Wed Aug 31 14:38:17 2016 kern.notice kernel: [ 0.000000] Linux version 3.10.20 (daniel@Ayoub) (gcc version 4.7.0 (Cavium Inc. Version: SDK_3_1_0_p2 build 34) ) #165 SMP Mon May 18 23:41:17 PDT 2015 Wed Aug 31 14:38:17 2016 kern.notice kernel: [ 0.000000] CVMSEG size: 2 cache lines (256 bytes) Wed Aug 31 14:38:17 2016 kern.info kernel: [ 0.000000] Cavium Inc. SDK-3.1 Wed Aug 31 14:38:17 2016 kern.info kernel: [ 0.000000] bootconsole [early0] enabled Wed Aug 31 14:38:17 2016 kern.info kernel: [ 0.000000] CPU revision is: 000d9602 (Cavium Octeon III) Wed Aug 31 14:38:17 2016 kern.info kernel: [ 0.000000] FPU revision is: 00739600 Wed Aug 31 14:38:17 2016 kern.debug kernel: [ 0.000000] Checking for the multiply/shift bug... no. Wed Aug 31 14:38:17 2016 kern.debug kernel: [ 0.000000] Checking for the daddiu bug... no. Wed Aug 31 14:38:17 2016 kern.info kernel: [ 0.000000] Determined physical RAM map: Wed Aug 31 14:38:17 2016 kern.info kernel: [ 0.000000] memory: 000000000c800000 @ 0000000002500000 (usable) Wed Aug 31 14:38:17 2016 kern.info kernel: [ 0.000000] memory: 0000000000c00000 @ 000000000f200000 (usable) Wed Aug 31 14:38:17 2016 kern.info kernel: [ 0.000000] memory: 000000002f000000 @ 0000000020000000 (usable) Wed Aug 31 14:38:17 2016 kern.info kernel: [ 0.000000] memory: 0000000000830000 @ 0000000000100000 (usable) Wed Aug 31 14:38:17 2016 kern.info kernel: [ 0.000000] memory: 0000000001a00000 @ 0000000000930000 (usable after init) Wed Aug 31 14:38:17 2016 kern.info kernel: [ 0.000000] Wasting 896 bytes for tracking 16 unused pages Wed Aug 31 14:38:17 2016 kern.info kernel: [ 0.000000] Initrd not found or empty - disabling initrd Wed Aug 31 14:38:17 2016 kern.info kernel: [ 0.000000] Using passed Device Tree <8000000000080000>. Wed Aug 31 14:38:17 2016 kern.info kernel: [ 0.000000] software IO TLB [mem 0x02670000-0x026b0000] (0MB) mapped at [8000000002670000-80000000026affff] Wed Aug 31 14:38:17 2016 kern.debug kernel: [ 0.000000] Zone ranges: Wed Aug 31 14:38:17 2016 kern.debug kernel: [ 0.000000] DMA32 [mem 0x00100000-0xefffffff] Wed Aug 31 14:38:17 2016 kern.debug kernel: [ 0.000000] Normal empty Wed Aug 31 14:38:17 2016 kern.debug kernel: [ 0.000000] Movable zone start for each node Wed Aug 31 14:38:17 2016 kern.debug kernel: [ 0.000000] Early memory node ranges Wed Aug 31 14:38:17 2016 kern.debug kernel: [ 0.000000] node 0: [mem 0x00100000-0x0232ffff] Wed Aug 31 14:38:17 2016 kern.debug kernel: [ 0.000000] node 0: [mem 0x02500000-0x0ecfffff] Wed Aug 31 14:38:17 2016 kern.debug kernel: [ 0.000000] node 0: [mem 0x0f200000-0x0fdfffff] Wed Aug 31 14:38:17 2016 kern.debug kernel: [ 0.000000] node 0: [mem 0x20000000-0x4effffff] Wed Aug 31 14:38:17 2016 kern.debug kernel: [ 0.000000] On node 0 totalpages: 15971 Wed Aug 31 14:38:17 2016 kern.debug kernel: [ 0.000000] DMA32 zone: 14 pages used for memmap Wed Aug 31 14:38:17 2016 kern.debug kernel: [ 0.000000] DMA32 zone: 0 pages reserved Wed Aug 31 14:38:17 2016 kern.debug kernel: [ 0.000000] DMA32 zone: 15971 pages, LIFO batch:1 Wed Aug 31 14:38:17 2016 kern.info kernel: [ 0.000000] Cavium Hotplug: Available coremask 0x0 Wed Aug 31 14:38:17 2016 kern.notice kernel: [ 0.000000] Primary instruction cache 78kB, virtually tagged, 39 way, 16 sets, linesize 128 bytes. Wed Aug 31 14:38:17 2016 kern.notice kernel: [ 0.000000] Primary data cache 32kB, 32-way, 8 sets, linesize 128 bytes. Wed Aug 31 14:38:17 2016 kern.notice kernel: [ 0.000000] Secondary unified cache 512kB, 4-way, 1024 sets, linesize 128 bytes. Wed Aug 31 14:38:17 2016 kern.info kernel: [ 0.000000] PERCPU: Embedded 1 pages/cpu @8000000002710000 s12544 r8192 d44800 u65536 Wed Aug 31 14:38:17 2016 kern.debug kernel: [ 0.000000] pcpu-alloc: s12544 r8192 d44800 u65536 alloc=1*65536 Wed Aug 31 14:38:17 2016 kern.debug kernel: [ 0.000000] pcpu-alloc: [0] 0 [0] 1 Wed Aug 31 14:38:17 2016 kern.debug kernel: [ 0.000000] Built 1 zonelists in Zone order, mobility grouping off. Total pages: 15957 Wed Aug 31 14:38:17 2016 kern.notice kernel: [ 0.000000] Kernel command line: bootoctlinux 0x20000000 numcores=2 serial#=752011191521-36287 console=ttyS0,115200 Wed Aug 31 14:38:17 2016 kern.info kernel: [ 0.000000] PID hash table entries: 4096 (order: -1, 32768 bytes) Wed Aug 31 14:38:17 2016 kern.info kernel: [ 0.000000] Dentry cache hash table entries: 131072 (order: 4, 1048576 bytes) Wed Aug 31 14:38:17 2016 kern.info kernel: [ 0.000000] Inode-cache hash table entries: 65536 (order: 3, 524288 bytes) Wed Aug 31 14:38:17 2016 kern.info kernel: [ 0.000000] Memory: 983296k/1022144k available (5825k kernel code, 38848k reserved, 2536k data, 26624k init, 0k highmem) Wed Aug 31 14:38:17 2016 kern.info kernel: [ 0.000000] Hierarchical RCU implementation. Wed Aug 31 14:38:17 2016 kern.info kernel: [ 0.000000] RCU restricting CPUs from NR_CPUS=32 to nr_cpu_ids=2. Wed Aug 31 14:38:17 2016 kern.info kernel: [ 0.000000] NR_IRQS:512 Wed Aug 31 14:38:17 2016 kern.info kernel: [ 0.000000] CIB interrupt controller probed: 800107000000e000 23 bits Wed Aug 31 14:38:17 2016 kern.info kernel: [ 0.000000] CIB interrupt controller probed: 800107000000e200 12 bits Wed Aug 31 14:38:17 2016 kern.info kernel: [ 0.000000] CIB interrupt controller probed: 800107000000e400 6 bits Wed Aug 31 14:38:17 2016 kern.info kernel: [ 0.000000] CIB interrupt controller probed: 800107000000ec00 15 bits Wed Aug 31 14:38:17 2016 kern.info kernel: [ 0.000000] CIB interrupt controller probed: 800107000000e600 4 bits Wed Aug 31 14:38:17 2016 kern.info kernel: [ 0.000000] CIB interrupt controller probed: 800107000000e800 11 bits Wed Aug 31 14:38:17 2016 kern.info kernel: [ 0.000000] CIB interrupt controller probed: 800107000000e900 11 bits Wed Aug 31 14:38:17 2016 kern.info kernel: [ 22.523235] Calibrating delay loop (skipped) preset value.. 2000.00 BogoMIPS (lpj=10000000) Wed Aug 31 14:38:17 2016 kern.info kernel: [ 22.531448] pid_max: default: 32768 minimum: 501 Wed Aug 31 14:38:17 2016 kern.info kernel: [ 22.536164] Security Framework initialized Wed Aug 31 14:38:17 2016 kern.info kernel: [ 22.540181] Mount-cache hash table entries: 4096 Wed Aug 31 14:38:17 2016 kern.debug kernel: [ 22.546433] Checking for the daddi bug... no. Wed Aug 31 14:38:17 2016 kern.info kernel: [ 22.547222] SMP: Booting CPU01 (CoreId 1)... Wed Aug 31 14:38:17 2016 kern.info kernel: [ 22.551424] CPU revision is: 000d9602 (Cavium Octeon III) Wed Aug 31 14:38:17 2016 kern.info kernel: [ 22.551427] FPU revision is: 00739600 Wed Aug 31 14:38:17 2016 kern.info kernel: [ 22.551609] Cpu 1 online Wed Aug 31 14:38:17 2016 kern.info kernel: [ 22.563024] Brought up 2 CPUs Wed Aug 31 14:38:17 2016 kern.info kernel: [ 22.565969] Cavium Hotplug: Available coremask 0x0 Wed Aug 31 14:38:17 2016 kern.info kernel: [ 22.572958] NET: Registered protocol family 16 Wed Aug 31 14:38:17 2016 kern.notice kernel: [ 22.578372] Installing handlers for error tree at: ffffffff808be430 Wed Aug 31 14:38:17 2016 kern.notice kernel: [ 22.595891] PCIe: Initializing port 0 Wed Aug 31 14:38:17 2016 kern.debug kernel: [ 24.658427] PCIe: Link timeout on port 0, probably the slot is empty Wed Aug 31 14:38:17 2016 kern.notice kernel: [ 24.658433] PCIe: Initializing port 1 Wed Aug 31 14:38:17 2016 kern.debug kernel: [ 24.661928] PCIe: Port 1 not in PCIe mode, skipping Wed Aug 31 14:38:17 2016 kern.notice kernel: [ 24.661934] PCIe: Initializing port 2 Wed Aug 31 14:38:17 2016 kern.debug kernel: [ 24.665576] PCIe: Port 2 not in PCIe mode, skipping Wed Aug 31 14:38:17 2016 kern.warn kernel: [ 24.671944] [sched_delayed] sched: RT throttling activated Wed Aug 31 14:38:17 2016 kern.info kernel: [ 24.685262] bio: create slab at 0 Wed Aug 31 14:38:17 2016 kern.info kernel: [ 24.689683] vgaarb: loaded Wed Aug 31 14:38:17 2016 kern.notice kernel: [ 24.692614] SCSI subsystem initialized Wed Aug 31 14:38:17 2016 kern.debug kernel: [ 24.696463] libata version 3.00 loaded. Wed Aug 31 14:38:17 2016 kern.info kernel: [ 24.696880] usbcore: registered new interface driver usbfs Wed Aug 31 14:38:17 2016 kern.info kernel: [ 24.702313] usbcore: registered new interface driver hub Wed Aug 31 14:38:17 2016 kern.info kernel: [ 24.707609] usbcore: registered new device driver usb Wed Aug 31 14:38:17 2016 kern.info kernel: [ 24.712759] pps_core: LinuxPPS API ver. 1 registered Wed Aug 31 14:38:17 2016 kern.info kernel: [ 24.717557] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti Wed Aug 31 14:38:17 2016 kern.info kernel: [ 24.726782] PTP clock support registered Wed Aug 31 14:38:17 2016 kern.info kernel: [ 24.730659] EDAC MC: Ver: 3.0.0 Wed Aug 31 14:38:17 2016 kern.info kernel: [ 24.734339] PCI host bridge to bus 0000:00 Wed Aug 31 14:38:17 2016 kern.info kernel: [ 24.738295] pci_bus 0000:00: root bus resource [mem 0x1000000000000] Wed Aug 31 14:38:17 2016 kern.info kernel: [ 24.744618] pci_bus 0000:00: root bus resource [io 0x0000] Wed Aug 31 14:38:17 2016 kern.info kernel: [ 24.750186] pci_bus 0000:00: No busn resource found for root bus, will use [bus 00-ff] Wed Aug 31 14:38:17 2016 kern.debug kernel: [ 24.758114] pci_bus 0000:00: busn_res: [bus 00-ff] end is updated to 00 Wed Aug 31 14:38:17 2016 kern.info kernel: [ 24.759060] Switching to clocksource OCTEON_CVMCOUNT Wed Aug 31 14:38:17 2016 kern.info kernel: [ 24.765334] NET: Registered protocol family 2 Wed Aug 31 14:38:17 2016 kern.info kernel: [ 24.769976] TCP established hash table entries: 8192 (order: 1, 131072 bytes) Wed Aug 31 14:38:17 2016 kern.info kernel: [ 24.777094] TCP bind hash table entries: 8192 (order: 1, 131072 bytes) Wed Aug 31 14:38:17 2016 kern.info kernel: [ 24.783583] TCP: Hash tables configured (established 8192 bind 8192) Wed Aug 31 14:38:17 2016 kern.info kernel: [ 24.789852] TCP: reno registered Wed Aug 31 14:38:17 2016 kern.info kernel: [ 24.793033] UDP hash table entries: 2048 (order: 0, 65536 bytes) Wed Aug 31 14:38:17 2016 kern.info kernel: [ 24.799120] UDP-Lite hash table entries: 2048 (order: 0, 65536 bytes) Wed Aug 31 14:38:17 2016 kern.info kernel: [ 24.805777] NET: Registered protocol family 1 Wed Aug 31 14:38:17 2016 kern.debug kernel: [ 24.809982] PCI: CLS 0 bytes, default 128 Wed Aug 31 14:38:17 2016 kern.notice kernel: [ 26.398455] octeon_pci_console: Console not created. Wed Aug 31 14:38:17 2016 kern.notice kernel: [ 26.403257] /proc/octeon_perf: Octeon performance counter interface loaded Wed Aug 31 14:38:17 2016 kern.info kernel: [ 26.412117] HugeTLB registered 512 MB page size, pre-allocated 0 pages Wed Aug 31 14:38:17 2016 kern.debug kernel: [ 26.419837] sys_fw_version: 0.1.17 Wed Aug 31 14:38:17 2016 kern.debug kernel: [ 26.419850] sys_revision: 21 Wed Aug 31 14:38:17 2016 kern.info kernel: [ 26.420204] squashfs: version 4.0 (2009/01/31) Phillip Lougher Wed Aug 31 14:38:17 2016 kern.info kernel: [ 26.426140] NTFS driver 2.1.30 [Flags: R/W]. Wed Aug 31 14:38:17 2016 kern.info kernel: [ 26.430269] jffs2: version 2.2. (NAND) © 2001-2006 Red Hat, Inc. Wed Aug 31 14:38:17 2016 kern.info kernel: [ 26.436403] msgmni has been set to 1920 Wed Aug 31 14:38:17 2016 kern.notice kernel: [ 26.441143] Key type asymmetric registered Wed Aug 31 14:38:17 2016 kern.notice kernel: [ 26.445130] Asymmetric key parser 'x509' registered Wed Aug 31 14:38:17 2016 kern.info kernel: [ 26.449953] io scheduler noop registered Wed Aug 31 14:38:17 2016 kern.info kernel: [ 26.453852] io scheduler deadline registered Wed Aug 31 14:38:17 2016 kern.info kernel: [ 26.458147] io scheduler cfq registered (default) Wed Aug 31 14:38:17 2016 kern.info kernel: [ 26.463051] octeon_gpio 1070000000800.gpio-controller: OCTEON GPIO Wed Aug 31 14:38:17 2016 kern.info kernel: [ 26.518916] Serial: 8250/16550 driver, 6 ports, IRQ sharing disabled Wed Aug 31 14:38:17 2016 kern.info kernel: [ 26.528572] 1180000000800.serial: ttyS0 at MMIO 0x1180000000800 (irq = 34) is a OCTEON Wed Aug 31 14:38:17 2016 kern.info kernel: [ 26.536362] console [ttyS0] enabled, bootconsole disabled Wed Aug 31 14:38:17 2016 kern.info kernel: [ 26.559901] 1180000000c00.serial: ttyS1 at MMIO 0x1180000000c00 (irq = 35) is a OCTEON Wed Aug 31 14:38:17 2016 kern.info kernel: [ 26.581996] brd: module loaded Wed Aug 31 14:38:17 2016 kern.info kernel: [ 26.600489] loop: module loaded Wed Aug 31 14:38:17 2016 kern.notice kernel: [ 26.617342] slram: not enough parameters. Wed Aug 31 14:38:17 2016 kern.info kernel: [ 26.641709] IMQ driver loaded successfully. (numdevs = 16, numqueues = 1) Wed Aug 31 14:38:17 2016 kern.info kernel: [ 26.660792] Hooking IMQ after NAT on PREROUTING. Wed Aug 31 14:38:17 2016 kern.info kernel: [ 26.677765] Hooking IMQ before NAT on POSTROUTING. Wed Aug 31 14:38:17 2016 kern.info kernel: [ 26.697134] libphy: mdio-octeon: probed Wed Aug 31 14:38:17 2016 kern.info kernel: [ 26.714603] mdio-octeon 1180000001800.mdio: Version 1.0 Wed Aug 31 14:38:17 2016 kern.info kernel: [ 26.732235] spi_ks8995: Micrel KS8995 Ethernet switch SPI driver version 0.1.1 Wed Aug 31 14:38:17 2016 kern.info kernel: [ 26.752744] e1000e: Intel(R) PRO/1000 Network Driver - 2.3.2-k Wed Aug 31 14:38:17 2016 kern.info kernel: [ 26.770876] e1000e: Copyright(c) 1999 - 2013 Intel Corporation. Wed Aug 31 14:38:17 2016 kern.err kernel: [ 26.789331] octeon-pow-ethernet ERROR: You must specify a broadcast group mask. Wed Aug 31 14:38:17 2016 kern.notice kernel: [ 26.808980] octeon-ethernet 2.0 Wed Aug 31 14:38:17 2016 kern.debug kernel: [ 26.825979] Interface 0 has 4 ports (QSGMII) Wed Aug 31 14:38:17 2016 kern.debug kernel: [ 26.826056] Interface 1 has 4 ports (QSGMII) Wed Aug 31 14:38:17 2016 kern.debug kernel: [ 26.826063] Interface 2 has 4 ports (NPI) Wed Aug 31 14:38:17 2016 kern.debug kernel: [ 26.826078] Interface 3 has 4 ports (LOOP) Wed Aug 31 14:38:17 2016 kern.debug kernel: [ 26.826094] Interface 4 has 1 ports (AGL) Wed Aug 31 14:38:17 2016 kern.info kernel: [ 26.834648] usbcore: registered new interface driver cdc_ether Wed Aug 31 14:38:17 2016 kern.info kernel: [ 26.852790] usbcore: registered new interface driver plusb Wed Aug 31 14:38:17 2016 kern.info kernel: [ 26.870671] usbcore: registered new interface driver sierra_net Wed Aug 31 14:38:17 2016 kern.info kernel: [ 26.889463] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver Wed Aug 31 14:38:17 2016 kern.info kernel: [ 26.908268] ehci-pci: EHCI PCI platform driver Wed Aug 31 14:38:17 2016 kern.info kernel: [ 26.925008] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver Wed Aug 31 14:38:17 2016 kern.info kernel: [ 26.944045] usbcore: registered