bridge mode not working
Locked
Reply |
Threaded
Open this post in threaded view
|
More ♦
♦
| Loading... |
| Reply to author |
| Edit post |
| Move post |
| Delete this post |
| Delete this post and replies |
| Change post date |
| Print post |
| Permalink |
| Raw mail |
Feb 25, 2016; 8:56pm
bridge mode not working
 
|
Hi, I can't seem to use the Shield in bridge mode I'm using the 1.51 SP1 From ITUS I have attach the logs any help would be any help any help appreciated
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ FW 151 SP1 [ 0.000000] Linux version 3.10.20 (daniel@Ayoub) (gcc version 4.7.0 (Cavium Inc. Version: SDK_3_1_0_p2 build 34) ) #165 SMP Mon May 18 23:41:17 PDT 2015 [ 0.000000] CVMSEG size: 2 cache lines (256 bytes) [ 0.000000] Cavium Inc. SDK-3.1 [ 0.000000] bootconsole [early0] enabled [ 0.000000] CPU revision is: 000d9602 (Cavium Octeon III) [ 0.000000] FPU revision is: 00739600 [ 0.000000] Checking for the multiply/shift bug... no. [ 0.000000] Checking for the daddiu bug... no. [ 0.000000] Determined physical RAM map: [ 0.000000] memory: 000000000c800000 @ 0000000002500000 (usable) [ 0.000000] memory: 0000000000c00000 @ 000000000f200000 (usable) [ 0.000000] memory: 000000002f000000 @ 0000000020000000 (usable) [ 0.000000] memory: 0000000000830000 @ 0000000000100000 (usable) [ 0.000000] memory: 0000000001a00000 @ 0000000000930000 (usable after init) [ 0.000000] Wasting 896 bytes for tracking 16 unused pages [ 0.000000] Initrd not found or empty - disabling initrd [ 0.000000] Using passed Device Tree <8000000000080000>. [ 0.000000] software IO TLB [mem 0x02670000-0x026b0000] (0MB) mapped at [8000000002670000-80000000026affff] [ 0.000000] Zone ranges: [ 0.000000] DMA32 [mem 0x00100000-0xefffffff] [ 0.000000] Normal empty [ 0.000000] Movable zone start for each node [ 0.000000] Early memory node ranges [ 0.000000] node 0: [mem 0x00100000-0x0232ffff] [ 0.000000] node 0: [mem 0x02500000-0x0ecfffff] [ 0.000000] node 0: [mem 0x0f200000-0x0fdfffff] [ 0.000000] node 0: [mem 0x20000000-0x4effffff] [ 0.000000] On node 0 totalpages: 15971 [ 0.000000] DMA32 zone: 14 pages used for memmap [ 0.000000] DMA32 zone: 0 pages reserved [ 0.000000] DMA32 zone: 15971 pages, LIFO batch:1 [ 0.000000] Cavium Hotplug: Available coremask 0x0 [ 0.000000] Primary instruction cache 78kB, virtually tagged, 39 way, 16 sets, linesize 128 bytes. [ 0.000000] Primary data cache 32kB, 32-way, 8 sets, linesize 128 bytes. [ 0.000000] Secondary unified cache 512kB, 4-way, 1024 sets, linesize 128 bytes. [ 0.000000] PERCPU: Embedded 1 pages/cpu @8000000002710000 s12544 r8192 d44800 u65536 [ 0.000000] pcpu-alloc: s12544 r8192 d44800 u65536 alloc=1*65536 [ 0.000000] pcpu-alloc: [0] 0 [0] 1 [ 0.000000] Built 1 zonelists in Zone order, mobility grouping off. Total pages: 15957 [ 0.000000] Kernel command line: bootoctlinux 0x20000000 numcores=2 serial#=752011191521-36287 console=ttyS0,115200 [ 0.000000] PID hash table entries: 4096 (order: -1, 32768 bytes) [ 0.000000] Dentry cache hash table entries: 131072 (order: 4, 1048576 bytes) [ 0.000000] Inode-cache hash table entries: 65536 (order: 3, 524288 bytes) [ 0.000000] Memory: 983296k/1022144k available (5825k kernel code, 38848k reserved, 2536k data, 26624k init, 0k highmem) [ 0.000000] Hierarchical RCU implementation. [ 0.000000] RCU restricting CPUs from NR_CPUS=32 to nr_cpu_ids=2. [ 0.000000] NR_IRQS:512 [ 0.000000] CIB interrupt controller probed: 800107000000e000 23 bits [ 0.000000] CIB interrupt controller probed: 800107000000e200 12 bits [ 0.000000] CIB interrupt controller probed: 800107000000e400 6 bits [ 0.000000] CIB interrupt controller probed: 800107000000ec00 15 bits [ 0.000000] CIB interrupt controller probed: 800107000000e600 4 bits [ 0.000000] CIB interrupt controller probed: 800107000000e800 11 bits [ 0.000000] CIB interrupt controller probed: 800107000000e900 11 bits [ 22.725144] Calibrating delay loop (skipped) preset value.. 2000.00 BogoMIPS (lpj=10000000) [ 22.733357] pid_max: default: 32768 minimum: 501 [ 22.738073] Security Framework initialized [ 22.742090] Mount-cache hash table entries: 4096 [ 22.748345] Checking for the daddi bug... no. [ 22.749135] SMP: Booting CPU01 (CoreId 1)... [ 22.753337] CPU revision is: 000d9602 (Cavium Octeon III) [ 22.753341] FPU revision is: 00739600 [ 22.753523] Cpu 1 online [ 22.764938] Brought up 2 CPUs [ 22.767883] Cavium Hotplug: Available coremask 0x0 [ 22.774871] NET: Registered protocol family 16 [ 22.780284] Installing handlers for error tree at: ffffffff808be430 [ 22.797802] PCIe: Initializing port 0 [ 24.860345] PCIe: Link timeout on port 0, probably the slot is empty [ 24.860351] PCIe: Initializing port 1 [ 24.863847] PCIe: Port 1 not in PCIe mode, skipping [ 24.863852] PCIe: Initializing port 2 [ 24.867494] PCIe: Port 2 not in PCIe mode, skipping [ 24.873862] [sched_delayed] sched: RT throttling activated [ 24.887172] bio: create slab <bio-0> at 0 [ 24.891594] vgaarb: loaded [ 24.894524] SCSI subsystem initialized [ 24.898373] libata version 3.00 loaded. [ 24.898790] usbcore: registered new interface driver usbfs [ 24.904223] usbcore: registered new interface driver hub [ 24.909519] usbcore: registered new device driver usb [ 24.914669] pps_core: LinuxPPS API ver. 1 registered [ 24.919467] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti <giometti@linux.it> [ 24.928692] PTP clock support registered [ 24.932568] EDAC MC: Ver: 3.0.0 [ 24.936245] PCI host bridge to bus 0000:00 [ 24.940202] pci_bus 0000:00: root bus resource [mem 0x1000000000000] [ 24.946525] pci_bus 0000:00: root bus resource [io 0x0000] [ 24.952093] pci_bus 0000:00: No busn resource found for root bus, will use [bus 00-ff] [ 24.960020] pci_bus 0000:00: busn_res: [bus 00-ff] end is updated to 00 [ 24.960969] Switching to clocksource OCTEON_CVMCOUNT [ 24.967241] NET: Registered protocol family 2 [ 24.971884] TCP established hash table entries: 8192 (order: 1, 131072 bytes) [ 24.979001] TCP bind hash table entries: 8192 (order: 1, 131072 bytes) [ 24.985491] TCP: Hash tables configured (established 8192 bind 8192) [ 24.991760] TCP: reno registered [ 24.994941] UDP hash table entries: 2048 (order: 0, 65536 bytes) [ 25.001028] UDP-Lite hash table entries: 2048 (order: 0, 65536 bytes) [ 25.007685] NET: Registered protocol family 1 [ 25.011890] PCI: CLS 0 bytes, default 128 [ 26.600444] octeon_pci_console: Console not created. [ 26.605246] /proc/octeon_perf: Octeon performance counter interface loaded [ 26.614108] HugeTLB registered 512 MB page size, pre-allocated 0 pages [ 26.621834] sys_fw_version: 0.1.17 [ 26.621847] sys_revision: 21 [ 26.622197] squashfs: version 4.0 (2009/01/31) Phillip Lougher [ 26.628132] NTFS driver 2.1.30 [Flags: R/W]. [ 26.632261] jffs2: version 2.2. (NAND) © 2001-2006 Red Hat, Inc. [ 26.638394] msgmni has been set to 1920 [ 26.643138] Key type asymmetric registered [ 26.647125] Asymmetric key parser 'x509' registered [ 26.651948] io scheduler noop registered [ 26.655864] io scheduler deadline registered [ 26.660125] io scheduler cfq registered (default) [ 26.665045] octeon_gpio 1070000000800.gpio-controller: OCTEON GPIO [ 26.720929] Serial: 8250/16550 driver, 6 ports, IRQ sharing disabled [ 26.730581] 1180000000800.serial: ttyS0 at MMIO 0x1180000000800 (irq = 34) is a OCTEON [ 26.738370] console [ttyS0] enabled, bootconsole disabled [ 26.761913] 1180000000c00.serial: ttyS1 at MMIO 0x1180000000c00 (irq = 35) is a OCTEON [ 26.784064] brd: module loaded [ 26.802566] loop: module loaded [ 26.819418] slram: not enough parameters. [ 26.843748] IMQ driver loaded successfully. (numdevs = 16, numqueues = 1) [ 26.862833] Hooking IMQ after NAT on PREROUTING. [ 26.879899] Hooking IMQ before NAT on POSTROUTING. [ 26.899358] libphy: mdio-octeon: probed [ 26.916715] mdio-octeon 1180000001800.mdio: Version 1.0 [ 26.934436] spi_ks8995: Micrel KS8995 Ethernet switch SPI driver version 0.1.1 [ 26.954575] e1000e: Intel(R) PRO/1000 Network Driver - 2.3.2-k [ 26.972715] e1000e: Copyright(c) 1999 - 2013 Intel Corporation. [ 26.991163] octeon-pow-ethernet ERROR: You must specify a broadcast group mask. [ 27.010805] octeon-ethernet 2.0 [ 27.027806] Interface 0 has 4 ports (QSGMII) [ 27.027884] Interface 1 has 4 ports (QSGMII) [ 27.027891] Interface 2 has 4 ports (NPI) [ 27.027905] Interface 3 has 4 ports (LOOP) [ 27.027922] Interface 4 has 1 ports (AGL) [ 27.036465] usbcore: registered new interface driver cdc_ether [ 27.054584] usbcore: registered new interface driver plusb [ 27.072325] usbcore: registered new interface driver sierra_net [ 27.091093] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver [ 27.110068] ehci-pci: EHCI PCI platform driver [ 27.126770] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver [ 27.145782] usbcore: registered new interface driver usb-storage [ 27.164236] usbcore: registered new interface driver usbserial [ 27.182308] usbcore: registered new interface driver usbserial_generic [ 27.201061] usbserial: USB Serial support registered for generic [ 27.219355] usbcore: registered new interface driver sierra [ 27.237156] usbserial: USB Serial support registered for Sierra USB modem [ 27.256391] i2c /dev entries driver [ 27.272488] i2c-octeon 1180000001000.i2c: version 2.5 [ 27.290526] octeon_wdt: Initial granularity 5 Sec [ 27.307634] EDAC DEVICE0: Giving out device to module 'octeon-cpu' controller 'cache': DEV 'octeon_pc_edac' (INTERRUPT) [ 27.330772] EDAC DEVICE1: Giving out device to module 'octeon-l2c' controller 'octeon_l2c_err': DEV 'octeon_l2c_edac' (POLLED) [ 27.354433] octeon_lmc_edac octeon_lmc_edac.0: Disabled (ECC not enabled) [ 29.976006] Netfilter messages via NETLINK v0.30. [ 29.992848] nfnl_acct: registering with nfnetlink. [ 30.009813] nf_conntrack version 0.5.0 (7682 buckets, 30728 max) [ 30.028251] ctnetlink v0.93: registering with nfnetlink. [ 30.046080] xt_time: kernel timezone is -0000 [ 30.062571] ip_set: protocol 6 [ 30.077871] ipip: IPv4 over IPv4 tunneling driver [ 30.095219] gre: GRE over IPv4 demultiplexor driver [ 30.112243] ip_gre: GRE over IPv4 tunneling driver [ 30.130452] ip_tables: (C) 2000-2006 Netfilter Core Team [ 30.148092] ipt_CLUSTERIP: ClusterIP Version 0.8 loaded successfully [ 30.166623] arp_tables: (C) 2002 David S. Miller [ 30.183415] TCP: cubic registered [ 30.198855] Initializing XFRM netlink socket [ 30.215298] NET: Registered protocol family 10 [ 30.235090] mip6: Mobile IPv6 [ 30.250229] ip6_tables: (C) 2000-2006 Netfilter Core Team [ 30.268046] sit: IPv6 over IPv4 tunneling driver [ 30.286123] ip6_gre: GRE over IPv6 tunneling driver [ 30.303797] NET: Registered protocol family 17 [ 30.320410] NET: Registered protocol family 15 [ 30.337075] Bridge firewalling registered [ 30.353225] Ebtables v2.0 registered [ 30.415841] 8021q: 802.1Q VLAN Support v1.8 [ 30.432228] Key type dns_resolver registered [ 30.448762] L2 lock: TLB refill 256 bytes [ 30.464898] L2 lock: General exception 128 bytes [ 30.481638] L2 lock: low-level interrupt 128 bytes [ 30.498549] L2 lock: interrupt 640 bytes [ 30.514596] L2 lock: memcpy 1152 bytes [ 30.532485] drivers/rtc/hctosys.c: unable to open rtc device (rtc0) [ 30.557209] Freeing unused kernel memory: 26624K (ffffffff80930000 - ffffffff82330000) [ 47.009456] mmc1: BKOPS_EN bit is not set [ 47.030164] mmc1: new high speed DDR MMC card at address 0001 [ 47.048634] mmcblk0: mmc1:0001 P1XXXX 3.60 GiB [ 47.065612] mmcblk0boot0: mmc1:0001 P1XXXX partition 1 2.00 MiB [ 47.083980] mmcblk0boot1: mmc1:0001 P1XXXX partition 2 2.00 MiB [ 47.102346] mmcblk0rpmb: mmc1:0001 P1XXXX partition 3 128 KiB [ 47.124261] mmcblk0: p1 p2 p3 p4 [ 47.145115] mmcblk0boot1: unknown partition table [ 47.166615] mmcblk0boot0: unknown partition table [ 48.224774] kjournald starting. Commit interval 5 seconds [ 48.225632] EXT3-fs (mmcblk0p4): using internal journal [ 48.226361] EXT3-fs (mmcblk0p4): recovery complete [ 48.226365] EXT3-fs (mmcblk0p4): mounted filesystem with writeback data mode [ 48.518963] init: failed to symlink /tmp -> /var [ 48.536017] init: Console is alive [ 48.551893] init: - watchdog - [ 49.568034] init: - preinit - [ 52.767656] mount_root: mounting /dev/root [ 52.784638] mount_root: loading kmods from internal overlay [ 52.914476] block: attempting to load /etc/config/fstab [ 52.933966] block: extroot: not configured [ 52.954786] procd: - early - [ 52.970129] procd: - watchdog - [ 53.686287] procd: - ubus - [ 54.701879] procd: - init - [ 56.469127] NET: Registered protocol family 38 [ 56.492458] tun: Universal TUN/TAP device driver, 1.6 [ 56.509808] tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com> [ 56.537922] u32 classifier [ 56.552774] input device check on [ 56.568557] Actions configured [ 56.585225] Mirror/redirect action on [ 56.609841] PPP generic driver version 2.4.2 [ 56.627318] NET: Registered protocol family 24 [ 58.643099] SGMII0: Port 1 link timeout [ 58.643323] eth1: 1000 Mbps Full duplex, port 1 [ 58.643397] IPv6: ADDRCONF(NETDEV_UP): eth1: link is not ready [ 58.644131] device eth1 entered promiscuous mode [ 58.646257] IPv6: ADDRCONF(NETDEV_UP): br-lan: link is not ready [ 58.653440] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready [ 58.674891] SGMII0: Port 2 link timeout [ 58.675160] eth2: 1000 Mbps Full duplex, port 2 [ 58.675282] IPv6: ADDRCONF(NETDEV_UP): eth2: link is not ready [ 59.616006] IPv6: ADDRCONF(NETDEV_CHANGE): eth1: link becomes ready [ 59.616070] br-lan: port 1(eth1) entered forwarding state [ 59.616095] br-lan: port 1(eth1) entered forwarding state [ 59.616145] IPv6: ADDRCONF(NETDEV_CHANGE): br-lan: link becomes ready [ 59.646194] IPv6: ADDRCONF(NETDEV_CHANGE): eth2: link becomes ready [ 60.666155] eth0: 1000 Mbps Full duplex, port 0 [ 60.666182] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready [ 60.697447] nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to attach helpers instead. [ 61.615827] br-lan: port 1(eth1) entered forwarding state [ 65.749622] eth0: Link down [ 65.800427] eth2: Link down [ 65.856773] br-lan: port 1(eth1) entered disabled state [ 65.857958] device eth1 left promiscuous mode [ 65.857977] br-lan: port 1(eth1) entered disabled state [ 65.877858] eth1: Link down [ 65.881402] IPv6: ADDRCONF(NETDEV_UP): eth1: link is not ready [ 67.101529] eth1: 1000 Mbps Full duplex, port 1 [ 67.102455] device eth1 entered promiscuous mode [ 67.107694] br-lan: port 1(eth1) entered forwarding state [ 67.107723] br-lan: port 1(eth1) entered forwarding state [ 67.137986] eth0: 1000 Mbps Full duplex, port 0 [ 67.159709] eth2: 1000 Mbps Full duplex, port 2 [ 69.105840] br-lan: port 1(eth1) entered forwarding state [ 80.135652] eth0: Link down [ 81.149365] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready [ 83.095606] eth1: Link down [ 83.176053] eth0: 1000 Mbps Full duplex, port 0 [ 83.195831] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready [ 84.195883] br-lan: port 1(eth1) entered disabled state [ 86.105975] eth1: 1000 Mbps Full duplex, port 1 [ 86.106033] br-lan: port 1(eth1) entered forwarding state [ 86.106065] br-lan: port 1(eth1) entered forwarding state [ 86.165675] eth2: Link down [ 87.159418] IPv6: ADDRCONF(NETDEV_UP): eth2: link is not ready [ 88.105824] br-lan: port 1(eth1) entered forwarding state [ 89.176005] eth2: 1000 Mbps Full duplex, port 2 [ 89.195851] IPv6: ADDRCONF(NETDEV_CHANGE): eth2: link becomes ready [ 116.245666] eth0: Link down [ 117.240390] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready [ 118.125582] eth1: Link down [ 119.116017] br-lan: port 1(eth1) entered disabled state [ 120.205583] eth2: Link down [ 120.256063] eth0: 1000 Mbps Full duplex, port 0 [ 120.285867] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready [ 121.224196] IPv6: ADDRCONF(NETDEV_UP): eth2: link is not ready [ 122.135950] eth1: 1000 Mbps Full duplex, port 1 [ 122.146030] br-lan: port 1(eth1) entered forwarding state [ 122.146069] br-lan: port 1(eth1) entered forwarding state [ 124.145833] br-lan: port 1(eth1) entered forwarding state [ 124.235980] eth2: 1000 Mbps Full duplex, port 2 [ 124.239465] IPv6: ADDRCONF(NETDEV_CHANGE): eth2: link becomes ready [ 170.755829] device eth2 entered promiscuous mode [ 170.905826] device eth0 entered promiscuous mode [ 638.155665] eth1: Link down [ 638.155726] br-lan: port 1(eth1) entered disabled state [ 638.255621] eth2: Link down [ 639.155774] IPv6: ADDRCONF(NETDEV_UP): eth2: link is not ready [ 639.216238] device eth2 left promiscuous mode [ 639.346151] device eth0 left promiscuous mode [ 641.165908] eth1: 1000 Mbps Full duplex, port 1 [ 641.186003] eth2: 1000 Mbps Full duplex, port 2 [ 641.186031] br-lan: port 1(eth1) entered forwarding state [ 641.186055] br-lan: port 1(eth1) entered forwarding state [ 641.186106] IPv6: ADDRCONF(NETDEV_CHANGE): eth2: link becomes ready [ 643.185818] br-lan: port 1(eth1) entered forwarding state [ 651.185703] eth1: Link down [ 651.185787] br-lan: port 1(eth1) entered disabled state [ 651.206057] eth2: Link down [ 652.199943] IPv6: ADDRCONF(NETDEV_UP): eth2: link is not ready [ 654.195935] eth1: 1000 Mbps Full duplex, port 1 [ 654.195972] br-lan: port 1(eth1) entered forwarding state [ 654.196004] br-lan: port 1(eth1) entered forwarding state [ 654.196687] IPv6: ADDRCONF(NETDEV_CHANGE): eth2: link becomes ready [ 654.215940] eth2: 1000 Mbps Full duplex, port 2 [ 656.195827] br-lan: port 1(eth1) entered forwarding state [ 662.215671] eth1: Link down [ 662.235857] br-lan: port 1(eth1) entered disabled state [ 663.225953] eth1: 1000 Mbps Full duplex, port 1 [ 663.226073] br-lan: port 1(eth1) entered forwarding state [ 663.226102] br-lan: port 1(eth1) entered forwarding state [ 665.225818] br-lan: port 1(eth1) entered forwarding state [ 737.185840] device eth2 entered promiscuous mode [ 737.335825] device eth0 entered promiscuous mode -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Fri Feb 19 00:11:06 2016 kern.notice kernel: [ 0.000000] Linux version 3.10.20 (daniel@Ayoub) (gcc version 4.7.0 (Cavium Inc. Version: SDK_3_1_0_p2 build 34) ) #165 SMP Mon May 18 23:41:17 PDT 2015 Fri Feb 19 00:11:06 2016 kern.notice kernel: [ 0.000000] CVMSEG size: 2 cache lines (256 bytes) Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] Cavium Inc. SDK-3.1 Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] bootconsole [early0] enabled Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] CPU revision is: 000d9602 (Cavium Octeon III) Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] FPU revision is: 00739600 Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 0.000000] Checking for the multiply/shift bug... no. Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 0.000000] Checking for the daddiu bug... no. Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] Determined physical RAM map: Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] memory: 000000000c800000 @ 0000000002500000 (usable) Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] memory: 0000000000c00000 @ 000000000f200000 (usable) Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] memory: 000000002f000000 @ 0000000020000000 (usable) Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] memory: 0000000000830000 @ 0000000000100000 (usable) Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] memory: 0000000001a00000 @ 0000000000930000 (usable after init) Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] Wasting 896 bytes for tracking 16 unused pages Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] Initrd not found or empty - disabling initrd Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] Using passed Device Tree <8000000000080000>. Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] software IO TLB [mem 0x02670000-0x026b0000] (0MB) mapped at [8000000002670000-80000000026affff] Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 0.000000] Zone ranges: Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 0.000000] DMA32 [mem 0x00100000-0xefffffff] Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 0.000000] Normal empty Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 0.000000] Movable zone start for each node Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 0.000000] Early memory node ranges Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 0.000000] node 0: [mem 0x00100000-0x0232ffff] Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 0.000000] node 0: [mem 0x02500000-0x0ecfffff] Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 0.000000] node 0: [mem 0x0f200000-0x0fdfffff] Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 0.000000] node 0: [mem 0x20000000-0x4effffff] Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 0.000000] On node 0 totalpages: 15971 Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 0.000000] DMA32 zone: 14 pages used for memmap Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 0.000000] DMA32 zone: 0 pages reserved Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 0.000000] DMA32 zone: 15971 pages, LIFO batch:1 Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] Cavium Hotplug: Available coremask 0x0 Fri Feb 19 00:11:06 2016 kern.notice kernel: [ 0.000000] Primary instruction cache 78kB, virtually tagged, 39 way, 16 sets, linesize 128 bytes. Fri Feb 19 00:11:06 2016 kern.notice kernel: [ 0.000000] Primary data cache 32kB, 32-way, 8 sets, linesize 128 bytes. Fri Feb 19 00:11:06 2016 kern.notice kernel: [ 0.000000] Secondary unified cache 512kB, 4-way, 1024 sets, linesize 128 bytes. Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] PERCPU: Embedded 1 pages/cpu @8000000002710000 s12544 r8192 d44800 u65536 Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 0.000000] pcpu-alloc: s12544 r8192 d44800 u65536 alloc=1*65536 Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 0.000000] pcpu-alloc: [0] 0 [0] 1 Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 0.000000] Built 1 zonelists in Zone order, mobility grouping off. Total pages: 15957 Fri Feb 19 00:11:06 2016 kern.notice kernel: [ 0.000000] Kernel command line: bootoctlinux 0x20000000 numcores=2 serial#=752011191521-36287 console=ttyS0,115200 Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] PID hash table entries: 4096 (order: -1, 32768 bytes) Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] Dentry cache hash table entries: 131072 (order: 4, 1048576 bytes) Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] Inode-cache hash table entries: 65536 (order: 3, 524288 bytes) Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] Memory: 983296k/1022144k available (5825k kernel code, 38848k reserved, 2536k data, 26624k init, 0k highmem) Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] Hierarchical RCU implementation. Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] RCU restricting CPUs from NR_CPUS=32 to nr_cpu_ids=2. Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] NR_IRQS:512 Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] CIB interrupt controller probed: 800107000000e000 23 bits Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] CIB interrupt controller probed: 800107000000e200 12 bits Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] CIB interrupt controller probed: 800107000000e400 6 bits Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] CIB interrupt controller probed: 800107000000ec00 15 bits Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] CIB interrupt controller probed: 800107000000e600 4 bits Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] CIB interrupt controller probed: 800107000000e800 11 bits Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] CIB interrupt controller probed: 800107000000e900 11 bits Fri Feb 19 00:11:06 2016 kern.info kernel: [ 22.725144] Calibrating delay loop (skipped) preset value.. 2000.00 BogoMIPS (lpj=10000000) Fri Feb 19 00:11:06 2016 kern.info kernel: [ 22.733357] pid_max: default: 32768 minimum: 501 Fri Feb 19 00:11:06 2016 kern.info kernel: [ 22.738073] Security Framework initialized Fri Feb 19 00:11:06 2016 kern.info kernel: [ 22.742090] Mount-cache hash table entries: 4096 Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 22.748345] Checking for the daddi bug... no. Fri Feb 19 00:11:06 2016 kern.info kernel: [ 22.749135] SMP: Booting CPU01 (CoreId 1)... Fri Feb 19 00:11:06 2016 kern.info kernel: [ 22.753337] CPU revision is: 000d9602 (Cavium Octeon III) Fri Feb 19 00:11:06 2016 kern.info kernel: [ 22.753341] FPU revision is: 00739600 Fri Feb 19 00:11:06 2016 kern.info kernel: [ 22.753523] Cpu 1 online Fri Feb 19 00:11:06 2016 kern.info kernel: [ 22.764938] Brought up 2 CPUs Fri Feb 19 00:11:06 2016 kern.info kernel: [ 22.767883] Cavium Hotplug: Available coremask 0x0 Fri Feb 19 00:11:06 2016 kern.info kernel: [ 22.774871] NET: Registered protocol family 16 Fri Feb 19 00:11:06 2016 kern.notice kernel: [ 22.780284] Installing handlers for error tree at: ffffffff808be430 Fri Feb 19 00:11:06 2016 kern.notice kernel: [ 22.797802] PCIe: Initializing port 0 Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 24.860345] PCIe: Link timeout on port 0, probably the slot is empty Fri Feb 19 00:11:06 2016 kern.notice kernel: [ 24.860351] PCIe: Initializing port 1 Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 24.863847] PCIe: Port 1 not in PCIe mode, skipping Fri Feb 19 00:11:06 2016 kern.notice kernel: [ 24.863852] PCIe: Initializing port 2 Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 24.867494] PCIe: Port 2 not in PCIe mode, skipping Fri Feb 19 00:11:06 2016 kern.warn kernel: [ 24.873862] [sched_delayed] sched: RT throttling activated Fri Feb 19 00:11:06 2016 kern.info kernel: [ 24.887172] bio: create slab <bio-0> at 0 Fri Feb 19 00:11:06 2016 kern.info kernel: [ 24.891594] vgaarb: loaded Fri Feb 19 00:11:06 2016 kern.notice kernel: [ 24.894524] SCSI subsystem initialized Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 24.898373] libata version 3.00 loaded. Fri Feb 19 00:11:06 2016 kern.info kernel: [ 24.898790] usbcore: registered new interface driver usbfs Fri Feb 19 00:11:06 2016 kern.info kernel: [ 24.904223] usbcore: registered new interface driver hub Fri Feb 19 00:11:06 2016 kern.info kernel: [ 24.909519] usbcore: registered new device driver usb Fri Feb 19 00:11:06 2016 kern.info kernel: [ 24.914669] pps_core: LinuxPPS API ver. 1 registered Fri Feb 19 00:11:06 2016 kern.info kernel: [ 24.919467] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti <giometti@linux.it> Fri Feb 19 00:11:06 2016 kern.info kernel: [ 24.928692] PTP clock support registered Fri Feb 19 00:11:06 2016 kern.info kernel: [ 24.932568] EDAC MC: Ver: 3.0.0 Fri Feb 19 00:11:06 2016 kern.info kernel: [ 24.936245] PCI host bridge to bus 0000:00 Fri Feb 19 00:11:06 2016 kern.info kernel: [ 24.940202] pci_bus 0000:00: root bus resource [mem 0x1000000000000] Fri Feb 19 00:11:06 2016 kern.info kernel: [ 24.946525] pci_bus 0000:00: root bus resource [io 0x0000] Fri Feb 19 00:11:06 2016 kern.info kernel: [ 24.952093] pci_bus 0000:00: No busn resource found for root bus, will use [bus 00-ff] Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 24.960020] pci_bus 0000:00: busn_res: [bus 00-ff] end is updated to 00 Fri Feb 19 00:11:06 2016 kern.info kernel: [ 24.960969] Switching to clocksource OCTEON_CVMCOUNT Fri Feb 19 00:11:06 2016 kern.info kernel: [ 24.967241] NET: Registered protocol family 2 Fri Feb 19 00:11:06 2016 kern.info kernel: [ 24.971884] TCP established hash table entries: 8192 (order: 1, 131072 bytes) Fri Feb 19 00:11:06 2016 kern.info kernel: [ 24.979001] TCP bind hash table entries: 8192 (order: 1, 131072 bytes) Fri Feb 19 00:11:06 2016 kern.info kernel: [ 24.985491] TCP: Hash tables configured (established 8192 bind 8192) Fri Feb 19 00:11:06 2016 kern.info kernel: [ 24.991760] TCP: reno registered Fri Feb 19 00:11:06 2016 kern.info kernel: [ 24.994941] UDP hash table entries: 2048 (order: 0, 65536 bytes) Fri Feb 19 00:11:06 2016 kern.info kernel: [ 25.001028] UDP-Lite hash table entries: 2048 (order: 0, 65536 bytes) Fri Feb 19 00:11:06 2016 kern.info kernel: [ 25.007685] NET: Registered protocol family 1 Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 25.011890] PCI: CLS 0 bytes, default 128 Fri Feb 19 00:11:06 2016 kern.notice kernel: [ 26.600444] octeon_pci_console: Console not created. Fri Feb 19 00:11:06 2016 kern.notice kernel: [ 26.605246] /proc/octeon_perf: Octeon performance counter interface loaded Fri Feb 19 00:11:06 2016 kern.info kernel: [ 26.614108] HugeTLB registered 512 MB page size, pre-allocated 0 pages Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 26.621834] sys_fw_version: 0.1.17 Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 26.621847] sys_revision: 21 Fri Feb 19 00:11:06 2016 kern.info kernel: [ 26.622197] squashfs: version 4.0 (2009/01/31) Phillip Lougher Fri Feb 19 00:11:06 2016 kern.info kernel: [ 26.628132] NTFS driver 2.1.30 [Flags: R/W]. Fri Feb 19 00:11:06 2016 kern.info kernel: [ 26.632261] jffs2: version 2.2. (NAND) © 2001-2006 Red Hat, Inc. Fri Feb 19 00:11:06 2016 kern.info kernel: [ 26.638394] msgmni has been set to 1920 Fri Feb 19 00:11:06 2016 kern.notice kernel: [ 26.643138] Key type asymmetric registered Fri Feb 19 00:11:06 2016 kern.notice kernel: [ 26.647125] Asymmetric key parser 'x509' registered Fri Feb 19 00:11:06 2016 kern.info kernel: [ 26.651948] io scheduler noop registered Fri Feb 19 00:11:06 2016 kern.info kernel: [ 26.655864] io scheduler deadline registered Fri Feb 19 00:11:06 2016 kern.info kernel: [ 26.660125] io scheduler cfq registered (default) Fri Feb 19 00:11:06 2016 kern.info kernel: [ 26.665045] octeon_gpio 1070000000800.gpio-controller: OCTEON GPIO Fri Feb 19 00:11:06 2016 kern.info kernel: [ 26.720929] Serial: 8250/16550 driver, 6 ports, IRQ sharing disabled Fri Feb 19 00:11:06 2016 kern.info kernel: [ 26.730581] 1180000000800.serial: ttyS0 at MMIO 0x1180000000800 (irq = 34) is a OCTEON Fri Feb 19 00:11:06 2016 kern.info kernel: [ 26.738370] console [ttyS0] enabled, bootconsole disabled Fri Feb 19 00:11:06 2016 kern.info kernel: [ 26.761913] 1180000000c00.serial: ttyS1 at MMIO 0x1180000000c00 (irq = 35) is a OCTEON Fri Feb 19 00:11:06 2016 kern.info kernel: [ 26.784064] brd: module loaded Fri Feb 19 00:11:06 2016 kern.info kernel: [ 26.802566] loop: module loaded Fri Feb 19 00:11:06 2016 kern.notice kernel: [ 26.819418] slram: not enough parameters. Fri Feb 19 00:11:06 2016 kern.info kernel: [ 26.843748] IMQ driver loaded successfully. (numdevs = 16, numqueues = 1) Fri Feb 19 00:11:06 2016 kern.info kernel: [ 26.862833] Hooking IMQ after NAT on PREROUTING. Fri Feb 19 00:11:06 2016 kern.info kernel: [ 26.879899] Hooking IMQ before NAT on POSTROUTING. Fri Feb 19 00:11:06 2016 kern.info kernel: [ 26.899358] libphy: mdio-octeon: probed Fri Feb 19 00:11:06 2016 kern.info kernel: [ 26.916715] mdio-octeon 1180000001800.mdio: Version 1.0 Fri Feb 19 00:11:06 2016 kern.info kernel: [ 26.934436] spi_ks8995: Micrel KS8995 Ethernet switch SPI driver version 0.1.1 Fri Feb 19 00:11:06 2016 kern.info kernel: [ 26.954575] e1000e: Intel(R) PRO/1000 Network Driver - 2.3.2-k Fri Feb 19 00:11:06 2016 kern.info kernel: [ 26.972715] e1000e: Copyright(c) 1999 - 2013 Intel Corporation. Fri Feb 19 00:11:06 2016 kern.err kernel: [ 26.991163] octeon-pow-ethernet ERROR: You must specify a broadcast group mask. Fri Feb 19 00:11:06 2016 kern.notice kernel: [ 27.010805] octeon-ethernet 2.0 Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 27.027806] Interface 0 has 4 ports (QSGMII) Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 27.027884] Interface 1 has 4 ports (QSGMII) Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 27.027891] Interface 2 has 4 ports (NPI) Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 27.027905] Interface 3 has 4 ports (LOOP) Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 27.027922] Interface 4 has 1 ports (AGL) Fri Feb 19 00:11:06 2016 kern.info kernel: [ 27.036465] usbcore: registered new interface driver cdc_ether Fri Feb 19 00:11:06 2016 kern.info kernel: [ 27.054584] usbcore: registered new interface driver plusb Fri Feb 19 00:11:06 2016 kern.info kernel: [ 27.072325] usbcore: registered new interface driver sierra_net Fri Feb 19 00:11:06 2016 kern.info kernel: [ 27.091093] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver Fri Feb 19 00:11:06 2016 kern.info kernel: [ 27.110068] ehci-pci: EHCI PCI platform driver Fri Feb 19 00:11:06 2016 kern.info kernel: [ 27.126770] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver Fri Feb 19 00:11:06 2016 kern.info kernel: [ 27.145782] usbcore: registered new interface driver usb-storage Fri Feb 19 00:11:06 2016 kern.info kernel: [ 27.164236] usbcore: registered new interface driver usbserial Fri Feb 19 00:11:06 2016 kern.info kernel: [ 27.182308] usbcore: registered new interface driver usbserial_generic Fri Feb 19 00:11:06 2016 kern.info kernel: [ 27.201061] usbserial: USB Serial support registered for generic Fri Feb 19 00:11:06 2016 kern.info kernel: [ 27.219355] usbcore: registered new interface driver sierra Fri Feb 19 00:11:06 2016 kern.info kernel: [ 27.237156] usbserial: USB Serial support registered for Sierra USB modem Fri Feb 19 00:11:06 2016 kern.info kernel: [ 27.256391] i2c /dev entries driver Fri Feb 19 00:11:06 2016 kern.info kernel: [ 27.272488] i2c-octeon 1180000001000.i2c: version 2.5 Fri Feb 19 00:11:06 2016 kern.info kernel: [ 27.290526] octeon_wdt: Initial granularity 5 Sec Fri Feb 19 00:11:06 2016 kern.info kernel: [ 27.307634] EDAC DEVICE0: Giving out device to module 'octeon-cpu' controller 'cache': DEV 'octeon_pc_edac' (INTERRUPT) Fri Feb 19 00:11:06 2016 kern.info kernel: [ 27.330772] EDAC DEVICE1: Giving out device to module 'octeon-l2c' controller 'octeon_l2c_err': DEV 'octeon_l2c_edac' (POLLED) Fri Feb 19 00:11:06 2016 kern.info kernel: [ 27.354433] octeon_lmc_edac octeon_lmc_edac.0: Disabled (ECC not enabled) Fri Feb 19 00:11:06 2016 kern.info kernel: [ 29.976006] Netfilter messages via NETLINK v0.30. Fri Feb 19 00:11:06 2016 kern.info kernel: [ 29.992848] nfnl_acct: registering with nfnetlink. Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.009813] nf_conntrack version 0.5.0 (7682 buckets, 30728 max) Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.028251] ctnetlink v0.93: registering with nfnetlink. Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.046080] xt_time: kernel timezone is -0000 Fri Feb 19 00:11:06 2016 kern.notice kernel: [ 30.062571] ip_set: protocol 6 Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.077871] ipip: IPv4 over IPv4 tunneling driver Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.095219] gre: GRE over IPv4 demultiplexor driver Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.112243] ip_gre: GRE over IPv4 tunneling driver Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.130452] ip_tables: (C) 2000-2006 Netfilter Core Team Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.148092] ipt_CLUSTERIP: ClusterIP Version 0.8 loaded successfully Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.166623] arp_tables: (C) 2002 David S. Miller Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.183415] TCP: cubic registered Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.198855] Initializing XFRM netlink socket Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.215298] NET: Registered protocol family 10 Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.235090] mip6: Mobile IPv6 Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.250229] ip6_tables: (C) 2000-2006 Netfilter Core Team Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.268046] sit: IPv6 over IPv4 tunneling driver Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.286123] ip6_gre: GRE over IPv6 tunneling driver Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.303797] NET: Registered protocol family 17 Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.320410] NET: Registered protocol family 15 Fri Feb 19 00:11:06 2016 kern.notice kernel: [ 30.337075] Bridge firewalling registered Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.353225] Ebtables v2.0 registered Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.415841] 8021q: 802.1Q VLAN Support v1.8 Fri Feb 19 00:11:06 2016 kern.notice kernel: [ 30.432228] Key type dns_resolver registered Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.448762] L2 lock: TLB refill 256 bytes Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.464898] L2 lock: General exception 128 bytes Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.481638] L2 lock: low-level interrupt 128 bytes Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.498549] L2 lock: interrupt 640 bytes Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.514596] L2 lock: memcpy 1152 bytes Fri Feb 19 00:11:06 2016 kern.err kernel: [ 30.532485] drivers/rtc/hctosys.c: unable to open rtc device (rtc0) Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.557209] Freeing unused kernel memory: 26624K (ffffffff80930000 - ffffffff82330000) Fri Feb 19 00:11:06 2016 kern.info kernel: [ 47.009456] mmc1: BKOPS_EN bit is not set Fri Feb 19 00:11:06 2016 kern.info kernel: [ 47.030164] mmc1: new high speed DDR MMC card at address 0001 Fri Feb 19 00:11:06 2016 kern.info kernel: [ 47.048634] mmcblk0: mmc1:0001 P1XXXX 3.60 GiB Fri Feb 19 00:11:06 2016 kern.info kernel: [ 47.065612] mmcblk0boot0: mmc1:0001 P1XXXX partition 1 2.00 MiB Fri Feb 19 00:11:06 2016 kern.info kernel: [ 47.083980] mmcblk0boot1: mmc1:0001 P1XXXX partition 2 2.00 MiB Fri Feb 19 00:11:06 2016 kern.info kernel: [ 47.102346] mmcblk0rpmb: mmc1:0001 P1XXXX partition 3 128 KiB Fri Feb 19 00:11:06 2016 kern.info kernel: [ 47.124261] mmcblk0: p1 p2 p3 p4 Fri Feb 19 00:11:06 2016 kern.info kernel: [ 47.145115] mmcblk0boot1: unknown partition table Fri Feb 19 00:11:06 2016 kern.info kernel: [ 47.166615] mmcblk0boot0: unknown partition table Fri Feb 19 00:11:06 2016 kern.info kernel: [ 48.224774] kjournald starting. Commit interval 5 seconds Fri Feb 19 00:11:06 2016 kern.info kernel: [ 48.225632] EXT3-fs (mmcblk0p4): using internal journal Fri Feb 19 00:11:06 2016 kern.info kernel: [ 48.226361] EXT3-fs (mmcblk0p4): recovery complete Fri Feb 19 00:11:06 2016 kern.info kernel: [ 48.226365] EXT3-fs (mmcblk0p4): mounted filesystem with writeback data mode Fri Feb 19 00:11:06 2016 user.err kernel: [ 48.518963] init: failed to symlink /tmp -> /var Fri Feb 19 00:11:06 2016 user.info kernel: [ 48.536017] init: Console is alive Fri Feb 19 00:11:06 2016 user.info kernel: [ 48.551893] init: - watchdog - Fri Feb 19 00:11:06 2016 user.info kernel: [ 49.568034] init: - preinit - Fri Feb 19 00:11:06 2016 user.notice kernel: [ 52.767656] mount_root: mounting /dev/root Fri Feb 19 00:11:06 2016 user.info kernel: [ 52.784638] mount_root: loading kmods from internal overlay Fri Feb 19 00:11:06 2016 user.info kernel: [ 52.914476] block: attempting to load /etc/config/fstab Fri Feb 19 00:11:06 2016 user.info kernel: [ 52.933966] block: extroot: not configured Fri Feb 19 00:11:06 2016 user.info kernel: [ 52.954786] procd: - early - Fri Feb 19 00:11:06 2016 user.info kernel: [ 52.970129] procd: - watchdog - Fri Feb 19 00:11:06 2016 user.info kernel: [ 53.686287] procd: - ubus - Fri Feb 19 00:11:06 2016 user.info kernel: [ 54.701879] procd: - init - Fri Feb 19 00:11:06 2016 kern.info kernel: [ 56.469127] NET: Registered protocol family 38 Fri Feb 19 00:11:06 2016 kern.info kernel: [ 56.492458] tun: Universal TUN/TAP device driver, 1.6 Fri Feb 19 00:11:06 2016 kern.info kernel: [ 56.509808] tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com> Fri Feb 19 00:11:06 2016 kern.info kernel: [ 56.537922] u32 classifier Fri Feb 19 00:11:06 2016 kern.info kernel: [ 56.552774] input device check on Fri Feb 19 00:11:06 2016 kern.info kernel: [ 56.568557] Actions configured Fri Feb 19 00:11:06 2016 kern.info kernel: [ 56.585225] Mirror/redirect action on Fri Feb 19 00:11:06 2016 kern.info kernel: [ 56.609841] PPP generic driver version 2.4.2 Fri Feb 19 00:11:06 2016 kern.info kernel: [ 56.627318] NET: Registered protocol family 24 Fri Feb 19 00:11:07 2016 user.emerg procd: this file has been obseleted. please call "/sbin/block mount" directly Fri Feb 19 00:11:07 2016 daemon.warn netifd: You have delegated IPv6-prefixes but haven't assigned them to any interface. Did you forget to set option ip6assign on your lan-interfaces? Fri Feb 19 00:11:07 2016 kern.debug kernel: [ 58.643099] SGMII0: Port 1 link timeout Fri Feb 19 00:11:07 2016 kern.notice kernel: [ 58.643323] eth1: 1000 Mbps Full duplex, port 1 Fri Feb 19 00:11:07 2016 kern.info kernel: [ 58.643397] IPv6: ADDRCONF(NETDEV_UP): eth1: link is not ready Fri Feb 19 00:11:07 2016 kern.info kernel: [ 58.644131] device eth1 entered promiscuous mode Fri Feb 19 00:11:07 2016 daemon.notice netifd: Interface 'lan' is enabled Fri Feb 19 00:11:07 2016 daemon.notice netifd: Interface 'blockdomain' is enabled Fri Feb 19 00:11:07 2016 daemon.notice netifd: Interface 'blockdomain' is setting up now Fri Feb 19 00:11:07 2016 daemon.notice netifd: Interface 'blockdomain' is now up Fri Feb 19 00:11:07 2016 daemon.notice netifd: Interface 'loopback' is enabled Fri Feb 19 00:11:07 2016 daemon.notice netifd: Interface 'loopback' is setting up now Fri Feb 19 00:11:07 2016 daemon.notice netifd: Interface 'loopback' is now up Fri Feb 19 00:11:07 2016 daemon.notice netifd: Interface 'wan' is enabled Fri Feb 19 00:11:07 2016 daemon.err block: /dev/mmcblk0p4 is already mounted Fri Feb 19 00:11:07 2016 kern.info kernel: [ 58.646257] IPv6: ADDRCONF(NETDEV_UP): br-lan: link is not ready Fri Feb 19 00:11:07 2016 kern.info kernel: [ 58.653440] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready Fri Feb 19 00:11:07 2016 kern.debug kernel: [ 58.674891] SGMII0: Port 2 link timeout Fri Feb 19 00:11:07 2016 kern.notice kernel: [ 58.675160] eth2: 1000 Mbps Full duplex, port 2 Fri Feb 19 00:11:07 2016 kern.info kernel: [ 58.675282] IPv6: ADDRCONF(NETDEV_UP): eth2: link is not ready Fri Feb 19 00:11:07 2016 daemon.notice netifd: Interface 'wan6' is enabled Fri Feb 19 00:11:07 2016 daemon.notice netifd: Network device 'lo' link is up Fri Feb 19 00:11:07 2016 daemon.notice netifd: Interface 'loopback' has link connectivity Fri Feb 19 00:11:07 2016 cron.info crond[3190]: crond (busybox 1.23.2) started, log level 5 Fri Feb 19 00:11:08 2016 daemon.notice netifd: Network device 'eth1' link is up Fri Feb 19 00:11:08 2016 daemon.notice netifd: Bridge 'br-lan' link is up Fri Feb 19 00:11:08 2016 daemon.notice netifd: Interface 'lan' has link connectivity Fri Feb 19 00:11:08 2016 daemon.notice netifd: Interface 'lan' is setting up now Fri Feb 19 00:11:08 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity Fri Feb 19 00:11:08 2016 kern.info kernel: [ 59.616006] IPv6: ADDRCONF(NETDEV_CHANGE): eth1: link becomes ready Fri Feb 19 00:11:08 2016 kern.info kernel: [ 59.616070] br-lan: port 1(eth1) entered forwarding state Fri Feb 19 00:11:08 2016 kern.info kernel: [ 59.616095] br-lan: port 1(eth1) entered forwarding state Fri Feb 19 00:11:08 2016 kern.info kernel: [ 59.616145] IPv6: ADDRCONF(NETDEV_CHANGE): br-lan: link becomes ready Fri Feb 19 00:11:08 2016 daemon.notice netifd: Network device 'eth2' link is up Fri Feb 19 00:11:08 2016 daemon.notice netifd: Interface 'wan6' has link connectivity Fri Feb 19 00:11:08 2016 daemon.notice netifd: Interface 'wan6' is setting up now Fri Feb 19 00:11:08 2016 daemon.notice netifd: Interface 'wan6' is now up Fri Feb 19 00:11:08 2016 kern.info kernel: [ 59.646194] IPv6: ADDRCONF(NETDEV_CHANGE): eth2: link becomes ready Fri Feb 19 00:11:08 2016 daemon.notice netifd: lan (3344): udhcpc (v1.23.2) started Fri Feb 19 00:11:08 2016 daemon.notice netifd: lan (3344): Sending discover... Fri Feb 19 00:11:09 2016 daemon.notice netifd: Network device 'eth0' link is up Fri Feb 19 00:11:09 2016 daemon.notice netifd: Interface 'wan' has link connectivity Fri Feb 19 00:11:09 2016 daemon.notice netifd: Interface 'wan' is setting up now Fri Feb 19 00:11:09 2016 daemon.notice netifd: Interface 'wan' is now up Fri Feb 19 00:11:09 2016 kern.notice kernel: [ 60.666155] eth0: 1000 Mbps Full duplex, port 0 Fri Feb 19 00:11:09 2016 kern.info kernel: [ 60.666182] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready Fri Feb 19 00:11:09 2016 kern.info kernel: [ 60.697447] nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to attach helpers instead. Fri Feb 19 00:11:10 2016 kern.info kernel: [ 61.615827] br-lan: port 1(eth1) entered forwarding state Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Enabling inline operation Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Found pid path directive (/var/snort/) Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Running in IDS mode Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: --== Initializing Snort ==-- Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Initializing Output Plugins! Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Initializing Preprocessors! Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Initializing Plug-ins! Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Parsing Rules file "/etc/snort/snort_bridge.conf" Fri Feb 19 00:11:11 2016 daemon.info dnsmasq[3364]: started, version 2.73rc7 cachesize 150 Fri Feb 19 00:11:11 2016 daemon.info dnsmasq[3364]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-DNSSEC loop-detect inotify Fri Feb 19 00:11:11 2016 daemon.info dnsmasq[3364]: DNS service limited to local subnets Fri Feb 19 00:11:11 2016 daemon.info dnsmasq[3364]: using local addresses only for domain lan Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: PortVar 'HTTP_PORTS' defined : Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: [ 36 80:90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 33300 34412 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: PortVar 'SHELLCODE_PORTS' defined : Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: [ 1:65535 ] Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: PortVar 'ORACLE_PORTS' defined : Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: [ 1024:65535 ] Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: PortVar 'SSH_PORTS' defined : Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: [ 22 ] Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: PortVar 'FTP_PORTS' defined : Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: [ 21 2100 3535 ] Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: PortVar 'SIP_PORTS' defined : Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: [ 5060:5061 5600 ] Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: PortVar 'FILE_DATA_PORTS' defined : Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: [ 36 80:90 110 143 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 3330Fri Feb 19 00:11:11 2016 daemon.warn dnsmasq[3364]: no servers found in /tmp/resolv.conf.auto, will retry Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Fri Feb 19 00:11:11 2016 daemon.info dnsmasq[3364]: read /etc/hosts - 1 addresses Fri Feb 19 00:11:11 2016 daemon.info dnsmasq[3364]: read /tmp/hosts/dhcp - 0 addresses Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: PortVar 'GTP_PORTS' defined : Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: [ 2123 2152 3386 ] Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Detection: Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Search-Method = AC-Full Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Search-Method-Optimizations = enabled Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Maximum pattern length = 20 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Found pid path directive (/var/snort/) Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Tagged Packet Limit: 256 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so... Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: done Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/... Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_gtp_preproc.so... Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: done Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so... Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: done Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so... Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: done Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_reputation_preproc.so... Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: done Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_modbus_preproc.so... Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: done Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_imap_preproc.so... Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: done Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: done Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dnp3_preproc.so... Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: done Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_pop_preproc.so... Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: done Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sip_preproc.so... Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: done Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so... Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: done Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so... Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: done Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so... Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: done Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so... Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: done Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/ Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Log directory = /tmp/snort/ Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Normalizer config: Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: ip4: on Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: ip4::df: off Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: ip4::rf: off Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: ip4::tos: off Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: ip4::trim: off Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: ip4::ttl: on (min=1, new=5) Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Normalizer config: Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: tcp: on Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: tcp::ecn: stream Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: tcp::block: off Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: tcp::rsv: off Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: tcp::pad: off Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: tcp::req_urg: off Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: tcp::req_pay: off Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: tcp::req_urp: off Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: tcp::urp: off Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: tcp::opt: off Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: tcp::ips: on Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: tcp::trim_syn: off Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: tcp::trim_rst: off Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: tcp::trim_win: off Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: tcp::trim_mss: off Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Normalizer config: Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: icmp4: on Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Normalizer config: Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: ip6: on Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: ip6::hops: on (min=1, new=5) Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Normalizer config: Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: icmp6: on Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Frag3 global config: Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max frags: 65536 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Fragment memory cap: 4194304 bytes Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Frag3 engine config: Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Bound Address: default Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Target-based policy: WINDOWS Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Fragment timeout: 180 seconds Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Fragment min_ttl: 1 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Fragment Anomalies: Alert Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Overlap Limit: 10 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Min fragment Length: 100 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max Expected Streams: 39 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Stream global config: Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Track TCP sessions: ACTIVE Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max TCP sessions: 10000 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: TCP cache pruning timeout: 30 seconds Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: TCP cache nominal timeout: 3600 seconds Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Memcap (for reassembly packet storage): 8388608 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Track UDP sessions: ACTIVE Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max UDP sessions: 10000 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: UDP cache pruning timeout: 30 seconds Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: UDP cache nominal timeout: 180 seconds Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Track ICMP sessions: ACTIVE Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max ICMP sessions: 65536 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Track IP sessions: INACTIVE Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Log info if session memory consumption exceeds 1048576 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Send up to 2 active responses Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Wait at least 5 seconds between responses Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Protocol Aware Flushing: ACTIVE Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Maximum Flush Point: 16000 Fri Feb 19 00:11:11 2016 daemon.notice netifd: lan (3344): Sending discover... Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Stream TCP Policy config: Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Bound Address: default Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Reassembly Policy: WINDOWS Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Timeout: 180 seconds Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Limit on TCP Overlaps: 10 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Maximum number of bytes to queue per session: 1048576 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Maximum number of segs to queue per session: 2621 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Options: Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Require 3-Way Handshake: YES Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 3-Way Handshake Timeout: 180 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Detect Anomalies: YES Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Reassembly Ports: Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 21 client (Footprint-IPS) Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 22 client (Footprint-IPS) Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 23 client (Footprint-IPS) Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 25 client (Footprint-IPS) Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 36 client (Footprint-IPS) server (Footprint-IPS) Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 42 client (Footprint-IPS) Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 53 client (Footprint-IPS) Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 70 client (Footprint-IPS) Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 79 client (Footprint-IPS) Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 80 client (Footprint-IPS) server (Footprint-IPS) Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 81 client (Footprint-IPS) server (Footprint-IPS) Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 82 client (Footprint-IPS) server (Footprint-IPS) Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 83 client (Footprint-IPS) server (Footprint-IPS) Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 84 client (Footprint-IPS) server (Footprint-IPS) Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 85 client (Footprint-IPS) server (Footprint-IPS) Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 86 client (Footprint-IPS) server (Footprint-IPS) Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 87 client (Footprint-IPS) server (Footprint-IPS) Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 88 client (Footprint-IPS) server (Footprint-IPS) Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 89 client (Footprint-IPS) server (Footprint-IPS) Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 90 client (Footprint-IPS) server (Footprint-IPS) Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: additional ports configured but not printed. Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Stream UDP Policy config: Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Timeout: 180 seconds Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: HttpInspect Config: Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: GLOBAL CONFIG Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Detect Proxy Usage: NO Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: IIS Unicode Map Filename: /etc/snort/unicode.map Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: IIS Unicode Map Codepage: 1252 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Memcap used for logging URI and Hostname: 150994944 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max Gzip Memory: 838860 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max Gzip Sessions: 1807 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Gzip Compress Depth: 65535 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Gzip Decompress Depth: 65535 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: DEFAULT SERVER CONFIG: Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Server profile: All Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Ports (PAF): 36 80 81 82 83 84 85 86 87 88 89 90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000 7001 7071 7144 7145 7510 7770 7777 7778 7779 8000 8008 8014 8028 8080 8081 8082 8085 8088 8090 8118 8123 8180 8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090 9091 9111 9290 9443 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Server Flow Depth: 0 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Client Flow Depth: 0 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max Chunk Length: 500000 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Small Chunk Length Evasion: chunk size <= 10, threshold >= 5 times Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max Header Field Length: 750 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max Number Header Fields: 100 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max Number of WhiteSpaces allowed with header folding: 200 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Inspect Pipeline Requests: YES Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: URI Discovery Strict Mode: NO Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Allow Proxy Usage: NO Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Disable Alerting: NO Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Oversize Dir Length: 500 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Only inspect URI: NO Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Normalize HTTP Headers: NO Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Inspect HTTP Cookies: YES Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Inspect HTTP Responses: YES Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Extract Gzip from responses: YES Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Decompress response files: Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Unlimited decompression of gzip data from responses: YES Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Normalize Javascripts in HTTP Responses: YES Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max Number of WhiteSpaces allowed with Javascript Obfuscation in HTTP responses: 200 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Normalize HTTP Cookies: NO Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Enable XFF and True Client IP: NO Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Log HTTP URI data: NO Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Log HTTP Hostname data: NO Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Extended ASCII code support in URI: NO Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Ascii: YES alert: NO Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Double Decoding: YES alert: NO Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: %U Encoding: YES alert: YES Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Bare Byte: YES alert: NO Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: UTF 8: YES alert: NO Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: IIS Unicode: YES alert: NO Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Multiple Slash: YES alert: NO Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: IIS Backslash: YES alert: NO Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Directory Traversal: YES alert: NO Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Web Root Traversal: YES alert: NO Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Apache WhiteSpace: YES alert: NO Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: IIS Delimiter: YES alert: NO Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Whitespace Characters: 0x09 0x0b 0x0c 0x0d Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: rpc_decode arguments: Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: alert_fragments: INACTIVE Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: alert_large_fragments: INACTIVE Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: alert_incomplete: INACTIVE Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: alert_multiple_requests: INACTIVE Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Portscan Detection Config: Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Detect Protocols: TCP UDP ICMP IP Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Detect Scan Type: portscan portsweep decoy_portscan distributed_portscan Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Sensitivity Level: Medium Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Memcap (in bytes): 500000 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Number of Nodes: 978 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: FTPTelnet Config: Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: GLOBAL CONFIG Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Inspection Type: stateful Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Check for Encrypted Traffic: YES alert: NO Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Continue to check encrypted data: YES Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: TELNET CONFIG: Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Ports: 23 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Are You There Threshold: 20 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Normalize: YES Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Detect Anomalies: YES Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: FTP CONFIG: Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: FTP Server: default Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Ports (PAF): 21 2100 3535 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Check for Telnet Cmds: YES alert: YES Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Ignore Telnet Cmd Operations: YES alert: YES Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Ignore open data channels: NO Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: FTP Client: default Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Check for Bounce Attacks: YES alert: YES Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Check for Telnet Cmds: YES alert: YES Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Ignore Telnet Cmd Operations: YES alert: YES Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max Response Length: 256 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: SSH config: Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Autodetection: ENABLED Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Challenge-Response Overflow Alert: ENABLED Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: SSH1 CRC32 Alert: ENABLED Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Server Version String Overflow Alert: ENABLED Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Protocol Mismatch Alert: ENABLED Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Bad Message Direction Alert: DISABLED Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Bad Payload Size Alert: DISABLED Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Unrecognized Version Alert: DISABLED Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max Encrypted Packets: 20 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max Server Version String Length: 100 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: MaxClientBytes: 19600 (Default) Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Ports: Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 22 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: DCE/RPC 2 Preprocessor Configuration Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Global Configuration Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: DCE/RPC Defragmentation: Enabled Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Memcap: 102400 KB Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Events: co Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: SMB Fingerprint policy: Disabled Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Server Default Configuration Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Policy: WinXP Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Detect ports (PAF) Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: SMB: 139 445 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: TCP: 135 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: UDP: 135 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: RPC over HTTP server: 593 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: RPC over HTTP proxy: None Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Autodetect ports (PAF) Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: SMB: None Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: TCP: 1025-65535 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: UDP: 1025-65535 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: RPC over HTTP server: 1025-65535 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: RPC over HTTP proxy: None Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Invalid SMB shares: C$ D$ ADMIN$ Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Maximum SMB command chaining: 3 commands Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: SMB file inspection: Disabled Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: DNS config: Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: DNS Client rdata txt Overflow Alert: ACTIVE Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Obsolete DNS RR Types Alert: INACTIVE Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Experimental DNS RR Types Alert: INACTIVE Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Ports: Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 53 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: SSLPP config: Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Encrypted packets: not inspected Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Ports: Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 443 465 563 636 989 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 992 993 994 995 7801 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 7802 7900 7901 7902 7903 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 7904 7905 7906 7907 7908 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 7909 7910 7911 7912 7913 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 7914 7915 7916 7917 7918 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 7919 7920 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Server side data is trusted Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Maximum SSL Heartbeat length: 0 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Sensitive Data preprocessor config: Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Global Alert Threshold: 25 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Masked Output: DISABLED Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: SIP config: Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max number of sessions: 1024 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max number of dialogs in a session: 4 (Default) Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Status: ENABLED Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Ignore media channel: DISABLED Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max URI length: 512 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max Call ID length: 80 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max Request name length: 20 (Default) Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max From length: 256 (Default) Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max To length: 256 (Default) Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max Via length: 1024 (Default) Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max Contact length: 512 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max Content length: 2048 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Ports: Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 5060 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 5061 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 5600 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Methods: Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: invite Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: cancel Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: ack Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: bye Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: register Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: options Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: refer Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: subscribe Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: update Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: join Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: info Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: message Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: notify Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: benotify Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: do Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: qauth Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: sprack Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: publish Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: service Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: unsubscribe Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: prack Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: +++++++++++++++++++++++++++++++++++++++++++++++++++ Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Initializing rule chains... Fri Feb 19 00:11:12 2016 daemon.notice snort[3432]: WARNING: /etc/snort/rules/snort.rules(1218) threshold (in rule) is deprecated; use detection_filter instead. Fri Feb 19 00:11:14 2016 daemon.notice netifd: lan (3344): Sending discover... Fri Feb 19 00:11:14 2016 daemon.notice netifd: lan (3344): Sending select for 192.168.1.59... Fri Feb 19 00:11:14 2016 daemon.notice netifd: Interface 'blockdomain' is now down Fri Feb 19 00:11:14 2016 daemon.notice netifd: Interface 'loopback' is now down Fri Feb 19 00:11:14 2016 daemon.notice netifd: Interface 'loopback' is disabled Fri Feb 19 00:11:14 2016 daemon.notice netifd: Network device 'lo' link is down Fri Feb 19 00:11:14 2016 daemon.notice netifd: Interface 'loopback' has link connectivity loss Fri Feb 19 00:11:14 2016 daemon.notice netifd: Interface 'wan' is now down Fri Feb 19 00:11:14 2016 kern.notice kernel: [ 65.749622] eth0: Link down Fri Feb 19 00:11:14 2016 daemon.notice netifd: Interface 'wan' is disabled Fri Feb 19 00:11:14 2016 daemon.notice netifd: Network device 'eth0' link is down Fri Feb 19 00:11:14 2016 daemon.notice netifd: Interface 'wan' has link connectivity loss Fri Feb 19 00:11:14 2016 daemon.notice netifd: lan (3344): Lease of 192.168.1.59 obtained, lease time 86400 Fri Feb 19 00:11:14 2016 daemon.notice netifd: Interface 'wan6' is now down Fri Feb 19 00:11:14 2016 kern.notice kernel: [ 65.800427] eth2: Link down Fri Feb 19 00:11:14 2016 daemon.notice netifd: Interface 'wan6' is disabled Fri Feb 19 00:11:14 2016 daemon.notice netifd: Network device 'eth2' link is down Fri Feb 19 00:11:14 2016 daemon.notice netifd: Interface 'wan6' has link connectivity loss Fri Feb 19 00:11:14 2016 daemon.notice netifd: lan (3344): Command failed: Permission denied Fri Feb 19 00:11:14 2016 daemon.notice netifd: lan (3344): Received SIGTERM Fri Feb 19 00:11:14 2016 daemon.notice netifd: Interface 'lan' is now down Fri Feb 19 00:11:14 2016 kern.info kernel: [ 65.856773] br-lan: port 1(eth1) entered disabled state Fri Feb 19 00:11:14 2016 kern.info kernel: [ 65.857958] device eth1 left promiscuous mode Fri Feb 19 00:11:14 2016 kern.info kernel: [ 65.857977] br-lan: port 1(eth1) entered disabled state Fri Feb 19 00:11:14 2016 kern.notice kernel: [ 65.877858] eth1: Link down Fri Feb 19 00:11:14 2016 kern.info kernel: [ 65.881402] IPv6: ADDRCONF(NETDEV_UP): eth1: link is not ready Fri Feb 19 00:11:14 2016 daemon.notice netifd: Interface 'lan' is disabled Fri Feb 19 00:11:14 2016 daemon.notice netifd: Interface 'blockdomain' is disabled Fri Feb 19 00:11:14 2016 daemon.notice netifd: Network device 'eth1' link is down Fri Feb 19 00:11:14 2016 daemon.notice netifd: Bridge 'br-lan' link is down Fri Feb 19 00:11:14 2016 daemon.notice netifd: Interface 'lan' has link connectivity loss Fri Feb 19 00:11:14 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity loss Fri Feb 19 00:11:15 2016 daemon.warn netifd: You have delegated IPv6-prefixes but haven't assigned them to any interface. Did you forget to set option ip6assign on your lan-interfaces? Fri Feb 19 00:11:15 2016 kern.notice kernel: [ 67.101529] eth1: 1000 Mbps Full duplex, port 1 Fri Feb 19 00:11:15 2016 kern.info kernel: [ 67.102455] device eth1 entered promiscuous mode Fri Feb 19 00:11:15 2016 daemon.notice netifd: Interface 'lan' is enabled Fri Feb 19 00:11:15 2016 daemon.notice netifd: Interface 'loopback' is enabled Fri Feb 19 00:11:15 2016 daemon.notice netifd: Interface 'loopback' is setting up now Fri Feb 19 00:11:15 2016 kern.info kernel: [ 67.107694] br-lan: port 1(eth1) entered forwarding state Fri Feb 19 00:11:15 2016 kern.info kernel: [ 67.107723] br-lan: port 1(eth1) entered forwarding state Fri Feb 19 00:11:15 2016 daemon.notice netifd: Interface 'loopback' is now up Fri Feb 19 00:11:15 2016 daemon.notice netifd: Interface 'wan' is enabled Fri Feb 19 00:11:15 2016 kern.notice kernel: [ 67.137986] eth0: 1000 Mbps Full duplex, port 0 Fri Feb 19 00:11:15 2016 kern.notice kernel: [ 67.159709] eth2: 1000 Mbps Full duplex, port 2 Fri Feb 19 00:11:15 2016 daemon.notice netifd: Interface 'wan6' is enabled Fri Feb 19 00:11:15 2016 daemon.notice netifd: Bridge 'br-lan' link is up Fri Feb 19 00:11:15 2016 daemon.notice netifd: Interface 'lan' has link connectivity Fri Feb 19 00:11:15 2016 daemon.notice netifd: Interface 'lan' is setting up now Fri Feb 19 00:11:15 2016 daemon.notice netifd: Network device 'eth1' link is up Fri Feb 19 00:11:15 2016 daemon.notice netifd: Network device 'lo' link is up Fri Feb 19 00:11:15 2016 daemon.notice netifd: Interface 'loopback' has link connectivity Fri Feb 19 00:11:15 2016 daemon.notice netifd: Network device 'eth0' link is up Fri Feb 19 00:11:15 2016 daemon.notice netifd: Interface 'wan' has link connectivity Fri Feb 19 00:11:15 2016 daemon.notice netifd: Interface 'wan' is setting up now Fri Feb 19 00:11:15 2016 daemon.notice netifd: Interface 'wan' is now up Fri Feb 19 00:11:15 2016 daemon.notice netifd: Network device 'eth2' link is up Fri Feb 19 00:11:15 2016 daemon.notice netifd: Interface 'wan6' has link connectivity Fri Feb 19 00:11:15 2016 daemon.notice netifd: Interface 'wan6' is setting up now Fri Feb 19 00:11:15 2016 daemon.notice netifd: Interface 'wan6' is now up Fri Feb 19 00:11:15 2016 daemon.notice netifd: lan (3760): udhcpc (v1.23.2) started Fri Feb 19 00:11:15 2016 daemon.notice netifd: lan (3760): Sending discover... Fri Feb 19 00:11:15 2016 daemon.notice netifd: lan (3760): Performing a DHCP renew Fri Feb 19 00:11:15 2016 daemon.notice netifd: lan (3760): Sending discover... Fri Feb 19 00:11:16 2016 daemon.notice netifd: lan (3760): Sending select for 192.168.1.59... Fri Feb 19 00:11:16 2016 daemon.notice netifd: lan (3760): Lease of 192.168.1.59 obtained, lease time 86400 Fri Feb 19 00:11:16 2016 daemon.notice netifd: Interface 'lan' is now up Fri Feb 19 00:11:16 2016 daemon.info dnsmasq[3364]: reading /tmp/resolv.conf.auto Fri Feb 19 00:11:16 2016 daemon.info dnsmasq[3364]: using local addresses only for domain lan Fri Feb 19 00:11:16 2016 daemon.info dnsmasq[3364]: using nameserver 192.168.1.1#53 Fri Feb 19 00:11:17 2016 kern.info kernel: [ 69.105840] br-lan: port 1(eth1) entered forwarding state Fri Feb 19 00:11:19 2016 user.notice firewall: Reloading firewall due to ifup of wan (eth0) Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Enabling inline operation Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Found pid path directive (/var/snort/) Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Running in IDS mode Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: --== Initializing Snort ==-- Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Initializing Output Plugins! Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Initializing Preprocessors! Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Initializing Plug-ins! Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Parsing Rules file "/etc/snort/snort_bridge.conf" Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: PortVar 'HTTP_PORTS' defined : Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: [ 36 80:90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 33300 34412 Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: PortVar 'SHELLCODE_PORTS' defined : Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: [ 1:65535 ] Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: PortVar 'ORACLE_PORTS' defined : Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: [ 1024:65535 ] Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: PortVar 'SSH_PORTS' defined : Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: [ 22 ] Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: PortVar 'FTP_PORTS' defined : Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: [ 21 2100 3535 ] Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: PortVar 'SIP_PORTS' defined : Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: [ 5060:5061 5600 ] Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: PortVar 'FILE_DATA_PORTS' defined : Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: [ 36 80:90 110 143 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 3330Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: PortVar 'GTP_PORTS' defined : Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: [ 2123 2152 3386 ] Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Detection: Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Search-Method = AC-Full Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Search-Method-Optimizations = enabled Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Maximum pattern length = 20 Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Found pid path directive (/var/snort/) Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Tagged Packet Limit: 256 Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so... Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: done Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/... Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_gtp_preproc.so... Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: done Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so... Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: done Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so... Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: done Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_reputation_preproc.so... Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: done Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_modbus_preproc.so... Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: done Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_imap_preproc.so... Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: done Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: done Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dnp3_preproc.so... Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: done Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_pop_preproc.so... Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: done Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sip_preproc.so... Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: done Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so... Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: done Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so... Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: done Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so... Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: done Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so... Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: done Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/ Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Log directory = /tmp/snort/ Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Normalizer config: Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: ip4: on Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: ip4::df: off Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: ip4::rf: off Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: ip4::tos: off Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: ip4::trim: off Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: ip4::ttl: on (min=1, new=5) Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Normalizer config: Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: tcp: on Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: tcp::ecn: stream Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: tcp::block: off Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: tcp::rsv: off Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: tcp::pad: off Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: tcp::req_urg: off Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: tcp::req_pay: off Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: tcp::req_urp: off Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: tcp::urp: off Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: tcp::opt: off Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: tcp::ips: on Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: tcp::trim_syn: off Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: tcp::trim_rst: off Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: tcp::trim_win: off Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: tcp::trim_mss: off Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Normalizer config: Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: icmp4: on Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Normalizer config: Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: ip6: on Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: ip6::hops: on (min=1, new=5) Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Normalizer config: Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: icmp6: on Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Frag3 global config: Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max frags: 65536 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Fragment memory cap: 4194304 bytes Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Frag3 engine config: Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Bound Address: default Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Target-based policy: WINDOWS Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Fragment timeout: 180 seconds Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Fragment min_ttl: 1 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Fragment Anomalies: Alert Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Overlap Limit: 10 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Min fragment Length: 100 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max Expected Streams: 39 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Stream global config: Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Track TCP sessions: ACTIVE Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max TCP sessions: 10000 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: TCP cache pruning timeout: 30 seconds Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: TCP cache nominal timeout: 3600 seconds Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Memcap (for reassembly packet storage): 8388608 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Track UDP sessions: ACTIVE Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max UDP sessions: 10000 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: UDP cache pruning timeout: 30 seconds Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: UDP cache nominal timeout: 180 seconds Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Track ICMP sessions: ACTIVE Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max ICMP sessions: 65536 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Track IP sessions: INACTIVE Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Log info if session memory consumption exceeds 1048576 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Send up to 2 active responses Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Wait at least 5 seconds between responses Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Protocol Aware Flushing: ACTIVE Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Maximum Flush Point: 16000 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Stream TCP Policy config: Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Bound Address: default Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Reassembly Policy: WINDOWS Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Timeout: 180 seconds Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Limit on TCP Overlaps: 10 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Maximum number of bytes to queue per session: 1048576 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Maximum number of segs to queue per session: 2621 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Options: Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Require 3-Way Handshake: YES Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 3-Way Handshake Timeout: 180 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Detect Anomalies: YES Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Reassembly Ports: Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 21 client (Footprint-IPS) Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 22 client (Footprint-IPS) Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 23 client (Footprint-IPS) Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 25 client (Footprint-IPS) Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 36 client (Footprint-IPS) server (Footprint-IPS) Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 42 client (Footprint-IPS) Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 53 client (Footprint-IPS) Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 70 client (Footprint-IPS) Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 79 client (Footprint-IPS) Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 80 client (Footprint-IPS) server (Footprint-IPS) Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 81 client (Footprint-IPS) server (Footprint-IPS) Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 82 client (Footprint-IPS) server (Footprint-IPS) Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 83 client (Footprint-IPS) server (Footprint-IPS) Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 84 client (Footprint-IPS) server (Footprint-IPS) Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 85 client (Footprint-IPS) server (Footprint-IPS) Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 86 client (Footprint-IPS) server (Footprint-IPS) Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 87 client (Footprint-IPS) server (Footprint-IPS) Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 88 client (Footprint-IPS) server (Footprint-IPS) Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 89 client (Footprint-IPS) server (Footprint-IPS) Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 90 client (Footprint-IPS) server (Footprint-IPS) Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: additional ports configured but not printed. Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Stream UDP Policy config: Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Timeout: 180 seconds Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: HttpInspect Config: Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: GLOBAL CONFIG Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Detect Proxy Usage: NO Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: IIS Unicode Map Filename: /etc/snort/unicode.map Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: IIS Unicode Map Codepage: 1252 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Memcap used for logging URI and Hostname: 150994944 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max Gzip Memory: 838860 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max Gzip Sessions: 1807 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Gzip Compress Depth: 65535 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Gzip Decompress Depth: 65535 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: DEFAULT SERVER CONFIG: Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Server profile: All Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Ports (PAF): 36 80 81 82 83 84 85 86 87 88 89 90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000 7001 7071 7144 7145 7510 7770 7777 7778 7779 8000 8008 8014 8028 8080 8081 8082 8085 8088 8090 8118 8123 8180 8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090 9091 9111 9290 9443 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Server Flow Depth: 0 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Client Flow Depth: 0 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max Chunk Length: 500000 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Small Chunk Length Evasion: chunk size <= 10, threshold >= 5 times Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max Header Field Length: 750 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max Number Header Fields: 100 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max Number of WhiteSpaces allowed with header folding: 200 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Inspect Pipeline Requests: YES Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: URI Discovery Strict Mode: NO Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Allow Proxy Usage: NO Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Disable Alerting: NO Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Oversize Dir Length: 500 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Only inspect URI: NO Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Normalize HTTP Headers: NO Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Inspect HTTP Cookies: YES Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Inspect HTTP Responses: YES Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Extract Gzip from responses: YES Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Decompress response files: Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Unlimited decompression of gzip data from responses: YES Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Normalize Javascripts in HTTP Responses: YES Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max Number of WhiteSpaces allowed with Javascript Obfuscation in HTTP responses: 200 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Normalize HTTP Cookies: NO Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Enable XFF and True Client IP: NO Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Log HTTP URI data: NO Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Log HTTP Hostname data: NO Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Extended ASCII code support in URI: NO Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Ascii: YES alert: NO Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Double Decoding: YES alert: NO Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: %U Encoding: YES alert: YES Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Bare Byte: YES alert: NO Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: UTF 8: YES alert: NO Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: IIS Unicode: YES alert: NO Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Multiple Slash: YES alert: NO Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: IIS Backslash: YES alert: NO Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Directory Traversal: YES alert: NO Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Web Root Traversal: YES alert: NO Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Apache WhiteSpace: YES alert: NO Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: IIS Delimiter: YES alert: NO Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Whitespace Characters: 0x09 0x0b 0x0c 0x0d Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: rpc_decode arguments: Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: alert_fragments: INACTIVE Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: alert_large_fragments: INACTIVE Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: alert_incomplete: INACTIVE Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: alert_multiple_requests: INACTIVE Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Portscan Detection Config: Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Detect Protocols: TCP UDP ICMP IP Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Detect Scan Type: portscan portsweep decoy_portscan distributed_portscan Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Sensitivity Level: Medium Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Memcap (in bytes): 500000 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Number of Nodes: 978 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: FTPTelnet Config: Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: GLOBAL CONFIG Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Inspection Type: stateful Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Check for Encrypted Traffic: YES alert: NO Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Continue to check encrypted data: YES Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: TELNET CONFIG: Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Ports: 23 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Are You There Threshold: 20 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Normalize: YES Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Detect Anomalies: YES Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: FTP CONFIG: Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: FTP Server: default Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Ports (PAF): 21 2100 3535 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Check for Telnet Cmds: YES alert: YES Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Ignore Telnet Cmd Operations: YES alert: YES Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Ignore open data channels: NO Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: FTP Client: default Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Check for Bounce Attacks: YES alert: YES Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Check for Telnet Cmds: YES alert: YES Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Ignore Telnet Cmd Operations: YES alert: YES Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max Response Length: 256 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: SSH config: Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Autodetection: ENABLED Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Challenge-Response Overflow Alert: ENABLED Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: SSH1 CRC32 Alert: ENABLED Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Server Version String Overflow Alert: ENABLED Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Protocol Mismatch Alert: ENABLED Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Bad Message Direction Alert: DISABLED Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Bad Payload Size Alert: DISABLED Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Unrecognized Version Alert: DISABLED Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max Encrypted Packets: 20 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max Server Version String Length: 100 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: MaxClientBytes: 19600 (Default) Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Ports: Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 22 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: DCE/RPC 2 Preprocessor Configuration Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Global Configuration Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: DCE/RPC Defragmentation: Enabled Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Memcap: 102400 KB Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Events: co Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: SMB Fingerprint policy: Disabled Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Server Default Configuration Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Policy: WinXP Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Detect ports (PAF) Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: SMB: 139 445 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: TCP: 135 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: UDP: 135 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: RPC over HTTP server: 593 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: RPC over HTTP proxy: None Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Autodetect ports (PAF) Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: SMB: None Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: TCP: 1025-65535 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: UDP: 1025-65535 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: RPC over HTTP server: 1025-65535 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: RPC over HTTP proxy: None Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Invalid SMB shares: C$ D$ ADMIN$ Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Maximum SMB command chaining: 3 commands Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: SMB file inspection: Disabled Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: DNS config: Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: DNS Client rdata txt Overflow Alert: ACTIVE Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Obsolete DNS RR Types Alert: INACTIVE Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Experimental DNS RR Types Alert: INACTIVE Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Ports: Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 53 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: SSLPP config: Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Encrypted packets: not inspected Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Ports: Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 443 465 563 636 989 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 992 993 994 995 7801 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 7802 7900 7901 7902 7903 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 7904 7905 7906 7907 7908 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 7909 7910 7911 7912 7913 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 7914 7915 7916 7917 7918 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 7919 7920 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Server side data is trusted Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Maximum SSL Heartbeat length: 0 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Sensitive Data preprocessor config: Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Global Alert Threshold: 25 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Masked Output: DISABLED Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: SIP config: Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max number of sessions: 1024 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max number of dialogs in a session: 4 (Default) Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Status: ENABLED Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Ignore media channel: DISABLED Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max URI length: 512 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max Call ID length: 80 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max Request name length: 20 (Default) Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max From length: 256 (Default) Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max To length: 256 (Default) Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max Via length: 1024 (Default) Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max Contact length: 512 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max Content length: 2048 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Ports: Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 5060 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 5061 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 5600 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Methods: Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: invite Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: cancel Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: ack Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: bye Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: register Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: options Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: refer Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: subscribe Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: update Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: join Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: info Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: message Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: notify Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: benotify Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: do Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: qauth Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: sprack Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: publish Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: service Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: unsubscribe Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: prack Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: +++++++++++++++++++++++++++++++++++++++++++++++++++ Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Initializing rule chains... Fri Feb 19 00:11:22 2016 user.notice firewall: Reloading firewall due to ifup of wan6 (eth2) Fri Feb 19 00:11:22 2016 user.notice ddns-scripts[4047]: myddns_ipv4: PID '4047' started at 2016-02-19 00:11 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: WARNING: /etc/snort/rules/snort.rules(1218) threshold (in rule) is deprecated; use detection_filter instead. Fri Feb 19 00:11:22 2016 user.warn ddns-scripts[4047]: myddns_ipv4: Service section disabled! - TERMINATE Fri Feb 19 00:11:22 2016 user.warn ddns-scripts[4047]: myddns_ipv4: PID '4047' exit WITH ERROR '1' at 2016-02-19 00:11 Fri Feb 19 00:11:26 2016 user.notice firewall: Reloading firewall due to ifup of lan (br-lan) Fri Feb 19 00:11:26 2016 user.notice ddns-scripts[4223]: myddns_ipv6: PID '4223' started at 2016-02-19 00:11 Fri Feb 19 00:11:26 2016 user.warn ddns-scripts[4223]: myddns_ipv6: Service section disabled! - TERMINATE Fri Feb 19 00:11:26 2016 user.warn ddns-scripts[4223]: myddns_ipv6: PID '4223' exit WITH ERROR '1' at 2016-02-19 00:11 Fri Feb 19 00:11:26 2016 user.emerg procd: Cannot change large-receive-offload Fri Feb 19 00:11:28 2016 kern.notice kernel: [ 80.135652] eth0: Link down Fri Feb 19 00:11:29 2016 daemon.notice netifd: Network device 'eth0' link is down Fri Feb 19 00:11:29 2016 daemon.notice netifd: Interface 'wan' has link connectivity loss Fri Feb 19 00:11:29 2016 daemon.notice netifd: Interface 'wan' is now down Fri Feb 19 00:11:29 2016 daemon.notice netifd: Interface 'wan' is disabled Fri Feb 19 00:11:29 2016 daemon.notice netifd: Interface 'wan' is enabled Fri Feb 19 00:11:29 2016 kern.info kernel: [ 81.149365] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready Fri Feb 19 00:11:29 2016 user.emerg procd: Cannot change large-receive-offload Fri Feb 19 00:11:31 2016 kern.notice kernel: [ 83.095606] eth1: Link down Fri Feb 19 00:11:31 2016 daemon.notice snort[4001]: 13285 Snort rules read Fri Feb 19 00:11:31 2016 daemon.notice snort[4001]: 13285 detection rules Fri Feb 19 00:11:31 2016 daemon.notice snort[4001]: 0 decoder rules Fri Feb 19 00:11:31 2016 daemon.notice snort[4001]: 0 preprocessor rules Fri Feb 19 00:11:31 2016 daemon.notice snort[4001]: 13285 Option Chains linked into 252 Chain Headers Fri Feb 19 00:11:31 2016 daemon.notice snort[4001]: 0 Dynamic rules Fri Feb 19 00:11:31 2016 daemon.notice snort[4001]: +++++++++++++++++++++++++++++++++++++++++++++++++++ Fri Feb 19 00:11:31 2016 daemon.notice snort[4001]: Fri Feb 19 00:11:31 2016 kern.notice kernel: [ 83.176053] eth0: 1000 Mbps Full duplex, port 0 Fri Feb 19 00:11:31 2016 daemon.notice netifd: Network device 'eth0' link is up Fri Feb 19 00:11:31 2016 daemon.notice netifd: Interface 'wan' has link connectivity Fri Feb 19 00:11:31 2016 daemon.notice netifd: Interface 'wan' is setting up now Fri Feb 19 00:11:31 2016 kern.info kernel: [ 83.195831] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready Fri Feb 19 00:11:31 2016 daemon.notice netifd: Interface 'wan' is now up Fri Feb 19 00:11:31 2016 user.notice firewall: Reloading firewall due to ifup of wan (eth0) Fri Feb 19 00:11:32 2016 daemon.notice netifd: Network device 'eth1' link is down Fri Feb 19 00:11:32 2016 kern.info kernel: [ 84.195883] br-lan: port 1(eth1) entered disabled state Fri Feb 19 00:11:32 2016 user.emerg procd: Cannot change large-receive-offload Fri Feb 19 00:11:33 2016 daemon.notice netifd: Bridge 'br-lan' link is down Fri Feb 19 00:11:33 2016 daemon.notice netifd: Interface 'lan' has link connectivity loss Fri Feb 19 00:11:33 2016 daemon.notice netifd: lan (3760): Received SIGTERM Fri Feb 19 00:11:34 2016 daemon.notice netifd: Network device 'eth1' link is up Fri Feb 19 00:11:34 2016 daemon.notice netifd: Bridge 'br-lan' link is up Fri Feb 19 00:11:34 2016 daemon.notice netifd: Interface 'lan' has link connectivity Fri Feb 19 00:11:34 2016 daemon.notice netifd: Interface 'lan' is setting up now Fri Feb 19 00:11:34 2016 kern.notice kernel: [ 86.105975] eth1: 1000 Mbps Full duplex, port 1 Fri Feb 19 00:11:34 2016 kern.info kernel: [ 86.106033] br-lan: port 1(eth1) entered forwarding state Fri Feb 19 00:11:34 2016 kern.info kernel: [ 86.106065] br-lan: port 1(eth1) entered forwarding state Fri Feb 19 00:11:34 2016 daemon.notice netifd: lan (4556): udhcpc (v1.23.2) started Fri Feb 19 00:11:34 2016 kern.notice kernel: [ 86.165675] eth2: Link down Fri Feb 19 00:11:34 2016 daemon.notice netifd: lan (4556): Sending discover... Fri Feb 19 00:11:34 2016 daemon.notice netifd: lan (4556): Sending select for 192.168.1.59... Fri Feb 19 00:11:35 2016 daemon.notice netifd: lan (4556): Lease of 192.168.1.59 obtained, lease time 86400 Fri Feb 19 00:11:35 2016 daemon.notice netifd: Interface 'lan' is now up Fri Feb 19 00:11:35 2016 daemon.warn dnsmasq[3364]: no servers found in /tmp/resolv.conf.auto, will retry Fri Feb 19 00:11:35 2016 daemon.info dnsmasq[3364]: reading /tmp/resolv.conf.auto Fri Feb 19 00:11:35 2016 daemon.info dnsmasq[3364]: using local addresses only for domain lan Fri Feb 19 00:11:35 2016 daemon.info dnsmasq[3364]: using nameserver 192.168.1.1#53 Fri Feb 19 00:11:35 2016 user.notice ddns-scripts[4606]: myddns_ipv4: PID '4606' started at 2016-02-19 00:11 Fri Feb 19 00:11:35 2016 user.notice firewall: Reloading firewall due to ifup of lan (br-lan) Fri Feb 19 00:11:35 2016 user.warn ddns-scripts[4606]: myddns_ipv4: Service section disabled! - TERMINATE Fri Feb 19 00:11:35 2016 user.warn ddns-scripts[4606]: myddns_ipv4: PID '4606' exit WITH ERROR '1' at 2016-02-19 00:11 Fri Feb 19 00:11:35 2016 daemon.notice netifd: Network device 'eth2' link is down Fri Feb 19 00:11:35 2016 daemon.notice netifd: Interface 'wan6' has link connectivity loss Fri Feb 19 00:11:35 2016 daemon.notice netifd: Interface 'wan6' is now down Fri Feb 19 00:11:35 2016 daemon.notice netifd: Interface 'wan6' is disabled Fri Feb 19 00:11:35 2016 daemon.notice netifd: Interface 'wan6' is enabled Fri Feb 19 00:11:35 2016 kern.info kernel: [ 87.159418] IPv6: ADDRCONF(NETDEV_UP): eth2: link is not ready Fri Feb 19 00:11:36 2016 kern.info kernel: [ 88.105824] br-lan: port 1(eth1) entered forwarding state Fri Feb 19 00:11:37 2016 daemon.notice vnstatd[4757]: vnStat daemon 1.12 started. (uid:0 gid:0) Fri Feb 19 00:11:37 2016 daemon.notice vnstatd[4757]: Monitoring: br-lan (100 Mbit) eth0 (100 Mbit) Fri Feb 19 00:11:37 2016 user.emerg procd: Stopping strongSwan IPsec failed: starter is not running Fri Feb 19 00:11:37 2016 kern.notice kernel: [ 89.176005] eth2: 1000 Mbps Full duplex, port 2 Fri Feb 19 00:11:37 2016 daemon.notice netifd: Network device 'eth2' link is up Fri Feb 19 00:11:37 2016 daemon.notice netifd: Interface 'wan6' has link connectivity Fri Feb 19 00:11:37 2016 daemon.notice netifd: Interface 'wan6' is setting up now Fri Feb 19 00:11:37 2016 kern.info kernel: [ 89.195851] IPv6: ADDRCONF(NETDEV_CHANGE): eth2: link becomes ready Fri Feb 19 00:11:37 2016 daemon.notice netifd: Interface 'wan6' is now up Fri Feb 19 00:11:39 2016 user.notice firewall: Reloading firewall due to ifup of wan6 (eth2) Fri Feb 19 00:11:39 2016 daemon.info dnsmasq[3364]: exiting on receipt of SIGTERM Fri Feb 19 00:11:39 2016 user.emerg procd: uci: Entry not found Fri Feb 19 00:11:39 2016 user.emerg procd: sh: 192.168.1.112: unknown operand Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: +-------------------[Rule Port Counts]--------------------------------------- Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | tcp udp icmp ip Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | src 1980 40 0 0 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | dst 10553 492 0 0 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | any 206 16 0 0 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | nc 7 1 0 0 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | s+d 46 15 0 0 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: +---------------------------------------------------------------------------- Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: +-----------------------[detection-filter-config]------------------------------ Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | memory-cap : 1048576 bytes Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: +-----------------------[detection-filter-rules]------------------------------- Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: ------------------------------------------------------------------------------- Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: +-----------------------[rate-filter-config]----------------------------------- Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | memory-cap : 1048576 bytes Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: +-----------------------[rate-filter-rules]------------------------------------ Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | none Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: ------------------------------------------------------------------------------- Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: +-----------------------[event-filter-config]---------------------------------- Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | memory-cap : 1048576 bytes Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: +-----------------------[event-filter-global]---------------------------------- Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | none Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: +-----------------------[event-filter-local]----------------------------------- Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008663 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008658 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008657 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008643 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008609 type=Threshold tracking=src count=3 seconds=10 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008603 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008578 type=Limit tracking=src count=1 seconds=10 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008577 type=Threshold tracking=dst count=5 seconds=15 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021172 type=Both tracking=dst count=10 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021171 type=Both tracking=src count=10 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021170 type=Both tracking=src count=10 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2009833 type=Threshold tracking=dst count=2 seconds=30 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021125 type=Limit tracking=dst count=1 seconds=1200 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021124 type=Limit tracking=dst count=1 seconds=1200 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008579 type=Threshold tracking=dst count=20 seconds=15 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2013547 type=Limit tracking=src count=1 seconds=600 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2000929 type=Limit tracking=src count=1 seconds=360 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2013492 type=Both tracking=src count=2 seconds=120 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2009703 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018433 type=Limit tracking=src count=1 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018455 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2009646 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018432 type=Limit tracking=src count=1 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018431 type=Limit tracking=src count=1 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018430 type=Limit tracking=src count=1 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018383 type=Limit tracking=src count=1 seconds=120 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018382 type=Limit tracking=dst count=1 seconds=120 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018374 type=Limit tracking=src count=1 seconds=120 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018373 type=Limit tracking=src count=1 seconds=120 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018372 type=Limit tracking=src count=1 seconds=120 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018389 type=Limit tracking=src count=1 seconds=120 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018388 type=Limit tracking=src count=1 seconds=120 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018316 type=Both tracking=dst count=12 seconds=120 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2002842 type=Both tracking=src count=5 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019166 type=Both tracking=src count=5 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2006546 type=Both tracking=src count=5 seconds=30 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019102 type=Both tracking=src count=2 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2011585 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020338 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2011497 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020306 type=Both tracking=dst count=30 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020305 type=Both tracking=src count=30 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020323 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003930 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003927 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020240 type=Limit tracking=src count=1 seconds=180 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2011403 type=Limit tracking=src count=5 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2011402 type=Limit tracking=src count=5 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2007583 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2000031 type=Limit tracking=dst count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020167 type=Both tracking=src count=1 seconds=10 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2000049 type=Limit tracking=dst count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2000048 type=Limit tracking=dst count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008797 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008413 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008429 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008428 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008427 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008424 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008423 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008422 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021327 type=Both tracking=src count=10 seconds=120 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021326 type=Limit tracking=src count=3 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008756 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008400 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2013416 type=Threshold tracking=dst count=10 seconds=20 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008391 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008355 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008353 type=Limit tracking=src count=1 seconds=3600 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008352 type=Limit tracking=src count=1 seconds=3600 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021333 type=Both tracking=src count=10 seconds=120 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021332 type=Both tracking=src count=10 seconds=120 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021331 type=Both tracking=src count=10 seconds=120 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021330 type=Both tracking=src count=10 seconds=120 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021329 type=Both tracking=src count=10 seconds=120 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021328 type=Both tracking=src count=10 seconds=120 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008343 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2013385 type=Limit tracking=src count=1 seconds=360 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008363 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008361 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2017162 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2017161 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021260 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2009547 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018277 type=Both tracking=src count=5 seconds=90 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2009544 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2009538 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2009537 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018292 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2009534 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2009512 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2001906 type=Both tracking=src count=5 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2009481 type=Threshold tracking=dst count=20 seconds=40 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2009480 type=Limit tracking=dst count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2001872 type=Limit tracking=src count=1 seconds=360 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2001864 type=Limit tracking=src count=1 seconds=360 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018208 type=Both tracking=src count=100 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2001858 type=Limit tracking=src count=1 seconds=360 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2001855 type=Limit tracking=src count=1 seconds=360 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2009356 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2009355 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018094 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018090 type=Limit tracking=src count=1 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018088 type=Limit tracking=src count=1 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2001795 type=Limit tracking=src count=30 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2014372 type=Both tracking=src count=2 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2002664 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2002677 type=Both tracking=src count=5 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2010508 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2006365 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2010494 type=Threshold tracking=src count=5 seconds=120 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019230 type=Both tracking=src count=50 seconds=10 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2010513 type=Threshold tracking=src count=10 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2010487 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2010486 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019211 type=Both tracking=src count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020069 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020022 type=Both tracking=src count=2 seconds=10 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019966 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019963 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003657 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2016212 type=Limit tracking=src count=1 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2011146 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003622 type=Limit tracking=src count=3 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008571 type=Threshold tracking=dst count=2 seconds=5 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019922 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019950 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008549 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019897 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008544 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2012306 type=Limit tracking=dst count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2012305 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2012304 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2012303 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019889 type=Both tracking=src count=12 seconds=120 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019888 type=Both tracking=src count=12 seconds=120 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019887 type=Both tracking=src count=12 seconds=120 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003586 type=Limit tracking=src count=3 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003585 type=Limit tracking=src count=3 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008564 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003583 type=Limit tracking=src count=3 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008560 type=Threshold tracking=dst count=4 seconds=15 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003566 type=Limit tracking=src count=3 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008514 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2016101 type=Limit tracking=src count=1 seconds=120 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008513 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008512 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008510 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008504 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019886 type=Both tracking=src count=12 seconds=120 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019885 type=Both tracking=src count=12 seconds=120 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019884 type=Both tracking=src count=12 seconds=120 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019883 type=Both tracking=src count=12 seconds=120 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019882 type=Both tracking=src count=12 seconds=120 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019876 type=Limit tracking=src count=1 seconds=30 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008495 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008494 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008488 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008453 type=Threshold tracking=src count=5 seconds=30 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003497 type=Limit tracking=src count=3 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2016033 type=Limit tracking=src count=1 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2016031 type=Limit tracking=src count=1 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003493 type=Limit tracking=src count=2 seconds=360 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2016030 type=Limit tracking=src count=1 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008440 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2012204 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008464 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008463 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008460 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008455 type=Threshold tracking=src count=5 seconds=30 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008454 type=Threshold tracking=src count=5 seconds=30 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008098 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008097 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008096 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2016016 type=Both tracking=dst count=5 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008085 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008084 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021018 type=Both tracking=dst count=10 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008073 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2013036 type=Limit tracking=src count=1 seconds=3 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2013017 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2017967 type=Both tracking=src count=2 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2017966 type=Both tracking=src count=1 seconds=120 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2017965 type=Both tracking=src count=1 seconds=120 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2014141 type=Both tracking=src count=5 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2014140 type=Both tracking=src count=5 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2017921 type=Both tracking=src count=2 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2017920 type=Both tracking=src count=2 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2017919 type=Both tracking=dst count=2 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2017918 type=Both tracking=dst count=2 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2014153 type=Both tracking=src count=225 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2009159 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2014103 type=Both tracking=src count=15 seconds=30 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021691 type=Limit tracking=src count=3 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2001564 type=Limit tracking=src count=5 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2001562 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2005320 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2014020 type=Both tracking=src count=5 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2014002 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019018 type=Both tracking=dst count=2 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019017 type=Both tracking=dst count=2 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019016 type=Both tracking=dst count=2 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019015 type=Both tracking=src count=1 seconds=120 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019014 type=Both tracking=src count=1 seconds=120 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019013 type=Both tracking=src count=1 seconds=120 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019012 type=Both tracking=src count=1 seconds=120 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019011 type=Both tracking=src count=1 seconds=120 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019010 type=Both tracking=src count=1 seconds=120 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019022 type=Both tracking=src count=2 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019021 type=Both tracking=dst count=2 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019020 type=Both tracking=dst count=2 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019019 type=Both tracking=dst count=2 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018984 type=Both tracking=src count=1 seconds=30 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018978 type=Both tracking=dst count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018977 type=Both tracking=src count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2011030 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2011029 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019778 type=Both tracking=dst count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2010953 type=Limit tracking=src count=10 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003387 type=Limit tracking=src count=5 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2015986 type=Both tracking=src count=100 seconds=1 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019749 type=Limit tracking=src count=1 seconds=600 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003384 type=Limit tracking=src count=1 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019748 type=Limit tracking=src count=1 seconds=600 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003397 type=Both tracking=src count=1 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019692 type=Both tracking=src count=12 seconds=120 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003287 type=Both tracking=dst count=1 seconds=900 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003286 type=Both tracking=dst count=1 seconds=900 