: flowbits key 'http.dottedquadhost.docx' is set but not ever checked.
WARNING: flowbits key 'ET.formdata' is set but not ever checked.
WARNING: flowbits key 'ET.MP4.Download' is set but not ever checked.
WARNING: flowbits key 'http.dottedquadhost.tgz' is set but not ever checked.
WARNING: flowbits key 'http.dottedquadhost.xls' is set but not ever checked.
WARNING: flowbits key 'http.dottedquadhost.ps' is set but not ever checked.
WARNING: flowbits key 'ETPRO.Emotet' is set but not ever checked.
WARNING: flowbits key 'NuclearEK' is set but not ever checked.
WARNING: flowbits key 'ET.aurora.init' is set but not ever checked.
WARNING: flowbits key 'ETPRO.RTF.OBJ' is set but not ever checked.
WARNING: flowbits key 'ET.fakealert.rena.n' is set but not ever checked.
WARNING: flowbits key 'ET.HTA.Download' is set but not ever checked.
WARNING: flowbits key 'ET.realEDUrequest' is set but not ever checked.
WARNING: flowbits key 'ET.Fedex_DHL_Phish' is set but not ever checked.
WARNING: flowbits key 'http.dottedquadhost.rtf' is set but not ever checked.
WARNING: flowbits key 'ET.Multimedia.Download' is set but not ever checked.
WARNING: flowbits key 'ET.TinyNuke' is set but not ever checked.
WARNING: flowbits key 'ET.Fareit.chk' is set but not ever checked.
WARNING: flowbits key 'ET.iTunes.vuln' is set but not ever checked.
WARNING: flowbits key 'http.dottedquadhost.hta' is set but not ever checked.
WARNING: flowbits key 'ET.bifrose1' is set but not ever checked.
WARNING: flowbits key 'EXE2' is set but not ever checked.
WARNING: flowbits key 'ET.vba-jpg-dl' is set but not ever checked.
WARNING: flowbits key 'ET.zipfile' is set but not ever checked.
WARNING: flowbits key 'http.dottedquadhost.xlsx' is set but not ever checked.
WARNING: flowbits key 'http.dottedquadhost.ps1' is set but not ever checked.
WARNING: flowbits key 'http.dottedquadhost.vbs' is set but not ever checked.
WARNING: flowbits key 'ET.pdx.in.http' is set but not ever checked.
WARNING: flowbits key 'ET.etrust.fieldis' is set but not ever checked.
WARNING: flowbits key 'ET.Cryptocurrency_Phish' is set but not ever checked.
WARNING: flowbits key 'SunDown.EK' is set but not ever checked.
WARNING: flowbits key 'http.dottedquadhost.doc' is set but not ever checked.
WARNING: flowbits key 'ET.mp4.in.http' is set but not ever checked.
WARNING: flowbits key 'http.dottedquadhost.gz' is set but not ever checked.
WARNING: flowbits key 'ET.saturn.checkin' is set but not ever checked.
WARNING: flowbits key 'ET.IRC.BOT.CntSOCPU' is set but not ever checked.
WARNING: flowbits key 'ET.fdf.in.http' is set but not ever checked.
WARNING: flowbits key 'ET.RUGGED.BANNER' is set but not ever checked.
WARNING: flowbits key 'http.dottedquadhost.pdf' is set but not ever checked.
WARNING: flowbits key 'ET.SecondaryFlash.Req' is set but not ever checked.
WARNING: flowbits key 'ET_EDGE_UA' is set but not ever checked.
WARNING: flowbits key 'ET.EOT.Download' is set but not ever checked.
WARNING: flowbits key 'ET.pdf.in.smtp.attachment' is set but not ever checked.
WARNING: flowbits key 'BS.BPcheckin1' is set but not ever checked.
WARNING: flowbits key 'http.dottedquadhost.zip' is set but not ever checked.
258 out of 1024 flowbits in use.
root@OpenWrt:/etc/snort/rules#
root@OpenWrt:/etc/snort/rules# C�+HTK$�X�YY��attern Matching Memory ]
+- [ Aho-Corasick Summary ] -------------------------------------
| Storage Format :[46769.678832] device br-lan entered promiscuous mode
Full-Q
| Finite Automaton : DFA
| Alphabet Size : 256 Chars
| Sizeof State : Variable (1,2,4 bytes)
| Instances : 220
| 1 byte states : 195
| 2 byte states : 25
| 4 byte states : 0
| Characters : 457909
| States : 226401
| Transitions : 16439472
| State Density : 28.4%
| Patterns : 31007
| Match States : 25384
| Memory (MB) : 123.73
| Patterns : 3.24
| Match Lists : 8.62
| DFA
| 1 byte states : 1.70
| 2 byte states : 109.79
| 4 byte states : 0.00
+----------------------------------------------------------------
[ Number of patterns truncated to 20 bytes: 7684 ]
pcap DAQ configured to passive.
Acquiring network traffic from "br-lan".
Reload thread starting...
Reload thread started, thread 0xfff516ab08 (2730)
Decoding Ethernet
--== Initialization Complete ==--
,,_ -*> Snort! <*-
o" )~ Version 2.9.11.1 GRE (Build 268)
'''' By Martin Roesch & The Snort Team:
http://www.snort.org/contact#team Copyright (C) 2014-2017 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using libpcap version 1.9.0-PRE-GIT (with TPACKET_V3)
Using PCRE version: 8.43 2019-02-23
Using ZLIB version: 1.2.11
Rules Engine: SF_SNORT_DETECTION_ENGINE Version 3.0 <Build 1>
Preprocessor Object: SF_DCERPC2 Version 1.0 <Build 3>
Preprocessor Object: SF_DNP3 Version 1.1 <Build 1>
Preprocessor Object: SF_DNS Version 1.1 <Build 4>
Preprocessor Object: SF_FTPTELNET Version 1.2 <Build 13>
Preprocessor Object: SF_GTP Version 1.1 <Build 1>
Preprocessor Object: SF_IMAP Version 1.0 <Build 1>
Preprocessor Object: SF_MODBUS Version 1.1 <Build 1>
Preprocessor Object: SF_POP Version 1.0 <Build 1>
Preprocessor Object: SF_REPUTATION Version 1.1 <Build 1>
Preprocessor Object: SF_SDF Version 1.1 <Build 1>
Preprocessor Object: SF_SIP Version 1.1 <Build 1>
Preprocessor Object: SF_SMTP Version 1.1 <Build 9>
Preprocessor Object: SF_SSH Version 1.1 <Build 3>
Preprocessor Object: SF_SSLPP Version 1.1 <Build 4>
Commencing packet processing (pid=2729)