new interface driver usb-storage Wed Aug 31 14:38:17 2016 kern.info kernel: [ 26.962478] usbcore: registered new interface driver usbserial Wed Aug 31 14:38:17 2016 kern.info kernel: [ 26.980550] usbcore: registered new interface driver usbserial_generic Wed Aug 31 14:38:17 2016 kern.info kernel: [ 26.999304] usbserial: USB Serial support registered for generic Wed Aug 31 14:38:17 2016 kern.info kernel: [ 27.017591] usbcore: registered new interface driver sierra Wed Aug 31 14:38:17 2016 kern.info kernel: [ 27.035389] usbserial: USB Serial support registered for Sierra USB modem Wed Aug 31 14:38:17 2016 kern.info kernel: [ 27.054618] i2c /dev entries driver Wed Aug 31 14:38:17 2016 kern.info kernel: [ 27.070711] i2c-octeon 1180000001000.i2c: version 2.5 Wed Aug 31 14:38:17 2016 kern.info kernel: [ 27.088750] octeon_wdt: Initial granularity 5 Sec Wed Aug 31 14:38:17 2016 kern.info kernel: [ 27.105861] EDAC DEVICE0: Giving out device to module 'octeon-cpu' controller 'cache': DEV 'octeon_pc_edac' (INTERRUPT) Wed Aug 31 14:38:17 2016 kern.info kernel: [ 27.128998] EDAC DEVICE1: Giving out device to module 'octeon-l2c' controller 'octeon_l2c_err': DEV 'octeon_l2c_edac' (POLLED) Wed Aug 31 14:38:17 2016 kern.info kernel: [ 27.152657] octeon_lmc_edac octeon_lmc_edac.0: Disabled (ECC not enabled) Wed Aug 31 14:38:17 2016 kern.info kernel: [ 29.774097] Netfilter messages via NETLINK v0.30. Wed Aug 31 14:38:17 2016 kern.info kernel: [ 29.790939] nfnl_acct: registering with nfnetlink. Wed Aug 31 14:38:17 2016 kern.info kernel: [ 29.807903] nf_conntrack version 0.5.0 (7682 buckets, 30728 max) Wed Aug 31 14:38:17 2016 kern.info kernel: [ 29.826342] ctnetlink v0.93: registering with nfnetlink. Wed Aug 31 14:38:17 2016 kern.info kernel: [ 29.844172] xt_time: kernel timezone is -0000 Wed Aug 31 14:38:17 2016 kern.notice kernel: [ 29.860662] ip_set: protocol 6 Wed Aug 31 14:38:17 2016 kern.info kernel: [ 29.875961] ipip: IPv4 over IPv4 tunneling driver Wed Aug 31 14:38:17 2016 kern.info kernel: [ 29.893311] gre: GRE over IPv4 demultiplexor driver Wed Aug 31 14:38:17 2016 kern.info kernel: [ 29.910334] ip_gre: GRE over IPv4 tunneling driver Wed Aug 31 14:38:17 2016 kern.info kernel: [ 29.928531] ip_tables: (C) 2000-2006 Netfilter Core Team Wed Aug 31 14:38:17 2016 kern.info kernel: [ 29.946171] ipt_CLUSTERIP: ClusterIP Version 0.8 loaded successfully Wed Aug 31 14:38:17 2016 kern.info kernel: [ 29.964704] arp_tables: (C) 2002 David S. Miller Wed Aug 31 14:38:17 2016 kern.info kernel: [ 29.981495] TCP: cubic registered Wed Aug 31 14:38:17 2016 kern.info kernel: [ 29.996935] Initializing XFRM netlink socket Wed Aug 31 14:38:17 2016 kern.info kernel: [ 30.013380] NET: Registered protocol family 10 Wed Aug 31 14:38:17 2016 kern.info kernel: [ 30.033172] mip6: Mobile IPv6 Wed Aug 31 14:38:17 2016 kern.info kernel: [ 30.048311] ip6_tables: (C) 2000-2006 Netfilter Core Team Wed Aug 31 14:38:17 2016 kern.info kernel: [ 30.066126] sit: IPv6 over IPv4 tunneling driver Wed Aug 31 14:38:17 2016 kern.info kernel: [ 30.084203] ip6_gre: GRE over IPv6 tunneling driver Wed Aug 31 14:38:17 2016 kern.info kernel: [ 30.101883] NET: Registered protocol family 17 Wed Aug 31 14:38:17 2016 kern.info kernel: [ 30.118496] NET: Registered protocol family 15 Wed Aug 31 14:38:17 2016 kern.notice kernel: [ 30.135161] Bridge firewalling registered Wed Aug 31 14:38:17 2016 kern.info kernel: [ 30.151311] Ebtables v2.0 registered Wed Aug 31 14:38:17 2016 kern.info kernel: [ 30.213933] 8021q: 802.1Q VLAN Support v1.8 Wed Aug 31 14:38:17 2016 kern.notice kernel: [ 30.230302] Key type dns_resolver registered Wed Aug 31 14:38:17 2016 kern.info kernel: [ 30.246836] L2 lock: TLB refill 256 bytes Wed Aug 31 14:38:17 2016 kern.info kernel: [ 30.262970] L2 lock: General exception 128 bytes Wed Aug 31 14:38:17 2016 kern.info kernel: [ 30.279708] L2 lock: low-level interrupt 128 bytes Wed Aug 31 14:38:17 2016 kern.info kernel: [ 30.296619] L2 lock: interrupt 640 bytes Wed Aug 31 14:38:17 2016 kern.info kernel: [ 30.312668] L2 lock: memcpy 1152 bytes Wed Aug 31 14:38:17 2016 kern.err kernel: [ 30.330565] drivers/rtc/hctosys.c: unable to open rtc device (rtc0) Wed Aug 31 14:38:17 2016 kern.info kernel: [ 30.355287] Freeing unused kernel memory: 26624K (ffffffff80930000 - ffffffff82330000) Wed Aug 31 14:38:17 2016 kern.info kernel: [ 46.807547] mmc1: BKOPS_EN bit is not set Wed Aug 31 14:38:17 2016 kern.info kernel: [ 46.828241] mmc1: new high speed DDR MMC card at address 0001 Wed Aug 31 14:38:17 2016 kern.info kernel: [ 46.846733] mmcblk0: mmc1:0001 P1XXXX 3.60 GiB Wed Aug 31 14:38:17 2016 kern.info kernel: [ 46.863712] mmcblk0boot0: mmc1:0001 P1XXXX partition 1 2.00 MiB Wed Aug 31 14:38:17 2016 kern.info kernel: [ 46.882079] mmcblk0boot1: mmc1:0001 P1XXXX partition 2 2.00 MiB Wed Aug 31 14:38:17 2016 kern.info kernel: [ 46.900444] mmcblk0rpmb: mmc1:0001 P1XXXX partition 3 128 KiB Wed Aug 31 14:38:17 2016 kern.info kernel: [ 46.922394] mmcblk0: p1 p2 p3 p4 Wed Aug 31 14:38:17 2016 kern.info kernel: [ 46.943341] mmcblk0boot1: unknown partition table Wed Aug 31 14:38:17 2016 kern.info kernel: [ 46.964853] mmcblk0boot0: unknown partition table Wed Aug 31 14:38:17 2016 kern.info kernel: [ 48.007089] kjournald starting. Commit interval 5 seconds Wed Aug 31 14:38:17 2016 kern.info kernel: [ 48.025748] EXT3-fs (mmcblk0p4): using internal journal Wed Aug 31 14:38:17 2016 kern.info kernel: [ 48.044019] EXT3-fs (mmcblk0p4): recovery complete Wed Aug 31 14:38:17 2016 kern.info kernel: [ 48.061082] EXT3-fs (mmcblk0p4): mounted filesystem with writeback data mode Wed Aug 31 14:38:17 2016 user.err kernel: [ 48.299357] init: failed to symlink /tmp -> /var Wed Aug 31 14:38:17 2016 user.info kernel: [ 48.316420] init: Console is alive Wed Aug 31 14:38:17 2016 user.info kernel: [ 48.332296] init: - watchdog - Wed Aug 31 14:38:17 2016 user.info kernel: [ 49.348444] init: - preinit - Wed Aug 31 14:38:17 2016 user.notice kernel: [ 52.551683] mount_root: mounting /dev/root Wed Aug 31 14:38:17 2016 user.info kernel: [ 52.568640] mount_root: loading kmods from internal overlay Wed Aug 31 14:38:17 2016 user.info kernel: [ 52.698450] block: attempting to load /etc/config/fstab Wed Aug 31 14:38:17 2016 user.info kernel: [ 52.717937] block: extroot: not configured Wed Aug 31 14:38:17 2016 user.info kernel: [ 52.738970] procd: - early - Wed Aug 31 14:38:17 2016 user.info kernel: [ 52.754313] procd: - watchdog - Wed Aug 31 14:38:17 2016 user.info kernel: [ 53.470405] procd: - ubus - Wed Aug 31 14:38:17 2016 user.info kernel: [ 54.485819] procd: - init - Wed Aug 31 14:38:17 2016 kern.info kernel: [ 56.306719] NET: Registered protocol family 38 Wed Aug 31 14:38:17 2016 kern.info kernel: [ 56.334987] tun: Universal TUN/TAP device driver, 1.6 Wed Aug 31 14:38:17 2016 kern.info kernel: [ 56.352334] tun: (C) 1999-2004 Max Krasnyansky Wed Aug 31 14:38:17 2016 kern.info kernel: [ 56.380870] u32 classifier Wed Aug 31 14:38:17 2016 kern.info kernel: [ 56.395749] input device check on Wed Aug 31 14:38:17 2016 kern.info kernel: [ 56.411535] Actions configured Wed Aug 31 14:38:17 2016 kern.info kernel: [ 56.428197] Mirror/redirect action on Wed Aug 31 14:38:17 2016 kern.info kernel: [ 56.452712] PPP generic driver version 2.4.2 Wed Aug 31 14:38:17 2016 kern.info kernel: [ 56.470100] NET: Registered protocol family 24 Wed Aug 31 14:38:18 2016 user.emerg procd: this file has been obseleted. please call "/sbin/block mount" directly Wed Aug 31 14:38:18 2016 daemon.warn netifd: You have delegated IPv6-prefixes but haven't assigned them to any interface. Did you forget to set option ip6assign on your lan-interfaces? Wed Aug 31 14:38:18 2016 daemon.notice netifd: Interface 'lan' is enabled Wed Aug 31 14:38:18 2016 daemon.notice netifd: Interface 'lan' is setting up now Wed Aug 31 14:38:18 2016 daemon.notice netifd: Interface 'lan' is now up Wed Aug 31 14:38:18 2016 daemon.notice netifd: Interface 'blockdomain' is enabled Wed Aug 31 14:38:18 2016 daemon.notice netifd: Interface 'blockdomain' is setting up now Wed Aug 31 14:38:18 2016 kern.debug kernel: [ 58.508438] SGMII0: Port 1 link timeout Wed Aug 31 14:38:18 2016 kern.notice kernel: [ 58.508685] eth1: 1000 Mbps Full duplex, port 1 Wed Aug 31 14:38:18 2016 kern.info kernel: [ 58.508759] IPv6: ADDRCONF(NETDEV_UP): eth1: link is not ready Wed Aug 31 14:38:18 2016 kern.info kernel: [ 58.509483] device eth1 entered promiscuous mode Wed Aug 31 14:38:18 2016 kern.info kernel: [ 58.510534] IPv6: ADDRCONF(NETDEV_UP): br-lan: link is not ready Wed Aug 31 14:38:18 2016 daemon.notice netifd: Interface 'blockdomain' is now up Wed Aug 31 14:38:18 2016 daemon.notice netifd: Interface 'loopback' is enabled Wed Aug 31 14:38:18 2016 daemon.notice netifd: Interface 'loopback' is setting up now Wed Aug 31 14:38:18 2016 daemon.notice netifd: Interface 'loopback' is now up Wed Aug 31 14:38:18 2016 daemon.notice netifd: Interface 'wan' is enabled Wed Aug 31 14:38:18 2016 kern.notice kernel: [ 58.540815] eth0: 1000 Mbps Full duplex, port 0 Wed Aug 31 14:38:18 2016 kern.info kernel: [ 58.540901] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready Wed Aug 31 14:38:18 2016 daemon.notice netifd: Interface 'wan6' is enabled Wed Aug 31 14:38:18 2016 kern.notice kernel: [ 58.562385] eth2: 1000 Mbps Full duplex, port 2 Wed Aug 31 14:38:18 2016 kern.info kernel: [ 58.562605] IPv6: ADDRCONF(NETDEV_UP): eth2: link is not ready Wed Aug 31 14:38:18 2016 daemon.notice netifd: Network device 'lo' link is up Wed Aug 31 14:38:18 2016 daemon.notice netifd: Interface 'loopback' has link connectivity Wed Aug 31 14:38:18 2016 daemon.err block: /dev/mmcblk0p4 is already mounted Wed Aug 31 14:38:18 2016 user.notice firewall: Reloading firewall due to ifup of lan (br-lan) Wed Aug 31 14:38:18 2016 cron.info crond[3196]: crond (busybox 1.23.2) started, log level 5 Wed Aug 31 14:38:18 2016 authpriv.info dropbear[3238]: Not backgrounding Wed Aug 31 14:38:18 2016 authpriv.warn dropbear[3237]: Failed listening on '22': Error listening: Address already in use Wed Aug 31 14:38:18 2016 authpriv.warn dropbear[3239]: Failed listening on '22': Error listening: Address already in use Wed Aug 31 14:38:18 2016 authpriv.info dropbear[3239]: Early exit: No listening ports available. Wed Aug 31 14:38:18 2016 authpriv.info dropbear[3237]: Early exit: No listening ports available. Wed Aug 31 14:38:18 2016 authpriv.warn dropbear[3236]: Failed listening on '22': Error listening: Address already in use Wed Aug 31 14:38:18 2016 authpriv.info dropbear[3236]: Early exit: No listening ports available. Wed Aug 31 14:38:19 2016 kern.info kernel: [ 59.404171] device eth0 entered promiscuous mode Wed Aug 31 14:38:19 2016 kern.info kernel: [ 59.407054] device eth2 entered promiscuous mode Wed Aug 31 14:38:19 2016 daemon.notice netifd: Network device 'eth1' link is up Wed Aug 31 14:38:19 2016 daemon.notice netifd: Bridge 'br-lan' link is up Wed Aug 31 14:38:19 2016 daemon.notice netifd: Interface 'lan' has link connectivity Wed Aug 31 14:38:19 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity Wed Aug 31 14:38:19 2016 kern.info kernel: [ 59.484125] IPv6: ADDRCONF(NETDEV_CHANGE): eth1: link becomes ready Wed Aug 31 14:38:19 2016 kern.info kernel: [ 59.484187] br-lan: port 1(eth1) entered forwarding state Wed Aug 31 14:38:19 2016 kern.info kernel: [ 59.484209] br-lan: port 1(eth1) entered forwarding state Wed Aug 31 14:38:19 2016 kern.info kernel: [ 59.484258] IPv6: ADDRCONF(NETDEV_CHANGE): br-lan: link becomes ready Wed Aug 31 14:38:19 2016 daemon.notice netifd: Network device 'eth0' link is up Wed Aug 31 14:38:19 2016 daemon.notice netifd: Interface 'wan' has link connectivity Wed Aug 31 14:38:19 2016 daemon.notice netifd: Interface 'wan' is setting up now Wed Aug 31 14:38:19 2016 daemon.notice netifd: Interface 'wan' is now up Wed Aug 31 14:38:19 2016 kern.info kernel: [ 59.514114] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready Wed Aug 31 14:38:19 2016 daemon.notice netifd: Network device 'eth2' link is up Wed Aug 31 14:38:19 2016 daemon.notice netifd: Interface 'wan6' has link connectivity Wed Aug 31 14:38:19 2016 daemon.notice netifd: Interface 'wan6' is setting up now Wed Aug 31 14:38:19 2016 daemon.notice netifd: Interface 'wan6' is now up Wed Aug 31 14:38:19 2016 kern.info kernel: [ 59.534210] IPv6: ADDRCONF(NETDEV_CHANGE): eth2: link becomes ready Wed Aug 31 14:38:20 2016 daemon.crit dnsmasq[3376]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf Wed Aug 31 14:38:20 2016 daemon.crit dnsmasq[3376]: FAILED to start up Wed Aug 31 14:38:21 2016 kern.info kernel: [ 61.483908] br-lan: port 1(eth1) entered forwarding state Wed Aug 31 14:38:21 2016 daemon.crit dnsmasq[3499]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf Wed Aug 31 14:38:21 2016 daemon.crit dnsmasq[3499]: FAILED to start up Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Enabling inline operation Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Found pid path directive (/var/snort/) Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Running in IDS mode Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: --== Initializing Snort ==-- Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Initializing Output Plugins! Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Initializing Preprocessors! Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Initializing Plug-ins! Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Parsing Rules file "/etc/snort/snort_bridge.conf" Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: PortVar 'HTTP_PORTS' defined : Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: [ 36 80:90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 33300 34412 Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: PortVar 'SHELLCODE_PORTS' defined : Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: [ 1:65535 ] Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: PortVar 'ORACLE_PORTS' defined : Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: [ 1024:65535 ] Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: PortVar 'SSH_PORTS' defined : Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: [ 22 ] Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: PortVar 'FTP_PORTS' defined : Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: [ 21 2100 3535 ] Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: PortVar 'SIP_PORTS' defined : Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: [ 5060:5061 5600 ] Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: PortVar 'FILE_DATA_PORTS' defined : Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: [ 36 80:90 110 143 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 3330Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: PortVar 'GTP_PORTS' defined : Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: [ 2123 2152 3386 ] Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Detection: Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Search-Method = AC-Full Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Split Any/Any group = enabled Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Search-Method-Optimizations = enabled Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Maximum pattern length = 20 Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Found pid path directive (/var/snort/) Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Tagged Packet Limit: 256 Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so... Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: done Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/... Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: done Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so... Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: done Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so... Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: done Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so... Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: done Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so... Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: done Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/ Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Log directory = /tmp/snort/ Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Normalizer config: Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: ip4: on Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: ip4::df: off Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: ip4::rf: off Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: ip4::tos: off Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: ip4::trim: off Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: ip4::ttl: on (min=1, new=5) Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Normalizer config: Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: tcp: on Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: tcp::ecn: stream Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: tcp::block: off Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: tcp::rsv: off Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: tcp::pad: off Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: tcp::req_urg: off Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: tcp::req_pay: off Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: tcp::req_urp: off Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: tcp::urp: off Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: tcp::opt: off Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: tcp::ips: on Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: tcp::trim_syn: off Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: tcp::trim_rst: off Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: tcp::trim_win: off Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: tcp::trim_mss: off Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Normalizer config: Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: icmp4: on Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Normalizer config: Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: ip6: on Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: ip6::hops: on (min=1, new=5) Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Normalizer config: Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: icmp6: on Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Frag3 global config: Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Max frags: 65536 Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Fragment memory cap: 4194304 bytes Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Frag3 engine config: Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Bound Address: default Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Target-based policy: WINDOWS Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Fragment timeout: 180 seconds Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Fragment min_ttl: 1 Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Fragment Anomalies: Alert Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Overlap Limit: 10 Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Min fragment Length: 100 Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Max Expected Streams: 39 Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Stream global config: Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Track TCP sessions: ACTIVE Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Max TCP sessions: 10000 Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: TCP cache pruning timeout: 30 seconds Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: TCP cache nominal timeout: 3600 seconds Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Memcap (for reassembly packet storage): 8388608 Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Track UDP sessions: ACTIVE Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Max UDP sessions: 10000 Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: UDP cache pruning timeout: 30 seconds Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: UDP cache nominal timeout: 180 seconds Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Track ICMP sessions: ACTIVE Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Max ICMP sessions: 65536 Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Track IP sessions: INACTIVE Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Log info if session memory consumption exceeds 2097152 Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Send up to 2 active responses Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Wait at least 5 seconds between responses Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Protocol Aware Flushing: ACTIVE Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Maximum Flush Point: 16000 Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Stream TCP Policy config: Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Bound Address: default Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Reassembly Policy: WINDOWS Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Timeout: 180 seconds Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Limit on TCP Overlaps: 10 Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Maximum number of bytes to queue per session: 3137628 Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Maximum number of segs to queue per session: 2621 Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Options: Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Require 3-Way Handshake: YES Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: 3-Way Handshake Timeout: 180 Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Detect Anomalies: YES Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Reassembly Ports: Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: 21 client (Footprint-IPS) Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: 22 client (Footprint-IPS) Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: 23 client (Footprint-IPS) Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: 25 client (Footprint-IPS) Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: 36 client (Footprint-IPS) server (Footprint-IPS) Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: 42 client (Footprint-IPS) Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: 53 client (Footprint-IPS) Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: 70 client (Footprint-IPS) Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: 79 client (Footprint-IPS) Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: 80 client (Footprint-IPS) server (Footprint-IPS) Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: 81 client (Footprint-IPS) server (Footprint-IPS) Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: 82 client (Footprint-IPS) server (Footprint-IPS) Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: 83 client (Footprint-IPS) server (Footprint-IPS) Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: 84 client (Footprint-IPS) server (Footprint-IPS) Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: 85 client (Footprint-IPS) server (Footprint-IPS) Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: 86 client (Footprint-IPS) server (Footprint-IPS) Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: 87 client (Footprint-IPS) server (Footprint-IPS) Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: 88 client (Footprint-IPS) server (Footprint-IPS) Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: 89 client (Footprint-IPS) server (Footprint-IPS) Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: 90 client (Footprint-IPS) server (Footprint-IPS) Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: additional ports configured but not printed. Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Stream UDP Policy config: Wed Aug 31 14:38:22 2016 daemon.notice snort[3610]: Timeout: 180 seconds Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: HttpInspect Config: Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: GLOBAL CONFIG Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Detect Proxy Usage: NO Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: IIS Unicode Map Filename: /etc/snort/unicode.map Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: IIS Unicode Map Codepage: 1252 Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Memcap used for logging URI and Hostname: 150994944 Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Max Gzip Memory: 838860 Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Max Gzip Sessions: 1807 Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Gzip Compress Depth: 65535 Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Gzip Decompress Depth: 65535 Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: DEFAULT SERVER CONFIG: Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Server profile: All Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Ports (PAF): 36 80 81 82 83 84 85 86 87 88 89 90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000 7001 7071 7144 7145 7510 7770 7777 7778 7779 8000 8008 8014 8028 8080 8081 8082 8085 8088 8090 8118 8123 8180 8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090 9091 9111 9290 9443 Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Server Flow Depth: 0 Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Client Flow Depth: 0 Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Max Chunk Length: 500000 Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Small Chunk Length Evasion: chunk size <= 10, threshold >= 5 times Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Max Header Field Length: 750 Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Max Number Header Fields: 100 Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Max Number of WhiteSpaces allowed with header folding: 200 Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Inspect Pipeline Requests: YES Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: URI Discovery Strict Mode: NO Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Allow Proxy Usage: NO Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Disable Alerting: NO Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Oversize Dir Length: 500 Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Only inspect URI: NO Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Normalize HTTP Headers: NO Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Inspect HTTP Cookies: YES Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Inspect HTTP Responses: YES Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Extract Gzip from responses: YES Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Decompress response files: Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Unlimited decompression of gzip data from responses: YES Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Normalize Javascripts in HTTP Responses: YES Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Max Number of WhiteSpaces allowed with Javascript Obfuscation in HTTP responses: 200 Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Normalize HTTP Cookies: NO Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Enable XFF and True Client IP: NO Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Log HTTP URI data: NO Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Log HTTP Hostname data: NO Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Extended ASCII code support in URI: NO Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Ascii: YES alert: NO Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Double Decoding: YES alert: NO Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: %U Encoding: YES alert: YES Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Bare Byte: YES alert: NO Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: UTF 8: YES alert: NO Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: IIS Unicode: YES alert: NO Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Multiple Slash: YES alert: NO Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: IIS Backslash: YES alert: NO Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Directory Traversal: YES alert: NO Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Web Root Traversal: YES alert: NO Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Apache WhiteSpace: YES alert: NO Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: IIS Delimiter: YES alert: NO Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Whitespace Characters: 0x09 0x0b 0x0c 0x0d Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: rpc_decode arguments: Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: alert_fragments: INACTIVE Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: alert_large_fragments: INACTIVE Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: alert_incomplete: INACTIVE Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: alert_multiple_requests: INACTIVE Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: FTPTelnet Config: Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: GLOBAL CONFIG Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Inspection Type: stateful Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Check for Encrypted Traffic: YES alert: NO Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Continue to check encrypted data: YES Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: TELNET CONFIG: Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Ports: 23 Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Are You There Threshold: 20 Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Normalize: YES Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Detect Anomalies: YES Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: FTP CONFIG: Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: FTP Server: default Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Ports (PAF): 21 2100 3535 Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Check for Telnet Cmds: YES alert: YES Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Ignore Telnet Cmd Operations: YES alert: YES Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Ignore open data channels: NO Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: FTP Client: default Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Check for Bounce Attacks: YES alert: YES Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Check for Telnet Cmds: YES alert: YES Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Ignore Telnet Cmd Operations: YES alert: YES Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Max Response Length: 256 Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: SSH config: Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Autodetection: ENABLED Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Challenge-Response Overflow Alert: ENABLED Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: SSH1 CRC32 Alert: ENABLED Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Server Version String Overflow Alert: ENABLED Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Protocol Mismatch Alert: ENABLED Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Bad Message Direction Alert: DISABLED Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Bad Payload Size Alert: DISABLED Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Unrecognized Version Alert: DISABLED Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Max Encrypted Packets: 20 Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Max Server Version String Length: 100 Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: MaxClientBytes: 19600 (Default) Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Ports: Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: 22 Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: DNS config: Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: DNS Client rdata txt Overflow Alert: ACTIVE Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Obsolete DNS RR Types Alert: INACTIVE Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Experimental DNS RR Types Alert: INACTIVE Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Ports: Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: 53 Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: SSLPP config: Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Encrypted packets: not inspected Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Ports: Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: 443 465 563 636 989 Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: 992 993 994 995 7801 Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: 7802 7900 7901 7902 7903 Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: 7904 7905 7906 7907 7908 Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: 7909 7910 7911 7912 7913 Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: 7914 7915 7916 7917 7918 Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: 7919 7920 Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Server side data is trusted Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Maximum SSL Heartbeat length: 0 Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: +++++++++++++++++++++++++++++++++++++++++++++++++++ Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: Initializing rule chains... Wed Aug 31 14:38:23 2016 daemon.crit dnsmasq[3635]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf Wed Aug 31 14:38:23 2016 daemon.crit dnsmasq[3635]: FAILED to start up Wed Aug 31 14:38:23 2016 user.notice firewall: Reloading firewall due to ifup of wan (eth0) Wed Aug 31 14:38:23 2016 daemon.notice snort[3610]: WARNING: /etc/snort/rules/snort.rules(1174) threshold (in rule) is deprecated; use detection_filter instead. Wed Aug 31 14:38:25 2016 daemon.crit dnsmasq[3764]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf Wed Aug 31 14:38:25 2016 daemon.crit dnsmasq[3764]: FAILED to start up Wed Aug 31 14:38:25 2016 user.notice firewall: Reloading firewall due to ifup of wan6 (eth2) Wed Aug 31 14:38:27 2016 daemon.crit dnsmasq[3893]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf Wed Aug 31 14:38:27 2016 daemon.crit dnsmasq[3893]: FAILED to start up Wed Aug 31 14:38:27 2016 user.emerg procd: Cannot change large-receive-offload Wed Aug 31 14:38:29 2016 kern.notice kernel: [ 69.533750] eth0: Link down Wed Aug 31 14:38:29 2016 daemon.notice snort[3610]: 4821 Snort rules read Wed Aug 31 14:38:29 2016 daemon.notice snort[3610]: 4821 detection rules Wed Aug 31 14:38:29 2016 daemon.notice snort[3610]: 0 decoder rules Wed Aug 31 14:38:29 2016 daemon.notice snort[3610]: 0 preprocessor rules Wed Aug 31 14:38:29 2016 daemon.notice snort[3610]: 4821 Option Chains linked into 901 Chain Headers Wed Aug 31 14:38:29 2016 daemon.notice snort[3610]: 0 Dynamic rules Wed Aug 31 14:38:29 2016 daemon.notice snort[3610]: +++++++++++++++++++++++++++++++++++++++++++++++++++ Wed Aug 31 14:38:29 2016 daemon.notice snort[3610]: Wed Aug 31 14:38:30 2016 daemon.notice netifd: Network device 'eth0' link is down Wed Aug 31 14:38:30 2016 daemon.notice netifd: Interface 'wan' has link connectivity loss Wed Aug 31 14:38:30 2016 daemon.notice netifd: Interface 'wan' is now down Wed Aug 31 14:38:30 2016 daemon.notice netifd: Interface 'wan' is disabled Wed Aug 31 14:38:30 2016 daemon.notice netifd: Interface 'wan' is enabled Wed Aug 31 14:38:30 2016 kern.info kernel: [ 70.537810] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready Wed Aug 31 14:38:30 2016 user.emerg procd: Cannot change large-receive-offload Wed Aug 31 14:38:32 2016 kern.notice kernel: [ 72.503674] eth1: Link down Wed Aug 31 14:38:32 2016 kern.notice kernel: [ 72.554205] eth0: 1000 Mbps Full duplex, port 0 Wed Aug 31 14:38:32 2016 daemon.notice netifd: Network device 'eth0' link is up Wed Aug 31 14:38:32 2016 daemon.notice netifd: Interface 'wan' has link connectivity Wed Aug 31 14:38:32 2016 daemon.notice netifd: Interface 'wan' is setting up now Wed Aug 31 14:38:32 2016 daemon.notice netifd: Interface 'wan' is now up Wed Aug 31 14:38:32 2016 kern.info kernel: [ 72.573944] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready Wed Aug 31 14:38:32 2016 user.notice firewall: Reloading firewall due to ifup of wan (eth0) Wed Aug 31 14:38:32 2016 daemon.crit dnsmasq[3977]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf Wed Aug 31 14:38:32 2016 daemon.crit dnsmasq[3977]: FAILED to start up Wed Aug 31 14:38:32 2016 daemon.info procd: Instance dnsmasq::instance1 s in a crash loop 6 crashes, 1 seconds since last crash Wed Aug 31 14:38:33 2016 daemon.notice netifd: Network device 'eth1' link is down Wed Aug 31 14:38:33 2016 kern.info kernel: [ 73.573974] br-lan: port 1(eth1) entered disabled state Wed Aug 31 14:38:33 2016 daemon.emerg procd: Cannot change large-receive-offload Wed Aug 31 14:38:34 2016 daemon.notice netifd: Bridge 'br-lan' link is down Wed Aug 31 14:38:34 2016 daemon.notice netifd: Interface 'lan' has link connectivity loss Wed Aug 31 14:38:34 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity loss Wed Aug 31 14:38:34 2016 daemon.crit dnsmasq[4080]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf Wed Aug 31 14:38:34 2016 daemon.crit dnsmasq[4080]: FAILED to start up Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: +-------------------[Rule Port Counts]--------------------------------------- Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | tcp udp icmp ip Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | src 1407 8 0 0 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | dst 2371 120 0 0 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | any 555 360 0 0 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | nc 403 354 0 0 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | s+d 28 0 0 0 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: +---------------------------------------------------------------------------- Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: +-----------------------[detection-filter-config]------------------------------ Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | memory-cap : 1048576 bytes Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: +-----------------------[detection-filter-rules]------------------------------- Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: ------------------------------------------------------------------------------- Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: +-----------------------[rate-filter-config]----------------------------------- Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | memory-cap : 1048576 bytes Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: +-----------------------[rate-filter-rules]------------------------------------ Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | none Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: ------------------------------------------------------------------------------- Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: +-----------------------[event-filter-config]---------------------------------- Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | memory-cap : 1048576 bytes Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: +-----------------------[event-filter-global]---------------------------------- Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | none Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: +-----------------------[event-filter-local]----------------------------------- Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404011 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404012 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404009 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404010 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404007 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404008 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404005 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404006 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404019 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404020 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404017 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404018 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404015 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404016 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404013 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404014 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404027 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404028 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404025 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404778 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404779 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404026 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404023 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404776 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404777 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404024 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404021 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404774 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404775 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404022 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404035 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404772 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404773 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404036 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404033 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404786 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404787 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404034 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404031 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404784 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404785 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404032 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404029 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404782 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404783 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404030 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404780 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404781 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404794 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404795 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404792 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404793 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404790 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404791 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404788 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404789 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404796 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404797 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404746 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404747 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404744 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404745 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404742 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404743 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404003 