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008264 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008262 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008259 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019609 type=Both tracking=src count=50 seconds=10 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008257 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008255 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008253 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008276 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003263 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003262 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003261 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003260 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003259 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003258 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003257 type=Both tracking=src count=2 seconds=900 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003256 type=Both tracking=src count=2 seconds=900 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020853 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003255 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003254 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008266 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008231 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003281 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003280 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008228 type=Limit tracking=src count=3 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003279 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003278 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003277 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003276 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003275 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003274 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003273 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003272 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003271 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003270 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003269 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003268 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003267 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003266 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008199 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008216 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008215 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008214 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008211 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2011975 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2011974 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008209 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008208 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008184 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008181 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020742 type=Both tracking=src count=3 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2011915 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2011914 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008147 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2004443 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020712 type=Limit tracking=src count=2 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020741 type=Both tracking=src count=3 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2016897 type=Limit tracking=src count=2 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020702 type=Both tracking=src count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020661 type=Limit tracking=dst count=1 seconds=1200 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020660 type=Limit tracking=dst count=1 seconds=1200 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020659 type=Limit tracking=dst count=1 seconds=1200 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2009040 type=Threshold tracking=src count=20 seconds=10 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020669 type=Limit tracking=dst count=1 seconds=1200 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020668 type=Limit tracking=dst count=1 seconds=1200 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2016867 type=Limit tracking=src count=1 seconds=600 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020667 type=Limit tracking=dst count=1 seconds=1200 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020666 type=Limit tracking=dst count=1 seconds=1200 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020665 type=Limit tracking=dst count=1 seconds=1200 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020664 type=Limit tracking=dst count=1 seconds=1200 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020663 type=Limit tracking=dst count=1 seconds=1200 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020662 type=Limit tracking=dst count=1 seconds=1200 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020633 type=Limit tracking=dst count=1 seconds=1200 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020632 type=Limit tracking=dst count=1 seconds=1200 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020631 type=Limit tracking=dst count=1 seconds=1200 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020630 type=Limit tracking=dst count=1 seconds=1200 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2017721 type=Both tracking=src count=5 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008956 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2017722 type=Both tracking=src count=5 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008919 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008916 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008914 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008913 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008912 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008941 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021444 type=Both tracking=src count=10 seconds=120 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021443 type=Both tracking=src count=10 seconds=120 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2001316 type=Limit tracking=src count=1 seconds=360 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2001315 type=Limit tracking=src count=1 seconds=360 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021410 type=Both tracking=src count=10 seconds=120 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021409 type=Both tracking=src count=10 seconds=120 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008847 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018755 type=Both tracking=src count=5 seconds=120 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2002402 type=Limit tracking=src count=1 seconds=360 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2002400 type=Limit tracking=src count=2 seconds=360 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2002383 type=Threshold tracking=dst count=5 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018666 type=Both tracking=dst count=12 seconds=120 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2009867 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2014869 type=Limit tracking=src count=1 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018607 type=Limit tracking=src count=1 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018569 type=Limit tracking=src count=1 seconds=120 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018568 type=Limit tracking=src count=1 seconds=120 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2010715 type=Limit tracking=src count=1 seconds=180 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003171 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019418 type=Both tracking=src count=50 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2011887 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2010643 type=Threshold tracking=src count=5 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2010642 type=Threshold tracking=src count=5 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019350 type=Both tracking=dst count=500 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019349 type=Both tracking=dst count=500 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008043 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019348 type=Both tracking=dst count=500 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019347 type=Both tracking=dst count=500 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019346 type=Both tracking=dst count=500 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008048 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2011809 type=Limit tracking=src count=1 seconds=30 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2011808 type=Limit tracking=src count=1 seconds=30 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2011767 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2011766 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2015577 type=Limit tracking=src count=1 seconds=30 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2011716 type=Limit tracking=src count=5 seconds=120 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008734 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008749 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021575 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021574 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021573 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021572 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: +-----------------------[suppression]------------------------------------------ Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=129 sig-id=12 tracking=none Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=129 sig-id=20 tracking=none Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: ------------------------------------------------------------------------------- Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: Rule application order: activation->dynamic->pass->drop->sdrop->reject->alert->log Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: Verifying Preprocessor Configurations! Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'ET.pdf.in.http' is checked but not ever set. Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'ET.Fareit.chk' is set but not ever checked. Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'AnglerEK' is set but not ever checked. Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'EXE2' is set but not ever checked. Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'ET.http.javaclient.SakuraPorts' is checked but not ever set. Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'NuclearEK' is set but not ever checked. Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'et.WinHttpRequest' is checked but not ever set. Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'et.JavaArchiveOrClass' is checked but not ever set. Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'et.MCOFF' is checked but not ever set. Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'ET.ButterflyJoin' is set but not ever checked. Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'ET.lizkebab' is checked but not ever set. Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'SunDown.EK' is set but not ever checked. Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'ET.MSSQL' is checked but not ever set. Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'ET.Adobe.Site.Download' is checked but not ever set. Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'ms.rdp.established' is checked but not ever set. Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'ET.autoit.ua' is checked but not ever set. Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'ET.gadu.loggedin' is checked but not ever set. Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'ET.http.javaclient' is checked but not ever set. Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'ET.RDP.Morto' is set but not ever checked. Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'ET.JS.Obfus.Func' is checked but not ever set. Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'FlimKit.SWF.Redirect' is checked but not ever set. Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'et.MS.XMLHTTP.ip.request' is checked but not ever set. Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'ET.invalid.cab' is checked but not ever set. Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'ET.http.binary' is checked but not ever set. Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'ET.lethic.established' is set but not ever checked. Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'ET.http.rtf.download' is set but not ever checked. Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'et.MS.XMLHTTP.no.exe.request' is checked but not ever set. Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'ET.Onelouder.bin' is set but not ever checked. Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'et.http.PK' is checked but not ever set. Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'ET.wininet.UA' is checked but not ever set. Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'ET.webc2ugx' is set but not ever checked. Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'ET.http.javaclient.vulnerable' is checked but not ever set. Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: 131 out of 1024 flowbits in use. Fri Feb 19 00:11:44 2016 user.emerg procd: uci: Entry not found Fri Feb 19 00:11:45 2016 user.notice ddns-scripts[5032]: myddns_ipv6: PID '5032' started at 2016-02-19 00:11 Fri Feb 19 00:11:46 2016 user.warn ddns-scripts[5032]: myddns_ipv6: Service section disabled! - TERMINATE Fri Feb 19 00:11:46 2016 daemon.info dnsmasq[4965]: started, version 2.73rc7 cachesize 150 Fri Feb 19 00:11:46 2016 daemon.info dnsmasq[4965]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-DNSSEC loop-detect inotify Fri Feb 19 00:11:46 2016 daemon.info dnsmasq[4965]: DNS service limited to local subnets Fri Feb 19 00:11:46 2016 daemon.info dnsmasq[4965]: using local addresses only for domain lan Fri Feb 19 00:11:46 2016 user.warn ddns-scripts[5032]: myddns_ipv6: PID '5032' exit WITH ERROR '1' at 2016-02-19 00:11 Fri Feb 19 00:11:46 2016 daemon.info dnsmasq[4965]: reading /tmp/resolv.conf.auto Fri Feb 19 00:11:46 2016 daemon.info dnsmasq[4965]: using local addresses only for domain lan Fri Feb 19 00:11:46 2016 daemon.info dnsmasq[4965]: using nameserver 192.168.1.1#53 Fri Feb 19 00:11:46 2016 daemon.info dnsmasq[4965]: read /etc/hosts - 1 addresses Fri Feb 19 00:11:46 2016 daemon.info dnsmasq[4965]: read /tmp/hosts/dhcp - 1 addresses Fri Feb 19 00:11:47 2016 daemon.notice netifd: Interface 'blockdomain' is enabled Fri Feb 19 00:11:47 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity Fri Feb 19 00:11:47 2016 daemon.notice netifd: Interface 'blockdomain' is setting up now Fri Feb 19 00:11:47 2016 daemon.notice netifd: Interface 'blockdomain' is now up Fri Feb 19 00:11:47 2016 daemon.notice netifd: Interface 'blockdomain' is now down Fri Feb 19 00:11:47 2016 daemon.notice netifd: Interface 'blockdomain' is setting up now Fri Feb 19 00:11:47 2016 daemon.notice netifd: Interface 'blockdomain' is now up Fri Feb 19 00:11:48 2016 daemon.info dnsmasq[4965]: exiting on receipt of SIGTERM Fri Feb 19 00:11:53 2016 daemon.crit dnsmasq[5365]: bad option at line 69 of /etc/ITUS_DNS.txt Fri Feb 19 00:11:53 2016 daemon.crit dnsmasq[5365]: FAILED to start up Fri Feb 19 00:11:53 2016 user.notice update_webfilter: updated dnsmasq blacklist Fri Feb 19 00:11:53 2016 user.notice update_webfilter: updated network.interface.blockdomain: 192.168.1.112 Fri Feb 19 00:11:53 2016 user.notice update_webfilter: updated firewall.@redirect[0].Itusfilter: 192.168.1.112 Fri Feb 19 00:11:53 2016 user.notice update_webfilter: updated firewall.@redirect[1]dns-traffic-to-shield: 192.168.1.112 Fri Feb 19 00:11:53 2016 user.notice update_webfilter: updated uhttpd.Itusfilter Fri Feb 19 00:11:53 2016 daemon.crit dnsmasq[5380]: bad option at line 69 of /etc/ITUS_DNS.txt Fri Feb 19 00:11:53 2016 daemon.crit dnsmasq[5380]: FAILED to start up Fri Feb 19 00:11:58 2016 daemon.info dnsmasq[5500]: started, version 2.73rc7 cachesize 150 Fri Feb 19 00:11:58 2016 daemon.info dnsmasq[5500]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-DNSSEC loop-detect inotify Fri Feb 19 00:11:58 2016 daemon.info dnsmasq[5500]: DNS service limited to local subnets Fri Feb 19 00:11:58 2016 daemon.info dnsmasq[5500]: using local addresses only for domain lan Fri Feb 19 00:11:58 2016 daemon.info dnsmasq[5500]: reading /tmp/resolv.conf.auto Fri Feb 19 00:11:58 2016 daemon.info dnsmasq[5500]: using local addresses only for domain lan Fri Feb 19 00:11:58 2016 daemon.info dnsmasq[5500]: using nameserver 192.168.1.1#53 Fri Feb 19 00:11:58 2016 daemon.info dnsmasq[5500]: read /etc/hosts - 1 addresses Fri Feb 19 00:11:58 2016 daemon.info dnsmasq[5500]: read /tmp/hosts/dhcp - 1 addresses Fri Feb 19 00:12:04 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:12:04 2016 kern.notice kernel: [ 116.245666] eth0: Link down Fri Feb 19 00:12:04 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:12:04 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:12:05 2016 daemon.notice netifd: Network device 'eth0' link is down Fri Feb 19 00:12:05 2016 daemon.notice netifd: Interface 'wan' has link connectivity loss Fri Feb 19 00:12:05 2016 daemon.notice netifd: Interface 'wan' is now down Fri Feb 19 00:12:05 2016 daemon.notice netifd: Interface 'wan' is disabled Fri Feb 19 00:12:05 2016 daemon.notice netifd: Interface 'wan' is enabled Fri Feb 19 00:12:05 2016 kern.info kernel: [ 117.240390] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready Fri Feb 19 00:12:06 2016 kern.notice kernel: [ 118.125582] eth1: Link down Fri Feb 19 00:12:07 2016 daemon.notice netifd: Network device 'eth1' link is down Fri Feb 19 00:12:07 2016 kern.info kernel: [ 119.116017] br-lan: port 1(eth1) entered disabled state Fri Feb 19 00:12:08 2016 daemon.notice netifd: Bridge 'br-lan' link is down Fri Feb 19 00:12:08 2016 daemon.notice netifd: Interface 'lan' has link connectivity loss Fri Feb 19 00:12:08 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity loss Fri Feb 19 00:12:08 2016 daemon.notice netifd: lan (4556): Received SIGTERM Fri Feb 19 00:12:08 2016 kern.notice kernel: [ 120.205583] eth2: Link down Fri Feb 19 00:12:08 2016 kern.notice kernel: [ 120.256063] eth0: 1000 Mbps Full duplex, port 0 Fri Feb 19 00:12:08 2016 daemon.notice netifd: Network device 'eth0' link is up Fri Feb 19 00:12:08 2016 daemon.notice netifd: Interface 'wan' has link connectivity Fri Feb 19 00:12:08 2016 daemon.notice netifd: Interface 'wan' is setting up now Fri Feb 19 00:12:08 2016 kern.info kernel: [ 120.285867] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready Fri Feb 19 00:12:08 2016 daemon.notice netifd: Interface 'wan' is now up Fri Feb 19 00:12:08 2016 daemon.warn dnsmasq[5500]: no servers found in /tmp/resolv.conf.auto, will retry Fri Feb 19 00:12:09 2016 user.notice firewall: Reloading firewall due to ifup of wan (eth0) Fri Feb 19 00:12:09 2016 daemon.notice netifd: Network device 'eth2' link is down Fri Feb 19 00:12:09 2016 daemon.notice netifd: Interface 'wan6' has link connectivity loss Fri Feb 19 00:12:09 2016 daemon.notice netifd: Interface 'wan6' is now down Fri Feb 19 00:12:09 2016 daemon.notice netifd: Interface 'wan6' is disabled Fri Feb 19 00:12:09 2016 daemon.notice netifd: Interface 'wan6' is enabled Fri Feb 19 00:12:09 2016 kern.info kernel: [ 121.224196] IPv6: ADDRCONF(NETDEV_UP): eth2: link is not ready Fri Feb 19 00:12:10 2016 kern.notice kernel: [ 122.135950] eth1: 1000 Mbps Full duplex, port 1 Fri Feb 19 00:12:10 2016 daemon.notice netifd: Network device 'eth1' link is up Fri Feb 19 00:12:10 2016 daemon.notice netifd: Bridge 'br-lan' link is up Fri Feb 19 00:12:10 2016 daemon.notice netifd: Interface 'lan' has link connectivity Fri Feb 19 00:12:10 2016 daemon.notice netifd: Interface 'lan' is setting up now Fri Feb 19 00:12:10 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity Fri Feb 19 00:12:10 2016 kern.info kernel: [ 122.146030] br-lan: port 1(eth1) entered forwarding state Fri Feb 19 00:12:10 2016 kern.info kernel: [ 122.146069] br-lan: port 1(eth1) entered forwarding state Fri Feb 19 00:12:10 2016 daemon.info dnsmasq[5500]: query[A] 0.us.pool.ntp.org from 127.0.0.1 Fri Feb 19 00:12:10 2016 daemon.notice netifd: lan (5719): udhcpc (v1.23.2) started Fri Feb 19 00:12:10 2016 daemon.notice netifd: lan (5719): Sending discover... Fri Feb 19 00:12:11 2016 daemon.notice netifd: lan (5719): Sending select for 192.168.1.59... Fri Feb 19 00:12:11 2016 daemon.notice netifd: lan (5719): Lease of 192.168.1.59 obtained, lease time 86400 Fri Feb 19 00:12:11 2016 daemon.notice netifd: Interface 'lan' is now up Fri Feb 19 00:12:11 2016 daemon.info dnsmasq[5500]: reading /tmp/resolv.conf.auto Fri Feb 19 00:12:11 2016 daemon.info dnsmasq[5500]: using local addresses only for domain lan Fri Feb 19 00:12:11 2016 daemon.info dnsmasq[5500]: using nameserver 192.168.1.1#53 Fri Feb 19 00:12:12 2016 user.notice ddns-scripts[5771]: myddns_ipv4: PID '5771' started at 2016-02-19 00:12 Fri Feb 19 00:12:12 2016 kern.info kernel: [ 124.145833] br-lan: port 1(eth1) entered forwarding state Fri Feb 19 00:12:12 2016 user.warn ddns-scripts[5771]: myddns_ipv4: Service section disabled! - TERMINATE Fri Feb 19 00:12:12 2016 user.warn ddns-scripts[5771]: myddns_ipv4: PID '5771' exit WITH ERROR '1' at 2016-02-19 00:12 Fri Feb 19 00:12:12 2016 daemon.notice netifd: Network device 'eth2' link is up Fri Feb 19 00:12:12 2016 daemon.notice netifd: Interface 'wan6' has link connectivity Fri Feb 19 00:12:12 2016 daemon.notice netifd: Interface 'wan6' is setting up now Fri Feb 19 00:12:12 2016 kern.notice kernel: [ 124.235980] eth2: 1000 Mbps Full duplex, port 2 Fri Feb 19 00:12:12 2016 kern.info kernel: [ 124.239465] IPv6: ADDRCONF(NETDEV_CHANGE): eth2: link becomes ready Fri Feb 19 00:12:12 2016 daemon.notice netifd: Interface 'wan6' is now up Fri Feb 19 00:12:12 2016 user.notice firewall: Reloading firewall due to ifup of lan (br-lan) Fri Feb 19 00:12:13 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:12:13 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:12:13 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:12:16 2016 user.notice firewall: Reloading firewall due to ifup of wan6 (eth2) Fri Feb 19 00:12:19 2016 user.notice ddns-scripts[6108]: myddns_ipv6: PID '6108' started at 2016-02-19 00:12 Fri Feb 19 00:12:19 2016 user.warn ddns-scripts[6108]: myddns_ipv6: Service section disabled! - TERMINATE Fri Feb 19 00:12:19 2016 user.warn ddns-scripts[6108]: myddns_ipv6: PID '6108' exit WITH ERROR '1' at 2016-02-19 00:12 Fri Feb 19 00:12:27 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:12:27 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:12:27 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:12:40 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:12:40 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:12:40 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:12:56 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:12:57 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:12:57 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: [ Port Based Pattern Matching Memory ] Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: +- [ Aho-Corasick Summary ] ------------------------------------- Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: | Storage Format : Full Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: | Finite Automaton : DFA Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: | Alphabet Size : 256 Chars Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: | Sizeof State : Variable (1,2,4 bytes) Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: | Instances : 335 Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: | 1 byte states : 228 Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: | 2 byte states : 107 Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: | 4 byte states : 0 Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: | Characters : 408795 Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: | States : 252270 Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: | Transitions : 13611564 Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: | State Density : 21.1% Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: | Patterns : 34402 Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: | Match States : 30013 Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: | Memory (MB) : 134.67 Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: | Patterns : 3.40 Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: | Match Lists : 8.23 Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: | DFA Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: | 1 byte states : 3.38 Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: | 2 byte states : 119.41 Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: | 4 byte states : 0.00 Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: +---------------------------------------------------------------- Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: [ Number of patterns truncated to 20 bytes: 5427 ] Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: afpacket DAQ configured to inline. Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Acquiring network traffic from "eth0:eth2". Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Initializing daemon mode Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Daemon initialized, signaled parent pid: 1 Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Reload thread starting... Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Reload thread started, thread 0xffe93af210 (6157) Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Checking PID path... Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: PID path stat checked out ok, PID path set to /var/snort/ Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Writing PID "4001" to file "/var/snort//snort_eth0:eth2.pid" Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: --== Initialization Complete ==-- Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: ,,_ -*> Snort! <*- Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: o" )~ Version 2.9.7.2 GRE (Build 177) Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: '''' By Martin Roesch & The Snort Team: http://www.snort.org/contact#team Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Copyright (C) 2014 Cisco and/or its affiliates. All rights reserved. Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Copyright (C) 1998-2013 Sourcefire, Inc., et al. Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Using libpcap version 1.5.3 Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Using PCRE version: 8.36 2014-09-26 Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Using ZLIB version: 1.2.8 Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Rules Engine: SF_SNORT_DETECTION_ENGINE Version 2.4 <Build 1> Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Preprocessor Object: SF_DCERPC2 Version 1.0 <Build 3> Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Preprocessor Object: SF_DNS Version 1.1 <Build 4> Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Preprocessor Object: SF_FTPTELNET Version 1.2 <Build 13> Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Preprocessor Object: SF_SDF Version 1.1 <Build 1> Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Preprocessor Object: SF_SIP Version 1.1 <Build 1> Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Preprocessor Object: SF_POP Version 1.0 <Build 1> Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Preprocessor Object: SF_DNP3 Version 1.1 <Build 1> Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Preprocessor Object: SF_SSLPP Version 1.1 <Build 4> Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Preprocessor Object: SF_IMAP Version 1.0 <Build 1> Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Preprocessor Object: SF_MODBUS Version 1.1 <Build 1> Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Preprocessor Object: SF_REPUTATION Version 1.1 <Build 1> Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Preprocessor Object: SF_SMTP Version 1.1 <Build 9> Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Preprocessor Object: SF_SSH Version 1.1 <Build 3> Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Preprocessor Object: SF_GTP Version 1.1 <Build 1> Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Commencing packet processing (pid=4001) Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Decoding Ethernet Fri Feb 19 00:12:59 2016 kern.info kernel: [ 170.755829] device eth2 entered promiscuous mode Fri Feb 19 00:12:59 2016 kern.info kernel: [ 170.905826] device eth0 entered promiscuous mode Fri Feb 19 00:13:06 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:13:06 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:13:06 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:13:17 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:13:17 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:13:17 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:13:32 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:13:32 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:13:33 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:13:46 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:13:46 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:13:46 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:13:56 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:13:56 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:13:56 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:14:12 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:14:12 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:14:12 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:14:31 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:14:31 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:14:31 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:14:37 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:14:37 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:14:37 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:14:49 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:14:49 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:14:49 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:14:57 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:14:57 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:14:57 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:15:03 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:15:03 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:15:03 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:15:08 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:15:08 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:15:09 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:15:19 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:15:19 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:15:19 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:15:29 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:15:29 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:15:29 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:15:38 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:15:38 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:15:38 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:15:54 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:15:54 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:15:54 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:16:11 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:16:11 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:16:11 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:16:19 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:16:19 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:16:19 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:16:32 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:16:32 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:16:32 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:16:51 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:16:51 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:16:52 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:17:01 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:17:01 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:17:01 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:17:14 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:17:14 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:17:14 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:17:24 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:17:24 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:17:24 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:17:34 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:17:34 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:17:34 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:17:46 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:17:46 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:17:46 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:17:53 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:17:53 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:17:53 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:18:04 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:18:04 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:18:04 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:18:13 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:18:13 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:18:13 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:18:30 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:18:30 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:18:31 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:18:44 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:18:44 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:18:44 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:18:52 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:18:52 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:18:52 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:19:02 2016 daemon.info dnsmasq[5500]: query[A] upgrade.meshare.com from 192.168.1.118 Fri Feb 19 00:19:02 2016 daemon.info dnsmasq[5500]: forwarded upgrade.meshare.com to 192.168.1.1 Fri Feb 19 00:19:02 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: upgrade.meshare.com Fri Feb 19 00:19:05 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:19:05 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:19:05 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:19:20 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:19:20 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:19:21 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:19:33 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:19:33 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:19:33 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:19:51 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:19:51 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:19:51 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:20:00 2016 cron.info crond[3190]: USER root pid 6164 cmd /usr/sbin/ntpclient -s -p 123 -h 0.us.pool.ntp.org || /etc/init.d/ntpclient restart Fri Feb 19 00:20:00 2016 user.notice root: NTP 0.us.pool.ntp.org failed. Fri Feb 19 00:20:00 2016 user.notice root: NTP 0.us.pool.ntp.org failed. Fri Feb 19 00:20:00 2016 user.notice root: NTP 0.us.pool.ntp.org failed. Fri Feb 19 00:20:00 2016 user.notice root: NTP 0.us.pool.ntp.org failed. Fri Feb 19 00:20:00 2016 user.notice root: NTP 0.us.pool.ntp.org failed. Fri Feb 19 00:20:00 2016 user.notice root: NTP eager clock adjust failed. Fri Feb 19 00:20:00 2016 user.notice root: Restarted ntpclient. NTP server #1 of 4. Fri Feb 19 00:20:08 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:20:08 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:20:09 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:20:16 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:20:16 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:20:16 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:20:26 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:20:26 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:20:26 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:20:44 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:20:44 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:20:46 2016 kern.notice kernel: [ 638.155665] eth1: Link down Fri Feb 19 00:20:46 2016 kern.info kernel: [ 638.155726] br-lan: port 1(eth1) entered disabled state Fri Feb 19 00:20:46 2016 daemon.notice netifd: Network device 'eth1' link is down Fri Feb 19 00:20:46 2016 kern.notice kernel: [ 638.255621] eth2: Link down Fri Feb 19 00:20:47 2016 daemon.notice netifd: Bridge 'br-lan' link is down Fri Feb 19 00:20:47 2016 daemon.notice netifd: Interface 'lan' has link connectivity loss Fri Feb 19 00:20:47 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity loss Fri Feb 19 00:20:47 2016 daemon.notice netifd: Network device 'eth2' link is down Fri Feb 19 00:20:47 2016 daemon.notice netifd: Interface 'wan6' has link connectivity loss Fri Feb 19 00:20:47 2016 daemon.notice netifd: Interface 'wan6' is now down Fri Feb 19 00:20:47 2016 daemon.notice snort[4001]: Can't acquire (-1) - afpacket_daq_acquire: Encountered error condition on a packet socket! Fri Feb 19 00:20:47 2016 daemon.notice netifd: Interface 'wan6' is disabled Fri Feb 19 00:20:47 2016 kern.info kernel: [ 639.155774] IPv6: ADDRCONF(NETDEV_UP): eth2: link is not ready Fri Feb 19 00:20:47 2016 daemon.notice netifd: Interface 'wan6' is enabled Fri Feb 19 00:20:47 2016 daemon.notice netifd: lan (5719): Received SIGTERM Fri Feb 19 00:20:47 2016 daemon.warn dnsmasq[5500]: no servers found in /tmp/resolv.conf.auto, will retry Fri Feb 19 00:20:47 2016 kern.info kernel: [ 639.216238] device eth2 left promiscuous mode Fri Feb 19 00:20:47 2016 kern.info kernel: [ 639.346151] device eth0 left promiscuous mode Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: =============================================================================== Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Memory usage summary: Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Total non-mmapped bytes (arena): 243034144 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Bytes in mapped regions (hblkhd): 18939904 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Total allocated space (uordblks): 229600432 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Total free space (fordblks): 13433712 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Topmost releasable block (keepcost): 153360 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: =============================================================================== Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Packet I/O Totals: Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Received: 737 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Analyzed: 737 (100.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Dropped: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Filtered: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Outstanding: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Injected: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: =============================================================================== Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Breakdown by protocol (includes rebuilt packets): Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Eth: 737 (100.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: VLAN: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: IP4: 51 ( 6.920%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Frag: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: ICMP: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: UDP: 47 ( 6.377%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: TCP: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: IP6: 1 ( 0.136%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: IP6 Ext: 1 ( 0.136%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: IP6 Opts: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Frag6: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: ICMP6: 1 ( 0.136%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: UDP6: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: TCP6: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Teredo: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: ICMP-IP: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: IP4/IP4: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: IP4/IP6: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: IP6/IP4: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: IP6/IP6: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: GRE: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: GRE Eth: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: GRE VLAN: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: GRE IP4: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: GRE IP6: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: GRE IP6 Ext: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: GRE PPTP: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: GRE ARP: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: GRE IPX: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: GRE Loop: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: MPLS: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: ARP: 685 ( 92.944%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: IPX: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Eth Loop: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Eth Disc: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: IP4 Disc: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: IP6 Disc: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: TCP Disc: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: UDP Disc: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: ICMP Disc: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: All Discard: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Other: 4 ( 0.543%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Bad Chk Sum: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Bad TTL: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: S5 G 1: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: S5 G 2: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Total: 737 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: =============================================================================== Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Action Stats: Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Alerts: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Logged: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Passed: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Limits: Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Match: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Queue: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Log: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Event: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Alert: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Verdicts: Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Allow: 733 ( 99.457%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Block: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Replace: 4 ( 0.543%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Whitelist: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Blacklist: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Ignore: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Retry: 0 ( 0.000%) Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: =============================================================================== Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Normalizer statistics: Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: ip4::trim: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would ip4::trim: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: ip4::tos: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would ip4::tos: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: ip4::df: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would ip4::df: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: ip4::rf: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would ip4::rf: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: ip4::ttl: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would ip4::ttl: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: ip4::opts: 4 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would ip4::opts: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: icmp4::echo: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would icmp4::echo: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: ip6::ttl: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would ip6::ttl: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: ip6::opts: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would ip6::opts: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: icmp6::echo: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would icmp6::echo: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: tcp::syn_opt: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would tcp::syn_opt: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: tcp::opt: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would tcp::opt: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: tcp::pad: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would tcp::pad: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: tcp::rsv: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would tcp::rsv: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: tcp::ns: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would tcp::ns: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: tcp::urp: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would tcp::urp: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: tcp::ecn_pkt: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would tcp::ecn_pkt: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: tcp::ts_ecr: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would tcp::ts_ecr: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: tcp::req_urg: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would tcp::req_urg: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: tcp::req_pay: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would tcp::req_pay: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: tcp::req_urp: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would tcp::req_urp: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: tcp::ecn_ssn: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would tcp::ecn_ssn: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: tcp::ts_nop: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would tcp::ts_nop: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: tcp::ips_data: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would tcp::ips_data: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: tcp::block: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would tcp::block: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: tcp::trim_syn: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would tcp::trim_syn: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: tcp::trim_rst: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would tcp::trim_rst: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: tcp::trim_win: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would tcp::trim_win: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: tcp::trim_mss: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would tcp::trim_mss: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: =============================================================================== Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Frag3 statistics: Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Total Fragments: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Frags Reassembled: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Discards: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Memory Faults: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Timeouts: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Overlaps: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Anomalies: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Alerts: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Drops: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: FragTrackers Added: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: FragTrackers Dumped: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: FragTrackers Auto Freed: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Frag Nodes Inserted: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Frag Nodes Deleted: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: =============================================================================== Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: =============================================================================== Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Stream statistics: Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Total sessions: 1 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: TCP sessions: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: UDP sessions: 1 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: ICMP sessions: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: IP sessions: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: TCP Prunes: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: UDP Prunes: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: ICMP Prunes: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: IP Prunes: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: TCP StreamTrackers Created: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: TCP StreamTrackers Deleted: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: TCP Timeouts: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: TCP Overlaps: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: TCP Segments Queued: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: TCP Segments Released: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: TCP Rebuilt Packets: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: TCP Segments Used: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: TCP Discards: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: TCP Gaps: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: UDP Sessions Created: 1 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: UDP Sessions Deleted: 1 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: UDP Timeouts: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: UDP Discards: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Events: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Internal Events: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: TCP Port Filter Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Filtered: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Inspected: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Tracked: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: UDP Port Filter Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Filtered: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Inspected: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Tracked: 1 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: =============================================================================== Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: =============================================================================== Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: dcerpc2 Preprocessor Statistics Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Total sessions: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: =============================================================================== Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: =============================================================================== Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: SIP Preprocessor Statistics Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Total sessions: 0 Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: =============================================================================== Fri Feb 19 00:20:49 2016 daemon.notice snort[4001]: Snort exiting Fri Feb 19 00:20:49 2016 kern.notice kernel: [ 641.165908] eth1: 1000 Mbps Full duplex, port 1 Fri Feb 19 00:20:49 2016 daemon.notice netifd: Network device 'eth1' link is up Fri Feb 19 00:20:49 2016 daemon.notice netifd: Network device 'eth2' link is up Fri Feb 19 00:20:49 2016 daemon.notice netifd: Interface 'wan6' has link connectivity Fri Feb 19 00:20:49 2016 daemon.notice netifd: Interface 'wan6' is setting up now Fri Feb 19 00:20:49 2016 kern.notice kernel: [ 641.186003] eth2: 1000 Mbps Full duplex, port 2 Fri Feb 19 00:20:49 2016 kern.info kernel: [ 641.186031] br-lan: port 1(eth1) entered forwarding state Fri Feb 19 00:20:49 2016 kern.info kernel: [ 641.186055] br-lan: port 1(eth1) entered forwarding state Fri Feb 19 00:20:49 2016 kern.info kernel: [ 641.186106] IPv6: ADDRCONF(NETDEV_CHANGE): eth2: link becomes ready Fri Feb 19 00:20:49 2016 daemon.notice netifd: Interface 'wan6' is now up Fri Feb 19 00:20:49 2016 daemon.notice netifd: Bridge 'br-lan' link is up Fri Feb 19 00:20:49 2016 daemon.notice netifd: Interface 'lan' has link connectivity Fri Feb 19 00:20:49 2016 daemon.notice netifd: Interface 'lan' is setting up now Fri Feb 19 00:20:49 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity Fri Feb 19 00:20:49 2016 daemon.notice netifd: lan (6287): udhcpc (v1.23.2) started Fri Feb 19 00:20:49 2016 daemon.notice netifd: lan (6287): Sending discover... Fri Feb 19 00:20:49 2016 user.notice firewall: Reloading firewall due to ifup of wan6 (eth2) Fri Feb 19 00:20:51 2016 kern.info kernel: [ 643.185818] br-lan: port 1(eth1) entered forwarding state Fri Feb 19 00:20:52 2016 daemon.notice netifd: lan (6287): Sending discover... Fri Feb 19 00:20:53 2016 user.notice ddns-scripts[6407]: myddns_ipv6: PID '6407' started at 2016-02-19 00:20 Fri Feb 19 00:20:53 2016 user.warn ddns-scripts[6407]: myddns_ipv6: Service section disabled! - TERMINATE Fri Feb 19 00:20:53 2016 user.warn ddns-scripts[6407]: myddns_ipv6: PID '6407' exit WITH ERROR '1' at 2016-02-19 00:20 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Enabling inline operation Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Found pid path directive (/var/snort/) Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Running in IDS mode Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: --== Initializing Snort ==-- Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Initializing Output Plugins! Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Initializing Preprocessors! Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Initializing Plug-ins! Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Parsing Rules file "/etc/snort/snort_bridge.conf" Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: PortVar 'HTTP_PORTS' defined : Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: [ 36 80:90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 33300 34412 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: PortVar 'SHELLCODE_PORTS' defined : Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: [ 1:65535 ] Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: PortVar 'ORACLE_PORTS' defined : Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: [ 1024:65535 ] Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: PortVar 'SSH_PORTS' defined : Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: [ 22 ] Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: PortVar 'FTP_PORTS' defined : Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: [ 21 2100 3535 ] Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: PortVar 'SIP_PORTS' defined : Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: [ 5060:5061 5600 ] Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: PortVar 'FILE_DATA_PORTS' defined : Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: [ 36 80:90 110 143 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 3330Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: PortVar 'GTP_PORTS' defined : Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: [ 2123 2152 3386 ] Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Detection: Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Search-Method = AC-Full Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Search-Method-Optimizations = enabled Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Maximum pattern length = 20 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Found pid path directive (/var/snort/) Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Tagged Packet Limit: 256 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so... Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: done Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/... Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_gtp_preproc.so... Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: done Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so... Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: done Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so... Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: done Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_reputation_preproc.so... Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: done Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_modbus_preproc.so... Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: done Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_imap_preproc.so... Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: done Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: done Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dnp3_preproc.so... Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: done Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_pop_preproc.so... Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: done Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sip_preproc.so... Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: done Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so... Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: done Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so... Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: done Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so... Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: done Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so... Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: done Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/ Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Log directory = /tmp/snort/ Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Normalizer config: Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: ip4: on Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: ip4::df: off Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: ip4::rf: off Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: ip4::tos: off Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: ip4::trim: off Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: ip4::ttl: on (min=1, new=5) Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Normalizer config: Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: tcp: on Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: tcp::ecn: stream Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: tcp::block: off Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: tcp::rsv: off Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: tcp::pad: off Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: tcp::req_urg: off Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: tcp::req_pay: off Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: tcp::req_urp: off Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: tcp::urp: off Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: tcp::opt: off Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: tcp::ips: on Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: tcp::trim_syn: off Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: tcp::trim_rst: off Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: tcp::trim_win: off Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: tcp::trim_mss: off Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Normalizer config: Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: icmp4: on Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Normalizer config: Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: ip6: on Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: ip6::hops: on (min=1, new=5) Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Normalizer config: Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: icmp6: on Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Frag3 global config: Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max frags: 65536 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Fragment memory cap: 4194304 bytes Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Frag3 engine config: Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Bound Address: default Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Target-based policy: WINDOWS Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Fragment timeout: 180 seconds Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Fragment min_ttl: 1 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Fragment Anomalies: Alert Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Overlap Limit: 10 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Min fragment Length: 100 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max Expected Streams: 39 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Stream global config: Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Track TCP sessions: ACTIVE Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max TCP sessions: 10000 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: TCP cache pruning timeout: 30 seconds Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: TCP cache nominal timeout: 3600 seconds Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Memcap (for reassembly packet storage): 8388608 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Track UDP sessions: ACTIVE Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max UDP sessions: 10000 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: UDP cache pruning timeout: 30 seconds Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: UDP cache nominal timeout: 180 seconds Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Track ICMP sessions: ACTIVE Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max ICMP sessions: 65536 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Track IP sessions: INACTIVE Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Log info if session memory consumption exceeds 1048576 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Send up to 2 active responses Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Wait at least 5 seconds between responses Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Protocol Aware Flushing: ACTIVE Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Maximum Flush Point: 16000 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Stream TCP Policy config: Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Bound Address: default Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Reassembly Policy: WINDOWS Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Timeout: 180 seconds Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Limit on TCP Overlaps: 10 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Maximum number of bytes to queue per session: 1048576 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Maximum number of segs to queue per session: 2621 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Options: Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Require 3-Way Handshake: YES Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 3-Way Handshake Timeout: 180 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Detect Anomalies: YES Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Reassembly Ports: Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 21 client (Footprint-IPS) Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 22 client (Footprint-IPS) Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 23 client (Footprint-IPS) Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 25 client (Footprint-IPS) Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 36 client (Footprint-IPS) server (Footprint-IPS) Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 42 client (Footprint-IPS) Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 53 client (Footprint-IPS) Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 70 client (Footprint-IPS) Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 79 client (Footprint-IPS) Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 80 client (Footprint-IPS) server (Footprint-IPS) Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 81 client (Footprint-IPS) server (Footprint-IPS) Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 82 client (Footprint-IPS) server (Footprint-IPS) Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 83 client (Footprint-IPS) server (Footprint-IPS) Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 84 client (Footprint-IPS) server (Footprint-IPS) Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 85 client (Footprint-IPS) server (Footprint-IPS) Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 86 client (Footprint-IPS) server (Footprint-IPS) Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 87 client (Footprint-IPS) server (Footprint-IPS) Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 88 client (Footprint-IPS) server (Footprint-IPS) Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 89 client (Footprint-IPS) server (Footprint-IPS) Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 90 client (Footprint-IPS) server (Footprint-IPS) Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: additional ports configured but not printed. Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Stream UDP Policy config: Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Timeout: 180 seconds Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: HttpInspect Config: Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: GLOBAL CONFIG Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Detect Proxy Usage: NO Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: IIS Unicode Map Filename: /etc/snort/unicode.map Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: IIS Unicode Map Codepage: 1252 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Memcap used for logging URI and Hostname: 150994944 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max Gzip Memory: 838860 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max Gzip Sessions: 1807 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Gzip Compress Depth: 65535 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Gzip Decompress Depth: 65535 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: DEFAULT SERVER CONFIG: Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Server profile: All Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Ports (PAF): 36 80 81 82 83 84 85 86 87 88 89 90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000 7001 7071 7144 7145 7510 7770 7777 7778 7779 8000 8008 8014 8028 8080 8081 8082 8085 8088 8090 8118 8123 8180 8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090 9091 9111 9290 9443 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Server Flow Depth: 0 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Client Flow Depth: 0 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max Chunk Length: 500000 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Small Chunk Length Evasion: chunk size <= 10, threshold >= 5 times Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max Header Field Length: 750 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max Number Header Fields: 100 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max Number of WhiteSpaces allowed with header folding: 200 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Inspect Pipeline Requests: YES Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: URI Discovery Strict Mode: NO Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Allow Proxy Usage: NO Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Disable Alerting: NO Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Oversize Dir Length: 500 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Only inspect URI: NO Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Normalize HTTP Headers: NO Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Inspect HTTP Cookies: YES Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Inspect HTTP Responses: YES Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Extract Gzip from responses: YES Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Decompress response files: Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Unlimited decompression of gzip data from responses: YES Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Normalize Javascripts in HTTP Responses: YES Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max Number of WhiteSpaces allowed with Javascript Obfuscation in HTTP responses: 200 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Normalize HTTP Cookies: NO Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Enable XFF and True Client IP: NO Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Log HTTP URI data: NO Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Log HTTP Hostname data: NO Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Extended ASCII code support in URI: NO Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Ascii: YES alert: NO Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Double Decoding: YES alert: NO Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: %U Encoding: YES alert: YES Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Bare Byte: YES alert: NO Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: UTF 8: YES alert: NO Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: IIS Unicode: YES alert: NO Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Multiple Slash: YES alert: NO Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: IIS Backslash: YES alert: NO Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Directory Traversal: YES alert: NO Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Web Root Traversal: YES alert: NO Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Apache WhiteSpace: YES alert: NO Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: IIS Delimiter: YES alert: NO Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Whitespace Characters: 0x09 0x0b 0x0c 0x0d Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: rpc_decode arguments: Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: alert_fragments: INACTIVE Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: alert_large_fragments: INACTIVE Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: alert_incomplete: INACTIVE Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: alert_multiple_requests: INACTIVE Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Portscan Detection Config: Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Detect Protocols: TCP UDP ICMP IP Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Detect Scan Type: portscan portsweep decoy_portscan distributed_portscan Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Sensitivity Level: Medium Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Memcap (in bytes): 500000 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Number of Nodes: 978 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: FTPTelnet Config: Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: GLOBAL CONFIG Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Inspection Type: stateful Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Check for Encrypted Traffic: YES alert: NO Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Continue to check encrypted data: YES Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: TELNET CONFIG: Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Ports: 23 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Are You There Threshold: 20 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Normalize: YES Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Detect Anomalies: YES Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: FTP CONFIG: Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: FTP Server: default Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Ports (PAF): 21 2100 3535 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Check for Telnet Cmds: YES alert: YES Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Ignore Telnet Cmd Operations: YES alert: YES Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Ignore open data channels: NO Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: FTP Client: default Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Check for Bounce Attacks: YES alert: YES Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Check for Telnet Cmds: YES alert: YES Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Ignore Telnet Cmd Operations: YES alert: YES Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max Response Length: 256 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: SSH config: Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Autodetection: ENABLED Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Challenge-Response Overflow Alert: ENABLED Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: SSH1 CRC32 Alert: ENABLED Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Server Version String Overflow Alert: ENABLED Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Protocol Mismatch Alert: ENABLED Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Bad Message Direction Alert: DISABLED Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Bad Payload Size Alert: DISABLED Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Unrecognized Version Alert: DISABLED Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max Encrypted Packets: 20 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max Server Version String Length: 100 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: MaxClientBytes: 19600 (Default) Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Ports: Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 22 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: DCE/RPC 2 Preprocessor Configuration Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Global Configuration Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: DCE/RPC Defragmentation: Enabled Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Memcap: 102400 KB Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Events: co Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: SMB Fingerprint policy: Disabled Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Server Default Configuration Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Policy: WinXP Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Detect ports (PAF) Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: SMB: 139 445 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: TCP: 135 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: UDP: 135 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: RPC over HTTP server: 593 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: RPC over HTTP proxy: None Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Autodetect ports (PAF) Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: SMB: None Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: TCP: 1025-65535 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: UDP: 1025-65535 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: RPC over HTTP server: 1025-65535 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: RPC over HTTP proxy: None Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Invalid SMB shares: C$ D$ ADMIN$ Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Maximum SMB command chaining: 3 commands Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: SMB file inspection: Disabled Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: DNS config: Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: DNS Client rdata txt Overflow Alert: ACTIVE Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Obsolete DNS RR Types Alert: INACTIVE Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Experimental DNS RR Types Alert: INACTIVE Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Ports: Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 53 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: SSLPP config: Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Encrypted packets: not inspected Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Ports: Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 443 465 563 636 989 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 992 993 994 995 7801 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 7802 7900 7901 7902 7903 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 7904 7905 7906 7907 7908 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 7909 7910 7911 7912 7913 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 7914 7915 7916 7917 7918 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 7919 7920 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Server side data is trusted Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Maximum SSL Heartbeat length: 0 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Sensitive Data preprocessor config: Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Global Alert Threshold: 25 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Masked Output: DISABLED Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: SIP config: Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max number of sessions: 1024 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max number of dialogs in a session: 4 (Default) Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Status: ENABLED Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Ignore media channel: DISABLED Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max URI length: 512 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max Call ID length: 80 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max Request name length: 20 (Default) Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max From length: 256 (Default) Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max To length: 256 (Default) Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max Via length: 1024 (Default) Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max Contact length: 512 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max Content length: 2048 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Ports: Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 5060 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 5061 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 5600 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Methods: Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: invite Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: cancel Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: ack Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: bye Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: register Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: options Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: refer Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: subscribe Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: update Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: join Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: info Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: message Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: notify Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: benotify Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: do Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: qauth Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: sprack Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: publish Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: service Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: unsubscribe Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: prack Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: +++++++++++++++++++++++++++++++++++++++++++++++++++ Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Initializing rule chains... Fri Feb 19 00:20:55 2016 daemon.notice netifd: lan (6287): Sending discover... Fri Feb 19 00:20:55 2016 daemon.notice snort[6456]: WARNING: /etc/snort/rules/snort.rules(1218) threshold (in rule) is deprecated; use detection_filter instead. Fri Feb 19 00:20:58 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:20:59 2016 kern.notice kernel: [ 651.185703] eth1: Link down Fri Feb 19 00:20:59 2016 kern.info kernel: [ 651.185787] br-lan: port 1(eth1) entered disabled state Fri Feb 19 00:20:59 2016 daemon.notice netifd: Network device 'eth1' link is down Fri Feb 19 00:20:59 2016 kern.notice kernel: [ 651.206057] eth2: Link down Fri Feb 19 00:21:00 2016 daemon.notice netifd: Bridge 'br-lan' link is down Fri Feb 19 00:21:00 2016 daemon.notice netifd: Interface 'lan' has link connectivity loss Fri Feb 19 00:21:00 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity loss Fri Feb 19 00:21:00 2016 daemon.notice netifd: Network device 'eth2' link is down Fri Feb 19 00:21:00 2016 daemon.notice netifd: Interface 'wan6' has link connectivity loss Fri Feb 19 00:21:00 2016 daemon.notice netifd: Interface 'wan6' is now down Fri Feb 19 00:21:00 2016 daemon.notice netifd: Interface 'wan6' is disabled Fri Feb 19 00:21:00 2016 daemon.notice netifd: Interface 'wan6' is enabled Fri Feb 19 00:21:00 2016 kern.info kernel: [ 652.199943] IPv6: ADDRCONF(NETDEV_UP): eth2: link is not ready Fri Feb 19 00:21:00 2016 daemon.notice netifd: lan (6287): Received SIGTERM Fri Feb 19 00:21:02 2016 daemon.notice netifd: Network device 'eth1' link is up Fri Feb 19 00:21:02 2016 daemon.notice netifd: Network device 'eth2' link is up Fri Feb 19 00:21:02 2016 daemon.notice netifd: Interface 'wan6' has link connectivity Fri Feb 19 00:21:02 2016 daemon.notice netifd: Interface 'wan6' is setting up now Fri Feb 19 00:21:02 2016 kern.notice kernel: [ 654.195935] eth1: 1000 Mbps Full duplex, port 1 Fri Feb 19 00:21:02 2016 kern.info kernel: [ 654.195972] br-lan: port 1(eth1) entered forwarding state Fri Feb 19 00:21:02 2016 kern.info kernel: [ 654.196004] br-lan: port 1(eth1) entered forwarding state Fri Feb 19 00:21:02 2016 kern.info kernel: [ 654.196687] IPv6: ADDRCONF(NETDEV_CHANGE): eth2: link becomes ready Fri Feb 19 00:21:02 2016 daemon.notice netifd: Interface 'wan6' is now up Fri Feb 19 00:21:02 2016 daemon.notice netifd: Bridge 'br-lan' link is up Fri Feb 19 00:21:02 2016 daemon.notice netifd: Interface 'lan' has link connectivity Fri Feb 19 00:21:02 2016 daemon.notice netifd: Interface 'lan' is setting up now Fri Feb 19 00:21:02 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity Fri Feb 19 00:21:02 2016 kern.notice kernel: [ 654.215940] eth2: 1000 Mbps Full duplex, port 2 Fri Feb 19 00:21:02 2016 daemon.notice netifd: lan (6509): udhcpc (v1.23.2) started Fri Feb 19 00:21:02 2016 daemon.notice netifd: lan (6509): Sending discover... Fri Feb 19 00:21:02 2016 user.notice firewall: Reloading firewall due to ifup of wan6 (eth2) Fri Feb 19 00:21:03 2016 daemon.notice snort[6456]: 13285 Snort rules read Fri Feb 19 00:21:03 2016 daemon.notice snort[6456]: 13285 detection rules Fri Feb 19 00:21:03 2016 daemon.notice snort[6456]: 0 decoder rules Fri Feb 19 00:21:03 2016 daemon.notice snort[6456]: 0 preprocessor rules Fri Feb 19 00:21:03 2016 daemon.notice snort[6456]: 13285 Option Chains linked into 252 Chain Headers Fri Feb 19 00:21:03 2016 daemon.notice snort[6456]: 0 Dynamic rules Fri Feb 19 00:21:03 2016 daemon.notice snort[6456]: +++++++++++++++++++++++++++++++++++++++++++++++++++ Fri Feb 19 00:21:03 2016 daemon.notice snort[6456]: Fri Feb 19 00:21:04 2016 kern.info kernel: [ 656.195827] br-lan: port 1(eth1) entered forwarding state Fri Feb 19 00:21:05 2016 daemon.notice netifd: lan (6509): Sending discover... Fri Feb 19 00:21:06 2016 user.notice ddns-scripts[6629]: myddns_ipv6: PID '6629' started at 2016-02-19 00:21 Fri Feb 19 00:21:06 2016 user.warn ddns-scripts[6629]: myddns_ipv6: Service section disabled! - TERMINATE Fri Feb 19 00:21:06 2016 user.warn ddns-scripts[6629]: myddns_ipv6: PID '6629' exit WITH ERROR '1' at 2016-02-19 00:21 Fri Feb 19 00:21:08 2016 daemon.notice netifd: lan (6509): Sending discover... Fri Feb 19 00:21:10 2016 kern.notice kernel: [ 662.215671] eth1: Link down Fri Feb 19 00:21:10 2016 daemon.notice netifd: Network device 'eth1' link is down Fri Feb 19 00:21:10 2016 kern.info kernel: [ 662.235857] br-lan: port 1(eth1) entered disabled state Fri Feb 19 00:21:11 2016 daemon.notice netifd: Network device 'eth1' link is up Fri Feb 19 00:21:11 2016 kern.notice kernel: [ 663.225953] eth1: 1000 Mbps Full duplex, port 1 Fri Feb 19 00:21:11 2016 kern.info kernel: [ 663.226073] br-lan: port 1(eth1) entered forwarding state Fri Feb 19 00:21:11 2016 kern.info kernel: [ 663.226102] br-lan: port 1(eth1) entered forwarding state Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: +-------------------[Rule Port Counts]--------------------------------------- Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | tcp udp icmp ip Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | src 1980 40 0 0 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | dst 10553 492 0 0 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | any 206 16 0 0 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | nc 7 1 0 0 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | s+d 46 15 0 0 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: +---------------------------------------------------------------------------- Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: +-----------------------[detection-filter-config]------------------------------ Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | memory-cap : 1048576 bytes Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: +-----------------------[detection-filter-rules]------------------------------- Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: ------------------------------------------------------------------------------- Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: +-----------------------[rate-filter-config]----------------------------------- Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | memory-cap : 1048576 bytes Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: +-----------------------[rate-filter-rules]------------------------------------ Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | none Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: ------------------------------------------------------------------------------- Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: +-----------------------[event-filter-config]---------------------------------- Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | memory-cap : 1048576 bytes Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: +-----------------------[event-filter-global]---------------------------------- Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | none Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: +-----------------------[event-filter-local]----------------------------------- Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2011808 type=Limit tracking=src count=1 seconds=30 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2011809 type=Limit tracking=src count=1 seconds=30 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2011767 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2011766 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019211 type=Both tracking=src count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019230 type=Both tracking=src count=50 seconds=10 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2004443 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2011887 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003384 type=Limit tracking=src count=1 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003387 type=Limit tracking=src count=5 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003397 type=Both tracking=src count=1 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2013547 type=Limit tracking=src count=1 seconds=600 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018292 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021018 type=Both tracking=dst count=10 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008847 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008919 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008914 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008916 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008912 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008913 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008941 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008956 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019102 type=Both tracking=src count=2 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018088 type=Limit tracking=src count=1 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2010643 type=Threshold tracking=src count=5 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2010642 type=Threshold tracking=src count=5 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003286 type=Both tracking=dst count=1 seconds=900 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003287 type=Both tracking=dst count=1 seconds=900 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018094 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018090 type=Limit tracking=src count=1 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003266 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003267 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003260 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003261 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003262 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003263 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003256 type=Both tracking=src count=2 seconds=900 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003257 type=Both tracking=src count=2 seconds=900 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003258 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003259 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003254 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003255 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003280 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003281 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003276 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003277 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003278 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003279 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2010715 type=Limit tracking=src count=1 seconds=180 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003272 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003273 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003274 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003275 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003268 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003269 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003270 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003271 type=Both tracking=src count=1 seconds=900 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008048 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008043 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018208 type=Both tracking=src count=100 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2013492 type=Both tracking=src count=2 seconds=120 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018277 type=Both tracking=src count=5 seconds=90 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019897 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019887 type=Both tracking=src count=12 seconds=120 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019888 type=Both tracking=src count=12 seconds=120 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019889 type=Both tracking=src count=12 seconds=120 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019883 type=Both tracking=src count=12 seconds=120 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019884 type=Both tracking=src count=12 seconds=120 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019885 type=Both tracking=src count=12 seconds=120 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019886 type=Both tracking=src count=12 seconds=120 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2002383 type=Threshold tracking=dst count=5 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019882 type=Both tracking=src count=12 seconds=120 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019876 type=Limit tracking=src count=1 seconds=30 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2009833 type=Threshold tracking=dst count=2 seconds=30 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019950 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019963 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019966 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2002400 type=Limit tracking=src count=2 seconds=360 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019922 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2002402 type=Limit tracking=src count=1 seconds=360 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020022 type=Both tracking=src count=2 seconds=10 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020069 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2009159 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019349 type=Both tracking=dst count=500 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019350 type=Both tracking=dst count=500 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019346 type=Both tracking=dst count=500 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019347 type=Both tracking=dst count=500 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019348 type=Both tracking=dst count=500 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2001795 type=Limit tracking=src count=30 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2011914 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2011915 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2001872 type=Limit tracking=src count=1 seconds=360 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019418 type=Both tracking=src count=50 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2001864 type=Limit tracking=src count=1 seconds=360 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2001858 type=Limit tracking=src count=1 seconds=360 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2001855 type=Limit tracking=src count=1 seconds=360 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2011974 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2011975 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2001906 type=Both tracking=src count=5 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003566 type=Limit tracking=src count=3 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003583 type=Limit tracking=src count=3 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003585 type=Limit tracking=src count=3 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003586 type=Limit tracking=src count=3 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2011029 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2011030 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021170 type=Both tracking=src count=10 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003657 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021171 type=Both tracking=src count=10 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021172 type=Both tracking=dst count=10 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018433 type=Limit tracking=src count=1 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021124 type=Limit tracking=dst count=1 seconds=1200 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021125 type=Limit tracking=dst count=1 seconds=1200 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018455 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003622 type=Limit tracking=src count=3 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2006365 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021260 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008085 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008084 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008073 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008097 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008098 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2002677 type=Both tracking=src count=5 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008096 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021330 type=Both tracking=src count=10 seconds=120 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021331 type=Both tracking=src count=10 seconds=120 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021332 type=Both tracking=src count=10 seconds=120 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021333 type=Both tracking=src count=10 seconds=120 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021326 type=Limit tracking=src count=3 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021327 type=Both tracking=src count=10 seconds=120 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021328 type=Both tracking=src count=10 seconds=120 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021329 type=Both tracking=src count=10 seconds=120 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020305 type=Both tracking=src count=30 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020306 type=Both tracking=dst count=30 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008147 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008214 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008215 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008216 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008209 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008211 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008208 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2015577 type=Limit tracking=src count=1 seconds=30 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008231 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020323 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008228 type=Limit tracking=src count=3 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008181 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020338 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008184 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008199 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008276 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018316 type=Both tracking=dst count=12 seconds=120 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008266 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2010953 type=Limit tracking=src count=10 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003497 type=Limit tracking=src count=3 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003493 type=Limit tracking=src count=2 seconds=360 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008262 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018430 type=Limit tracking=src count=1 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018431 type=Limit tracking=src count=1 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008264 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018432 type=Limit tracking=src count=1 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008257 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008259 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008253 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008255 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018382 type=Limit tracking=dst count=1 seconds=120 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018383 type=Limit tracking=src count=1 seconds=120 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018373 type=Limit tracking=src count=1 seconds=120 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018374 type=Limit tracking=src count=1 seconds=120 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018372 type=Limit tracking=src count=1 seconds=120 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018389 type=Limit tracking=src count=1 seconds=120 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018388 type=Limit tracking=src count=1 seconds=120 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2009867 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020167 type=Both tracking=src count=1 seconds=10 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2002664 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2005320 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020240 type=Limit tracking=src count=1 seconds=180 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2009355 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2009356 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021572 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2014103 type=Both tracking=src count=15 seconds=30 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021573 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021574 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021575 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2016867 type=Limit tracking=src count=1 seconds=600 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2014153 type=Both tracking=src count=225 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2014140 type=Both tracking=src count=5 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2014141 type=Both tracking=src count=5 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2009480 type=Limit tracking=dst count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2009481 type=Threshold tracking=dst count=20 seconds=40 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019609 type=Both tracking=src count=50 seconds=10 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2016897 type=Limit tracking=src count=2 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2009544 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2009547 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2009537 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2009538 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2009534 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2009512 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019692 type=Both tracking=src count=12 seconds=120 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008494 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008495 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008488 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2012204 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008510 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008504 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008460 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008463 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008453 type=Threshold tracking=src count=5 seconds=30 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008454 type=Threshold tracking=src count=5 seconds=30 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2011146 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008455 type=Threshold tracking=src count=5 seconds=30 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008464 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008549 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008544 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008571 type=Threshold tracking=dst count=2 seconds=5 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008564 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018607 type=Limit tracking=src count=1 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008560 type=Threshold tracking=dst count=4 seconds=15 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008512 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008513 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008514 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2015986 type=Both tracking=src count=100 seconds=1 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2006546 type=Both tracking=src count=5 seconds=30 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018666 type=Both tracking=dst count=12 seconds=120 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2014002 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018755 type=Both tracking=src count=5 seconds=120 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021443 type=Both tracking=src count=10 seconds=120 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021444 type=Both tracking=src count=10 seconds=120 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003930 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003927 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021409 type=Both tracking=src count=10 seconds=120 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021410 type=Both tracking=src count=10 seconds=120 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2014020 type=Both tracking=src count=5 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2013017 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2002842 type=Both tracking=src count=5 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2013036 type=Limit tracking=src count=1 seconds=3 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2000929 type=Limit tracking=src count=1 seconds=360 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008361 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008363 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008352 type=Limit tracking=src count=1 seconds=3600 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008353 type=Limit tracking=src count=1 seconds=3600 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008355 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008343 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008428 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008429 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008424 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008427 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008422 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008423 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008440 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008391 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008413 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008400 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018568 type=Limit tracking=src count=1 seconds=120 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018569 type=Limit tracking=src count=1 seconds=120 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2000049 type=Limit tracking=dst count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2000048 type=Limit tracking=dst count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2014869 type=Limit tracking=src count=1 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2000031 type=Limit tracking=dst count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2017721 type=Both tracking=src count=5 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2017722 type=Both tracking=src count=5 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2011585 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021691 type=Limit tracking=src count=3 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019019 type=Both tracking=dst count=2 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019020 type=Both tracking=dst count=2 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019021 type=Both tracking=dst count=2 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019022 type=Both tracking=src count=2 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019015 type=Both tracking=src count=1 seconds=120 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019016 type=Both tracking=dst count=2 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019017 type=Both tracking=dst count=2 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019018 type=Both tracking=dst count=2 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019011 type=Both tracking=src count=1 seconds=120 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019012 type=Both tracking=src count=1 seconds=120 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019013 type=Both tracking=src count=1 seconds=120 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019014 type=Both tracking=src count=1 seconds=120 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019010 type=Both tracking=src count=1 seconds=120 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2009646 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2014372 type=Both tracking=src count=2 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2009703 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2017162 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2017161 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008643 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008657 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008658 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008609 type=Threshold tracking=src count=3 seconds=10 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008603 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2013416 type=Threshold tracking=dst count=10 seconds=20 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020853 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2016101 type=Limit tracking=src count=1 seconds=120 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2013385 type=Limit tracking=src count=1 seconds=360 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2011402 type=Limit tracking=src count=5 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2011403 type=Limit tracking=src count=5 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008663 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2001316 type=Limit tracking=src count=1 seconds=360 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2001315 type=Limit tracking=src count=1 seconds=360 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2016212 type=Limit tracking=src count=1 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008734 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008756 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008749 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008797 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018984 type=Both tracking=src count=1 seconds=30 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018977 type=Both tracking=src count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018978 type=Both tracking=dst count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2011497 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2010486 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2010487 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2017919 type=Both tracking=dst count=2 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2017920 type=Both tracking=src count=2 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2017921 type=Both tracking=src count=2 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2017918 type=Both tracking=dst count=2 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020668 type=Limit tracking=dst count=1 seconds=1200 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020669 type=Limit tracking=dst count=1 seconds=1200 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020664 type=Limit tracking=dst count=1 seconds=1200 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020665 type=Limit tracking=dst count=1 seconds=1200 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020666 type=Limit tracking=dst count=1 seconds=1200 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020667 type=Limit tracking=dst count=1 seconds=1200 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020660 type=Limit tracking=dst count=1 seconds=1200 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2010494 type=Threshold tracking=src count=5 seconds=120 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020661 type=Limit tracking=dst count=1 seconds=1200 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020662 type=Limit tracking=dst count=1 seconds=1200 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020663 type=Limit tracking=dst count=1 seconds=1200 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020659 type=Limit tracking=dst count=1 seconds=1200 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2010513 type=Threshold tracking=src count=10 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2010508 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020632 type=Limit tracking=dst count=1 seconds=1200 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020633 type=Limit tracking=dst count=1 seconds=1200 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2017967 type=Both tracking=src count=2 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020630 type=Limit tracking=dst count=1 seconds=1200 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020631 type=Limit tracking=dst count=1 seconds=1200 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2017965 type=Both tracking=src count=1 seconds=120 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2017966 type=Both tracking=src count=1 seconds=120 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020741 type=Both tracking=src count=3 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008579 type=Threshold tracking=dst count=20 seconds=15 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020742 type=Both tracking=src count=3 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008577 type=Threshold tracking=dst count=5 seconds=15 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008578 type=Limit tracking=src count=1 seconds=10 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020702 type=Both tracking=src count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003171 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2016030 type=Limit tracking=src count=1 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2016031 type=Limit tracking=src count=1 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2016033 type=Limit tracking=src count=1 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020712 type=Limit tracking=src count=2 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2016016 type=Both tracking=dst count=5 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2012305 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2012306 type=Limit tracking=dst count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2012303 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2012304 type=Limit tracking=src count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019748 type=Limit tracking=src count=1 seconds=600 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019749 type=Limit tracking=src count=1 seconds=600 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2007583 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019778 type=Both tracking=dst count=1 seconds=60 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2001564 type=Limit tracking=src count=5 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2009040 type=Threshold tracking=src count=20 seconds=10 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2001562 type=Limit tracking=src count=2 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2011716 type=Limit tracking=src count=5 seconds=120 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019166 type=Both tracking=src count=5 seconds=300 Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: +-----------------------[suppression]------------------------------------------ Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=129 sig-id=12 tracking=none Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=129 sig-id=20 tracking=none Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: ------------------------------------------------------------------------------- Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: Rule application order: activation->dynamic->pass->drop->sdrop->reject->alert->log Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: Verifying Preprocessor Configurations! Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'ET.Fareit.chk' is set but not ever checked. Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'ET.Onelouder.bin' is set but not ever checked. Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'ET.gadu.loggedin' is checked but not ever set. Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'ET.ButterflyJoin' is set but not ever checked. Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'et.WinHttpRequest' is checked but not ever set. Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'ET.Adobe.Site.Download' is checked but not ever set. Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'et.http.PK' is checked but not ever set. Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'ET.JS.Obfus.Func' is checked but not ever set. Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'ET.webc2ugx' is set but not ever checked. Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'ET.autoit.ua' is checked but not ever set. Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'ET.lethic.established' is set but not ever checked. Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'et.MCOFF' is checked but not ever set. Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'ET.MSSQL' is checked but not ever set. Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'ms.rdp.established' is checked but not ever set. Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'ET.invalid.cab' is checked but not ever set. Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'ET.pdf.in.http' is checked but not ever set. Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'ET.http.binary' is checked but not ever set. Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'EXE2' is set but not ever checked. Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'et.MS.XMLHTTP.ip.request' is checked but not ever set. Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'ET.lizkebab' is checked but not ever set. Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'ET.http.javaclient.vulnerable' is checked but not ever set. Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'ET.http.javaclient.SakuraPorts' is checked but not ever set. Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'et.JavaArchiveOrClass' is checked but not ever set. Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'AnglerEK' is set but not ever checked. Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'et.MS.XMLHTTP.no.exe.request' is checked but not ever set. Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'ET.http.rtf.download' is set but not ever checked. Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'ET.http.javaclient' is checked but not ever set. Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'FlimKit.SWF.Redirect' is checked but not ever set. Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'ET.wininet.UA' is checked but not ever set. Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'SunDown.EK' is set but not ever checked. Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'ET.RDP.Morto' is set but not ever checked. Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'NuclearEK' is set but not ever checked. Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: 131 out of 1024 flowbits in use. Fri Feb 19 00:21:13 2016 kern.info kernel: [ 665.225818] br-lan: port 1(eth1) entered forwarding state Fri Feb 19 00:21:16 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:21:16 2016 daemon.notice netifd: lan (6509): Sending select for 192.168.1.59... Fri Feb 19 00:21:16 2016 daemon.notice netifd: lan (6509): Lease of 192.168.1.59 obtained, lease time 86400 Fri Feb 19 00:21:16 2016 daemon.notice netifd: Interface 'lan' is now up Fri Feb 19 00:21:16 2016 daemon.info dnsmasq[5500]: reading /tmp/resolv.conf.auto Fri Feb 19 00:21:16 2016 daemon.info dnsmasq[5500]: using local addresses only for domain lan Fri Feb 19 00:21:16 2016 daemon.info dnsmasq[5500]: using nameserver 192.168.1.1#53 Fri Feb 19 00:21:16 2016 user.notice firewall: Reloading firewall due to ifup of lan (br-lan) Fri Feb 19 00:21:31 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:21:31 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:21:31 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:21:48 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:21:48 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:21:48 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:22:06 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:22:06 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:22:06 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:22:10 2016 user.notice root: Successful NTP clock adjust (0.us.pool.ntp.org). Fri Feb 19 00:22:11 2016 daemon.info procd: - init complete - Fri Feb 19 00:22:12 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:22:12 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:22:12 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:22:19 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:22:19 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:22:19 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: [ Port Based Pattern Matching Memory ] Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: +- [ Aho-Corasick Summary ] ------------------------------------- Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: | Storage Format : Full Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: | Finite Automaton : DFA Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: | Alphabet Size : 256 Chars Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: | Sizeof State : Variable (1,2,4 bytes) Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: | Instances : 335 Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: | 1 byte states : 228 Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: | 2 byte states : 107 Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: | 4 byte states : 0 Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: | Characters : 408795 Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: | States : 252270 Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: | Transitions : 13611564 Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: | State Density : 21.1% Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: | Patterns : 34402 Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: | Match States : 30013 Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: | Memory (MB) : 134.67 Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: | Patterns : 3.40 Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: | Match Lists : 8.23 Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: | DFA Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: | 1 byte states : 3.38 Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: | 2 byte states : 119.41 Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: | 4 byte states : 0.00 Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: +---------------------------------------------------------------- Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: [ Number of patterns truncated to 20 bytes: 5427 ] Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: afpacket DAQ configured to inline. Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Acquiring network traffic from "eth0:eth2". Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Initializing daemon mode Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Daemon initialized, signaled parent pid: 1 Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Reload thread starting... Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Reload thread started, thread 0xffea13f210 (6830) Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Checking PID path... Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: PID path stat checked out ok, PID path set to /var/snort/ Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Writing PID "6456" to file "/var/snort//snort_eth0:eth2.pid" Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: --== Initialization Complete ==-- Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: ,,_ -*> Snort! <*- Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: o" )~ Version 2.9.7.2 GRE (Build 177) Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: '''' By Martin Roesch & The Snort Team: http://www.snort.org/contact#team Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Copyright (C) 2014 Cisco and/or its affiliates. All rights reserved. Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Copyright (C) 1998-2013 Sourcefire, Inc., et al. Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Using libpcap version 1.5.3 Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Using PCRE version: 8.36 2014-09-26 Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Using ZLIB version: 1.2.8 Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Rules Engine: SF_SNORT_DETECTION_ENGINE Version 2.4 <Build 1> Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Preprocessor Object: SF_DCERPC2 Version 1.0 <Build 3> Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Preprocessor Object: SF_DNS Version 1.1 <Build 4> Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Preprocessor Object: SF_FTPTELNET Version 1.2 <Build 13> Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Preprocessor Object: SF_SDF Version 1.1 <Build 1> Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Preprocessor Object: SF_SIP Version 1.1 <Build 1> Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Preprocessor Object: SF_POP Version 1.0 <Build 1> Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Preprocessor Object: SF_DNP3 Version 1.1 <Build 1> Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Preprocessor Object: SF_SSLPP Version 1.1 <Build 4> Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Preprocessor Object: SF_IMAP Version 1.0 <Build 1> Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Preprocessor Object: SF_MODBUS Version 1.1 <Build 1> Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Preprocessor Object: SF_REPUTATION Version 1.1 <Build 1> Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Preprocessor Object: SF_SMTP Version 1.1 <Build 9> Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Preprocessor Object: SF_SSH Version 1.1 <Build 3> Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Preprocessor Object: SF_GTP Version 1.1 <Build 1> Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Commencing packet processing (pid=6456) Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Decoding Ethernet Fri Feb 19 00:22:25 2016 kern.info kernel: [ 737.185840] device eth2 entered promiscuous mode Fri Feb 19 00:22:25 2016 kern.info kernel: [ 737.335825] device eth0 entered promiscuous mode Fri Feb 19 00:22:32 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:22:32 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:22:32 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:22:45 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:22:45 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:22:45 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:22:53 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:22:53 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:22:53 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:22:57 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:22:57 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:22:57 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:23:03 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:23:03 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:23:03 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:23:21 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:23:21 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:23:21 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:23:40 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:23:40 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:23:40 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:23:55 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:23:55 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:23:55 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:24:05 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:24:05 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:24:05 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:24:18 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:24:18 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:24:19 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:24:32 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:24:32 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:24:32 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com Fri Feb 19 00:24:34 2016 daemon.err uhttpd[5285]: cut: standard output: Broken pipe Fri Feb 19 00:24:35 2016 daemon.err uhttpd[5285]: cat: can't open '/.do_date': No such file or directory Fri Feb 19 00:24:35 2016 daemon.info dnsmasq[5500]: query[A] yourhost.example.com from 127.0.0.1 Fri Feb 19 00:24:35 2016 daemon.info dnsmasq[5500]: forwarded yourhost.example.com to 192.168.1.1 Fri Feb 19 00:24:35 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: yourhost.example.com Fri Feb 19 00:24:35 2016 daemon.info dnsmasq[5500]: query[AAAA] yourhost.example.com from 127.0.0.1 Fri Feb 19 00:24:35 2016 daemon.info dnsmasq[5500]: forwarded yourhost.example.com to 192.168.1.1 Fri Feb 19 00:24:40 2016 daemon.info dnsmasq[5500]: query[A] yourhost.example.com from 127.0.0.1 Fri Feb 19 00:24:40 2016 daemon.info dnsmasq[5500]: forwarded yourhost.example.com to 192.168.1.1 Fri Feb 19 00:24:40 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: yourhost.example.com Fri Feb 19 00:24:40 2016 daemon.info dnsmasq[5500]: query[AAAA] yourhost.example.com from 127.0.0.1 Fri Feb 19 00:24:40 2016 daemon.info dnsmasq[5500]: forwarded yourhost.example.com to 192.168.1.1 Fri Feb 19 00:24:45 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118 Fri Feb 19 00:24:45 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1 Fri Feb 19 00:24:45 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com |
Reply |
Threaded
Open this post in threaded view
|
More ♦
♦
| Loading... |
| Reply to author |
| Edit post |
| Move post |
| Delete this post |
| Delete this post and replies |
| Change post date |
| Print post |
| Permalink |
| Raw mail |
Feb 26, 2016; 9:00pm
Re: bridge mode not working
|
This post was updated on Feb 26, 2016; 10:05pm.
Hi Breda
i've scanned your log files for words like: fail, failed, error, can't this is what i've found: ---- Fri Feb 19 00:11:06 2016 kern.info kernel: [ 48.226365] EXT3-fs (mmcblk0p4): mounted filesystem with writeback data mode Fri Feb 19 00:11:06 2016 user.err kernel: [ 48.518963] init: failed to symlink /tmp -> /var unrelated, there is a redundant link option in the startup script. ---- [ 26.991163] octeon-pow-ethernet ERROR: You must specify a broadcast group mask. the lack of broadcasting should not cause your network failure. However this can be solved with adding the broadcast address: in CLI run command: uci set network.lan.broadcast=x.y.z.255 where x.y.z is your network IP range (example 192.168.0 or 10.10.10) the other option is to edit the /etc/config/network file and add to the section config interface 'lan' the line: option broadcast 'x.y.x.255' ---- Fri Feb 19 00:24:34 2016 daemon.err uhttpd[5285]: cut: standard output: Broken pipe Fri Feb 19 00:24:35 2016 daemon.err uhttpd[5285]: cat: can't open '/.do_date': No such file or directory unrelated. If you want to remove it, go to CLI and type in touch /.do_date however this date will be updated as soon as fwupgrade is run. ---- Fri Feb 19 00:20:00 2016 cron.info crond[3190]: USER root pid 6164 cmd /usr/sbin/ntpclient -s -p 123 -h 0.us.pool.ntp.org || /etc/init.d/ntpclient restart Fri Feb 19 00:20:00 2016 user.notice root: NTP 0.us.pool.ntp.org failed. Fri Feb 19 00:20:00 2016 user.notice root: NTP 0.us.pool.ntp.org failed. Fri Feb 19 00:20:00 2016 user.notice root: NTP 0.us.pool.ntp.org failed. Fri Feb 19 00:20:00 2016 user.notice root: NTP 0.us.pool.ntp.org failed. Fri Feb 19 00:20:00 2016 user.notice root: NTP 0.us.pool.ntp.org failed. Fri Feb 19 00:20:00 2016 user.notice root: NTP eager clock adjust failed. This is due to the lack of connection when the NTP client is started - you can ignore this as the default schedule will resolve it in 10 minutes. ---- Fri Feb 19 00:11:53 2016 daemon.crit dnsmasq[5365]: bad option at line 69 of /etc/ITUS_DNS.txt Fri Feb 19 00:11:53 2016 daemon.crit dnsmasq[5365]: FAILED to start up Fri Feb 19 00:11:53 2016 user.notice update_webfilter: updated dnsmasq blacklist Fri Feb 19 00:11:53 2016 user.notice update_webfilter: updated network.interface.blockdomain: 192.168.1.112 Fri Feb 19 00:11:53 2016 user.notice update_webfilter: updated firewall.@redirect[0].Itusfilter: 192.168.1.112 Fri Feb 19 00:11:53 2016 user.notice update_webfilter: updated firewall.@redirect[1]dns-traffic-to-shield: 192.168.1.112 Fri Feb 19 00:11:53 2016 user.notice update_webfilter: updated uhttpd.Itusfilter Fri Feb 19 00:11:53 2016 daemon.crit dnsmasq[5380]: bad option at line 69 of /etc/ITUS_DNS.txt Fri Feb 19 00:11:53 2016 daemon.crit dnsmasq[5380]: FAILED to start up This could be the cause, DNSMASQ is not starting. Try to make an update in the online blacklist (LUCI > Services > Web Filter > Black List). With "an update" I mean changing or add/remove a line and press Save&Apply Once it is done, restart DNSMASQ in the Initscripts (LUCI > System > Startup) and RESTART dnsmasq (prio 60) Have you installed any of the hotfixes, like Hotfix-160210?
No more: Shield Pro v1, Chaos Calmer, FW 1.51 SP1
|
Reply |
Threaded
Open this post in threaded view
|
More ♦
♦
| Loading... |
| Reply to author |
| Edit post |
| Move post |
| Delete this post |
| Delete this post and replies |
| Change post date |
| Print post |
| Permalink |
| Raw mail |
Feb 26, 2016; 11:16pm
Re: bridge mode not working
|
Also, are you able to get it to boot up in Router mode? If so, let it complete the Router mode boot, wait for about 10 minutes, then shut down and reconfigure for Bridge mode. Then reboot.
When switching modes the system mounts hidden partitions and installs a new, blank profile for the mode based on what is stored in the Itusrestore Image in those partitions.
Shield Pro v1, Chaos Calmer, FW 1.51 SP1, v8.3.2, Bridge Mode
|
Reply |
Threaded
Open this post in threaded view
|
More ♦
♦
| Loading... |
| Reply to author |
| Edit post |
| Move post |
| Delete this post |
| Delete this post and replies |
| Change post date |
| Print post |
| Permalink |
| Raw mail |
Feb 26, 2016; 11:51pm
Re: bridge mode not working
|
|
Hi, thanks everyone for all the help yes it works in Router mode without any problems, after 10 min can I just switch to Bridge mode without powering down the switch modem and shield? or sold I follow the setup guide?
|
Reply |
Threaded
Open this post in threaded view
|
More ♦
♦
| Loading... |
| Reply to author |
| Edit post |
| Move post |
| Delete this post |
| Delete this post and replies |
| Change post date |
| Print post |
| Permalink |
| Raw mail |
Feb 26, 2016; 11:54pm
Re: bridge mode not working
|
|
also the in CLI run command it that ran via Putty ssh?
thanks |
Reply |
Threaded
Open this post in threaded view
|
More ♦
♦
| Loading... |
| Reply to author |
| Edit post |
| Move post |
| Delete this post |
| Delete this post and replies |
| Change post date |
| Print post |
| Permalink |
| Raw mail |
Feb 27, 2016; 12:35am
Re: bridge mode not working
|
|
to switch between router and bridge mode you have to cycle power. correct, you can use the CLI (command line interface) via SSH (putty etc).
No more: Shield Pro v1, Chaos Calmer, FW 1.51 SP1
|
Reply |
Threaded
Open this post in threaded view
|
More ♦
♦
| Loading... |
| Reply to author |
| Edit post |
| Move post |
| Delete this post |
| Delete this post and replies |
| Change post date |
| Print post |
| Permalink |
| Raw mail |
Feb 27, 2016; 9:15pm
Re: bridge mode not working
|
|
In reply to this post by Wisiwyg
Thanks Hans no I have not instilled Hotfix-160210 can you walk me Thu the update I'm I am out of practice. on my command prompts
thanks |
Reply |
Threaded
Open this post in threaded view
|
More ♦
♦
| Loading... |
| Reply to author |
| Edit post |
| Move post |
| Delete this post |
| Delete this post and replies |
| Change post date |
| Print post |
| Permalink |
| Raw mail |
Feb 28, 2016; 12:02am
Re: bridge mode not working
|
|
In reply to this post by hans2
Hi, also here are Initscripts screen shot
|
Reply |
Threaded
Open this post in threaded view
|
More ♦
♦
| Loading... |
| Reply to author |
| Edit post |
| Move post |
| Delete this post |
| Delete this post and replies |
| Change post date |
| Print post |
| Permalink |
| Raw mail |
Feb 28, 2016; 9:31pm
Re: bridge mode not working
|
|
Try to make an update in the online blacklist (LUCI > Services > Web Filter > Black List). With "an update" I mean changing or add/remove a line and press Save&Apply
Once it is done, restart DNSMASQ in the Initscripts (LUCI > System > Startup) and RESTART dnsmasq (prio 60) I also did restart DNSMASQ and remove a line but it did not fix the problem |
Reply |
Threaded
Open this post in threaded view
|
More ♦
♦
| Loading... |
| Reply to author |
| Edit post |
| Move post |
| Delete this post |
| Delete this post and replies |
| Change post date |
| Print post |
| Permalink |
| Raw mail |
Feb 28, 2016; 11:35pm
Re: bridge mode not working
|
|
Hi, Hans I did Hotfix-160210 and Upgrade to 1.51SP1 but still seems not working here is the System Log
Sun Feb 28 23:13:55 2016 kern.notice kernel: [ 0.000000] Linux version 3.10.20 (daniel@Ayoub) (gcc version 4.7.0 (Cavium Inc. Version: SDK_3_1_0_p2 build 34) ) #165 SMP Mon May 18 23:41:17 PDT 2015 Sun Feb 28 23:13:55 2016 kern.notice kernel: [ 0.000000] CVMSEG size: 2 cache lines (256 bytes) Sun Feb 28 23:13:55 2016 kern.info kernel: [ 0.000000] Cavium Inc. SDK-3.1 Sun Feb 28 23:13:55 2016 kern.info kernel: [ 0.000000] bootconsole [early0] enabled Sun Feb 28 23:13:55 2016 kern.info kernel: [ 0.000000] CPU revision is: 000d9602 (Cavium Octeon III) Sun Feb 28 23:13:55 2016 kern.info kernel: [ 0.000000] FPU revision is: 00739600 Sun Feb 28 23:13:55 2016 kern.debug kernel: [ 0.000000] Checking for the multiply/shift bug... no. Sun Feb 28 23:13:55 2016 kern.debug kernel: [ 0.000000] Checking for the daddiu bug... no. Sun Feb 28 23:13:55 2016 kern.info kernel: [ 0.000000] Determined physical RAM map: Sun Feb 28 23:13:55 2016 kern.info kernel: [ 0.000000] memory: 000000000c800000 @ 0000000002500000 (usable) Sun Feb 28 23:13:55 2016 kern.info kernel: [ 0.000000] memory: 0000000000c00000 @ 000000000f200000 (usable) Sun Feb 28 23:13:55 2016 kern.info kernel: [ 0.000000] memory: 000000002f000000 @ 0000000020000000 (usable) Sun Feb 28 23:13:55 2016 kern.info kernel: [ 0.000000] memory: 0000000000830000 @ 0000000000100000 (usable) Sun Feb 28 23:13:55 2016 kern.info kernel: [ 0.000000] memory: 0000000001a00000 @ 0000000000930000 (usable after init) Sun Feb 28 23:13:55 2016 kern.info kernel: [ 0.000000] Wasting 896 bytes for tracking 16 unused pages Sun Feb 28 23:13:55 2016 kern.info kernel: [ 0.000000] Initrd not found or empty - disabling initrd Sun Feb 28 23:13:55 2016 kern.info kernel: [ 0.000000] Using passed Device Tree <8000000000080000>. Sun Feb 28 23:13:55 2016 kern.info kernel: [ 0.000000] software IO TLB [mem 0x02670000-0x026b0000] (0MB) mapped at [8000000002670000-80000000026affff] Sun Feb 28 23:13:55 2016 kern.debug kernel: [ 0.000000] Zone ranges: Sun Feb 28 23:13:55 2016 kern.debug kernel: [ 0.000000] DMA32 [mem 0x00100000-0xefffffff] Sun Feb 28 23:13:55 2016 kern.debug kernel: [ 0.000000] Normal empty Sun Feb 28 23:13:55 2016 kern.debug kernel: [ 0.000000] Movable zone start for each node Sun Feb 28 23:13:55 2016 kern.debug kernel: [ 0.000000] Early memory node ranges Sun Feb 28 23:13:55 2016 kern.debug kernel: [ 0.000000] node 0: [mem 0x00100000-0x0232ffff] Sun Feb 28 23:13:55 2016 kern.debug kernel: [ 0.000000] node 0: [mem 0x02500000-0x0ecfffff] Sun Feb 28 23:13:55 2016 kern.debug kernel: [ 0.000000] node 0: [mem 0x0f200000-0x0fdfffff] Sun Feb 28 23:13:55 2016 kern.debug kernel: [ 0.000000] node 0: [mem 0x20000000-0x4effffff] Sun Feb 28 23:13:55 2016 kern.debug kernel: [ 0.000000] On node 0 totalpages: 15971 Sun Feb 28 23:13:55 2016 kern.debug kernel: [ 0.000000] DMA32 zone: 14 pages used for memmap Sun Feb 28 23:13:55 2016 kern.debug kernel: [ 0.000000] DMA32 zone: 0 pages reserved Sun Feb 28 23:13:55 2016 kern.debug kernel: [ 0.000000] DMA32 zone: 15971 pages, LIFO batch:1 Sun Feb 28 23:13:55 2016 kern.info kernel: [ 0.000000] Cavium Hotplug: Available coremask 0x0 Sun Feb 28 23:13:55 2016 kern.notice kernel: [ 0.000000] Primary instruction cache 78kB, virtually tagged, 39 way, 16 sets, linesize 128 bytes. Sun Feb 28 23:13:55 2016 kern.notice kernel: [ 0.000000] Primary data cache 32kB, 32-way, 8 sets, linesize 128 bytes. Sun Feb 28 23:13:55 2016 kern.notice kernel: [ 0.000000] Secondary unified cache 512kB, 4-way, 1024 sets, linesize 128 bytes. Sun Feb 28 23:13:55 2016 kern.info kernel: [ 0.000000] PERCPU: Embedded 1 pages/cpu @8000000002710000 s12544 r8192 d44800 u65536 Sun Feb 28 23:13:55 2016 kern.debug kernel: [ 0.000000] pcpu-alloc: s12544 r8192 d44800 u65536 alloc=1*65536 Sun Feb 28 23:13:55 2016 kern.debug kernel: [ 0.000000] pcpu-alloc: [0] 0 [0] 1 Sun Feb 28 23:13:55 2016 kern.debug kernel: [ 0.000000] Built 1 zonelists in Zone order, mobility grouping off. Total pages: 15957 Sun Feb 28 23:13:55 2016 kern.notice kernel: [ 0.000000] Kernel command line: bootoctlinux 0x20000000 numcores=2 serial#=752011191521-36287 console=ttyS0,115200 Sun Feb 28 23:13:55 2016 kern.info kernel: [ 0.000000] PID hash table entries: 4096 (order: -1, 32768 bytes) Sun Feb 28 23:13:55 2016 kern.info kernel: [ 0.000000] Dentry cache hash table entries: 131072 (order: 4, 1048576 bytes) Sun Feb 28 23:13:55 2016 kern.info kernel: [ 0.000000] Inode-cache hash table entries: 65536 (order: 3, 524288 bytes) Sun Feb 28 23:13:55 2016 kern.info kernel: [ 0.000000] Memory: 983296k/1022144k available (5825k kernel code, 38848k reserved, 2536k data, 26624k init, 0k highmem) Sun Feb 28 23:13:55 2016 kern.info kernel: [ 0.000000] Hierarchical RCU implementation. Sun Feb 28 23:13:55 2016 kern.info kernel: [ 0.000000] RCU restricting CPUs from NR_CPUS=32 to nr_cpu_ids=2. Sun Feb 28 23:13:55 2016 kern.info kernel: [ 0.000000] NR_IRQS:512 Sun Feb 28 23:13:55 2016 kern.info kernel: [ 0.000000] CIB interrupt controller probed: 800107000000e000 23 bits Sun Feb 28 23:13:55 2016 kern.info kernel: [ 0.000000] CIB interrupt controller probed: 800107000000e200 12 bits Sun Feb 28 23:13:55 2016 kern.info kernel: [ 0.000000] CIB interrupt controller probed: 800107000000e400 6 bits Sun Feb 28 23:13:55 2016 kern.info kernel: [ 0.000000] CIB interrupt controller probed: 800107000000ec00 15 bits Sun Feb 28 23:13:55 2016 kern.info kernel: [ 0.000000] CIB interrupt controller probed: 800107000000e600 4 bits Sun Feb 28 23:13:55 2016 kern.info kernel: [ 0.000000] CIB interrupt controller probed: 800107000000e800 11 bits Sun Feb 28 23:13:55 2016 kern.info kernel: [ 0.000000] CIB interrupt controller probed: 800107000000e900 11 bits Sun Feb 28 23:13:55 2016 kern.info kernel: [ 22.523596] Calibrating delay loop (skipped) preset value.. 2000.00 BogoMIPS (lpj=10000000) Sun Feb 28 23:13:55 2016 kern.info kernel: [ 22.531809] pid_max: default: 32768 minimum: 501 Sun Feb 28 23:13:55 2016 kern.info kernel: [ 22.536525] Security Framework initialized Sun Feb 28 23:13:55 2016 kern.info kernel: [ 22.540542] Mount-cache hash table entries: 4096 Sun Feb 28 23:13:55 2016 kern.debug kernel: [ 22.546796] Checking for the daddi bug... no. Sun Feb 28 23:13:55 2016 kern.info kernel: [ 22.547585] SMP: Booting CPU01 (CoreId 1)... Sun Feb 28 23:13:55 2016 kern.info kernel: [ 22.551787] CPU revision is: 000d9602 (Cavium Octeon III) Sun Feb 28 23:13:55 2016 kern.info kernel: [ 22.551790] FPU revision is: 00739600 Sun Feb 28 23:13:55 2016 kern.info kernel: [ 22.551973] Cpu 1 online Sun Feb 28 23:13:55 2016 kern.info kernel: [ 22.563388] Brought up 2 CPUs Sun Feb 28 23:13:55 2016 kern.info kernel: [ 22.566333] Cavium Hotplug: Available coremask 0x0 Sun Feb 28 23:13:55 2016 kern.info kernel: [ 22.573324] NET: Registered protocol family 16 Sun Feb 28 23:13:55 2016 kern.notice kernel: [ 22.578737] Installing handlers for error tree at: ffffffff808be430 Sun Feb 28 23:13:55 2016 kern.notice kernel: [ 22.596255] PCIe: Initializing port 0 Sun Feb 28 23:13:55 2016 kern.debug kernel: [ 24.658791] PCIe: Link timeout on port 0, probably the slot is empty Sun Feb 28 23:13:55 2016 kern.notice kernel: [ 24.658797] PCIe: Initializing port 1 Sun Feb 28 23:13:55 2016 kern.debug kernel: [ 24.662293] PCIe: Port 1 not in PCIe mode, skipping Sun Feb 28 23:13:55 2016 kern.notice kernel: [ 24.662298] PCIe: Initializing port 2 Sun Feb 28 23:13:55 2016 kern.debug kernel: [ 24.665940] PCIe: Port 2 not in PCIe mode, skipping Sun Feb 28 23:13:55 2016 kern.warn kernel: [ 24.672308] [sched_delayed] sched: RT throttling activated Sun Feb 28 23:13:55 2016 kern.info kernel: [ 24.685629] bio: create slab <bio-0> at 0 Sun Feb 28 23:13:55 2016 kern.info kernel: [ 24.690049] vgaarb: loaded Sun Feb 28 23:13:55 2016 kern.notice kernel: [ 24.692979] SCSI subsystem initialized Sun Feb 28 23:13:55 2016 kern.debug kernel: [ 24.696828] libata version 3.00 loaded. Sun Feb 28 23:13:55 2016 kern.info kernel: [ 24.697246] usbcore: registered new interface driver usbfs Sun Feb 28 23:13:55 2016 kern.info kernel: [ 24.702679] usbcore: registered new interface driver hub Sun Feb 28 23:13:55 2016 kern.info kernel: [ 24.707975] usbcore: registered new device driver usb Sun Feb 28 23:13:55 2016 kern.info kernel: [ 24.713126] pps_core: LinuxPPS API ver. 1 registered Sun Feb 28 23:13:55 2016 kern.info kernel: [ 24.717923] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti <giometti@linux.it> Sun Feb 28 23:13:55 2016 kern.info kernel: [ 24.727148] PTP clock support registered Sun Feb 28 23:13:55 2016 kern.info kernel: [ 24.731024] EDAC MC: Ver: 3.0.0 Sun Feb 28 23:13:55 2016 kern.info kernel: [ 24.734703] PCI host bridge to bus 0000:00 Sun Feb 28 23:13:55 2016 kern.info kernel: [ 24.738660] pci_bus 0000:00: root bus resource [mem 0x1000000000000] Sun Feb 28 23:13:55 2016 kern.info kernel: [ 24.744982] pci_bus 0000:00: root bus resource [io 0x0000] Sun Feb 28 23:13:55 2016 kern.info kernel: [ 24.750550] pci_bus 0000:00: No busn resource found for root bus, will use [bus 00-ff] Sun Feb 28 23:13:55 2016 kern.debug kernel: [ 24.758477] pci_bus 0000:00: busn_res: [bus 00-ff] end is updated to 00 Sun Feb 28 23:13:55 2016 kern.info kernel: [ 24.759427] Switching to clocksource OCTEON_CVMCOUNT Sun Feb 28 23:13:55 2016 kern.info kernel: [ 24.765699] NET: Registered protocol family 2 Sun Feb 28 23:13:55 2016 kern.info kernel: [ 24.770342] TCP established hash table entries: 8192 (order: 1, 131072 bytes) Sun Feb 28 23:13:55 2016 kern.info kernel: [ 24.777460] TCP bind hash table entries: 8192 (order: 1, 131072 bytes) Sun Feb 28 23:13:55 2016 kern.info kernel: [ 24.783949] TCP: Hash tables configured (established 8192 bind 8192) Sun Feb 28 23:13:55 2016 kern.info kernel: [ 24.790218] TCP: reno registered Sun Feb 28 23:13:55 2016 kern.info kernel: [ 24.793399] UDP hash table entries: 2048 (order: 0, 65536 bytes) Sun Feb 28 23:13:55 2016 kern.info kernel: [ 24.799486] UDP-Lite hash table entries: 2048 (order: 0, 65536 bytes) Sun Feb 28 23:13:55 2016 kern.info kernel: [ 24.806142] NET: Registered protocol family 1 Sun Feb 28 23:13:55 2016 kern.debug kernel: [ 24.810347] PCI: CLS 0 bytes, default 128 Sun Feb 28 23:13:55 2016 kern.notice kernel: [ 26.398881] octeon_pci_console: Console not created. Sun Feb 28 23:13:55 2016 kern.notice kernel: [ 26.403684] /proc/octeon_perf: Octeon performance counter interface loaded Sun Feb 28 23:13:55 2016 kern.info kernel: [ 26.412543] HugeTLB registered 512 MB page size, pre-allocated 0 pages Sun Feb 28 23:13:55 2016 kern.debug kernel: [ 26.420262] sys_fw_version: 0.1.17 Sun Feb 28 23:13:55 2016 kern.debug kernel: [ 26.420275] sys_revision: 21 Sun Feb 28 23:13:55 2016 kern.info kernel: [ 26.420632] squashfs: version 4.0 (2009/01/31) Phillip Lougher Sun Feb 28 23:13:55 2016 kern.info kernel: [ 26.426568] NTFS driver 2.1.30 [Flags: R/W]. Sun Feb 28 23:13:55 2016 kern.info kernel: [ 26.430697] jffs2: version 2.2. (NAND) © 2001-2006 Red Hat, Inc. Sun Feb 28 23:13:55 2016 kern.info kernel: [ 26.436831] msgmni has been set to 1920 Sun Feb 28 23:13:55 2016 kern.notice kernel: [ 26.441572] Key type asymmetric registered Sun Feb 28 23:13:55 2016 kern.notice kernel: [ 26.445558] Asymmetric key parser 'x509' registered Sun Feb 28 23:13:55 2016 kern.info kernel: [ 26.450382] io scheduler noop registered Sun Feb 28 23:13:55 2016 kern.info kernel: [ 26.454297] io scheduler deadline registered Sun Feb 28 23:13:55 2016 kern.info kernel: [ 26.458559] io scheduler cfq registered (default) Sun Feb 28 23:13:55 2016 kern.info kernel: [ 26.463488] octeon_gpio 1070000000800.gpio-controller: OCTEON GPIO Sun Feb 28 23:13:55 2016 kern.info kernel: [ 26.519297] Serial: 8250/16550 driver, 6 ports, IRQ sharing disabled Sun Feb 28 23:13:55 2016 kern.info kernel: [ 26.528951] 1180000000800.serial: ttyS0 at MMIO 0x1180000000800 (irq = 34) is a OCTEON Sun Feb 28 23:13:55 2016 kern.info kernel: [ 26.536741] console [ttyS0] enabled, bootconsole disabled Sun Feb 28 23:13:55 2016 kern.info kernel: [ 26.560284] 1180000000c00.serial: ttyS1 at MMIO 0x1180000000c00 (irq = 35) is a OCTEON Sun Feb 28 23:13:55 2016 kern.info kernel: [ 26.582421] brd: module loaded Sun Feb 28 23:13:55 2016 kern.info kernel: [ 26.600915] loop: module loaded Sun Feb 28 23:13:55 2016 kern.notice kernel: [ 26.617766] slram: not enough parameters. Sun Feb 28 23:13:55 2016 kern.info kernel: [ 26.642093] IMQ driver loaded successfully. (numdevs = 16, numqueues = 1) Sun Feb 28 23:13:55 2016 kern.info kernel: [ 26.661176] Hooking IMQ after NAT on PREROUTING. Sun Feb 28 23:13:55 2016 kern.info kernel: [ 26.678148] Hooking IMQ before NAT on POSTROUTING. Sun Feb 28 23:13:55 2016 kern.info kernel: [ 26.697506] libphy: mdio-octeon: probed Sun Feb 28 23:13:55 2016 kern.info kernel: [ 26.714970] mdio-octeon 1180000001800.mdio: Version 1.0 Sun Feb 28 23:13:55 2016 kern.info kernel: [ 26.732603] spi_ks8995: Micrel KS8995 Ethernet switch SPI driver version 0.1.1 Sun Feb 28 23:13:55 2016 kern.info kernel: [ 26.753104] e1000e: Intel(R) PRO/1000 Network Driver - 2.3.2-k Sun Feb 28 23:13:55 2016 kern.info kernel: [ 26.771237] e1000e: Copyright(c) 1999 - 2013 Intel Corporation. Sun Feb 28 23:13:55 2016 kern.err kernel: [ 26.789690] octeon-pow-ethernet ERROR: You must specify a broadcast group mask. Sun Feb 28 23:13:55 2016 kern.notice kernel: [ 26.809339] octeon-ethernet 2.0 Sun Feb 28 23:13:55 2016 kern.debug kernel: [ 26.826338] Interface 0 has 4 ports (QSGMII) Sun Feb 28 23:13:55 2016 kern.debug kernel: [ 26.826416] Interface 1 has 4 ports (QSGMII) Sun Feb 28 23:13:55 2016 kern.debug kernel: [ 26.826423] Interface 2 has 4 ports (NPI) Sun Feb 28 23:13:55 2016 kern.debug kernel: [ 26.826437] Interface 3 has 4 ports (LOOP) Sun Feb 28 23:13:55 2016 kern.debug kernel: [ 26.826454] Interface 4 has 1 ports (AGL) Sun Feb 28 23:13:55 2016 kern.info kernel: [ 26.835008] usbcore: registered new interface driver cdc_ether Sun Feb 28 23:13:55 2016 kern.info kernel: [ 26.853149] usbcore: registered new interface driver plusb Sun Feb 28 23:13:55 2016 kern.info kernel: [ 26.871031] usbcore: registered new interface driver sierra_net Sun Feb 28 23:13:55 2016 kern.info kernel: [ 26.889822] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver Sun Feb 28 23:13:55 2016 kern.info kernel: [ 26.908628] ehci-pci: EHCI PCI platform driver Sun Feb 28 23:13:55 2016 kern.info kernel: [ 26.925370] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver Sun Feb 28 23:13:55 2016 kern.info kernel: [ 26.944400] usbcore: registered new interface driver usb-storage Sun Feb 28 23:13:55 2016 kern.info kernel: [ 26.962830] usbcore: registered new interface driver usbserial Sun Feb 28 23:13:55 2016 kern.info kernel: [ 26.980902] usbcore: registered new interface driver usbserial_generic Sun Feb 28 23:13:55 2016 kern.info kernel: [ 26.999657] usbserial: USB Serial support registered for generic Sun Feb 28 23:13:55 2016 kern.info kernel: [ 27.017933] usbcore: registered new interface driver sierra Sun Feb 28 23:13:55 2016 kern.info kernel: [ 27.035730] usbserial: USB Serial support registered for Sierra USB modem Sun Feb 28 23:13:55 2016 kern.info kernel: [ 27.054959] i2c /dev entries driver Sun Feb 28 23:13:55 2016 kern.info kernel: [ 27.071060] i2c-octeon 1180000001000.i2c: version 2.5 Sun Feb 28 23:13:55 2016 kern.info kernel: [ 27.089094] octeon_wdt: Initial granularity 5 Sec Sun Feb 28 23:13:55 2016 kern.info kernel: [ 27.106203] EDAC DEVICE0: Giving out device to module 'octeon-cpu' controller 'cache': DEV 'octeon_pc_edac' (INTERRUPT) Sun Feb 28 23:13:55 2016 kern.info kernel: [ 27.129339] EDAC DEVICE1: Giving out device to module 'octeon-l2c' controller 'octeon_l2c_err': DEV 'octeon_l2c_edac' (POLLED) Sun Feb 28 23:13:55 2016 kern.info kernel: [ 27.152998] octeon_lmc_edac octeon_lmc_edac.0: Disabled (ECC not enabled) Sun Feb 28 23:13:55 2016 kern.info kernel: [ 29.774461] Netfilter messages via NETLINK v0.30. Sun Feb 28 23:13:55 2016 kern.info kernel: [ 29.791302] nfnl_acct: registering with nfnetlink. Sun Feb 28 23:13:55 2016 kern.info kernel: [ 29.808266] nf_conntrack version 0.5.0 (7682 buckets, 30728 max) Sun Feb 28 23:13:55 2016 kern.info kernel: [ 29.826704] ctnetlink v0.93: registering with nfnetlink. Sun Feb 28 23:13:55 2016 kern.info kernel: [ 29.844539] xt_time: kernel timezone is -0000 Sun Feb 28 23:13:55 2016 kern.notice kernel: [ 29.861031] ip_set: protocol 6 Sun Feb 28 23:13:55 2016 kern.info kernel: [ 29.876330] ipip: IPv4 over IPv4 tunneling driver Sun Feb 28 23:13:55 2016 kern.info kernel: [ 29.893680] gre: GRE over IPv4 demultiplexor driver Sun Feb 28 23:13:55 2016 kern.info kernel: [ 29.910704] ip_gre: GRE over IPv4 tunneling driver Sun Feb 28 23:13:55 2016 kern.info kernel: [ 29.928905] ip_tables: (C) 2000-2006 Netfilter Core Team Sun Feb 28 23:13:55 2016 kern.info kernel: [ 29.946545] ipt_CLUSTERIP: ClusterIP Version 0.8 loaded successfully Sun Feb 28 23:13:55 2016 kern.info kernel: [ 29.965077] arp_tables: (C) 2002 David S. Miller Sun Feb 28 23:13:55 2016 kern.info kernel: [ 29.981870] TCP: cubic registered Sun Feb 28 23:13:55 2016 kern.info kernel: [ 29.997310] Initializing XFRM netlink socket Sun Feb 28 23:13:55 2016 kern.info kernel: [ 30.013754] NET: Registered protocol family 10 Sun Feb 28 23:13:55 2016 kern.info kernel: [ 30.033547] mip6: Mobile IPv6 Sun Feb 28 23:13:55 2016 kern.info kernel: [ 30.048686] ip6_tables: (C) 2000-2006 Netfilter Core Team Sun Feb 28 23:13:55 2016 kern.info kernel: [ 30.066501] sit: IPv6 over IPv4 tunneling driver Sun Feb 28 23:13:55 2016 kern.info kernel: [ 30.084597] ip6_gre: GRE over IPv6 tunneling driver Sun Feb 28 23:13:55 2016 kern.info kernel: [ 30.102261] NET: Registered protocol family 17 Sun Feb 28 23:13:55 2016 kern.info kernel: [ 30.118867] NET: Registered protocol family 15 Sun Feb 28 23:13:55 2016 kern.notice kernel: [ 30.135531] Bridge firewalling registered Sun Feb 28 23:13:55 2016 kern.info kernel: [ 30.151681] Ebtables v2.0 registered Sun Feb 28 23:13:55 2016 kern.info kernel: [ 30.214298] 8021q: 802.1Q VLAN Support v1.8 Sun Feb 28 23:13:55 2016 kern.notice kernel: [ 30.230672] Key type dns_resolver registered Sun Feb 28 23:13:55 2016 kern.info kernel: [ 30.247206] L2 lock: TLB refill 256 bytes Sun Feb 28 23:13:55 2016 kern.info kernel: [ 30.263342] L2 lock: General exception 128 bytes Sun Feb 28 23:13:55 2016 kern.info kernel: [ 30.280083] L2 lock: low-level interrupt 128 bytes Sun Feb 28 23:13:55 2016 kern.info kernel: [ 30.296994] L2 lock: interrupt 640 bytes Sun Feb 28 23:13:55 2016 kern.info kernel: [ 30.313044] L2 lock: memcpy 1152 bytes Sun Feb 28 23:13:55 2016 kern.err kernel: [ 30.330934] drivers/rtc/hctosys.c: unable to open rtc device (rtc0) Sun Feb 28 23:13:55 2016 kern.info kernel: [ 30.355657] Freeing unused kernel memory: 26624K (ffffffff80930000 - ffffffff82330000) Sun Feb 28 23:13:55 2016 kern.info kernel: [ 46.807914] mmc1: BKOPS_EN bit is not set Sun Feb 28 23:13:55 2016 kern.info kernel: [ 46.828613] mmc1: new high speed DDR MMC card at address 0001 Sun Feb 28 23:13:55 2016 kern.info kernel: [ 46.847085] mmcblk0: mmc1:0001 P1XXXX 3.60 GiB Sun Feb 28 23:13:55 2016 kern.info kernel: [ 46.864065] mmcblk0boot0: mmc1:0001 P1XXXX partition 1 2.00 MiB Sun Feb 28 23:13:55 2016 kern.info kernel: [ 46.882432] mmcblk0boot1: mmc1:0001 P1XXXX partition 2 2.00 MiB Sun Feb 28 23:13:55 2016 kern.info kernel: [ 46.900799] mmcblk0rpmb: mmc1:0001 P1XXXX partition 3 128 KiB Sun Feb 28 23:13:55 2016 kern.info kernel: [ 46.922749] mmcblk0: p1 p2 p3 p4 Sun Feb 28 23:13:55 2016 kern.info kernel: [ 46.943594] mmcblk0boot1: unknown partition table Sun Feb 28 23:13:55 2016 kern.info kernel: [ 46.965107] mmcblk0boot0: unknown partition table Sun Feb 28 23:13:55 2016 kern.info kernel: [ 47.633372] kjournald starting. Commit interval 5 seconds Sun Feb 28 23:13:55 2016 kern.info kernel: [ 47.652050] EXT3-fs (mmcblk0p4): using internal journal Sun Feb 28 23:13:55 2016 kern.info kernel: [ 47.670324] EXT3-fs (mmcblk0p4): recovery complete Sun Feb 28 23:13:55 2016 kern.info kernel: [ 47.687388] EXT3-fs (mmcblk0p4): mounted filesystem with writeback data mode Sun Feb 28 23:13:55 2016 user.err kernel: [ 47.923225] init: failed to symlink /tmp -> /var Sun Feb 28 23:13:55 2016 user.info kernel: [ 47.940296] init: Console is alive Sun Feb 28 23:13:55 2016 user.info kernel: [ 47.956178] init: - watchdog - Sun Feb 28 23:13:55 2016 user.info kernel: [ 48.972341] init: - preinit - Sun Feb 28 23:13:55 2016 user.notice kernel: [ 52.171844] mount_root: mounting /dev/root Sun Feb 28 23:13:55 2016 user.info kernel: [ 52.188789] mount_root: loading kmods from internal overlay Sun Feb 28 23:13:55 2016 user.info kernel: [ 52.318233] block: attempting to load /etc/config/fstab Sun Feb 28 23:13:55 2016 user.info kernel: [ 52.337726] block: extroot: not configured Sun Feb 28 23:13:55 2016 user.info kernel: [ 52.358585] procd: - early - Sun Feb 28 23:13:55 2016 user.info kernel: [ 52.373926] procd: - watchdog - Sun Feb 28 23:13:55 2016 user.info kernel: [ 53.090601] procd: - ubus - Sun Feb 28 23:13:55 2016 user.info kernel: [ 54.106270] procd: - init - Sun Feb 28 23:13:55 2016 kern.info kernel: [ 55.826164] NET: Registered protocol family 38 Sun Feb 28 23:13:55 2016 kern.info kernel: [ 55.849489] tun: Universal TUN/TAP device driver, 1.6 Sun Feb 28 23:13:55 2016 kern.info kernel: [ 55.866835] tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com> Sun Feb 28 23:13:55 2016 kern.info kernel: [ 55.894824] u32 classifier Sun Feb 28 23:13:55 2016 kern.info kernel: [ 55.909709] input device check on Sun Feb 28 23:13:55 2016 kern.info kernel: [ 55.925499] Actions configured Sun Feb 28 23:13:55 2016 kern.info kernel: [ 55.942165] Mirror/redirect action on Sun Feb 28 23:13:55 2016 kern.info kernel: [ 55.966737] PPP generic driver version 2.4.2 Sun Feb 28 23:13:55 2016 kern.info kernel: [ 55.984117] NET: Registered protocol family 24 Sun Feb 28 23:13:56 2016 user.emerg procd: this file has been obseleted. please call "/sbin/block mount" directly Sun Feb 28 23:13:56 2016 daemon.warn netifd: You have delegated IPv6-prefixes but haven't assigned them to any interface. Did you forget to set option ip6assign on your lan-interfaces? Sun Feb 28 23:13:56 2016 kern.debug kernel: [ 58.021469] SGMII0: Port 1 link timeout Sun Feb 28 23:13:56 2016 kern.notice kernel: [ 58.021717] eth1: 1000 Mbps Full duplex, port 1 Sun Feb 28 23:13:56 2016 kern.info kernel: [ 58.021791] IPv6: ADDRCONF(NETDEV_UP): eth1: link is not ready Sun Feb 28 23:13:56 2016 kern.info kernel: [ 58.022530] device eth1 entered promiscuous mode Sun Feb 28 23:13:56 2016 daemon.notice netifd: Interface 'lan' is enabled Sun Feb 28 23:13:56 2016 daemon.notice netifd: Interface 'blockdomain' is enabled Sun Feb 28 23:13:56 2016 daemon.notice netifd: Interface 'blockdomain' is setting up now Sun Feb 28 23:13:56 2016 daemon.notice netifd: Interface 'blockdomain' is now up Sun Feb 28 23:13:56 2016 daemon.notice netifd: Interface 'loopback' is enabled Sun Feb 28 23:13:56 2016 daemon.notice netifd: Interface 'loopback' is setting up now Sun Feb 28 23:13:56 2016 daemon.notice netifd: Interface 'loopback' is now up Sun Feb 28 23:13:56 2016 kern.info kernel: [ 58.025041] IPv6: ADDRCONF(NETDEV_UP): br-lan: link is not ready Sun Feb 28 23:13:56 2016 kern.notice kernel: [ 58.052376] eth0: 1000 Mbps Full duplex, port 0 Sun Feb 28 23:13:56 2016 kern.info kernel: [ 58.052466] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready Sun Feb 28 23:13:56 2016 daemon.notice netifd: Interface 'wan' is enabled Sun Feb 28 23:13:56 2016 daemon.err block: /dev/mmcblk0p4 is already mounted Sun Feb 28 23:13:56 2016 daemon.notice netifd: Interface 'wan6' is enabled Sun Feb 28 23:13:56 2016 kern.notice kernel: [ 58.080471] eth2: 1000 Mbps Full duplex, port 2 Sun Feb 28 23:13:56 2016 kern.info kernel: [ 58.080575] IPv6: ADDRCONF(NETDEV_UP): eth2: link is not ready Sun Feb 28 23:13:56 2016 daemon.notice netifd: Network device 'lo' link is up Sun Feb 28 23:13:56 2016 daemon.notice netifd: Interface 'loopback' has link connectivity Sun Feb 28 23:13:56 2016 cron.info crond[3193]: crond (busybox 1.23.2) started, log level 4 Sun Feb 28 23:13:56 2016 cron.info crond[3193]: user:root entry:(null) Sun Feb 28 23:13:56 2016 cron.info crond[3193]: user:root entry:(null) Sun Feb 28 23:13:56 2016 user.emerg procd: interface lan has no physdev or physdev has no suitable ip Sun Feb 28 23:13:56 2016 authpriv.info dropbear[3226]: Not backgrounding Sun Feb 28 23:13:56 2016 authpriv.warn dropbear[3225]: Failed listening on '22': Error listening: Address already in use Sun Feb 28 23:13:56 2016 authpriv.info dropbear[3225]: Early exit: No listening ports available. Sun Feb 28 23:13:57 2016 daemon.notice netifd: Network device 'eth1' link is up Sun Feb 28 23:13:57 2016 daemon.notice netifd: Bridge 'br-lan' link is up Sun Feb 28 23:13:57 2016 daemon.notice netifd: Interface 'lan' has link connectivity Sun Feb 28 23:13:57 2016 daemon.notice netifd: Interface 'lan' is setting up now Sun Feb 28 23:13:57 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity Sun Feb 28 23:13:57 2016 kern.info kernel: [ 58.994691] IPv6: ADDRCONF(NETDEV_CHANGE): eth1: link becomes ready Sun Feb 28 23:13:57 2016 kern.info kernel: [ 58.994754] br-lan: port 1(eth1) entered forwarding state Sun Feb 28 23:13:57 2016 kern.info kernel: [ 58.994775] br-lan: port 1(eth1) entered forwarding state Sun Feb 28 23:13:57 2016 kern.info kernel: [ 58.994825] IPv6: ADDRCONF(NETDEV_CHANGE): br-lan: link becomes ready Sun Feb 28 23:13:57 2016 daemon.notice netifd: Network device 'eth0' link is up Sun Feb 28 23:13:57 2016 daemon.notice netifd: Interface 'wan' has link connectivity Sun Feb 28 23:13:57 2016 daemon.notice netifd: Interface 'wan' is setting up now Sun Feb 28 23:13:57 2016 kern.info kernel: [ 59.024490] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready Sun Feb 28 23:13:57 2016 daemon.notice netifd: Interface 'wan' is now up Sun Feb 28 23:13:57 2016 daemon.notice netifd: lan (3353): udhcpc (v1.23.2) started Sun Feb 28 23:13:57 2016 daemon.notice netifd: Network device 'eth2' link is up Sun Feb 28 23:13:57 2016 daemon.notice netifd: Interface 'wan6' has link connectivity Sun Feb 28 23:13:57 2016 daemon.notice netifd: Interface 'wan6' is setting up now Sun Feb 28 23:13:57 2016 daemon.notice netifd: Interface 'wan6' is now up Sun Feb 28 23:13:57 2016 kern.info kernel: [ 59.054527] IPv6: ADDRCONF(NETDEV_CHANGE): eth2: link becomes ready Sun Feb 28 23:13:57 2016 daemon.notice netifd: lan (3353): Sending discover... Sun Feb 28 23:13:57 2016 daemon.notice netifd: lan (3353): Sending select for 192.168.1.59... Sun Feb 28 23:13:57 2016 daemon.notice netifd: lan (3353): Lease of 192.168.1.59 obtained, lease time 86400 Sun Feb 28 23:13:57 2016 daemon.notice netifd: Interface 'lan' is now up Sun Feb 28 23:13:59 2016 kern.info kernel: [ 60.994282] br-lan: port 1(eth1) entered forwarding state Sun Feb 28 23:14:00 2016 daemon.crit dnsmasq[3377]: bad option at line 66292 of /etc/ITUS_DNS.txt Sun Feb 28 23:14:00 2016 daemon.crit dnsmasq[3377]: FAILED to start up Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Enabling inline operation Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Found pid path directive (/var/snort/) Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Running in IDS mode Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: --== Initializing Snort ==-- Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Initializing Output Plugins! Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Initializing Preprocessors! Sun Feb 28 23:14:00 2016 cron.info crond[3193]: user:root entry:(null) Sun Feb 28 23:14:00 2016 cron.info crond[3193]: user:root entry:(null) Sun Feb 28 23:14:00 2016 cron.info crond[3193]: wakeup dt=4 Sun Feb 28 23:14:00 2016 cron.info crond[3193]: file root: Sun Feb 28 23:14:00 2016 cron.info crond[3193]: line sh /sbin/fw_upgrade Sun Feb 28 23:14:00 2016 cron.info crond[3193]: line /usr/sbin/ntpclient -s -p 123 -h 0.us.pool.ntp.org || /etc/init.d/ntpclient restart Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Initializing Plug-ins! Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Parsing Rules file "/etc/snort/snort_bridge.conf" Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: PortVar 'HTTP_PORTS' defined : Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: [ 36 80:90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 33300 34412 Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: PortVar 'SHELLCODE_PORTS' defined : Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: [ 1:65535 ] Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: PortVar 'ORACLE_PORTS' defined : Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: [ 1024:65535 ] Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: PortVar 'SSH_PORTS' defined : Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: [ 22 ] Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: PortVar 'FTP_PORTS' defined : Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: [ 21 2100 3535 ] Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: PortVar 'SIP_PORTS' defined : Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: [ 5060:5061 5600 ] Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: PortVar 'FILE_DATA_PORTS' defined : Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: [ 36 80:90 110 143 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 3330Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: PortVar 'GTP_PORTS' defined : Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: [ 2123 2152 3386 ] Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Detection: Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Search-Method = AC-Full Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Search-Method-Optimizations = enabled Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Maximum pattern length = 20 Sun Feb 28 23:14:00 2016 kern.info kernel: [ 62.348018] nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to attach helpers instead. Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Found pid path directive (/var/snort/) Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Tagged Packet Limit: 256 Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so... Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: done Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/... Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_pop_preproc.so... Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: done Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so... Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: done Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so... Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: done Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so... Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: done Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_gtp_preproc.so... Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: done Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sip_preproc.so... Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: done Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_reputation_preproc.so... Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: done Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so... Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: done Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so... Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: done Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so... Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: done Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: done Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_imap_preproc.so... Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: done Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_modbus_preproc.so... Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: done Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dnp3_preproc.so... Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: done Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/ Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Log directory = /tmp/snort/ Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Normalizer config: Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: ip4: on Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: ip4::df: off Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: ip4::rf: off Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: ip4::tos: off Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: ip4::trim: off Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: ip4::ttl: on (min=1, new=5) Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Normalizer config: Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: tcp: on Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: tcp::ecn: stream Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: tcp::block: off Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: tcp::rsv: off Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: tcp::pad: off Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: tcp::req_urg: off Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: tcp::req_pay: off Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: tcp::req_urp: off Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: tcp::urp: off Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: tcp::opt: off Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: tcp::ips: on Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: tcp::trim_syn: off Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: tcp::trim_rst: off Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: tcp::trim_win: off Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: tcp::trim_mss: off Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Normalizer config: Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: icmp4: on Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Normalizer config: Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: ip6: on Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: ip6::hops: on (min=1, new=5) Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Normalizer config: Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: icmp6: on Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Frag3 global config: Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Max frags: 65536 Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Fragment memory cap: 4194304 bytes Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Frag3 engine config: Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Bound Address: default Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Target-based policy: WINDOWS Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Fragment timeout: 180 seconds Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Fragment min_ttl: 1 Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Fragment Anomalies: Alert Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Overlap Limit: 10 Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Min fragment Length: 100 Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Max Expected Streams: 39 Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Stream global config: Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Track TCP sessions: ACTIVE Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Max TCP sessions: 10000 Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: TCP cache pruning timeout: 30 seconds Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: TCP cache nominal timeout: 3600 seconds Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Memcap (for reassembly packet storage): 8388608 Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Track UDP sessions: ACTIVE Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Max UDP sessions: 10000 Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: UDP cache pruning timeout: 30 seconds Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: UDP cache nominal timeout: 180 seconds Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Track ICMP sessions: ACTIVE Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Max ICMP sessions: 65536 Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Track IP sessions: INACTIVE Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Log info if session memory consumption exceeds 1048576 Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Send up to 2 active responses Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Wait at least 5 seconds between responses Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Protocol Aware Flushing: ACTIVE Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Maximum Flush Point: 16000 Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Stream TCP Policy config: Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Bound Address: default Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Reassembly Policy: WINDOWS Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Timeout: 180 seconds Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Limit on TCP Overlaps: 10 Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Maximum number of bytes to queue per session: 1048576 Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Maximum number of segs to queue per session: 2621 Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Options: Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Require 3-Way Handshake: YES Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: 3-Way Handshake Timeout: 180 Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Detect Anomalies: YES Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Reassembly Ports: Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: 21 client (Footprint-IPS) Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: 22 client (Footprint-IPS) Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: 23 client (Footprint-IPS) Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: 25 client (Footprint-IPS) Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: 36 client (Footprint-IPS) server (Footprint-IPS) Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: 42 client (Footprint-IPS) Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: 53 client (Footprint-IPS) Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: 70 client (Footprint-IPS) Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: 79 client (Footprint-IPS) Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: 80 client (Footprint-IPS) server (Footprint-IPS) Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: 81 client (Footprint-IPS) server (Footprint-IPS) Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: 82 client (Footprint-IPS) server (Footprint-IPS) Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: 83 client (Footprint-IPS) server (Footprint-IPS) Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: 84 client (Footprint-IPS) server (Footprint-IPS) Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: 85 client (Footprint-IPS) server (Footprint-IPS) Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: 86 client (Footprint-IPS) server (Footprint-IPS) Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: 87 client (Footprint-IPS) server (Footprint-IPS) Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: 88 client (Footprint-IPS) server (Footprint-IPS) Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: 89 client (Footprint-IPS) server (Footprint-IPS) Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: 90 client (Footprint-IPS) server (Footprint-IPS) Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: additional ports configured but not printed. Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Stream UDP Policy config: Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Timeout: 180 seconds Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: HttpInspect Config: Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: GLOBAL CONFIG Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Detect Proxy Usage: NO Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: IIS Unicode Map Filename: /etc/snort/unicode.map Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: IIS Unicode Map Codepage: 1252 Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Memcap used for logging URI and Hostname: 150994944 Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Max Gzip Memory: 838860 Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Max Gzip Sessions: 1807 Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Gzip Compress Depth: 65535 Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Gzip Decompress Depth: 65535 Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: DEFAULT SERVER CONFIG: Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Server profile: All Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Ports (PAF): 36 80 81 82 83 84 85 86 87 88 89 90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000 7001 7071 7144 7145 7510 7770 7777 7778 7779 8000 8008 8014 8028 8080 8081 8082 8085 8088 8090 8118 8123 8180 8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090 9091 9111 9290 9443 Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Server Flow Depth: 0 Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Client Flow Depth: 0 Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Max Chunk Length: 500000 Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Small Chunk Length Evasion: chunk size <= 10, threshold >= 5 times Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Max Header Field Length: 750 Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Max Number Header Fields: 100 Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Max Number of WhiteSpaces allowed with header folding: 200 Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Inspect Pipeline Requests: YES Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: URI Discovery Strict Mode: NO Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Allow Proxy Usage: NO Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Disable Alerting: NO Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Oversize Dir Length: 500 Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Only inspect URI: NO Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Normalize HTTP Headers: NO Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Inspect HTTP Cookies: YES Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Inspect HTTP Responses: YES Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Extract Gzip from responses: YES Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Decompress response files: Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Unlimited decompression of gzip data from responses: YES Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Normalize Javascripts in HTTP Responses: YES Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Max Number of WhiteSpaces allowed with Javascript Obfuscation in HTTP responses: 200 Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Normalize HTTP Cookies: NO Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Enable XFF and True Client IP: NO Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Log HTTP URI data: NO Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Log HTTP Hostname data: NO Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Extended ASCII code support in URI: NO Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Ascii: YES alert: NO Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Double Decoding: YES alert: NO Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: %U Encoding: YES alert: YES Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Bare Byte: YES alert: NO Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: UTF 8: YES alert: NO Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: IIS Unicode: YES alert: NO Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Multiple Slash: YES alert: NO Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: IIS Backslash: YES alert: NO Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Directory Traversal: YES alert: NO Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Web Root Traversal: YES alert: NO Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Apache WhiteSpace: YES alert: NO Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: IIS Delimiter: YES alert: NO Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Whitespace Characters: 0x09 0x0b 0x0c 0x0d Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: rpc_decode arguments: Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: alert_fragments: INACTIVE Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: alert_large_fragments: INACTIVE Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: alert_incomplete: INACTIVE Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: alert_multiple_requests: INACTIVE Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Portscan Detection Config: Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Detect Protocols: TCP UDP ICMP IP Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Detect Scan Type: portscan portsweep decoy_portscan distributed_portscan Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Sensitivity Level: Medium Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Memcap (in bytes): 500000 Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Number of Nodes: 978 Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: FTPTelnet Config: Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: GLOBAL CONFIG Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Inspection Type: stateful Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Check for Encrypted Traffic: YES alert: NO Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Continue to check encrypted data: YES Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: TELNET CONFIG: Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Ports: 23 Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Are You There Threshold: 20 Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Normalize: YES Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Detect Anomalies: YES Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: FTP CONFIG: Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: FTP Server: default Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Ports (PAF): 21 2100 3535 Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Check for Telnet Cmds: YES alert: YES Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Ignore Telnet Cmd Operations: YES alert: YES Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Ignore open data channels: NO Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: FTP Client: default Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Check for Bounce Attacks: YES alert: YES Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Check for Telnet Cmds: YES alert: YES Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Ignore Telnet Cmd Operations: YES alert: YES Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Max Response Length: 256 Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: SSH config: Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Autodetection: ENABLED Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Challenge-Response Overflow Alert: ENABLED Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: SSH1 CRC32 Alert: ENABLED Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Server Version String Overflow Alert: ENABLED Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Protocol Mismatch Alert: ENABLED Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Bad Message Direction Alert: DISABLED Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Bad Payload Size Alert: DISABLED Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Unrecognized Version Alert: DISABLED Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Max Encrypted Packets: 20 Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Max Server Version String Length: 100 Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: MaxClientBytes: 19600 (Default) Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Ports: Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: 22 Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: DCE/RPC 2 Preprocessor Configuration Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Global Configuration Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: DCE/RPC Defragmentation: Enabled Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Memcap: 102400 KB Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Events: co Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: SMB Fingerprint policy: Disabled Sun Feb 28 23:14:00 2016 daemon.notice snort[3451]: Server Default Configuration Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: Policy: WinXP Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: Detect ports (PAF) Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: SMB: 139 445 Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: TCP: 135 Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: UDP: 135 Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: RPC over HTTP server: 593 Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: RPC over HTTP proxy: None Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: Autodetect ports (PAF) Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: SMB: None Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: TCP: 1025-65535 Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: UDP: 1025-65535 Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: RPC over HTTP server: 1025-65535 Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: RPC over HTTP proxy: None Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: Invalid SMB shares: C$ D$ ADMIN$ Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: Maximum SMB command chaining: 3 commands Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: SMB file inspection: Disabled Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: DNS config: Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: DNS Client rdata txt Overflow Alert: ACTIVE Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: Obsolete DNS RR Types Alert: INACTIVE Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: Experimental DNS RR Types Alert: INACTIVE Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: Ports: Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: 53 Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: SSLPP config: Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: Encrypted packets: not inspected Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: Ports: Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: 443 465 563 636 989 Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: 992 993 994 995 7801 Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: 7802 7900 7901 7902 7903 Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: 7904 7905 7906 7907 7908 Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: 7909 7910 7911 7912 7913 Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: 7914 7915 7916 7917 7918 Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: 7919 7920 Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: Server side data is trusted Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: Maximum SSL Heartbeat length: 0 Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: Sensitive Data preprocessor config: Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: Global Alert Threshold: 25 Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: Masked Output: DISABLED Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: SIP config: Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: Max number of sessions: 1024 Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: Max number of dialogs in a session: 4 (Default) Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: Status: ENABLED Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: Ignore media channel: DISABLED Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: Max URI length: 512 Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: Max Call ID length: 80 Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: Max Request name length: 20 (Default) Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: Max From length: 256 (Default) Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: Max To length: 256 (Default) Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: Max Via length: 1024 (Default) Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: Max Contact length: 512 Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: Max Content length: 2048 Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: Ports: Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: 5060 Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: 5061 Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: 5600 Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: Methods: Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: invite Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: cancel Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: ack Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: bye Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: register Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: options Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: refer Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: subscribe Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: update Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: join Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: info Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: message Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: notify Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: benotify Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: do Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: qauth Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: sprack Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: publish Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: service Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: unsubscribe Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: prack Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: +++++++++++++++++++++++++++++++++++++++++++++++++++ Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: Initializing rule chains... Sun Feb 28 23:14:01 2016 daemon.notice snort[3451]: WARNING: /etc/snort/rules/snort.rules(1218) threshold (in rule) is deprecated; use detection_filter instead. Sun Feb 28 23:14:03 2016 daemon.notice netifd: Interface 'blockdomain' is now down Sun Feb 28 23:14:03 2016 daemon.notice netifd: Interface 'loopback' is now down Sun Feb 28 23:14:03 2016 daemon.notice netifd: Interface 'loopback' is disabled Sun Feb 28 23:14:03 2016 daemon.notice netifd: Network device 'lo' link is down Sun Feb 28 23:14:03 2016 daemon.notice netifd: Interface 'loopback' has link connectivity loss Sun Feb 28 23:14:03 2016 daemon.notice netifd: Interface 'wan' is now down Sun Feb 28 23:14:03 2016 kern.notice kernel: [ 65.254179] eth0: Link down Sun Feb 28 23:14:03 2016 daemon.notice netifd: Interface 'wan' is disabled Sun Feb 28 23:14:03 2016 daemon.notice netifd: lan (3353): Received SIGTERM Sun Feb 28 23:14:03 2016 daemon.notice netifd: Interface 'lan' is now down Sun Feb 28 23:14:03 2016 kern.info kernel: [ 65.281843] br-lan: port 1(eth1) entered disabled state Sun Feb 28 23:14:03 2016 kern.info kernel: [ 65.283161] device eth1 left promiscuous mode Sun Feb 28 23:14:03 2016 kern.info kernel: [ 65.283182] br-lan: port 1(eth1) entered disabled state Sun Feb 28 23:14:03 2016 kern.notice kernel: [ 65.303161] eth1: Link down Sun Feb 28 23:14:03 2016 kern.info kernel: [ 65.304050] IPv6: ADDRCONF(NETDEV_UP): eth1: link is not ready Sun Feb 28 23:14:03 2016 daemon.notice netifd: Interface 'lan' is disabled Sun Feb 28 23:14:03 2016 daemon.notice netifd: Interface 'blockdomain' is disabled Sun Feb 28 23:14:03 2016 daemon.notice netifd: Interface 'wan6' is now down Sun Feb 28 23:14:03 2016 kern.notice kernel: [ 65.394884] eth2: Link down Sun Feb 28 23:14:03 2016 daemon.notice netifd: Interface 'wan6' is disabled Sun Feb 28 23:14:03 2016 daemon.notice netifd: Network device 'eth0' link is down Sun Feb 28 23:14:03 2016 daemon.notice netifd: Interface 'wan' has link connectivity loss Sun Feb 28 23:14:03 2016 daemon.notice netifd: Network device 'eth1' link is down Sun Feb 28 23:14:03 2016 daemon.notice netifd: Bridge 'br-lan' link is down Sun Feb 28 23:14:03 2016 daemon.notice netifd: Interface 'lan' has link connectivity loss Sun Feb 28 23:14:03 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity loss Sun Feb 28 23:14:03 2016 daemon.notice netifd: Network device 'eth2' link is down Sun Feb 28 23:14:03 2016 daemon.notice netifd: Interface 'wan6' has link connectivity loss Sun Feb 28 23:14:03 2016 user.notice firewall: Reloading firewall due to ifup of wan (eth0) Sun Feb 28 23:14:04 2016 daemon.crit dnsmasq[3516]: bad address at line 114069 of /etc/ITUS_DNS.txt Sun Feb 28 23:14:04 2016 daemon.crit dnsmasq[3516]: FAILED to start up Sun Feb 28 23:14:05 2016 daemon.warn netifd: You have delegated IPv6-prefixes but haven't assigned them to any interface. Did you forget to set option ip6assign on your lan-interfaces? Sun Feb 28 23:14:05 2016 daemon.notice netifd: Interface 'lan' is enabled Sun Feb 28 23:14:05 2016 kern.notice kernel: [ 66.986187] eth1: 1000 Mbps Full duplex, port 1 Sun Feb 28 23:14:05 2016 kern.info kernel: [ 66.987074] device eth1 entered promiscuous mode Sun Feb 28 23:14:05 2016 kern.info kernel: [ 66.989050] br-lan: port 1(eth1) entered forwarding state Sun Feb 28 23:14:05 2016 kern.info kernel: [ 66.989083] br-lan: port 1(eth1) entered forwarding state Sun Feb 28 23:14:05 2016 daemon.notice netifd: Interface 'loopback' is enabled Sun Feb 28 23:14:05 2016 daemon.notice netifd: Interface 'loopback' is setting up now Sun Feb 28 23:14:05 2016 daemon.notice netifd: Interface 'loopback' is now up Sun Feb 28 23:14:05 2016 daemon.notice netifd: Interface 'wan' is enabled Sun Feb 28 23:14:05 2016 kern.notice kernel: [ 67.035821] eth0: 1000 Mbps Full duplex, port 0 Sun Feb 28 23:14:05 2016 kern.notice kernel: [ 67.057355] eth2: 1000 Mbps Full duplex, port 2 Sun Feb 28 23:14:05 2016 daemon.notice netifd: Interface 'wan6' is enabled Sun Feb 28 23:14:05 2016 daemon.notice netifd: Bridge 'br-lan' link is up Sun Feb 28 23:14:05 2016 daemon.notice netifd: Interface 'lan' has link connectivity Sun Feb 28 23:14:05 2016 daemon.notice netifd: Interface 'lan' is setting up now Sun Feb 28 23:14:05 2016 daemon.notice netifd: Network device 'eth1' link is up Sun Feb 28 23:14:05 2016 daemon.notice netifd: Network device 'lo' link is up Sun Feb 28 23:14:05 2016 daemon.notice netifd: Interface 'loopback' has link connectivity Sun Feb 28 23:14:05 2016 daemon.notice netifd: Network device 'eth0' link is up Sun Feb 28 23:14:05 2016 daemon.notice netifd: Interface 'wan' has link connectivity Sun Feb 28 23:14:05 2016 daemon.notice netifd: Interface 'wan' is setting up now Sun Feb 28 23:14:05 2016 daemon.notice netifd: Interface 'wan' is now up Sun Feb 28 23:14:05 2016 daemon.notice netifd: Network device 'eth2' link is up Sun Feb 28 23:14:05 2016 daemon.notice netifd: Interface 'wan6' has link connectivity Sun Feb 28 23:14:05 2016 daemon.notice netifd: Interface 'wan6' is setting up now Sun Feb 28 23:14:05 2016 daemon.notice netifd: Interface 'wan6' is now up Sun Feb 28 23:14:05 2016 daemon.notice netifd: lan (3732): udhcpc (v1.23.2) started Sun Feb 28 23:14:05 2016 daemon.notice netifd: lan (3732): Sending discover... Sun Feb 28 23:14:05 2016 daemon.notice netifd: lan (3732): Performing a DHCP renew Sun Feb 28 23:14:05 2016 daemon.notice netifd: lan (3732): Sending discover... Sun Feb 28 23:14:05 2016 daemon.notice netifd: lan (3732): Sending select for 192.168.1.59... Sun Feb 28 23:14:05 2016 daemon.notice netifd: lan (3732): Lease of 192.168.1.59 obtained, lease time 86400 Sun Feb 28 23:14:05 2016 daemon.notice netifd: Interface 'lan' is now up Sun Feb 28 23:14:06 2016 kern.notice kernel: [ 68.054129] eth2: Link down Sun Feb 28 23:14:06 2016 daemon.info dnsmasq[3814]: started, version 2.73rc7 cachesize 150 Sun Feb 28 23:14:06 2016 daemon.info dnsmasq[3814]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-DNSSEC loop-detect inotify Sun Feb 28 23:14:06 2016 daemon.info dnsmasq[3814]: DNS service limited to local subnets Sun Feb 28 23:14:06 2016 daemon.info dnsmasq[3814]: using local addresses only for domain lan Sun Feb 28 23:14:06 2016 daemon.info dnsmasq[3814]: reading /tmp/resolv.conf.auto Sun Feb 28 23:14:06 2016 daemon.info dnsmasq[3814]: using local addresses only for domain lan Sun Feb 28 23:14:06 2016 daemon.info dnsmasq[3814]: using nameserver 192.168.1.1#53 Sun Feb 28 23:14:06 2016 daemon.info dnsmasq[3814]: read /etc/hosts - 1 addresses Sun Feb 28 23:14:06 2016 daemon.info dnsmasq[3814]: read /tmp/hosts/dhcp - 0 addresses Sun Feb 28 23:14:06 2016 user.notice ddns-scripts[3848]: myddns_ipv4: PID '3848' started at 2016-02-28 23:14 Sun Feb 28 23:14:07 2016 user.warn ddns-scripts[3848]: myddns_ipv4: Service section disabled! - TERMINATE Sun Feb 28 23:14:07 2016 user.warn ddns-scripts[3848]: myddns_ipv4: PID '3848' exit WITH ERROR '1' at 2016-02-28 23:14 Sun Feb 28 23:14:07 2016 kern.info kernel: [ 68.984301] br-lan: port 1(eth1) entered forwarding state Sun Feb 28 23:14:08 2016 user.notice firewall: Reloading firewall due to ifup of wan (eth0) Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Enabling inline operation Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Found pid path directive (/var/snort/) Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Running in IDS mode Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: --== Initializing Snort ==-- Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Initializing Output Plugins! Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Initializing Preprocessors! Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Initializing Plug-ins! Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Parsing Rules file "/etc/snort/snort_bridge.conf" Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: PortVar 'HTTP_PORTS' defined : Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: [ 36 80:90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 33300 34412 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: PortVar 'SHELLCODE_PORTS' defined : Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: [ 1:65535 ] Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: PortVar 'ORACLE_PORTS' defined : Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: [ 1024:65535 ] Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: PortVar 'SSH_PORTS' defined : Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: [ 22 ] Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: PortVar 'FTP_PORTS' defined : Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: [ 21 2100 3535 ] Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: PortVar 'SIP_PORTS' defined : Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: [ 5060:5061 5600 ] Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: PortVar 'FILE_DATA_PORTS' defined : Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: [ 36 80:90 110 143 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 3330Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: PortVar 'GTP_PORTS' defined : Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: [ 2123 2152 3386 ] Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Detection: Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Search-Method = AC-Full Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Search-Method-Optimizations = enabled Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Maximum pattern length = 20 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Found pid path directive (/var/snort/) Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Tagged Packet Limit: 256 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so... Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: done Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/... Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_pop_preproc.so... Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: done Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so... Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: done Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so... Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: done Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so... Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: done Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_gtp_preproc.so... Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: done Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sip_preproc.so... Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: done Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_reputation_preproc.so... Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: done Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so... Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: done Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so... Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: done Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so... Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: done Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: done Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_imap_preproc.so... Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: done Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_modbus_preproc.so... Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: done Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dnp3_preproc.so... Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: done Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/ Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Log directory = /tmp/snort/ Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Normalizer config: Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: ip4: on Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: ip4::df: off Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: ip4::rf: off Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: ip4::tos: off Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: ip4::trim: off Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: ip4::ttl: on (min=1, new=5) Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Normalizer config: Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: tcp: on Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: tcp::ecn: stream Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: tcp::block: off Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: tcp::rsv: off Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: tcp::pad: off Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: tcp::req_urg: off Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: tcp::req_pay: off Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: tcp::req_urp: off Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: tcp::urp: off Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: tcp::opt: off Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: tcp::ips: on Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: tcp::trim_syn: off Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: tcp::trim_rst: off Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: tcp::trim_win: off Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: tcp::trim_mss: off Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Normalizer config: Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: icmp4: on Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Normalizer config: Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: ip6: on Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: ip6::hops: on (min=1, new=5) Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Normalizer config: Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: icmp6: on Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Frag3 global config: Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Max frags: 65536 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Fragment memory cap: 4194304 bytes Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Frag3 engine config: Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Bound Address: default Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Target-based policy: WINDOWS Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Fragment timeout: 180 seconds Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Fragment min_ttl: 1 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Fragment Anomalies: Alert Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Overlap Limit: 10 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Min fragment Length: 100 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Max Expected Streams: 39 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Stream global config: Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Track TCP sessions: ACTIVE Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Max TCP sessions: 10000 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: TCP cache pruning timeout: 30 seconds Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: TCP cache nominal timeout: 3600 seconds Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Memcap (for reassembly packet storage): 8388608 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Track UDP sessions: ACTIVE Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Max UDP sessions: 10000 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: UDP cache pruning timeout: 30 seconds Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: UDP cache nominal timeout: 180 seconds Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Track ICMP sessions: ACTIVE Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Max ICMP sessions: 65536 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Track IP sessions: INACTIVE Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Log info if session memory consumption exceeds 1048576 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Send up to 2 active responses Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Wait at least 5 seconds between responses Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Protocol Aware Flushing: ACTIVE Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Maximum Flush Point: 16000 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Stream TCP Policy config: Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Bound Address: default Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Reassembly Policy: WINDOWS Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Timeout: 180 seconds Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Limit on TCP Overlaps: 10 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Maximum number of bytes to queue per session: 1048576 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Maximum number of segs to queue per session: 2621 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Options: Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Require 3-Way Handshake: YES Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: 3-Way Handshake Timeout: 180 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Detect Anomalies: YES Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Reassembly Ports: Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: 21 client (Footprint-IPS) Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: 22 client (Footprint-IPS) Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: 23 client (Footprint-IPS) Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: 25 client (Footprint-IPS) Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: 36 client (Footprint-IPS) server (Footprint-IPS) Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: 42 client (Footprint-IPS) Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: 53 client (Footprint-IPS) Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: 70 client (Footprint-IPS) Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: 79 client (Footprint-IPS) Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: 80 client (Footprint-IPS) server (Footprint-IPS) Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: 81 client (Footprint-IPS) server (Footprint-IPS) Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: 82 client (Footprint-IPS) server (Footprint-IPS) Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: 83 client (Footprint-IPS) server (Footprint-IPS) Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: 84 client (Footprint-IPS) server (Footprint-IPS) Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: 85 client (Footprint-IPS) server (Footprint-IPS) Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: 86 client (Footprint-IPS) server (Footprint-IPS) Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: 87 client (Footprint-IPS) server (Footprint-IPS) Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: 88 client (Footprint-IPS) server (Footprint-IPS) Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: 89 client (Footprint-IPS) server (Footprint-IPS) Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: 90 client (Footprint-IPS) server (Footprint-IPS) Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: additional ports configured but not printed. Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Stream UDP Policy config: Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Timeout: 180 seconds Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: HttpInspect Config: Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: GLOBAL CONFIG Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Detect Proxy Usage: NO Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: IIS Unicode Map Filename: /etc/snort/unicode.map Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: IIS Unicode Map Codepage: 1252 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Memcap used for logging URI and Hostname: 150994944 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Max Gzip Memory: 838860 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Max Gzip Sessions: 1807 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Gzip Compress Depth: 65535 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Gzip Decompress Depth: 65535 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: DEFAULT SERVER CONFIG: Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Server profile: All Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Ports (PAF): 36 80 81 82 83 84 85 86 87 88 89 90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000 7001 7071 7144 7145 7510 7770 7777 7778 7779 8000 8008 8014 8028 8080 8081 8082 8085 8088 8090 8118 8123 8180 8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090 9091 9111 9290 9443 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Server Flow Depth: 0 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Client Flow Depth: 0 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Max Chunk Length: 500000 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Small Chunk Length Evasion: chunk size <= 10, threshold >= 5 times Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Max Header Field Length: 750 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Max Number Header Fields: 100 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Max Number of WhiteSpaces allowed with header folding: 200 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Inspect Pipeline Requests: YES Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: URI Discovery Strict Mode: NO Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Allow Proxy Usage: NO Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Disable Alerting: NO Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Oversize Dir Length: 500 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Only inspect URI: NO Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Normalize HTTP Headers: NO Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Inspect HTTP Cookies: YES Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Inspect HTTP Responses: YES Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Extract Gzip from responses: YES Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Decompress response files: Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Unlimited decompression of gzip data from responses: YES Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Normalize Javascripts in HTTP Responses: YES Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Max Number of WhiteSpaces allowed with Javascript Obfuscation in HTTP responses: 200 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Normalize HTTP Cookies: NO Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Enable XFF and True Client IP: NO Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Log HTTP URI data: NO Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Log HTTP Hostname data: NO Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Extended ASCII code support in URI: NO Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Ascii: YES alert: NO Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Double Decoding: YES alert: NO Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: %U Encoding: YES alert: YES Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Bare Byte: YES alert: NO Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: UTF 8: YES alert: NO Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: IIS Unicode: YES alert: NO Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Multiple Slash: YES alert: NO Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: IIS Backslash: YES alert: NO Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Directory Traversal: YES alert: NO Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Web Root Traversal: YES alert: NO Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Apache WhiteSpace: YES alert: NO Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: IIS Delimiter: YES alert: NO Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Whitespace Characters: 0x09 0x0b 0x0c 0x0d Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: rpc_decode arguments: Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: alert_fragments: INACTIVE Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: alert_large_fragments: INACTIVE Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: alert_incomplete: INACTIVE Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: alert_multiple_requests: INACTIVE Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Portscan Detection Config: Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Detect Protocols: TCP UDP ICMP IP Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Detect Scan Type: portscan portsweep decoy_portscan distributed_portscan Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Sensitivity Level: Medium Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Memcap (in bytes): 500000 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Number of Nodes: 978 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: FTPTelnet Config: Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: GLOBAL CONFIG Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Inspection Type: stateful Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Check for Encrypted Traffic: YES alert: NO Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Continue to check encrypted data: YES Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: TELNET CONFIG: Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Ports: 23 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Are You There Threshold: 20 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Normalize: YES Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Detect Anomalies: YES Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: FTP CONFIG: Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: FTP Server: default Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Ports (PAF): 21 2100 3535 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Check for Telnet Cmds: YES alert: YES Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Ignore Telnet Cmd Operations: YES alert: YES Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Ignore open data channels: NO Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: FTP Client: default Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Check for Bounce Attacks: YES alert: YES Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Check for Telnet Cmds: YES alert: YES Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Ignore Telnet Cmd Operations: YES alert: YES Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Max Response Length: 256 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: SSH config: Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Autodetection: ENABLED Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Challenge-Response Overflow Alert: ENABLED Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: SSH1 CRC32 Alert: ENABLED Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Server Version String Overflow Alert: ENABLED Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Protocol Mismatch Alert: ENABLED Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Bad Message Direction Alert: DISABLED Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Bad Payload Size Alert: DISABLED Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Unrecognized Version Alert: DISABLED Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Max Encrypted Packets: 20 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Max Server Version String Length: 100 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: MaxClientBytes: 19600 (Default) Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Ports: Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: 22 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: DCE/RPC 2 Preprocessor Configuration Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Global Configuration Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: DCE/RPC Defragmentation: Enabled Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Memcap: 102400 KB Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Events: co Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: SMB Fingerprint policy: Disabled Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Server Default Configuration Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Policy: WinXP Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Detect ports (PAF) Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: SMB: 139 445 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: TCP: 135 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: UDP: 135 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: RPC over HTTP server: 593 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: RPC over HTTP proxy: None Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Autodetect ports (PAF) Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: SMB: None Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: TCP: 1025-65535 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: UDP: 1025-65535 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: RPC over HTTP server: 1025-65535 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: RPC over HTTP proxy: None Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Invalid SMB shares: C$ D$ ADMIN$ Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Maximum SMB command chaining: 3 commands Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: SMB file inspection: Disabled Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: DNS config: Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: DNS Client rdata txt Overflow Alert: ACTIVE Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Obsolete DNS RR Types Alert: INACTIVE Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Experimental DNS RR Types Alert: INACTIVE Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Ports: Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: 53 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: SSLPP config: Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Encrypted packets: not inspected Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Ports: Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: 443 465 563 636 989 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: 992 993 994 995 7801 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: 7802 7900 7901 7902 7903 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: 7904 7905 7906 7907 7908 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: 7909 7910 7911 7912 7913 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: 7914 7915 7916 7917 7918 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: 7919 7920 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Server side data is trusted Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Maximum SSL Heartbeat length: 0 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Sensitive Data preprocessor config: Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Global Alert Threshold: 25 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Masked Output: DISABLED Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: SIP config: Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Max number of sessions: 1024 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Max number of dialogs in a session: 4 (Default) Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Status: ENABLED Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Ignore media channel: DISABLED Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Max URI length: 512 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Max Call ID length: 80 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Max Request name length: 20 (Default) Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Max From length: 256 (Default) Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Max To length: 256 (Default) Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Max Via length: 1024 (Default) Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Max Contact length: 512 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Max Content length: 2048 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Ports: Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: 5060 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: 5061 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: 5600 Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Methods: Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: invite Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: cancel Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: ack Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: bye Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: register Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: options Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: refer Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: subscribe Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: update Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: join Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: info Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: message Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: notify Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: benotify Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: do Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: qauth Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: sprack Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: publish Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: service Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: unsubscribe Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: prack Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: +++++++++++++++++++++++++++++++++++++++++++++++++++ Sun Feb 28 23:14:11 2016 daemon.notice snort[4066]: Initializing rule chains... Sun Feb 28 23:14:11 2016 user.notice ddns-scripts[4109]: myddns_ipv4: PID '4109' started at 2016-02-28 23:14 Sun Feb 28 23:14:11 2016 user.notice firewall: Reloading firewall due to ifup of wan6 (eth2) Sun Feb 28 23:14:12 2016 user.warn ddns-scripts[4109]: myddns_ipv4: Service section disabled! - TERMINATE Sun Feb 28 23:14:12 2016 user.warn ddns-scripts[4109]: myddns_ipv4: PID '4109' exit WITH ERROR '1' at 2016-02-28 23:14 Sun Feb 28 23:14:12 2016 daemon.notice snort[4066]: WARNING: /etc/snort/rules/snort.rules(1218) threshold (in rule) is deprecated; use detection_filter instead. Sun Feb 28 23:14:15 2016 user.notice ddns-scripts[4285]: myddns_ipv6: PID '4285' started at 2016-02-28 23:14 Sun Feb 28 23:14:15 2016 user.notice firewall: Reloading firewall due to ifup of lan (br-lan) Sun Feb 28 23:14:15 2016 user.warn ddns-scripts[4285]: myddns_ipv6: Service section disabled! - TERMINATE Sun Feb 28 23:14:15 2016 user.warn ddns-scripts[4285]: myddns_ipv6: PID '4285' exit WITH ERROR '1' at 2016-02-28 23:14 Sun Feb 28 23:14:16 2016 user.emerg procd: Cannot change large-receive-offload Sun Feb 28 23:14:17 2016 kern.notice kernel: [ 79.054086] eth0: Link down Sun Feb 28 23:14:18 2016 daemon.notice netifd: Network device 'eth0' link is down Sun Feb 28 23:14:18 2016 daemon.notice netifd: Interface 'wan' has link connectivity loss Sun Feb 28 23:14:18 2016 daemon.notice netifd: Interface 'wan' is now down Sun Feb 28 23:14:18 2016 daemon.notice netifd: Interface 'wan' is disabled Sun Feb 28 23:14:18 2016 daemon.notice netifd: Interface 'wan' is enabled Sun Feb 28 23:14:18 2016 kern.info kernel: [ 80.067354] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready Sun Feb 28 23:14:19 2016 user.emerg procd: Cannot change large-receive-offload Sun Feb 28 23:14:20 2016 kern.notice kernel: [ 82.014029] eth1: Link down Sun Feb 28 23:14:21 2016 daemon.notice snort[4066]: 13285 Snort rules read Sun Feb 28 23:14:21 2016 daemon.notice snort[4066]: 13285 detection rules Sun Feb 28 23:14:21 2016 daemon.notice snort[4066]: 0 decoder rules Sun Feb 28 23:14:21 2016 daemon.notice snort[4066]: 0 preprocessor rules Sun Feb 28 23:14:21 2016 daemon.notice snort[4066]: 13285 Option Chains linked into 252 Chain Headers Sun Feb 28 23:14:21 2016 daemon.notice snort[4066]: 0 Dynamic rules Sun Feb 28 23:14:21 2016 daemon.notice snort[4066]: +++++++++++++++++++++++++++++++++++++++++++++++++++ Sun Feb 28 23:14:21 2016 daemon.notice snort[4066]: Sun Feb 28 23:14:21 2016 daemon.notice netifd: Network device 'eth1' link is down Sun Feb 28 23:14:21 2016 kern.info kernel: [ 83.004476] br-lan: port 1(eth1) entered disabled state Sun Feb 28 23:14:21 2016 daemon.notice netifd: Network device 'eth0' link is up Sun Feb 28 23:14:21 2016 daemon.notice netifd: Interface 'wan' has link connectivity Sun Feb 28 23:14:21 2016 daemon.notice netifd: Interface 'wan' is setting up now Sun Feb 28 23:14:21 2016 kern.notice kernel: [ 83.094405] eth0: 1000 Mbps Full duplex, port 0 Sun Feb 28 23:14:21 2016 kern.info kernel: [ 83.094571] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready Sun Feb 28 23:14:21 2016 daemon.notice netifd: Interface 'wan' is now up Sun Feb 28 23:14:21 2016 user.notice firewall: Reloading firewall due to ifup of wan (eth0) Sun Feb 28 23:14:22 2016 daemon.notice netifd: Bridge 'br-lan' link is down Sun Feb 28 23:14:22 2016 daemon.notice netifd: Interface 'lan' has link connectivity loss Sun Feb 28 23:14:22 2016 user.emerg procd: Cannot change large-receive-offload Sun Feb 28 23:14:22 2016 daemon.notice netifd: lan (3732): Received SIGTERM Sun Feb 28 23:14:24 2016 daemon.notice netifd: Network device 'eth1' link is up Sun Feb 28 23:14:24 2016 daemon.notice netifd: Bridge 'br-lan' link is up Sun Feb 28 23:14:24 2016 daemon.notice netifd: Interface 'lan' has link connectivity Sun Feb 28 23:14:24 2016 daemon.notice netifd: Interface 'lan' is setting up now Sun Feb 28 23:14:24 2016 kern.notice kernel: [ 86.024373] eth1: 1000 Mbps Full duplex, port 1 Sun Feb 28 23:14:24 2016 kern.info kernel: [ 86.024438] br-lan: port 1(eth1) entered forwarding state Sun Feb 28 23:14:24 2016 kern.info kernel: [ 86.024474] br-lan: port 1(eth1) entered forwarding state Sun Feb 28 23:14:24 2016 daemon.notice netifd: lan (4619): udhcpc (v1.23.2) started Sun Feb 28 23:14:24 2016 daemon.notice netifd: lan (4619): Sending discover... Sun Feb 28 23:14:24 2016 daemon.notice netifd: lan (4619): Sending select for 192.168.1.59... Sun Feb 28 23:14:24 2016 daemon.notice netifd: lan (4619): Lease of 192.168.1.59 obtained, lease time 86400 Sun Feb 28 23:14:24 2016 daemon.warn dnsmasq[3814]: no servers found in /tmp/resolv.conf.auto, will retry Sun Feb 28 23:14:24 2016 daemon.notice netifd: Interface 'lan' is now up Sun Feb 28 23:14:24 2016 daemon.info dnsmasq[3814]: reading /tmp/resolv.conf.auto Sun Feb 28 23:14:24 2016 daemon.info dnsmasq[3814]: using local addresses only for domain lan Sun Feb 28 23:14:24 2016 daemon.info dnsmasq[3814]: using nameserver 192.168.1.1#53 Sun Feb 28 23:14:24 2016 user.notice ddns-scripts[4668]: myddns_ipv4: PID '4668' started at 2016-02-28 23:14 Sun Feb 28 23:14:24 2016 user.notice firewall: Reloading firewall due to ifup of lan (br-lan) Sun Feb 28 23:14:25 2016 user.warn ddns-scripts[4668]: myddns_ipv4: Service section disabled! - TERMINATE Sun Feb 28 23:14:25 2016 user.warn ddns-scripts[4668]: myddns_ipv4: PID '4668' exit WITH ERROR '1' at 2016-02-28 23:14 Sun Feb 28 23:14:25 2016 daemon.notice netifd: Network device 'eth2' link is down Sun Feb 28 23:14:25 2016 daemon.notice netifd: Interface 'wan6' has link connectivity loss Sun Feb 28 23:14:25 2016 daemon.notice netifd: Interface 'wan6' is now down Sun Feb 28 23:14:25 2016 daemon.notice netifd: Interface 'wan6' is disabled Sun Feb 28 23:14:25 2016 daemon.notice netifd: Interface 'wan6' is enabled Sun Feb 28 23:14:25 2016 kern.info kernel: [ 87.048897] IPv6: ADDRCONF(NETDEV_UP): eth2: link is not ready Sun Feb 28 23:14:26 2016 kern.info kernel: [ 88.024294] br-lan: port 1(eth1) entered forwarding state Sun Feb 28 23:14:26 2016 daemon.notice vnstatd[4819]: vnStat daemon 1.12 started. (uid:0 gid:0) Sun Feb 28 23:14:26 2016 daemon.notice vnstatd[4819]: Monitoring: br-lan (100 Mbit) eth0 (100 Mbit) Sun Feb 28 23:14:26 2016 user.emerg procd: Stopping strongSwan IPsec failed: starter is not running Sun Feb 28 23:14:27 2016 daemon.notice netifd: Network device 'eth2' link is up Sun Feb 28 23:14:27 2016 daemon.notice netifd: Interface 'wan6' has link connectivity Sun Feb 28 23:14:27 2016 daemon.notice netifd: Interface 'wan6' is setting up now Sun Feb 28 23:14:27 2016 kern.notice kernel: [ 89.064370] eth2: 1000 Mbps Full duplex, port 2 Sun Feb 28 23:14:27 2016 kern.info kernel: [ 89.064427] IPv6: ADDRCONF(NETDEV_CHANGE): eth2: link becomes ready Sun Feb 28 23:14:27 2016 daemon.notice netifd: Interface 'wan6' is now up Sun Feb 28 23:14:28 2016 daemon.info dnsmasq[3814]: exiting on receipt of SIGTERM Sun Feb 28 23:14:28 2016 user.emerg procd: uci: Entry not found Sun Feb 28 23:14:28 2016 user.emerg procd: sh: 192.168.1.112: unknown operand Sun Feb 28 23:14:28 2016 user.notice firewall: Reloading firewall due to ifup of wan6 (eth2) Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: +-------------------[Rule Port Counts]--------------------------------------- Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | tcp udp icmp ip Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | src 1980 40 0 0 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | dst 10553 492 0 0 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | any 206 16 0 0 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | nc 7 1 0 0 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | s+d 46 15 0 0 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: +---------------------------------------------------------------------------- Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: +-----------------------[detection-filter-config]------------------------------ Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | memory-cap : 1048576 bytes Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: +-----------------------[detection-filter-rules]------------------------------- Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: ------------------------------------------------------------------------------- Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: +-----------------------[rate-filter-config]----------------------------------- Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | memory-cap : 1048576 bytes Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: +-----------------------[rate-filter-rules]------------------------------------ Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | none Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: ------------------------------------------------------------------------------- Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: +-----------------------[event-filter-config]---------------------------------- Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | memory-cap : 1048576 bytes Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: +-----------------------[event-filter-global]---------------------------------- Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | none Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: +-----------------------[event-filter-local]----------------------------------- Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2019609 type=Both tracking=src count=50 seconds=10 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2019692 type=Both tracking=src count=12 seconds=120 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008043 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008048 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2019749 type=Limit tracking=src count=1 seconds=600 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2019748 type=Limit tracking=src count=1 seconds=600 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2019778 type=Both tracking=dst count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2010487 type=Limit tracking=src count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2010486 type=Limit tracking=src count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2018666 type=Both tracking=dst count=12 seconds=120 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2009355 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2009356 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2018755 type=Both tracking=src count=5 seconds=120 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2009481 type=Threshold tracking=dst count=20 seconds=40 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2009480 type=Limit tracking=dst count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2021125 type=Limit tracking=dst count=1 seconds=1200 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2021124 type=Limit tracking=dst count=1 seconds=1200 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2003566 type=Limit tracking=src count=3 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2009512 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2003583 type=Limit tracking=src count=3 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2003586 type=Limit tracking=src count=3 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2003585 type=Limit tracking=src count=3 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2009534 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2009537 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2009538 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2009544 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2009547 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2021171 type=Both tracking=src count=10 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2011915 type=Limit tracking=src count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2021170 type=Both tracking=src count=10 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2011914 type=Limit tracking=src count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2021172 type=Both tracking=dst count=10 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2003622 type=Limit tracking=src count=3 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2003657 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2011975 type=Limit tracking=src count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2011974 type=Limit tracking=src count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2021260 type=Limit tracking=src count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2017918 type=Both tracking=dst count=2 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2017920 type=Both tracking=src count=2 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2017919 type=Both tracking=dst count=2 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2017921 type=Both tracking=src count=2 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008578 type=Limit tracking=src count=1 seconds=10 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008577 type=Threshold tracking=dst count=5 seconds=15 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008579 type=Threshold tracking=dst count=20 seconds=15 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2021327 type=Both tracking=src count=10 seconds=120 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2021326 type=Limit tracking=src count=3 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2021329 type=Both tracking=src count=10 seconds=120 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2021328 type=Both tracking=src count=10 seconds=120 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2021331 type=Both tracking=src count=10 seconds=120 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2021330 type=Both tracking=src count=10 seconds=120 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2021333 type=Both tracking=src count=10 seconds=120 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2021332 type=Both tracking=src count=10 seconds=120 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008603 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008609 type=Threshold tracking=src count=3 seconds=10 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2017966 type=Both tracking=src count=1 seconds=120 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2017965 type=Both tracking=src count=1 seconds=120 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2017967 type=Both tracking=src count=2 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008643 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008658 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008657 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008663 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008734 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2013492 type=Both tracking=src count=2 seconds=120 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2019346 type=Both tracking=dst count=500 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2019348 type=Both tracking=dst count=500 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2019347 type=Both tracking=dst count=500 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2019350 type=Both tracking=dst count=500 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2019349 type=Both tracking=dst count=500 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2002842 type=Both tracking=src count=5 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2013547 type=Limit tracking=src count=1 seconds=600 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2019418 type=Both tracking=src count=50 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2001795 type=Limit tracking=src count=30 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2016016 type=Both tracking=dst count=5 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2001855 type=Limit tracking=src count=1 seconds=360 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2001858 type=Limit tracking=src count=1 seconds=360 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2016031 type=Limit tracking=src count=1 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2016030 type=Limit tracking=src count=1 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2016033 type=Limit tracking=src count=1 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2001864 type=Limit tracking=src count=1 seconds=360 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2001872 type=Limit tracking=src count=1 seconds=360 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2001906 type=Both tracking=src count=5 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2016101 type=Limit tracking=src count=1 seconds=120 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2018569 type=Limit tracking=src count=1 seconds=120 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2018568 type=Limit tracking=src count=1 seconds=120 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2000929 type=Limit tracking=src count=1 seconds=360 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2016212 type=Limit tracking=src count=1 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2004443 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2018607 type=Limit tracking=src count=1 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2011716 type=Limit tracking=src count=5 seconds=120 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2021018 type=Both tracking=dst count=10 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2011766 type=Limit tracking=src count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2011767 type=Limit tracking=src count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2003493 type=Limit tracking=src count=2 seconds=360 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2003497 type=Limit tracking=src count=3 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2011808 type=Limit tracking=src count=1 seconds=30 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2011809 type=Limit tracking=src count=1 seconds=30 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2000031 type=Limit tracking=dst count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008343 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008353 type=Limit tracking=src count=1 seconds=3600 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2000048 type=Limit tracking=dst count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008352 type=Limit tracking=src count=1 seconds=3600 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008355 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2000049 type=Limit tracking=dst count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008361 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008363 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2017721 type=Both tracking=src count=5 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2017722 type=Both tracking=src count=5 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008391 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008400 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2011887 type=Limit tracking=src count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008413 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008423 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008422 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008424 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008427 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008429 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008428 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008440 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008453 type=Threshold tracking=src count=5 seconds=30 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008455 type=Threshold tracking=src count=5 seconds=30 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008454 type=Threshold tracking=src count=5 seconds=30 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008460 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008463 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008464 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008488 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008495 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008494 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2014372 type=Both tracking=src count=2 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008504 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008510 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008513 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008512 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008514 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2020167 type=Both tracking=src count=1 seconds=10 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008544 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008549 type=Limit tracking=src count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008560 type=Threshold tracking=dst count=4 seconds=15 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008564 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008571 type=Threshold tracking=dst count=2 seconds=5 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2010953 type=Limit tracking=src count=10 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2002664 type=Limit tracking=src count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2020240 type=Limit tracking=src count=1 seconds=180 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2002677 type=Both tracking=src count=5 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2016867 type=Limit tracking=src count=1 seconds=600 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2011029 type=Limit tracking=src count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2011030 type=Limit tracking=src count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2016897 type=Limit tracking=src count=2 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2019230 type=Both tracking=src count=50 seconds=10 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2020305 type=Both tracking=src count=30 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2020306 type=Both tracking=dst count=30 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2007583 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2020323 type=Limit tracking=src count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2013416 type=Threshold tracking=dst count=10 seconds=20 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2020338 type=Limit tracking=src count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2006546 type=Both tracking=src count=5 seconds=30 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2021691 type=Limit tracking=src count=3 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2018316 type=Both tracking=dst count=12 seconds=120 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2015986 type=Both tracking=src count=100 seconds=1 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2018372 type=Limit tracking=src count=1 seconds=120 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2018374 type=Limit tracking=src count=1 seconds=120 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2018373 type=Limit tracking=src count=1 seconds=120 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2018382 type=Limit tracking=dst count=1 seconds=120 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2018383 type=Limit tracking=src count=1 seconds=120 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2018388 type=Limit tracking=src count=1 seconds=120 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2018389 type=Limit tracking=src count=1 seconds=120 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2018430 type=Limit tracking=src count=1 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2018432 type=Limit tracking=src count=1 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2018431 type=Limit tracking=src count=1 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2018433 type=Limit tracking=src count=1 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2018455 type=Limit tracking=src count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2009159 type=Limit tracking=src count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2003255 type=Both tracking=src count=1 seconds=900 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2003254 type=Both tracking=src count=1 seconds=900 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2003257 type=Both tracking=src count=2 seconds=900 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2003256 type=Both tracking=src count=2 seconds=900 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2003259 type=Both tracking=src count=1 seconds=900 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2003258 type=Both tracking=src count=1 seconds=900 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2003261 type=Both tracking=src count=1 seconds=900 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2003260 type=Both tracking=src count=1 seconds=900 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2003263 type=Both tracking=src count=1 seconds=900 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2003262 type=Both tracking=src count=1 seconds=900 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2003267 type=Both tracking=src count=1 seconds=900 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2003266 type=Both tracking=src count=1 seconds=900 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2003269 type=Both tracking=src count=1 seconds=900 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2003268 type=Both tracking=src count=1 seconds=900 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2003271 type=Both tracking=src count=1 seconds=900 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2003270 type=Both tracking=src count=1 seconds=900 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2003273 type=Both tracking=src count=1 seconds=900 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2003272 type=Both tracking=src count=1 seconds=900 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2003275 type=Both tracking=src count=1 seconds=900 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2003274 type=Both tracking=src count=1 seconds=900 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2003277 type=Both tracking=src count=1 seconds=900 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2003276 type=Both tracking=src count=1 seconds=900 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2003279 type=Both tracking=src count=1 seconds=900 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2003278 type=Both tracking=src count=1 seconds=900 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2003281 type=Both tracking=src count=1 seconds=900 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2003280 type=Both tracking=src count=1 seconds=900 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2003287 type=Both tracking=dst count=1 seconds=900 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2003286 type=Both tracking=dst count=1 seconds=900 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2014002 type=Limit tracking=src count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2014020 type=Both tracking=src count=5 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2003384 type=Limit tracking=src count=1 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2003387 type=Limit tracking=src count=5 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008181 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008184 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2003397 type=Both tracking=src count=1 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008199 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008208 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008209 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008211 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008214 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008216 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008215 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008228 type=Limit tracking=src count=3 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008231 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2014103 type=Both tracking=src count=15 seconds=30 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2019876 type=Limit tracking=src count=1 seconds=30 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008253 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008255 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2019882 type=Both tracking=src count=12 seconds=120 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008257 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2019884 type=Both tracking=src count=12 seconds=120 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2019883 type=Both tracking=src count=12 seconds=120 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008259 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2019886 type=Both tracking=src count=12 seconds=120 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008262 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2019885 type=Both tracking=src count=12 seconds=120 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2010642 type=Threshold tracking=src count=5 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2019888 type=Both tracking=src count=12 seconds=120 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008264 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2019887 type=Both tracking=src count=12 seconds=120 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008266 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2010643 type=Threshold tracking=src count=5 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2019889 type=Both tracking=src count=12 seconds=120 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2019897 type=Limit tracking=src count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2014141 type=Both tracking=src count=5 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2014140 type=Both tracking=src count=5 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008276 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2014153 type=Both tracking=src count=225 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2019922 type=Limit tracking=src count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2019950 type=Limit tracking=src count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2002383 type=Threshold tracking=dst count=5 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2010715 type=Limit tracking=src count=1 seconds=180 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2019963 type=Limit tracking=src count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2019966 type=Limit tracking=src count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2002400 type=Limit tracking=src count=2 seconds=360 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2002402 type=Limit tracking=src count=1 seconds=360 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2020022 type=Both tracking=src count=2 seconds=10 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2020069 type=Limit tracking=src count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2019102 type=Both tracking=src count=2 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2019166 type=Both tracking=src count=5 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2009867 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2019211 type=Both tracking=src count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2001562 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2001564 type=Limit tracking=src count=5 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2013385 type=Limit tracking=src count=1 seconds=360 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2018088 type=Limit tracking=src count=1 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2018090 type=Limit tracking=src count=1 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2018094 type=Limit tracking=src count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2012304 type=Limit tracking=src count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2012303 type=Limit tracking=src count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2012306 type=Limit tracking=dst count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2012305 type=Limit tracking=src count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2021572 type=Limit tracking=src count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2021574 type=Limit tracking=src count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2021573 type=Limit tracking=src count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2021575 type=Limit tracking=src count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008847 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2018208 type=Both tracking=src count=100 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008913 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008912 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008914 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008916 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008919 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2018277 type=Both tracking=src count=5 seconds=90 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2018292 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008941 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008956 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2014869 type=Limit tracking=src count=1 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2020631 type=Limit tracking=dst count=1 seconds=1200 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2020630 type=Limit tracking=dst count=1 seconds=1200 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2020633 type=Limit tracking=dst count=1 seconds=1200 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2020632 type=Limit tracking=dst count=1 seconds=1200 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2011403 type=Limit tracking=src count=5 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2011402 type=Limit tracking=src count=5 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2020659 type=Limit tracking=dst count=1 seconds=1200 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2020661 type=Limit tracking=dst count=1 seconds=1200 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2020660 type=Limit tracking=dst count=1 seconds=1200 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2020663 type=Limit tracking=dst count=1 seconds=1200 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2020662 type=Limit tracking=dst count=1 seconds=1200 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2020665 type=Limit tracking=dst count=1 seconds=1200 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2009040 type=Threshold tracking=src count=20 seconds=10 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2020664 type=Limit tracking=dst count=1 seconds=1200 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2020667 type=Limit tracking=dst count=1 seconds=1200 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2020666 type=Limit tracking=dst count=1 seconds=1200 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2020669 type=Limit tracking=dst count=1 seconds=1200 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2020668 type=Limit tracking=dst count=1 seconds=1200 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2020702 type=Both tracking=src count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2020712 type=Limit tracking=src count=2 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2020741 type=Both tracking=src count=3 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2011497 type=Limit tracking=src count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2020742 type=Both tracking=src count=3 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2003171 type=Limit tracking=src count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008073 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008084 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008085 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008096 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2011585 type=Limit tracking=src count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008098 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008097 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2020853 type=Limit tracking=src count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008147 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2010494 type=Threshold tracking=src count=5 seconds=120 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2010508 type=Limit tracking=src count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2010513 type=Threshold tracking=src count=10 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2013017 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2013036 type=Limit tracking=src count=1 seconds=3 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2001315 type=Limit tracking=src count=1 seconds=360 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2001316 type=Limit tracking=src count=1 seconds=360 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2018978 type=Both tracking=dst count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2018977 type=Both tracking=src count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2018984 type=Both tracking=src count=1 seconds=30 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2009646 type=Limit tracking=src count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2019010 type=Both tracking=src count=1 seconds=120 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2019012 type=Both tracking=src count=1 seconds=120 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2019011 type=Both tracking=src count=1 seconds=120 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2019014 type=Both tracking=src count=1 seconds=120 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2019013 type=Both tracking=src count=1 seconds=120 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2019016 type=Both tracking=dst count=2 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2019015 type=Both tracking=src count=1 seconds=120 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2019018 type=Both tracking=dst count=2 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2019017 type=Both tracking=dst count=2 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2019020 type=Both tracking=dst count=2 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2019019 type=Both tracking=dst count=2 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2019022 type=Both tracking=src count=2 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2019021 type=Both tracking=dst count=2 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2009703 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2015577 type=Limit tracking=src count=1 seconds=30 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2021410 type=Both tracking=src count=10 seconds=120 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2021409 type=Both tracking=src count=10 seconds=120 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2021444 type=Both tracking=src count=10 seconds=120 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2021443 type=Both tracking=src count=10 seconds=120 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2009833 type=Threshold tracking=dst count=2 seconds=30 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2012204 type=Limit tracking=src count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2003927 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2003930 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008749 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008756 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2011146 type=Limit tracking=src count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2006365 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2008797 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2005320 type=Limit tracking=src count=2 seconds=300 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2017161 type=Limit tracking=src count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=1 sig-id=2017162 type=Limit tracking=src count=1 seconds=60 Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: +-----------------------[suppression]------------------------------------------ Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=129 sig-id=12 tracking=none Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: | gen-id=129 sig-id=20 tracking=none Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: ------------------------------------------------------------------------------- Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: Rule application order: activation->dynamic->pass->drop->sdrop->reject->alert->log Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: Verifying Preprocessor Configurations! Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: WARNING: flowbits key 'ET.http.binary' is checked but not ever set. Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: WARNING: flowbits key 'ET.pdf.in.http' is checked but not ever set. Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: WARNING: flowbits key 'ET.RDP.Morto' is set but not ever checked. Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: WARNING: flowbits key 'ET.Adobe.Site.Download' is checked but not ever set. Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: WARNING: flowbits key 'ET.invalid.cab' is checked but not ever set. Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: WARNING: flowbits key 'ET.http.rtf.download' is set but not ever checked. Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: WARNING: flowbits key 'ET.lizkebab' is checked but not ever set. Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: WARNING: flowbits key 'FlimKit.SWF.Redirect' is checked but not ever set. Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: WARNING: flowbits key 'ET.Onelouder.bin' is set but not ever checked. Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: WARNING: flowbits key 'et.JavaArchiveOrClass' is checked but not ever set. Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: WARNING: flowbits key 'ET.gadu.loggedin' is checked but not ever set. Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: WARNING: flowbits key 'et.http.PK' is checked but not ever set. Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: WARNING: flowbits key 'ET.webc2ugx' is set but not ever checked. Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: WARNING: flowbits key 'NuclearEK' is set but not ever checked. Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: WARNING: flowbits key 'ET.Fareit.chk' is set but not ever checked. Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: WARNING: flowbits key 'AnglerEK' is set but not ever checked. Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: WARNING: flowbits key 'ET.lethic.established' is set but not ever checked. Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: WARNING: flowbits key 'ET.http.javaclient' is checked but not ever set. Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: WARNING: flowbits key 'ET.JS.Obfus.Func' is checked but not ever set. Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: WARNING: flowbits key 'et.MCOFF' is checked but not ever set. Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: WARNING: flowbits key 'SunDown.EK' is set but not ever checked. Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: WARNING: flowbits key 'ET.wininet.UA' is checked but not ever set. Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: WARNING: flowbits key 'ms.rdp.established' is checked but not ever set. Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: WARNING: flowbits key 'ET.autoit.ua' is checked but not ever set. Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: WARNING: flowbits key 'ET.http.javaclient.vulnerable' is checked but not ever set. Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: WARNING: flowbits key 'ET.MSSQL' is checked but not ever set. Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: WARNING: flowbits key 'et.WinHttpRequest' is checked but not ever set. Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: WARNING: flowbits key 'ET.ButterflyJoin' is set but not ever checked. Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: WARNING: flowbits key 'et.MS.XMLHTTP.ip.request' is checked but not ever set. Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: WARNING: flowbits key 'EXE2' is set but not ever checked. Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: WARNING: flowbits key 'ET.http.javaclient.SakuraPorts' is checked but not ever set. Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: WARNING: flowbits key 'et.MS.XMLHTTP.no.exe.request' is checked but not ever set. Sun Feb 28 23:14:30 2016 daemon.notice snort[4066]: 131 out of 1024 flowbits in use. Sun Feb 28 23:14:32 2016 user.emerg procd: rm: can't remove '/etc/ITUS_DNS.tmp': No such file or directory Sun Feb 28 23:14:34 2016 user.emerg procd: uci: Entry not found Sun Feb 28 23:14:34 2016 user.notice ddns-scripts[5061]: myddns_ipv6: PID '5061' started at 2016-02-28 23:14 Sun Feb 28 23:14:35 2016 user.warn ddns-scripts[5061]: myddns_ipv6: Service section disabled! - TERMINATE Sun Feb 28 23:14:35 2016 user.warn ddns-scripts[5061]: myddns_ipv6: PID '5061' exit WITH ERROR '1' at 2016-02-28 23:14 Sun Feb 28 23:14:35 2016 daemon.info dnsmasq[5027]: started, version 2.73rc7 cachesize 150 Sun Feb 28 23:14:35 2016 daemon.info dnsmasq[5027]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-DNSSEC loop-detect inotify Sun Feb 28 23:14:35 2016 daemon.info dnsmasq[5027]: DNS service limited to local subnets Sun Feb 28 23:14:35 2016 daemon.info dnsmasq[5027]: using local addresses only for domain lan Sun Feb 28 23:14:35 2016 daemon.info dnsmasq[5027]: reading /tmp/resolv.conf.auto Sun Feb 28 23:14:35 2016 daemon.info dnsmasq[5027]: using local addresses only for domain lan Sun Feb 28 23:14:35 2016 daemon.info dnsmasq[5027]: using nameserver 192.168.1.1#53 Sun Feb 28 23:14:35 2016 daemon.info dnsmasq[5027]: read /etc/hosts - 1 addresses Sun Feb 28 23:14:35 2016 daemon.info dnsmasq[5027]: read /tmp/hosts/dhcp - 1 addresses Sun Feb 28 23:14:37 2016 daemon.notice netifd: Interface 'blockdomain' is enabled Sun Feb 28 23:14:37 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity Sun Feb 28 23:14:37 2016 daemon.notice netifd: Interface 'blockdomain' is setting up now Sun Feb 28 23:14:37 2016 daemon.notice netifd: Interface 'blockdomain' is now up Sun Feb 28 23:14:37 2016 daemon.notice netifd: Interface 'blockdomain' is now down Sun Feb 28 23:14:37 2016 daemon.notice netifd: Interface 'blockdomain' is setting up now Sun Feb 28 23:14:37 2016 daemon.notice netifd: Interface 'blockdomain' is now up Sun Feb 28 23:14:39 2016 daemon.info dnsmasq[5027]: exiting on receipt of SIGTERM Sun Feb 28 23:14:40 2016 daemon.info dnsmasq[5418]: started, version 2.73rc7 cachesize 150 Sun Feb 28 23:14:40 2016 daemon.info dnsmasq[5418]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-DNSSEC loop-detect inotify Sun Feb 28 23:14:40 2016 daemon.info dnsmasq[5418]: DNS service limited to local subnets Sun Feb 28 23:14:40 2016 daemon.info dnsmasq[5418]: using local addresses only for domain lan Sun Feb 28 23:14:40 2016 daemon.info dnsmasq[5418]: reading /tmp/resolv.conf.auto Sun Feb 28 23:14:40 2016 daemon.info dnsmasq[5418]: using local addresses only for domain lan Sun Feb 28 23:14:40 2016 daemon.info dnsmasq[5418]: using nameserver 192.168.1.1#53 Sun Feb 28 23:14:40 2016 daemon.info dnsmasq[5418]: read /etc/hosts - 1 addresses Sun Feb 28 23:14:40 2016 daemon.info dnsmasq[5418]: read /tmp/hosts/dhcp - 1 addresses Sun Feb 28 23:14:42 2016 user.notice update_webfilter: updated dnsmasq blacklist Sun Feb 28 23:14:42 2016 user.notice update_webfilter: updated network.interface.blockdomain: 192.168.1.112 Sun Feb 28 23:14:42 2016 user.notice update_webfilter: updated firewall.@redirect[0].Itusfilter: 192.168.1.112 Sun Feb 28 23:14:42 2016 user.notice update_webfilter: updated firewall.@redirect[1]dns-traffic-to-shield: 192.168.1.112 Sun Feb 28 23:14:42 2016 user.notice update_webfilter: updated uhttpd.Itusfilter Sun Feb 28 23:14:52 2016 daemon.info dnsmasq[5418]: query[A] openapi.meshare.com from 192.168.1.118 Sun Feb 28 23:14:52 2016 daemon.info dnsmasq[5418]: forwarded openapi.meshare.com to 192.168.1.1 Sun Feb 28 23:14:53 2016 kern.notice kernel: [ 115.144176] eth0: Link down Sun Feb 28 23:14:54 2016 daemon.notice netifd: Network device 'eth0' link is down Sun Feb 28 23:14:54 2016 daemon.notice netifd: Interface 'wan' has link connectivity loss Sun Feb 28 23:14:54 2016 daemon.notice netifd: Interface 'wan' is now down Sun Feb 28 23:14:54 2016 daemon.notice netifd: Interface 'wan' is disabled Sun Feb 28 23:14:54 2016 daemon.notice netifd: Interface 'wan' is enabled Sun Feb 28 23:14:54 2016 kern.info kernel: [ 116.138543] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready Sun Feb 28 23:14:56 2016 kern.notice kernel: [ 118.074038] eth1: Link down Sun Feb 28 23:14:57 2016 daemon.notice netifd: Network device 'eth1' link is down Sun Feb 28 23:14:57 2016 kern.info kernel: [ 119.074474] br-lan: port 1(eth1) entered disabled state Sun Feb 28 23:14:57 2016 daemon.notice netifd: Network device 'eth0' link is up Sun Feb 28 23:14:57 2016 daemon.notice netifd: Interface 'wan' has link connectivity Sun Feb 28 23:14:57 2016 daemon.notice netifd: Interface 'wan' is setting up now Sun Feb 28 23:14:57 2016 daemon.notice netifd: Interface 'wan' is now up Sun Feb 28 23:14:57 2016 kern.notice kernel: [ 119.154493] eth0: 1000 Mbps Full duplex, port 0 Sun Feb 28 23:14:57 2016 kern.info kernel: [ 119.154520] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready Sun Feb 28 23:14:57 2016 user.notice firewall: Reloading firewall due to ifup of wan (eth0) Sun Feb 28 23:14:58 2016 kern.notice kernel: [ 120.084086] eth2: Link down Sun Feb 28 23:14:58 2016 daemon.notice netifd: Bridge 'br-lan' link is down Sun Feb 28 23:14:58 2016 daemon.notice netifd: Interface 'lan' has link connectivity loss Sun Feb 28 23:14:58 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity loss Sun Feb 28 23:14:58 2016 daemon.notice netifd: lan (4619): Received SIGTERM Sun Feb 28 23:14:59 2016 kern.notice kernel: [ 121.094426] eth1: 1000 Mbps Full duplex, port 1 Sun Feb 28 23:14:59 2016 daemon.notice netifd: Network device 'eth1' link is up Sun Feb 28 23:14:59 2016 daemon.notice netifd: Network device 'eth2' link is down Sun Feb 28 23:14:59 2016 daemon.notice netifd: Interface 'wan6' has link connectivity loss Sun Feb 28 23:14:59 2016 daemon.notice netifd: Interface 'wan6' is now down Sun Feb 28 23:14:59 2016 daemon.notice netifd: Interface 'wan6' is disabled Sun Feb 28 23:14:59 2016 daemon.notice netifd: Interface 'wan6' is enabled Sun Feb 28 23:14:59 2016 daemon.notice netifd: Bridge 'br-lan' link is up Sun Feb 28 23:14:59 2016 daemon.notice netifd: Interface 'lan' has link connectivity Sun Feb 28 23:14:59 2016 daemon.notice netifd: Interface 'lan' is setting up now Sun Feb 28 23:14:59 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity Sun Feb 28 23:14:59 2016 daemon.warn dnsmasq[5418]: no servers found in /tmp/resolv.conf.auto, will retry Sun Feb 28 23:14:59 2016 kern.info kernel: [ 121.114331] br-lan: port 1(eth1) entered forwarding state Sun Feb 28 23:14:59 2016 kern.info kernel: [ 121.114374] br-lan: port 1(eth1) entered forwarding state Sun Feb 28 23:14:59 2016 kern.info kernel: [ 121.117823] IPv6: ADDRCONF(NETDEV_UP): eth2: link is not ready Sun Feb 28 23:14:59 2016 daemon.notice netifd: lan (5784): udhcpc (v1.23.2) started Sun Feb 28 23:14:59 2016 daemon.info dnsmasq[5418]: query[A] 0.us.pool.ntp.org from 127.0.0.1 Sun Feb 28 23:14:59 2016 daemon.info dnsmasq[5418]: query[A] 0.us.pool.ntp.org from 127.0.0.1 Sun Feb 28 23:14:59 2016 daemon.info dnsmasq[5418]: query[A] 0.us.pool.ntp.org.lan from 127.0.0.1 Sun Feb 28 23:14:59 2016 daemon.info dnsmasq[5418]: config 0.us.pool.ntp.org.lan is NXDOMAIN Sun Feb 28 23:14:59 2016 user.notice root: NTP 0.us.pool.ntp.org failed. Sun Feb 28 23:14:59 2016 daemon.notice netifd: lan (5784): Sending discover... Sun Feb 28 23:14:59 2016 daemon.info dnsmasq[5418]: query[A] 0.us.pool.ntp.org from 127.0.0.1 Sun Feb 28 23:14:59 2016 daemon.info dnsmasq[5418]: query[A] 0.us.pool.ntp.org from 127.0.0.1 Sun Feb 28 23:14:59 2016 daemon.info dnsmasq[5418]: query[A] 0.us.pool.ntp.org.lan from 127.0.0.1 Sun Feb 28 23:14:59 2016 daemon.info dnsmasq[5418]: config 0.us.pool.ntp.org.lan is NXDOMAIN Sun Feb 28 23:14:59 2016 daemon.notice netifd: lan (5784): Sending select for 192.168.1.59... Sun Feb 28 23:14:59 2016 user.notice root: NTP 0.us.pool.ntp.org failed. Sun Feb 28 23:14:59 2016 daemon.info dnsmasq[5418]: query[A] 0.us.pool.ntp.org from 127.0.0.1 Sun Feb 28 23:14:59 2016 daemon.info dnsmasq[5418]: query[A] 0.us.pool.ntp.org from 127.0.0.1 Sun Feb 28 23:14:59 2016 daemon.info dnsmasq[5418]: query[A] 0.us.pool.ntp.org.lan from 127.0.0.1 Sun Feb 28 23:14:59 2016 daemon.info dnsmasq[5418]: config 0.us.pool.ntp.org.lan is NXDOMAIN Sun Feb 28 23:14:59 2016 user.notice root: NTP 0.us.pool.ntp.org failed. Sun Feb 28 23:14:59 2016 daemon.notice netifd: lan (5784): Lease of 192.168.1.59 obtained, lease time 86400 Sun Feb 28 23:14:59 2016 daemon.info dnsmasq[5418]: query[A] 0.us.pool.ntp.org from 127.0.0.1 Sun Feb 28 23:14:59 2016 daemon.info dnsmasq[5418]: query[A] 0.us.pool.ntp.org from 127.0.0.1 Sun Feb 28 23:14:59 2016 daemon.notice netifd: Interface 'lan' is now up Sun Feb 28 23:14:59 2016 daemon.info dnsmasq[5418]: reading /tmp/resolv.conf.auto Sun Feb 28 23:14:59 2016 daemon.info dnsmasq[5418]: using local addresses only for domain lan Sun Feb 28 23:14:59 2016 daemon.info dnsmasq[5418]: using nameserver 192.168.1.1#53 Sun Feb 28 23:14:59 2016 daemon.info dnsmasq[5418]: query[A] 0.us.pool.ntp.org.lan from 127.0.0.1 Sun Feb 28 23:14:59 2016 daemon.info dnsmasq[5418]: config 0.us.pool.ntp.org.lan is NXDOMAIN Sun Feb 28 23:14:59 2016 user.notice root: NTP 0.us.pool.ntp.org failed. Sun Feb 28 23:14:59 2016 daemon.info dnsmasq[5418]: query[A] 0.us.pool.ntp.org from 127.0.0.1 Sun Feb 28 23:14:59 2016 daemon.info dnsmasq[5418]: forwarded 0.us.pool.ntp.org to 192.168.1.1 Sun Feb 28 23:14:59 2016 daemon.info dnsmasq[5418]: query[A] 0.us.pool.ntp.org from 127.0.0.1 Sun Feb 28 23:14:59 2016 daemon.info dnsmasq[5418]: forwarded 0.us.pool.ntp.org to 192.168.1.1 Sun Feb 28 23:14:59 2016 daemon.info dnsmasq[5418]: query[A] 0.us.pool.ntp.org.lan from 127.0.0.1 Sun Feb 28 23:14:59 2016 daemon.info dnsmasq[5418]: config 0.us.pool.ntp.org.lan is NXDOMAIN Sun Feb 28 23:14:59 2016 user.notice root: NTP 0.us.pool.ntp.org failed. Sun Feb 28 23:14:59 2016 user.notice root: NTP eager clock adjust failed. Sun Feb 28 23:15:00 2016 daemon.info procd: - init complete - Sun Feb 28 23:15:00 2016 cron.info crond[3193]: user:root entry:(null) Sun Feb 28 23:15:00 2016 cron.info crond[3193]: user:root entry:(null) Sun Feb 28 23:15:00 2016 cron.info crond[3193]: wakeup dt=60 Sun Feb 28 23:15:00 2016 cron.info crond[3193]: file root: Sun Feb 28 23:15:00 2016 cron.info crond[3193]: line sh /sbin/fw_upgrade Sun Feb 28 23:15:00 2016 cron.info crond[3193]: line /usr/sbin/ntpclient -s -p 123 -h 0.us.pool.ntp.org || /etc/init.d/ntpclient restart Sun Feb 28 23:15:01 2016 kern.info kernel: [ 123.114297] br-lan: port 1(eth1) entered forwarding state Sun Feb 28 23:15:01 2016 kern.notice kernel: [ 123.134824] eth2: 1000 Mbps Full duplex, port 2 Sun Feb 28 23:15:01 2016 daemon.notice netifd: Network device 'eth2' link is up Sun Feb 28 23:15:01 2016 daemon.notice netifd: Interface 'wan6' has link connectivity Sun Feb 28 23:15:01 2016 daemon.notice netifd: Interface 'wan6' is setting up now Sun Feb 28 23:15:01 2016 kern.info kernel: [ 123.159781] IPv6: ADDRCONF(NETDEV_CHANGE): eth2: link becomes ready Sun Feb 28 23:15:01 2016 daemon.notice netifd: Interface 'wan6' is now up Sun Feb 28 23:15:01 2016 user.notice ddns-scripts[5888]: myddns_ipv4: PID '5888' started at 2016-02-28 23:15 Sun Feb 28 23:15:01 2016 user.notice firewall: Reloading firewall due to ifup of lan (br-lan) Sun Feb 28 23:15:01 2016 user.warn ddns-scripts[5888]: myddns_ipv4: Service section disabled! - TERMINATE Sun Feb 28 23:15:01 2016 user.warn ddns-scripts[5888]: myddns_ipv4: PID '5888' exit WITH ERROR '1' at 2016-02-28 23:15 Sun Feb 28 23:15:01 2016 daemon.info dnsmasq[5418]: query[A] openapi.meshare.com from 192.168.1.118 Sun Feb 28 23:15:01 2016 daemon.info dnsmasq[5418]: forwarded openapi.meshare.com to 192.168.1.1 Sun Feb 28 23:15:05 2016 user.notice firewall: Reloading firewall due to ifup of wan6 (eth2) Sun Feb 28 23:15:08 2016 user.notice ddns-scripts[6199]: myddns_ipv6: PID '6199' started at 2016-02-28 23:15 Sun Feb 28 23:15:08 2016 user.warn ddns-scripts[6199]: myddns_ipv6: Service section disabled! - TERMINATE Sun Feb 28 23:15:08 2016 user.warn ddns-scripts[6199]: myddns_ipv6: PID '6199' exit WITH ERROR '1' at 2016-02-28 23:15 Sun Feb 28 23:15:12 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:15:12 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:15:12 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:15:12 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:15:15 2016 daemon.info dnsmasq[5418]: query[A] openapi.meshare.com from 192.168.1.118 Sun Feb 28 23:15:15 2016 daemon.info dnsmasq[5418]: forwarded openapi.meshare.com to 192.168.1.1 Sun Feb 28 23:15:32 2016 daemon.info dnsmasq[5418]: query[A] openapi.meshare.com from 192.168.1.118 Sun Feb 28 23:15:32 2016 daemon.info dnsmasq[5418]: forwarded openapi.meshare.com to 192.168.1.1 Sun Feb 28 23:15:42 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:15:42 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:15:42 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:15:42 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:15:48 2016 daemon.info dnsmasq[5418]: query[A] openapi.meshare.com from 192.168.1.118 Sun Feb 28 23:15:48 2016 daemon.info dnsmasq[5418]: forwarded openapi.meshare.com to 192.168.1.1 Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: [ Port Based Pattern Matching Memory ] Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: +- [ Aho-Corasick Summary ] ------------------------------------- Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: | Storage Format : Full Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: | Finite Automaton : DFA Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: | Alphabet Size : 256 Chars Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: | Sizeof State : Variable (1,2,4 bytes) Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: | Instances : 335 Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: | 1 byte states : 228 Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: | 2 byte states : 107 Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: | 4 byte states : 0 Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: | Characters : 408795 Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: | States : 252270 Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: | Transitions : 13611564 Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: | State Density : 21.1% Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: | Patterns : 34402 Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: | Match States : 30013 Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: | Memory (MB) : 134.67 Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: | Patterns : 3.40 Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: | Match Lists : 8.23 Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: | DFA Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: | 1 byte states : 3.38 Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: | 2 byte states : 119.41 Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: | 4 byte states : 0.00 Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: +---------------------------------------------------------------- Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: [ Number of patterns truncated to 20 bytes: 5427 ] Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: afpacket DAQ configured to inline. Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: Acquiring network traffic from "eth0:eth2". Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: Initializing daemon mode Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: Daemon initialized, signaled parent pid: 1 Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: Reload thread starting... Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: Reload thread started, thread 0xffe850f210 (6476) Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: Checking PID path... Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: PID path stat checked out ok, PID path set to /var/snort/ Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: Writing PID "4066" to file "/var/snort//snort_eth0:eth2.pid" Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: --== Initialization Complete ==-- Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: ,,_ -*> Snort! <*- Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: o" )~ Version 2.9.7.2 GRE (Build 177) Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: '''' By Martin Roesch & The Snort Team: http://www.snort.org/contact#team Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: Copyright (C) 2014 Cisco and/or its affiliates. All rights reserved. Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: Copyright (C) 1998-2013 Sourcefire, Inc., et al. Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: Using libpcap version 1.5.3 Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: Using PCRE version: 8.36 2014-09-26 Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: Using ZLIB version: 1.2.8 Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: Rules Engine: SF_SNORT_DETECTION_ENGINE Version 2.4 <Build 1> Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: Preprocessor Object: SF_DNP3 Version 1.1 <Build 1> Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: Preprocessor Object: SF_MODBUS Version 1.1 <Build 1> Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: Preprocessor Object: SF_IMAP Version 1.0 <Build 1> Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: Preprocessor Object: SF_SSLPP Version 1.1 <Build 4> Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: Preprocessor Object: SF_DNS Version 1.1 <Build 4> Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: Preprocessor Object: SF_SMTP Version 1.1 <Build 9> Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: Preprocessor Object: SF_FTPTELNET Version 1.2 <Build 13> Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: Preprocessor Object: SF_REPUTATION Version 1.1 <Build 1> Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: Preprocessor Object: SF_SIP Version 1.1 <Build 1> Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: Preprocessor Object: SF_GTP Version 1.1 <Build 1> Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: Preprocessor Object: SF_SSH Version 1.1 <Build 3> Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: Preprocessor Object: SF_SDF Version 1.1 <Build 1> Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: Preprocessor Object: SF_DCERPC2 Version 1.0 <Build 3> Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: Preprocessor Object: SF_POP Version 1.0 <Build 1> Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: Commencing packet processing (pid=4066) Sun Feb 28 23:15:51 2016 daemon.notice snort[4066]: Decoding Ethernet Sun Feb 28 23:15:51 2016 kern.info kernel: [ 173.404288] device eth2 entered promiscuous mode Sun Feb 28 23:15:51 2016 kern.info kernel: [ 173.554285] device eth0 entered promiscuous mode Sun Feb 28 23:16:00 2016 cron.info crond[3193]: wakeup dt=60 Sun Feb 28 23:16:00 2016 cron.info crond[3193]: file root: Sun Feb 28 23:16:00 2016 cron.info crond[3193]: line sh /sbin/fw_upgrade Sun Feb 28 23:16:00 2016 cron.info crond[3193]: line /usr/sbin/ntpclient -s -p 123 -h 0.us.pool.ntp.org || /etc/init.d/ntpclient restart Sun Feb 28 23:16:06 2016 daemon.info dnsmasq[5418]: query[A] openapi.meshare.com from 192.168.1.118 Sun Feb 28 23:16:06 2016 daemon.info dnsmasq[5418]: forwarded openapi.meshare.com to 192.168.1.1 Sun Feb 28 23:16:14 2016 daemon.info dnsmasq[5418]: query[A] openapi.meshare.com from 192.168.1.118 Sun Feb 28 23:16:14 2016 daemon.info dnsmasq[5418]: forwarded openapi.meshare.com to 192.168.1.1 Sun Feb 28 23:16:15 2016 daemon.err uhttpd[5347]: cut: standard output: Broken pipe Sun Feb 28 23:16:16 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:16:16 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:16:16 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:16:16 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:16:21 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:16:21 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:16:21 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:16:21 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:16:26 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:16:26 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:16:26 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:16:26 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:16:31 2016 daemon.info dnsmasq[5418]: query[A] openapi.meshare.com from 192.168.1.118 Sun Feb 28 23:16:31 2016 daemon.info dnsmasq[5418]: forwarded openapi.meshare.com to 192.168.1.1 Sun Feb 28 23:16:33 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:16:33 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:16:33 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:16:33 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:16:38 2016 daemon.info dnsmasq[5418]: query[A] openapi.meshare.com from 192.168.1.118 Sun Feb 28 23:16:38 2016 daemon.info dnsmasq[5418]: forwarded openapi.meshare.com to 192.168.1.1 Sun Feb 28 23:16:38 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:16:38 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:16:38 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:16:38 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:16:43 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:16:43 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:16:43 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:16:43 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:16:48 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:16:48 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:16:48 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:16:48 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:16:53 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:16:53 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:16:53 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:16:53 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:16:56 2016 daemon.info dnsmasq[5418]: query[A] openapi.meshare.com from 192.168.1.118 Sun Feb 28 23:16:56 2016 daemon.info dnsmasq[5418]: forwarded openapi.meshare.com to 192.168.1.1 Sun Feb 28 23:16:58 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:16:58 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:16:58 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:16:58 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:17:00 2016 cron.info crond[3193]: wakeup dt=60 Sun Feb 28 23:17:00 2016 cron.info crond[3193]: file root: Sun Feb 28 23:17:00 2016 cron.info crond[3193]: line sh /sbin/fw_upgrade Sun Feb 28 23:17:00 2016 cron.info crond[3193]: line /usr/sbin/ntpclient -s -p 123 -h 0.us.pool.ntp.org || /etc/init.d/ntpclient restart Sun Feb 28 23:17:01 2016 daemon.info dnsmasq[5418]: query[A] openapi.meshare.com from 192.168.1.118 Sun Feb 28 23:17:01 2016 daemon.info dnsmasq[5418]: forwarded openapi.meshare.com to 192.168.1.1 Sun Feb 28 23:17:03 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:17:03 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:17:03 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:17:03 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:17:08 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:17:08 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:17:08 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:17:08 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:17:13 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:17:13 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:17:13 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:17:13 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:17:16 2016 daemon.info dnsmasq[5418]: query[A] openapi.meshare.com from 192.168.1.118 Sun Feb 28 23:17:16 2016 daemon.info dnsmasq[5418]: forwarded openapi.meshare.com to 192.168.1.1 Sun Feb 28 23:17:18 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:17:18 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:17:18 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:17:18 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:17:21 2016 daemon.info dnsmasq[5418]: query[A] openapi.meshare.com from 192.168.1.118 Sun Feb 28 23:17:21 2016 daemon.info dnsmasq[5418]: forwarded openapi.meshare.com to 192.168.1.1 Sun Feb 28 23:17:23 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:17:23 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:17:23 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:17:23 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:17:28 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:17:28 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:17:28 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:17:28 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:17:29 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:17:29 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:17:29 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:17:29 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:17:34 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:17:34 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:17:35 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:17:35 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:17:40 2016 daemon.info dnsmasq[5418]: query[A] openapi.meshare.com from 192.168.1.118 Sun Feb 28 23:17:40 2016 daemon.info dnsmasq[5418]: forwarded openapi.meshare.com to 192.168.1.1 Sun Feb 28 23:17:49 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:17:49 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:17:49 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:17:49 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:17:53 2016 daemon.info dnsmasq[5418]: query[A] openapi.meshare.com from 192.168.1.118 Sun Feb 28 23:17:53 2016 daemon.info dnsmasq[5418]: forwarded openapi.meshare.com to 192.168.1.1 Sun Feb 28 23:17:54 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:17:54 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:17:54 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:17:54 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:17:59 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:17:59 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:17:59 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:17:59 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:18:00 2016 cron.info crond[3193]: wakeup dt=60 Sun Feb 28 23:18:00 2016 cron.info crond[3193]: file root: Sun Feb 28 23:18:00 2016 cron.info crond[3193]: line sh /sbin/fw_upgrade Sun Feb 28 23:18:00 2016 cron.info crond[3193]: line /usr/sbin/ntpclient -s -p 123 -h 0.us.pool.ntp.org || /etc/init.d/ntpclient restart Sun Feb 28 23:18:04 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:18:04 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:18:04 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:18:04 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:18:12 2016 daemon.info dnsmasq[5418]: query[A] openapi.meshare.com from 192.168.1.118 Sun Feb 28 23:18:12 2016 daemon.info dnsmasq[5418]: forwarded openapi.meshare.com to 192.168.1.1 Sun Feb 28 23:18:14 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:18:14 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:18:14 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:18:14 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:18:18 2016 daemon.info dnsmasq[5418]: query[A] openapi.meshare.com from 192.168.1.118 Sun Feb 28 23:18:18 2016 daemon.info dnsmasq[5418]: forwarded openapi.meshare.com to 192.168.1.1 Sun Feb 28 23:18:19 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:18:19 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:18:19 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:18:19 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:18:24 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:18:24 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:18:24 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:18:24 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:18:26 2016 daemon.info dnsmasq[5418]: query[A] openapi.meshare.com from 192.168.1.118 Sun Feb 28 23:18:26 2016 daemon.info dnsmasq[5418]: forwarded openapi.meshare.com to 192.168.1.1 Sun Feb 28 23:18:34 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:18:34 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:18:34 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:18:34 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:18:39 2016 daemon.info dnsmasq[5418]: query[A] openapi.meshare.com from 192.168.1.118 Sun Feb 28 23:18:39 2016 daemon.info dnsmasq[5418]: forwarded openapi.meshare.com to 192.168.1.1 Sun Feb 28 23:18:39 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:18:39 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:18:39 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:18:39 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:18:44 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:18:44 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:18:44 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:18:44 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:18:46 2016 daemon.info dnsmasq[5418]: query[A] openapi.meshare.com from 192.168.1.118 Sun Feb 28 23:18:46 2016 daemon.info dnsmasq[5418]: forwarded openapi.meshare.com to 192.168.1.1 Sun Feb 28 23:18:46 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:18:46 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:18:47 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:18:47 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:18:52 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:18:52 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:18:52 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:18:52 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:18:54 2016 daemon.info dnsmasq[5418]: query[A] openapi.meshare.com from 192.168.1.118 Sun Feb 28 23:18:54 2016 daemon.info dnsmasq[5418]: forwarded openapi.meshare.com to 192.168.1.1 Sun Feb 28 23:18:57 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:18:57 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:18:57 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:18:57 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:19:00 2016 cron.info crond[3193]: wakeup dt=60 Sun Feb 28 23:19:00 2016 cron.info crond[3193]: file root: Sun Feb 28 23:19:00 2016 cron.info crond[3193]: line sh /sbin/fw_upgrade Sun Feb 28 23:19:00 2016 cron.info crond[3193]: line /usr/sbin/ntpclient -s -p 123 -h 0.us.pool.ntp.org || /etc/init.d/ntpclient restart Sun Feb 28 23:19:05 2016 daemon.info dnsmasq[5418]: query[A] openapi.meshare.com from 192.168.1.118 Sun Feb 28 23:19:05 2016 daemon.info dnsmasq[5418]: forwarded openapi.meshare.com to 192.168.1.1 Sun Feb 28 23:19:17 2016 daemon.info dnsmasq[5418]: query[A] openapi.meshare.com from 192.168.1.118 Sun Feb 28 23:19:18 2016 daemon.info dnsmasq[5418]: forwarded openapi.meshare.com to 192.168.1.1 Sun Feb 28 23:19:28 2016 daemon.info dnsmasq[5418]: query[A] openapi.meshare.com from 192.168.1.118 Sun Feb 28 23:19:28 2016 daemon.info dnsmasq[5418]: forwarded openapi.meshare.com to 192.168.1.1 Sun Feb 28 23:19:41 2016 daemon.info dnsmasq[5418]: query[A] openapi.meshare.com from 192.168.1.118 Sun Feb 28 23:19:41 2016 daemon.info dnsmasq[5418]: forwarded openapi.meshare.com to 192.168.1.1 Sun Feb 28 23:19:54 2016 daemon.info dnsmasq[5418]: query[A] openapi.meshare.com from 192.168.1.118 Sun Feb 28 23:19:54 2016 daemon.info dnsmasq[5418]: forwarded openapi.meshare.com to 192.168.1.1 Sun Feb 28 23:19:55 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:19:55 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:19:55 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:19:55 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:19:59 2016 daemon.info dnsmasq[5418]: query[A] openapi.meshare.com from 192.168.1.118 Sun Feb 28 23:19:59 2016 daemon.info dnsmasq[5418]: forwarded openapi.meshare.com to 192.168.1.1 Sun Feb 28 23:20:00 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:20:00 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:20:00 2016 cron.info crond[3193]: wakeup dt=60 Sun Feb 28 23:20:00 2016 cron.info crond[3193]: file root: Sun Feb 28 23:20:00 2016 cron.info crond[3193]: line sh /sbin/fw_upgrade Sun Feb 28 23:20:00 2016 cron.info crond[3193]: line /usr/sbin/ntpclient -s -p 123 -h 0.us.pool.ntp.org || /etc/init.d/ntpclient restart Sun Feb 28 23:20:00 2016 cron.info crond[3193]: job: 0 /usr/sbin/ntpclient -s -p 123 -h 0.us.pool.ntp.org || /etc/init.d/ntpclient restart Sun Feb 28 23:20:00 2016 cron.info crond[8384]: child running /bin/sh Sun Feb 28 23:20:00 2016 cron.info crond[3193]: USER root pid 8384 cmd /usr/sbin/ntpclient -s -p 123 -h 0.us.pool.ntp.org || /etc/init.d/ntpclient restart Sun Feb 28 23:20:00 2016 daemon.info dnsmasq[5418]: query[A] 0.us.pool.ntp.org from 127.0.0.1 Sun Feb 28 23:20:00 2016 daemon.info dnsmasq[5418]: forwarded 0.us.pool.ntp.org to 192.168.1.1 Sun Feb 28 23:20:00 2016 daemon.info dnsmasq[5418]: query[A] 0.us.pool.ntp.org from 127.0.0.1 Sun Feb 28 23:20:00 2016 daemon.info dnsmasq[5418]: forwarded 0.us.pool.ntp.org to 192.168.1.1 Sun Feb 28 23:20:00 2016 daemon.info dnsmasq[5418]: query[A] 0.us.pool.ntp.org.lan from 127.0.0.1 Sun Feb 28 23:20:00 2016 daemon.info dnsmasq[5418]: config 0.us.pool.ntp.org.lan is NXDOMAIN Sun Feb 28 23:20:00 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:20:00 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:20:00 2016 daemon.info dnsmasq[5418]: query[A] 0.us.pool.ntp.org from 127.0.0.1 Sun Feb 28 23:20:00 2016 daemon.info dnsmasq[5418]: forwarded 0.us.pool.ntp.org to 192.168.1.1 Sun Feb 28 23:20:00 2016 daemon.info dnsmasq[5418]: query[A] 0.us.pool.ntp.org from 127.0.0.1 Sun Feb 28 23:20:00 2016 daemon.info dnsmasq[5418]: forwarded 0.us.pool.ntp.org to 192.168.1.1 Sun Feb 28 23:20:00 2016 daemon.info dnsmasq[5418]: query[A] 0.us.pool.ntp.org.lan from 127.0.0.1 Sun Feb 28 23:20:00 2016 daemon.info dnsmasq[5418]: config 0.us.pool.ntp.org.lan is NXDOMAIN Sun Feb 28 23:20:00 2016 user.notice root: NTP 0.us.pool.ntp.org failed. Sun Feb 28 23:20:00 2016 daemon.info dnsmasq[5418]: query[A] 0.us.pool.ntp.org from 127.0.0.1 Sun Feb 28 23:20:00 2016 daemon.info dnsmasq[5418]: forwarded 0.us.pool.ntp.org to 192.168.1.1 Sun Feb 28 23:20:00 2016 daemon.info dnsmasq[5418]: query[A] 0.us.pool.ntp.org from 127.0.0.1 Sun Feb 28 23:20:00 2016 daemon.info dnsmasq[5418]: forwarded 0.us.pool.ntp.org to 192.168.1.1 Sun Feb 28 23:20:00 2016 daemon.info dnsmasq[5418]: query[A] 0.us.pool.ntp.org.lan from 127.0.0.1 Sun Feb 28 23:20:00 2016 daemon.info dnsmasq[5418]: config 0.us.pool.ntp.org.lan is NXDOMAIN Sun Feb 28 23:20:00 2016 user.notice root: NTP 0.us.pool.ntp.org failed. Sun Feb 28 23:20:00 2016 daemon.info dnsmasq[5418]: query[A] 0.us.pool.ntp.org from 127.0.0.1 Sun Feb 28 23:20:00 2016 daemon.info dnsmasq[5418]: forwarded 0.us.pool.ntp.org to 192.168.1.1 Sun Feb 28 23:20:00 2016 daemon.info dnsmasq[5418]: query[A] 0.us.pool.ntp.org from 127.0.0.1 Sun Feb 28 23:20:00 2016 daemon.info dnsmasq[5418]: forwarded 0.us.pool.ntp.org to 192.168.1.1 Sun Feb 28 23:20:00 2016 daemon.info dnsmasq[5418]: query[A] 0.us.pool.ntp.org.lan from 127.0.0.1 Sun Feb 28 23:20:00 2016 daemon.info dnsmasq[5418]: config 0.us.pool.ntp.org.lan is NXDOMAIN Sun Feb 28 23:20:00 2016 user.notice root: NTP 0.us.pool.ntp.org failed. Sun Feb 28 23:20:00 2016 daemon.info dnsmasq[5418]: query[A] 0.us.pool.ntp.org from 127.0.0.1 Sun Feb 28 23:20:00 2016 daemon.info dnsmasq[5418]: forwarded 0.us.pool.ntp.org to 192.168.1.1 Sun Feb 28 23:20:00 2016 daemon.info dnsmasq[5418]: query[A] 0.us.pool.ntp.org from 127.0.0.1 Sun Feb 28 23:20:00 2016 daemon.info dnsmasq[5418]: forwarded 0.us.pool.ntp.org to 192.168.1.1 Sun Feb 28 23:20:00 2016 daemon.info dnsmasq[5418]: query[A] 0.us.pool.ntp.org.lan from 127.0.0.1 Sun Feb 28 23:20:00 2016 daemon.info dnsmasq[5418]: config 0.us.pool.ntp.org.lan is NXDOMAIN Sun Feb 28 23:20:00 2016 user.notice root: NTP 0.us.pool.ntp.org failed. Sun Feb 28 23:20:00 2016 daemon.info dnsmasq[5418]: query[A] 0.us.pool.ntp.org from 127.0.0.1 Sun Feb 28 23:20:00 2016 daemon.info dnsmasq[5418]: forwarded 0.us.pool.ntp.org to 192.168.1.1 Sun Feb 28 23:20:00 2016 daemon.info dnsmasq[5418]: query[A] 0.us.pool.ntp.org from 127.0.0.1 Sun Feb 28 23:20:00 2016 daemon.info dnsmasq[5418]: forwarded 0.us.pool.ntp.org to 192.168.1.1 Sun Feb 28 23:20:00 2016 daemon.info dnsmasq[5418]: query[A] 0.us.pool.ntp.org.lan from 127.0.0.1 Sun Feb 28 23:20:00 2016 daemon.info dnsmasq[5418]: config 0.us.pool.ntp.org.lan is NXDOMAIN Sun Feb 28 23:20:00 2016 user.notice root: NTP 0.us.pool.ntp.org failed. Sun Feb 28 23:20:00 2016 user.notice root: NTP eager clock adjust failed. Sun Feb 28 23:20:00 2016 user.notice root: Restarted ntpclient. NTP server #1 of 4. Sun Feb 28 23:20:05 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:20:05 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:20:05 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:20:05 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:20:10 2016 cron.info crond[3193]: user:root entry:(null) Sun Feb 28 23:20:10 2016 cron.info crond[3193]: user:root entry:(null) Sun Feb 28 23:20:10 2016 cron.info crond[3193]: wakeup dt=10 Sun Feb 28 23:20:10 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:20:10 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:20:10 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:20:10 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:20:13 2016 daemon.info dnsmasq[5418]: query[A] openapi.meshare.com from 192.168.1.118 Sun Feb 28 23:20:13 2016 daemon.info dnsmasq[5418]: forwarded openapi.meshare.com to 192.168.1.1 Sun Feb 28 23:20:14 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:20:14 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:20:14 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:20:14 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:20:19 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:20:19 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:20:19 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:20:19 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:20:24 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:20:24 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:20:24 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:20:24 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:20:26 2016 daemon.info dnsmasq[5418]: query[A] openapi.meshare.com from 192.168.1.118 Sun Feb 28 23:20:26 2016 daemon.info dnsmasq[5418]: forwarded openapi.meshare.com to 192.168.1.1 Sun Feb 28 23:20:29 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:20:29 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:20:29 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:20:29 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:20:34 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:20:34 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:20:34 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:20:34 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:20:39 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:20:39 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:20:39 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:20:39 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:20:40 2016 daemon.info dnsmasq[5418]: query[A] openapi.meshare.com from 192.168.1.118 Sun Feb 28 23:20:40 2016 daemon.info dnsmasq[5418]: forwarded openapi.meshare.com to 192.168.1.1 Sun Feb 28 23:20:44 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:20:44 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:20:44 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:20:44 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:20:45 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:20:45 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:20:45 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:20:45 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:20:50 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:20:50 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:20:50 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:20:50 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:20:55 2016 daemon.info dnsmasq[5418]: query[A] openapi.meshare.com from 192.168.1.118 Sun Feb 28 23:20:55 2016 daemon.info dnsmasq[5418]: forwarded openapi.meshare.com to 192.168.1.1 Sun Feb 28 23:20:55 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:20:55 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:20:55 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:20:55 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:21:00 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:21:00 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:21:00 2016 cron.info crond[3193]: user:root entry:(null) Sun Feb 28 23:21:00 2016 cron.info crond[3193]: user:root entry:(null) Sun Feb 28 23:21:00 2016 cron.info crond[3193]: wakeup dt=50 Sun Feb 28 23:21:00 2016 cron.info crond[3193]: file root: Sun Feb 28 23:21:00 2016 cron.info crond[3193]: line sh /sbin/fw_upgrade Sun Feb 28 23:21:00 2016 cron.info crond[3193]: line /usr/sbin/ntpclient -s -p 123 -h 0.us.pool.ntp.org || /etc/init.d/ntpclient restart Sun Feb 28 23:21:00 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:21:00 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:21:04 2016 daemon.info dnsmasq[5418]: query[A] openapi.meshare.com from 192.168.1.118 Sun Feb 28 23:21:04 2016 daemon.info dnsmasq[5418]: forwarded openapi.meshare.com to 192.168.1.1 Sun Feb 28 23:21:05 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:21:05 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:21:05 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:21:05 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:21:10 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:21:10 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:21:10 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:21:10 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:21:12 2016 daemon.info dnsmasq[5418]: query[A] openapi.meshare.com from 192.168.1.118 Sun Feb 28 23:21:12 2016 daemon.info dnsmasq[5418]: forwarded openapi.meshare.com to 192.168.1.1 Sun Feb 28 23:21:15 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:21:15 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:21:15 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:21:15 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:21:20 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:21:20 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:21:20 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:21:20 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:21:22 2016 daemon.info dnsmasq[5418]: query[A] openapi.meshare.com from 192.168.1.118 Sun Feb 28 23:21:22 2016 daemon.info dnsmasq[5418]: forwarded openapi.meshare.com to 192.168.1.1 Sun Feb 28 23:21:25 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:21:25 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:21:25 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:21:25 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:21:30 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:21:30 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:21:30 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:21:30 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:21:40 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:21:40 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:21:40 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:21:40 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:21:41 2016 daemon.info dnsmasq[5418]: query[A] openapi.meshare.com from 192.168.1.118 Sun Feb 28 23:21:41 2016 daemon.info dnsmasq[5418]: forwarded openapi.meshare.com to 192.168.1.1 Sun Feb 28 23:21:45 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:21:45 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:21:45 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:21:45 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:21:47 2016 daemon.info dnsmasq[5418]: query[A] openapi.meshare.com from 192.168.1.118 Sun Feb 28 23:21:47 2016 daemon.info dnsmasq[5418]: forwarded openapi.meshare.com to 192.168.1.1 Sun Feb 28 23:21:48 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:21:48 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:21:48 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:21:48 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:21:53 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:21:53 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:21:53 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:21:53 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:22:00 2016 cron.info crond[3193]: wakeup dt=60 Sun Feb 28 23:22:00 2016 cron.info crond[3193]: file root: Sun Feb 28 23:22:00 2016 cron.info crond[3193]: line sh /sbin/fw_upgrade Sun Feb 28 23:22:00 2016 cron.info crond[3193]: line /usr/sbin/ntpclient -s -p 123 -h 0.us.pool.ntp.org || /etc/init.d/ntpclient restart Sun Feb 28 23:22:04 2016 daemon.info dnsmasq[5418]: query[A] openapi.meshare.com from 192.168.1.118 Sun Feb 28 23:22:04 2016 daemon.info dnsmasq[5418]: forwarded openapi.meshare.com to 192.168.1.1 Sun Feb 28 23:22:19 2016 daemon.info dnsmasq[5418]: query[A] openapi.meshare.com from 192.168.1.118 Sun Feb 28 23:22:19 2016 daemon.info dnsmasq[5418]: forwarded openapi.meshare.com to 192.168.1.1 Sun Feb 28 23:22:29 2016 daemon.info dnsmasq[5418]: query[A] openapi.meshare.com from 192.168.1.118 Sun Feb 28 23:22:29 2016 daemon.info dnsmasq[5418]: forwarded openapi.meshare.com to 192.168.1.1 Sun Feb 28 23:22:45 2016 daemon.info dnsmasq[5418]: query[A] openapi.meshare.com from 192.168.1.118 Sun Feb 28 23:22:45 2016 daemon.info dnsmasq[5418]: forwarded openapi.meshare.com to 192.168.1.1 Sun Feb 28 23:22:50 2016 daemon.info dnsmasq[5418]: query[A] openapi.meshare.com from 192.168.1.118 Sun Feb 28 23:22:50 2016 daemon.info dnsmasq[5418]: forwarded openapi.meshare.com to 192.168.1.1 Sun Feb 28 23:22:58 2016 daemon.info dnsmasq[5418]: query[A] openapi.meshare.com from 192.168.1.118 Sun Feb 28 23:22:58 2016 daemon.info dnsmasq[5418]: forwarded openapi.meshare.com to 192.168.1.1 Sun Feb 28 23:23:00 2016 cron.info crond[3193]: wakeup dt=60 Sun Feb 28 23:23:00 2016 cron.info crond[3193]: file root: Sun Feb 28 23:23:00 2016 cron.info crond[3193]: line sh /sbin/fw_upgrade Sun Feb 28 23:23:00 2016 cron.info crond[3193]: line /usr/sbin/ntpclient -s -p 123 -h 0.us.pool.ntp.org || /etc/init.d/ntpclient restart Sun Feb 28 23:23:14 2016 daemon.info dnsmasq[5418]: query[A] openapi.meshare.com from 192.168.1.118 Sun Feb 28 23:23:14 2016 daemon.info dnsmasq[5418]: forwarded openapi.meshare.com to 192.168.1.1 Sun Feb 28 23:23:27 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:23:27 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:23:27 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:23:27 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:23:28 2016 daemon.info dnsmasq[5418]: query[A] openapi.meshare.com from 192.168.1.118 Sun Feb 28 23:23:28 2016 daemon.info dnsmasq[5418]: forwarded openapi.meshare.com to 192.168.1.1 Sun Feb 28 23:23:33 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:23:33 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:23:33 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:23:33 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:23:37 2016 daemon.info dnsmasq[5418]: query[A] upgrade.meshare.com from 192.168.1.118 Sun Feb 28 23:23:37 2016 daemon.info dnsmasq[5418]: forwarded upgrade.meshare.com to 192.168.1.1 Sun Feb 28 23:23:37 2016 daemon.info dnsmasq[5418]: query[A] upgrade.meshare.com from 192.168.1.118 Sun Feb 28 23:23:37 2016 daemon.info dnsmasq[5418]: forwarded upgrade.meshare.com to 192.168.1.1 Sun Feb 28 23:23:37 2016 daemon.info dnsmasq[5418]: query[A] upgrade.meshare.com from 192.168.1.118 Sun Feb 28 23:23:37 2016 daemon.info dnsmasq[5418]: forwarded upgrade.meshare.com to 192.168.1.1 Sun Feb 28 23:23:37 2016 daemon.info dnsmasq[5418]: query[A] upgrade.meshare.com from 192.168.1.118 Sun Feb 28 23:23:37 2016 daemon.info dnsmasq[5418]: forwarded upgrade.meshare.com to 192.168.1.1 Sun Feb 28 23:23:37 2016 daemon.info dnsmasq[5418]: query[A] upgrade.meshare.com from 192.168.1.118 Sun Feb 28 23:23:37 2016 daemon.info dnsmasq[5418]: forwarded upgrade.meshare.com to 192.168.1.1 Sun Feb 28 23:23:37 2016 daemon.info dnsmasq[5418]: query[A] upgrade.meshare.com from 192.168.1.118 Sun Feb 28 23:23:37 2016 daemon.info dnsmasq[5418]: forwarded upgrade.meshare.com to 192.168.1.1 Sun Feb 28 23:23:37 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:23:37 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:23:37 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:23:37 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 Sun Feb 28 23:23:41 2016 daemon.info dnsmasq[5418]: query[A] openapi.meshare.com from 192.168.1.118 Sun Feb 28 23:23:41 2016 daemon.info dnsmasq[5418]: forwarded openapi.meshare.com to 192.168.1.1 Sun Feb 28 23:23:42 2016 daemon.info dnsmasq[5418]: query[A] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:23:42 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is 192.168.1.112 Sun Feb 28 23:23:42 2016 daemon.info dnsmasq[5418]: query[AAAA] yourhost.example.com from 127.0.0.1 Sun Feb 28 23:23:42 2016 daemon.info dnsmasq[5418]: config yourhost.example.com is NODATA-IPv6 -------------------------------------------------------------------------------------------------------------------------------------------------------------- -------------------------------------------------------------------- Kernel Log [ 0.000000] Linux version 3.10.20 (daniel@Ayoub) (gcc version 4.7.0 (Cavium Inc. Version: SDK_3_1_0_p2 build 34) ) #165 SMP Mon May 18 23:41:17 PDT 2015 [ 0.000000] CVMSEG size: 2 cache lines (256 bytes) [ 0.000000] Cavium Inc. SDK-3.1 [ 0.000000] bootconsole [early0] enabled [ 0.000000] CPU revision is: 000d9602 (Cavium Octeon III) [ 0.000000] FPU revision is: 00739600 [ 0.000000] Checking for the multiply/shift bug... no. [ 0.000000] Checking for the daddiu bug... no. [ 0.000000] Determined physical RAM map: [ 0.000000] memory: 000000000c800000 @ 0000000002500000 (usable) [ 0.000000] memory: 0000000000c00000 @ 000000000f200000 (usable) [ 0.000000] memory: 000000002f000000 @ 0000000020000000 (usable) [ 0.000000] memory: 0000000000830000 @ 0000000000100000 (usable) [ 0.000000] memory: 0000000001a00000 @ 0000000000930000 (usable after init) [ 0.000000] Wasting 896 bytes for tracking 16 unused pages [ 0.000000] Initrd not found or empty - disabling initrd [ 0.000000] Using passed Device Tree <8000000000080000>. [ 0.000000] software IO TLB [mem 0x02670000-0x026b0000] (0MB) mapped at [8000000002670000-80000000026affff] [ 0.000000] Zone ranges: [ 0.000000] DMA32 [mem 0x00100000-0xefffffff] [ 0.000000] Normal empty [ 0.000000] Movable zone start for each node [ 0.000000] Early memory node ranges [ 0.000000] node 0: [mem 0x00100000-0x0232ffff] [ 0.000000] node 0: [mem 0x02500000-0x0ecfffff] [ 0.000000] node 0: [mem 0x0f200000-0x0fdfffff] [ 0.000000] node 0: [mem 0x20000000-0x4effffff] [ 0.000000] On node 0 totalpages: 15971 [ 0.000000] DMA32 zone: 14 pages used for memmap [ 0.000000] DMA32 zone: 0 pages reserved [ 0.000000] DMA32 zone: 15971 pages, LIFO batch:1 [ 0.000000] Cavium Hotplug: Available coremask 0x0 [ 0.000000] Primary instruction cache 78kB, virtually tagged, 39 way, 16 sets, linesize 128 bytes. [ 0.000000] Primary data cache 32kB, 32-way, 8 sets, linesize 128 bytes. [ 0.000000] Secondary unified cache 512kB, 4-way, 1024 sets, linesize 128 bytes. [ 0.000000] PERCPU: Embedded 1 pages/cpu @8000000002710000 s12544 r8192 d44800 u65536 [ 0.000000] pcpu-alloc: s12544 r8192 d44800 u65536 alloc=1*65536 [ 0.000000] pcpu-alloc: [0] 0 [0] 1 [ 0.000000] Built 1 zonelists in Zone order, mobility grouping off. Total pages: 15957 [ 0.000000] Kernel command line: bootoctlinux 0x20000000 numcores=2 serial#=752011191521-36287 console=ttyS0,115200 [ 0.000000] PID hash table entries: 4096 (order: -1, 32768 bytes) [ 0.000000] Dentry cache hash table entries: 131072 (order: 4, 1048576 bytes) [ 0.000000] Inode-cache hash table entries: 65536 (order: 3, 524288 bytes) [ 0.000000] Memory: 983296k/1022144k available (5825k kernel code, 38848k reserved, 2536k data, 26624k init, 0k highmem) [ 0.000000] Hierarchical RCU implementation. [ 0.000000] RCU restricting CPUs from NR_CPUS=32 to nr_cpu_ids=2. [ 0.000000] NR_IRQS:512 [ 0.000000] CIB interrupt controller probed: 800107000000e000 23 bits [ 0.000000] CIB interrupt controller probed: 800107000000e200 12 bits [ 0.000000] CIB interrupt controller probed: 800107000000e400 6 bits [ 0.000000] CIB interrupt controller probed: 800107000000ec00 15 bits [ 0.000000] CIB interrupt controller probed: 800107000000e600 4 bits [ 0.000000] CIB interrupt controller probed: 800107000000e800 11 bits [ 0.000000] CIB interrupt controller probed: 800107000000e900 11 bits [ 22.523596] Calibrating delay loop (skipped) preset value.. 2000.00 BogoMIPS (lpj=10000000) [ 22.531809] pid_max: default: 32768 minimum: 501 [ 22.536525] Security Framework initialized [ 22.540542] Mount-cache hash table entries: 4096 [ 22.546796] Checking for the daddi bug... no. [ 22.547585] SMP: Booting CPU01 (CoreId 1)... [ 22.551787] CPU revision is: 000d9602 (Cavium Octeon III) [ 22.551790] FPU revision is: 00739600 [ 22.551973] Cpu 1 online [ 22.563388] Brought up 2 CPUs [ 22.566333] Cavium Hotplug: Available coremask 0x0 [ 22.573324] NET: Registered protocol family 16 [ 22.578737] Installing handlers for error tree at: ffffffff808be430 [ 22.596255] PCIe: Initializing port 0 [ 24.658791] PCIe: Link timeout on port 0, probably the slot is empty [ 24.658797] PCIe: Initializing port 1 [ 24.662293] PCIe: Port 1 not in PCIe mode, skipping [ 24.662298] PCIe: Initializing port 2 [ 24.665940] PCIe: Port 2 not in PCIe mode, skipping [ 24.672308] [sched_delayed] sched: RT throttling activated [ 24.685629] bio: create slab <bio-0> at 0 [ 24.690049] vgaarb: loaded [ 24.692979] SCSI subsystem initialized [ 24.696828] libata version 3.00 loaded. [ 24.697246] usbcore: registered new interface driver usbfs [ 24.702679] usbcore: registered new interface driver hub [ 24.707975] usbcore: registered new device driver usb [ 24.713126] pps_core: LinuxPPS API ver. 1 registered [ 24.717923] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti <giometti@linux.it> [ 24.727148] PTP clock support registered [ 24.731024] EDAC MC: Ver: 3.0.0 [ 24.734703] PCI host bridge to bus 0000:00 [ 24.738660] pci_bus 0000:00: root bus resource [mem 0x1000000000000] [ 24.744982] pci_bus 0000:00: root bus resource [io 0x0000] [ 24.750550] pci_bus 0000:00: No busn resource found for root bus, will use [bus 00-ff] [ 24.758477] pci_bus 0000:00: busn_res: [bus 00-ff] end is updated to 00 [ 24.759427] Switching to clocksource OCTEON_CVMCOUNT [ 24.765699] NET: Registered protocol family 2 [ 24.770342] TCP established hash table entries: 8192 (order: 1, 131072 bytes) [ 24.777460] TCP bind hash table entries: 8192 (order: 1, 131072 bytes) [ 24.783949] TCP: Hash tables configured (established 8192 bind 8192) [ 24.790218] TCP: reno registered [ 24.793399] UDP hash table entries: 2048 (order: 0, 65536 bytes) [ 24.799486] UDP-Lite hash table entries: 2048 (order: 0, 65536 bytes) [ 24.806142] NET: Registered protocol family 1 [ 24.810347] PCI: CLS 0 bytes, default 128 [ 26.398881] octeon_pci_console: Console not created. [ 26.403684] /proc/octeon_perf: Octeon performance counter interface loaded [ 26.412543] HugeTLB registered 512 MB page size, pre-allocated 0 pages [ 26.420262] sys_fw_version: 0.1.17 [ 26.420275] sys_revision: 21 [ 26.420632] squashfs: version 4.0 (2009/01/31) Phillip Lougher [ 26.426568] NTFS driver 2.1.30 [Flags: R/W]. [ 26.430697] jffs2: version 2.2. (NAND) © 2001-2006 Red Hat, Inc. [ 26.436831] msgmni has been set to 1920 [ 26.441572] Key type asymmetric registered [ 26.445558] Asymmetric key parser 'x509' registered [ 26.450382] io scheduler noop registered [ 26.454297] io scheduler deadline registered [ 26.458559] io scheduler cfq registered (default) [ 26.463488] octeon_gpio 1070000000800.gpio-controller: OCTEON GPIO [ 26.519297] Serial: 8250/16550 driver, 6 ports, IRQ sharing disabled [ 26.528951] 1180000000800.serial: ttyS0 at MMIO 0x1180000000800 (irq = 34) is a OCTEON [ 26.536741] console [ttyS0] enabled, bootconsole disabled [ 26.560284] 1180000000c00.serial: ttyS1 at MMIO 0x1180000000c00 (irq = 35) is a OCTEON [ 26.582421] brd: module loaded [ 26.600915] loop: module loaded [ 26.617766] slram: not enough parameters. [ 26.642093] IMQ driver loaded successfully. (numdevs = 16, numqueues = 1) [ 26.661176] Hooking IMQ after NAT on PREROUTING. [ 26.678148] Hooking IMQ before NAT on POSTROUTING. [ 26.697506] libphy: mdio-octeon: probed [ 26.714970] mdio-octeon 1180000001800.mdio: Version 1.0 [ 26.732603] spi_ks8995: Micrel KS8995 Ethernet switch SPI driver version 0.1.1 [ 26.753104] e1000e: Intel(R) PRO/1000 Network Driver - 2.3.2-k [ 26.771237] e1000e: Copyright(c) 1999 - 2013 Intel Corporation. [ 26.789690] octeon-pow-ethernet ERROR: You must specify a broadcast group mask. [ 26.809339] octeon-ethernet 2.0 [ 26.826338] Interface 0 has 4 ports (QSGMII) [ 26.826416] Interface 1 has 4 ports (QSGMII) [ 26.826423] Interface 2 has 4 ports (NPI) [ 26.826437] Interface 3 has 4 ports (LOOP) [ 26.826454] Interface 4 has 1 ports (AGL) [ 26.835008] usbcore: registered new interface driver cdc_ether [ 26.853149] usbcore: registered new interface driver plusb [ 26.871031] usbcore: registered new interface driver sierra_net [ 26.889822] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver [ 26.908628] ehci-pci: EHCI PCI platform driver [ 26.925370] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver [ 26.944400] usbcore: registered new interface driver usb-storage [ 26.962830] usbcore: registered new interface driver usbserial [ 26.980902] usbcore: registered new interface driver usbserial_generic [ 26.999657] usbserial: USB Serial support registered for generic [ 27.017933] usbcore: registered new interface driver sierra [ 27.035730] usbserial: USB Serial support registered for Sierra USB modem [ 27.054959] i2c /dev entries driver [ 27.071060] i2c-octeon 1180000001000.i2c: version 2.5 [ 27.089094] octeon_wdt: Initial granularity 5 Sec [ 27.106203] EDAC DEVICE0: Giving out device to module 'octeon-cpu' controller 'cache': DEV 'octeon_pc_edac' (INTERRUPT) [ 27.129339] EDAC DEVICE1: Giving out device to module 'octeon-l2c' controller 'octeon_l2c_err': DEV 'octeon_l2c_edac' (POLLED) [ 27.152998] octeon_lmc_edac octeon_lmc_edac.0: Disabled (ECC not enabled) [ 29.774461] Netfilter messages via NETLINK v0.30. [ 29.791302] nfnl_acct: registering with nfnetlink. [ 29.808266] nf_conntrack version 0.5.0 (7682 buckets, 30728 max) [ 29.826704] ctnetlink v0.93: registering with nfnetlink. [ 29.844539] xt_time: kernel timezone is -0000 [ 29.861031] ip_set: protocol 6 [ 29.876330] ipip: IPv4 over IPv4 tunneling driver [ 29.893680] gre: GRE over IPv4 demultiplexor driver [ 29.910704] ip_gre: GRE over IPv4 tunneling driver [ 29.928905] ip_tables: (C) 2000-2006 Netfilter Core Team [ 29.946545] ipt_CLUSTERIP: ClusterIP Version 0.8 loaded successfully [ 29.965077] arp_tables: (C) 2002 David S. Miller [ 29.981870] TCP: cubic registered [ 29.997310] Initializing XFRM netlink socket [ 30.013754] NET: Registered protocol family 10 [ 30.033547] mip6: Mobile IPv6 [ 30.048686] ip6_tables: (C) 2000-2006 Netfilter Core Team [ 30.066501] sit: IPv6 over IPv4 tunneling driver [ 30.084597] ip6_gre: GRE over IPv6 tunneling driver [ 30.102261] NET: Registered protocol family 17 [ 30.118867] NET: Registered protocol family 15 [ 30.135531] Bridge firewalling registered [ 30.151681] Ebtables v2.0 registered [ 30.214298] 8021q: 802.1Q VLAN Support v1.8 [ 30.230672] Key type dns_resolver registered [ 30.247206] L2 lock: TLB refill 256 bytes [ 30.263342] L2 lock: General exception 128 bytes [ 30.280083] L2 lock: low-level interrupt 128 bytes [ 30.296994] L2 lock: interrupt 640 bytes [ 30.313044] L2 lock: memcpy 1152 bytes [ 30.330934] drivers/rtc/hctosys.c: unable to open rtc device (rtc0) [ 30.355657] Freeing unused kernel memory: 26624K (ffffffff80930000 - ffffffff82330000) [ 46.807914] mmc1: BKOPS_EN bit is not set [ 46.828613] mmc1: new high speed DDR MMC card at address 0001 [ 46.847085] mmcblk0: mmc1:0001 P1XXXX 3.60 GiB [ 46.864065] mmcblk0boot0: mmc1:0001 P1XXXX partition 1 2.00 MiB [ 46.882432] mmcblk0boot1: mmc1:0001 P1XXXX partition 2 2.00 MiB [ 46.900799] mmcblk0rpmb: mmc1:0001 P1XXXX partition 3 128 KiB [ 46.922749] mmcblk0: p1 p2 p3 p4 [ 46.943594] mmcblk0boot1: unknown partition table [ 46.965107] mmcblk0boot0: unknown partition table [ 47.633372] kjournald starting. Commit interval 5 seconds [ 47.652050] EXT3-fs (mmcblk0p4): using internal journal [ 47.670324] EXT3-fs (mmcblk0p4): recovery complete [ 47.687388] EXT3-fs (mmcblk0p4): mounted filesystem with writeback data mode [ 47.923225] init: failed to symlink /tmp -> /var [ 47.940296] init: Console is alive [ 47.956178] init: - watchdog - [ 48.972341] init: - preinit - [ 52.171844] mount_root: mounting /dev/root [ 52.188789] mount_root: loading kmods from internal overlay [ 52.318233] block: attempting to load /etc/config/fstab [ 52.337726] block: extroot: not configured [ 52.358585] procd: - early - [ 52.373926] procd: - watchdog - [ 53.090601] procd: - ubus - [ 54.106270] procd: - init - [ 55.826164] NET: Registered protocol family 38 [ 55.849489] tun: Universal TUN/TAP device driver, 1.6 [ 55.866835] tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com> [ 55.894824] u32 classifier [ 55.909709] input device check on [ 55.925499] Actions configured [ 55.942165] Mirror/redirect action on [ 55.966737] PPP generic driver version 2.4.2 [ 55.984117] NET: Registered protocol family 24 [ 58.021469] SGMII0: Port 1 link timeout [ 58.021717] eth1: 1000 Mbps Full duplex, port 1 [ 58.021791] IPv6: ADDRCONF(NETDEV_UP): eth1: link is not ready [ 58.022530] device eth1 entered promiscuous mode [ 58.025041] IPv6: ADDRCONF(NETDEV_UP): br-lan: link is not ready [ 58.052376] eth0: 1000 Mbps Full duplex, port 0 [ 58.052466] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready [ 58.080471] eth2: 1000 Mbps Full duplex, port 2 [ 58.080575] IPv6: ADDRCONF(NETDEV_UP): eth2: link is not ready [ 58.994691] IPv6: ADDRCONF(NETDEV_CHANGE): eth1: link becomes ready [ 58.994754] br-lan: port 1(eth1) entered forwarding state [ 58.994775] br-lan: port 1(eth1) entered forwarding state [ 58.994825] IPv6: ADDRCONF(NETDEV_CHANGE): br-lan: link becomes ready [ 59.024490] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready [ 59.054527] IPv6: ADDRCONF(NETDEV_CHANGE): eth2: link becomes ready [ 60.994282] br-lan: port 1(eth1) entered forwarding state [ 62.348018] nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to attach helpers instead. [ 65.254179] eth0: Link down [ 65.281843] br-lan: port 1(eth1) entered disabled state [ 65.283161] device eth1 left promiscuous mode [ 65.283182] br-lan: port 1(eth1) entered disabled state [ 65.303161] eth1: Link down [ 65.304050] IPv6: ADDRCONF(NETDEV_UP): eth1: link is not ready [ 65.394884] eth2: Link down [ 66.986187] eth1: 1000 Mbps Full duplex, port 1 [ 66.987074] device eth1 entered promiscuous mode [ 66.989050] br-lan: port 1(eth1) entered forwarding state [ 66.989083] br-lan: port 1(eth1) entered forwarding state [ 67.035821] eth0: 1000 Mbps Full duplex, port 0 [ 67.057355] eth2: 1000 Mbps Full duplex, port 2 [ 68.054129] eth2: Link down [ 68.984301] br-lan: port 1(eth1) entered forwarding state [ 79.054086] eth0: Link down [ 80.067354] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready [ 82.014029] eth1: Link down [ 83.004476] br-lan: port 1(eth1) entered disabled state [ 83.094405] eth0: 1000 Mbps Full duplex, port 0 [ 83.094571] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready [ 86.024373] eth1: 1000 Mbps Full duplex, port 1 [ 86.024438] br-lan: port 1(eth1) entered forwarding state [ 86.024474] br-lan: port 1(eth1) entered forwarding state [ 87.048897] IPv6: ADDRCONF(NETDEV_UP): eth2: link is not ready [ 88.024294] br-lan: port 1(eth1) entered forwarding state [ 89.064370] eth2: 1000 Mbps Full duplex, port 2 [ 89.064427] IPv6: ADDRCONF(NETDEV_CHANGE): eth2: link becomes ready [ 115.144176] eth0: Link down [ 116.138543] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready [ 118.074038] eth1: Link down [ 119.074474] br-lan: port 1(eth1) entered disabled state [ 119.154493] eth0: 1000 Mbps Full duplex, port 0 [ 119.154520] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready [ 120.084086] eth2: Link down [ 121.094426] eth1: 1000 Mbps Full duplex, port 1 [ 121.114331] br-lan: port 1(eth1) entered forwarding state [ 121.114374] br-lan: port 1(eth1) entered forwarding state [ 121.117823] IPv6: ADDRCONF(NETDEV_UP): eth2: link is not ready [ 123.114297] br-lan: port 1(eth1) entered forwarding state [ 123.134824] eth2: 1000 Mbps Full duplex, port 2 [ 123.159781] IPv6: ADDRCONF(NETDEV_CHANGE): eth2: link becomes ready [ 173.404288] device eth2 entered promiscuous mode [ 173.554285] device eth0 entered promiscuous mode |
Reply |
Threaded
Open this post in threaded view
|
More ♦
♦
| Loading... |
| Reply to author |
| Edit post |
| Move post |
| Delete this post |
| Delete this post and replies |
| Change post date |
| Print post |
| Permalink |
| Raw mail |
Feb 28, 2016; 11:36pm
Re: bridge mode not working
|
|
In reply to this post by breda
thanks for the help
|
Reply |
Threaded
Open this post in threaded view
|
More ♦
♦
| Loading... |
| Reply to author |
| Edit post |
| Move post |
| Delete this post |
| Delete this post and replies |
| Change post date |
| Print post |
| Permalink |
| Raw mail |
Feb 29, 2016; 3:03am
Re: bridge mode not working
|
|
I am having the same problem as breda. any help greatly appreciated
|
Reply |
Threaded
Open this post in threaded view
|
More ♦
♦
| Loading... |
| Reply to author |
| Edit post |
| Move post |
| Delete this post |
| Delete this post and replies |
| Change post date |
| Print post |
| Permalink |
| Raw mail |
Mar 07, 2016; 2:21am
Re: bridge mode not working
|
In reply to this post by hans2
In Router mode I spotted some of the same errors you mention here:
... Mon Mar 7 10:13:10 2016 kern.err kernel: [ 32.580766] drivers/rtc/hctosys.c: unable to open rtc device (rtc0) ... Mon Mar 7 10:13:10 2016 kern.info kernel: [ 50.855697] EXT3-fs (mmcblk0p2): mounted filesystem with writeback data mode Mon Mar 7 10:13:10 2016 user.err kernel: [ 51.112977] init: failed to symlink /tmp -> /var ... Mon Mar 7 10:13:10 2016 kern.err kernel: [ 29.911354] octeon-pow-ethernet ERROR: You must specify a broadcast group mask. ... Tried what you suggested by editing /etc/config/network to fix the last one of these, but did not resolve the error (after clearing the log and a reboot) ... config interface 'lan' option ifname 'eth1 eth2' option force_link '1' option type 'bridge' option proto 'static' option netmask '255.255.255.0' option ip6assign '60' option ipaddr '10.10.10.10' option auto '1' option enabled '1' option broadcast '10.10.10.255'Any thoughts why that might not be picked up correctly? Might just add uci set network.lan.broadcast=10.10.10.255to startup for now, then assume it's safe to ignore the error..
OpenWrt SNAPSHOT, r10391-3d8d528939
|
«
Return to Technical Discussion
|
1 view|%1 views
| Free forum by Nabble | Edit this page |