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404740 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404741 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404004 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404001 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404754 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404755 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404002 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404752 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404753 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404000 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404750 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404751 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404075 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404748 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404749 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404076 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404073 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404762 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404763 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404074 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404071 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404760 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404761 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404072 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404069 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2403308 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404758 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2403309 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404759 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404070 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404083 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2403306 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404756 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2403307 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404757 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404084 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404081 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2403304 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404770 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2403305 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404771 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404082 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404079 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2403302 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404768 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2403303 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404769 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404080 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404077 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2403316 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404766 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2403317 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404767 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404078 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404091 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2403314 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404764 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2403315 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404765 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404092 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404089 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2403312 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2403313 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404090 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404087 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2403310 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2403311 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404088 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404085 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404086 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2403322 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2403323 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2403320 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2403321 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404095 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2403318 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2403319 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404093 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404094 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404043 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404044 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404041 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404042 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404039 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404040 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404037 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404038 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404051 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404052 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404049 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404050 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404047 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404048 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404045 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404046 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404059 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404060 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404057 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404058 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404055 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404056 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404053 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404054 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404067 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404068 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404065 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404066 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404063 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404064 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404061 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2403300 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2403301 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404062 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2001858 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2001855 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2001864 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2018568 type=Limit tracking=src count=1 seconds=120 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2018569 type=Limit tracking=src count=1 seconds=120 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2001872 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2003256 type=Both tracking=src count=2 seconds=900 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2003257 type=Both tracking=src count=2 seconds=900 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2003254 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2003255 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404610 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404611 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404608 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404609 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404650 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404651 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404648 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404649 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404646 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404647 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404644 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404645 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404658 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404659 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404656 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404657 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404654 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404655 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404652 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404653 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404666 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404667 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404664 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404665 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404662 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404663 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404660 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404661 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404674 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404675 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404672 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404673 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404670 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404671 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404668 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404669 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404618 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404619 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404616 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404617 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404614 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404615 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404612 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404613 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404626 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404627 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404624 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404625 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404622 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404623 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404620 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404621 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404634 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404635 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404632 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404633 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404630 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404631 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404628 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404629 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404642 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404643 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404640 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404641 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404638 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404639 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404636 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404637 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404714 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404715 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404712 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404713 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404710 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404711 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404708 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404709 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404722 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404723 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404720 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404721 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404718 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404719 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404716 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404717 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404730 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404731 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404728 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404729 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404726 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404727 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404724 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404725 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404738 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404739 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404736 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404737 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404734 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404735 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404732 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404733 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404682 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404683 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404680 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404681 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404678 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404679 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404676 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404677 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404690 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404691 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404688 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404689 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404686 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404687 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404684 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404685 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404698 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404699 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404696 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404697 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404694 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404695 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404692 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404693 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404706 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404707 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404704 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404705 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404702 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404703 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404700 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404701 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2021691 type=Limit tracking=src count=3 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2021018 type=Both tracking=dst count=10 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2019418 type=Both tracking=src count=50 seconds=300 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2020240 type=Limit tracking=src count=1 seconds=180 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2022615 type=Limit tracking=src count=1 seconds=30 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2022616 type=Limit tracking=src count=1 seconds=30 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2022617 type=Limit tracking=src count=1 seconds=30 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2022618 type=Limit tracking=src count=1 seconds=30 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2003262 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2003263 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2003260 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2003261 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2003258 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2003259 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2003272 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2003273 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2003270 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2003271 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2003268 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2003269 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2003266 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2003267 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2003280 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2003281 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2003278 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2003279 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2003276 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2003277 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2003274 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2003275 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2000031 type=Limit tracking=dst count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2003384 type=Limit tracking=src count=1 seconds=300 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2001564 type=Limit tracking=src count=5 seconds=300 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2001562 type=Limit tracking=src count=2 seconds=300 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2000048 type=Limit tracking=dst count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2003387 type=Limit tracking=src count=5 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2003397 type=Both tracking=src count=1 seconds=300 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2000049 type=Limit tracking=dst count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2020661 type=Limit tracking=dst count=1 seconds=1200 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2021443 type=Both tracking=src count=10 seconds=120 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2021444 type=Both tracking=src count=10 seconds=120 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2021409 type=Both tracking=src count=10 seconds=120 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2021410 type=Both tracking=src count=10 seconds=120 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2018373 type=Limit tracking=src count=1 seconds=120 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2018374 type=Limit tracking=src count=1 seconds=120 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2018372 type=Limit tracking=src count=1 seconds=120 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2019897 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2018383 type=Limit tracking=src count=1 seconds=120 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2018382 type=Limit tracking=dst count=1 seconds=120 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2018377 type=Limit tracking=src count=1 seconds=120 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2018378 type=Limit tracking=src count=1 seconds=120 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2020712 type=Limit tracking=src count=2 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2018431 type=Limit tracking=src count=1 seconds=300 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2021572 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2018432 type=Limit tracking=src count=1 seconds=300 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2018430 type=Limit tracking=src count=1 seconds=300 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2023092 type=Limit tracking=src count=1 seconds=30 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2021575 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2021573 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2018433 type=Limit tracking=src count=1 seconds=300 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2021574 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2018389 type=Limit tracking=src count=1 seconds=120 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2018388 type=Limit tracking=src count=1 seconds=120 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2022291 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2023065 type=Limit tracking=src count=1 seconds=30 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2023066 type=Limit tracking=src count=1 seconds=30 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2019922 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2019950 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2002402 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2002400 type=Limit tracking=src count=2 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404437 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404438 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404435 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404436 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404433 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404434 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404431 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404432 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404445 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404446 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404443 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404444 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404441 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404442 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404439 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404440 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404453 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404454 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404451 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404452 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404449 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404450 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404447 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404448 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404461 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404462 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404459 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404460 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404457 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404458 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404455 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404456 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404405 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404406 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404403 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404404 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404401 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404402 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404400 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404413 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404414 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404411 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404412 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404409 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404410 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404407 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404408 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404421 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404422 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404419 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404420 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404417 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404418 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404415 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404416 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404429 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404430 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404427 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404428 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404425 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404426 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404423 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404424 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404501 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404502 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404499 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404500 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404497 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404498 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404495 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404496 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404509 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404510 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404507 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404508 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404505 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404506 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404503 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404504 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404517 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404518 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404515 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404516 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404513 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404514 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404511 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404512 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404525 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404526 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404523 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404524 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404521 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404522 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404519 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404520 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404469 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404470 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404467 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404468 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404465 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404466 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404463 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404464 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404477 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404478 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404475 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404476 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404473 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404474 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404471 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404472 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404485 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404486 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404483 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404484 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404481 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404482 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404479 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404480 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404493 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404494 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404491 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404492 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404489 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404490 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404487 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404488 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404565 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404566 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404563 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404564 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404561 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404562 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404559 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404560 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404573 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404574 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404571 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404572 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404569 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404570 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404567 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404568 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404581 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404582 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404579 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404580 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404577 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404578 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404575 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404576 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404589 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404590 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404587 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404588 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404585 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404586 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404583 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404584 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404533 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404534 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404531 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404532 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404529 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404530 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404527 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404528 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404541 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404542 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404539 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404540 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404537 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404538 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404535 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404536 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404549 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404550 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404547 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404548 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404545 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404546 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404543 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404544 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404557 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404558 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404555 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404556 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404553 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404554 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404551 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404552 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404597 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404598 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404595 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404596 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404593 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404594 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404591 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404592 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404605 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404606 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404603 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404604 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404601 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404602 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404599 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404600 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404607 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2008549 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2001316 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2001315 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2402001 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2402000 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404096 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404097 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404098 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404099 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404160 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404161 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404158 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404159 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404156 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404157 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404154 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404155 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404168 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404169 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404166 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404167 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404164 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404165 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404162 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404163 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404176 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404177 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404174 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404175 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404172 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404173 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404170 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404171 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404184 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404185 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404182 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404183 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404180 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404181 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404178 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404179 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404152 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404153 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404150 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404151 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405000 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405007 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405008 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405005 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405006 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405003 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405004 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405001 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405002 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405015 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405016 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405013 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405014 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405011 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405012 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405009 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405010 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404192 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404193 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404190 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404191 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404188 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404189 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404186 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404187 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404200 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404201 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404194 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404195 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404206 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404207 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404204 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404205 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404202 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404203 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404304 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404305 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404302 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404303 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404300 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404301 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404312 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404313 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405023 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404310 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404311 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405024 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405021 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404308 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404309 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405022 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405019 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404306 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404307 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405020 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405017 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405018 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405031 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405032 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405029 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405030 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405027 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405028 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405025 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405026 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405039 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405040 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405037 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405038 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405035 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405036 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405033 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405034 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405047 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405048 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405045 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405046 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405043 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405044 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405041 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2405042 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2022775 type=Limit tracking=dst count=1 seconds=300 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2021326 type=Limit tracking=src count=3 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2021327 type=Both tracking=src count=10 seconds=120 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2021332 type=Both tracking=src count=10 seconds=120 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2021333 type=Both tracking=src count=10 seconds=120 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2021330 type=Both tracking=src count=10 seconds=120 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2021331 type=Both tracking=src count=10 seconds=120 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2021328 type=Both tracking=src count=10 seconds=120 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2021329 type=Both tracking=src count=10 seconds=120 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2019778 type=Both tracking=dst count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404348 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404349 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404346 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404347 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404320 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404321 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404318 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404319 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404316 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404317 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404314 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404315 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404328 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404329 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404326 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404327 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404324 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404325 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404322 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404323 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404336 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404337 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404334 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404335 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404332 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404333 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404330 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404331 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404344 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404345 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404342 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404343 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404340 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404341 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404338 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2404339 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2018090 type=Limit tracking=src count=1 seconds=300 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2018088 type=Limit tracking=src count=1 seconds=300 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2011146 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2000929 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2003493 type=Limit tracking=src count=2 seconds=360 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500028 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500029 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500026 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500027 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500024 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500025 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500022 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500023 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500036 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2003497 type=Limit tracking=src count=3 seconds=300 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500037 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500034 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500035 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500032 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500033 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500030 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500031 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500044 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500045 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500042 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500043 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500040 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500041 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500038 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500039 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500052 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500053 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500050 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2008085 type=Limit tracking=src count=2 seconds=300 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500051 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500048 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500049 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500046 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500047 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2003585 type=Limit tracking=src count=3 seconds=300 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2003583 type=Limit tracking=src count=3 seconds=300 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500004 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500005 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500002 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500003 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500000 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500001 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500012 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500013 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500010 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500011 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500008 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500009 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500006 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500007 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500020 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500021 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500018 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500019 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500016 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500017 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500014 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500015 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2003566 type=Limit tracking=src count=3 seconds=300 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500060 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500061 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500058 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500059 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500056 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500057 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500054 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500055 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500068 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500069 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500066 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500067 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500064 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500065 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500062 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500063 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500076 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500077 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500074 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500075 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500072 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500073 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500070 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500071 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500078 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=1 sig-id=2500079 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: +-----------------------[suppression]------------------------------------------ Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=129 sig-id=20 tracking=none Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: | gen-id=129 sig-id=12 tracking=none Wed Aug 31 14:38:35 2016 kern.notice kernel: [ 75.553709] eth2: Link down Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: ------------------------------------------------------------------------------- Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: Rule application order: activation->dynamic->pass->drop->sdrop->reject->alert->log Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: Verifying Preprocessor Configurations! Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: WARNING: flowbits key 'ET.http.javaclient.vulnerable' is checked but not ever set. Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: WARNING: flowbits key 'ET.Evil' is set but not ever checked. Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: WARNING: flowbits key 'ET.http.binary' is checked but not ever set. Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: WARNING: flowbits key 'ET.http.javaclient' is checked but not ever set. Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: WARNING: flowbits key 'NuclearEK' is set but not ever checked. Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: WARNING: flowbits key 'et.MCOFF' is checked but not ever set. Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: WARNING: flowbits key 'et.http.PK' is checked but not ever set. Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: WARNING: flowbits key 'ET.http.rtf.download' is set but not ever checked. Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: WARNING: flowbits key 'EXE2' is set but not ever checked. Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: WARNING: flowbits key 'et.DocVBAProject' is set but not ever checked. Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: WARNING: flowbits key 'SunDown.EK' is set but not ever checked. Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: WARNING: flowbits key 'ET.JS.Obfus.Func' is checked but not ever set. Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: WARNING: flowbits key 'ET.ZoneAlarm.Site.Download' is checked but not ever set. Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: WARNING: flowbits key 'FlimKit.SWF.Redirect' is checked but not ever set. Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: WARNING: flowbits key 'ET.http.javaclient.SakuraPorts' is checked but not ever set. Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: WARNING: flowbits key 'ET.BotccIP' is set but not ever checked. Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: WARNING: flowbits key 'ET.QuickenUpdater' is checked but not ever set. Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: WARNING: flowbits key 'ET.Symantec.Site.Download' is checked but not ever set. Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: WARNING: flowbits key 'ET.wininet.UA' is checked but not ever set. Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: WARNING: flowbits key 'et.JavaArchiveOrClass' is checked but not ever set. Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: WARNING: flowbits key 'AnglerEK' is set but not ever checked. Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: WARNING: flowbits key 'ET.pdf.in.http' is checked but not ever set. Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: WARNING: flowbits key 'et.MS.XMLHTTP.ip.request' is checked but not ever set. Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: WARNING: flowbits key 'et.WinHttpRequest' is checked but not ever set. Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: WARNING: flowbits key 'ET.DshieldIP' is set but not ever checked. Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: WARNING: flowbits key 'et.MS.XMLHTTP.no.exe.request' is checked but not ever set. Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: WARNING: flowbits key 'ET.Adobe.Site.Download' is checked but not ever set. Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: WARNING: flowbits key 'ET.RIGEKExploit' is set but not ever checked. Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: WARNING: flowbits key 'et.MS.WinHttpRequest.no.exe.request' is checked but not ever set. Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: WARNING: flowbits key 'ETPRO.RTF' is set but not ever checked. Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: WARNING: flowbits key 'ET.CottonCastle.Exploit' is set but not ever checked. Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: WARNING: flowbits key 'ET.CompIP' is set but not ever checked. Wed Aug 31 14:38:35 2016 daemon.notice snort[3610]: 84 out of 1024 flowbits in use. Wed Aug 31 14:38:36 2016 daemon.notice netifd: Network device 'eth1' link is up Wed Aug 31 14:38:36 2016 daemon.notice netifd: Bridge 'br-lan' link is up Wed Aug 31 14:38:36 2016 daemon.notice netifd: Interface 'lan' has link connectivity Wed Aug 31 14:38:36 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity Wed Aug 31 14:38:36 2016 kern.notice kernel: [ 76.514004] eth1: 1000 Mbps Full duplex, port 1 Wed Aug 31 14:38:36 2016 kern.info kernel: [ 76.514041] br-lan: port 1(eth1) entered forwarding state Wed Aug 31 14:38:36 2016 kern.info kernel: [ 76.514075] br-lan: port 1(eth1) entered forwarding state Wed Aug 31 14:38:37 2016 daemon.notice netifd: Network device 'eth2' link is down Wed Aug 31 14:38:37 2016 daemon.notice netifd: Interface 'wan6' has link connectivity loss Wed Aug 31 14:38:37 2016 daemon.notice netifd: Interface 'wan6' is now down Wed Aug 31 14:38:37 2016 daemon.notice netifd: Interface 'wan6' is disabled Wed Aug 31 14:38:37 2016 daemon.notice netifd: Interface 'wan6' is enabled Wed Aug 31 14:38:37 2016 kern.info kernel: [ 77.517943] IPv6: ADDRCONF(NETDEV_UP): eth2: link is not ready Wed Aug 31 14:38:37 2016 daemon.emerg procd: /etc/rc.local: line 36: /etc/itus/detect_mode.sh: Permission denied Wed Aug 31 14:38:38 2016 kern.info kernel: [ 78.513909] br-lan: port 1(eth1) entered forwarding state Wed Aug 31 14:38:38 2016 daemon.notice vnstatd[4172]: vnStat daemon 1.12 started. (uid:0 gid:0) Wed Aug 31 14:38:38 2016 daemon.notice vnstatd[4172]: Monitoring: br-lan (100 Mbit) eth0 (100 Mbit) Wed Aug 31 14:38:38 2016 daemon.emerg procd: Stopping strongSwan IPsec failed: starter is not running Wed Aug 31 14:38:39 2016 daemon.notice netifd: Network device 'eth2' link is up Wed Aug 31 14:38:39 2016 daemon.notice netifd: Interface 'wan6' has link connectivity Wed Aug 31 14:38:39 2016 daemon.notice netifd: Interface 'wan6' is setting up now Wed Aug 31 14:38:39 2016 kern.notice kernel: [ 79.533998] eth2: 1000 Mbps Full duplex, port 2 Wed Aug 31 14:38:39 2016 kern.info kernel: [ 79.534025] IPv6: ADDRCONF(NETDEV_CHANGE): eth2: link becomes ready Wed Aug 31 14:38:39 2016 daemon.notice netifd: Interface 'wan6' is now up Wed Aug 31 14:38:39 2016 user.notice firewall: Reloading firewall due to ifup of wan6 (eth2) Wed Aug 31 14:38:40 2016 daemon.emerg procd: 192.168.1.112 this is the blocked domains ip Wed Aug 31 14:38:40 2016 daemon.emerg procd: 192.168.1.112 this is the blacklist ip Wed Aug 31 14:38:40 2016 daemon.crit dnsmasq[4301]: error at line 11481 of /etc/ITUS_DNS.txt Wed Aug 31 14:38:40 2016 daemon.crit dnsmasq[4301]: FAILED to start up Wed Aug 31 14:38:40 2016 daemon.emerg procd: copying new sorted rules....this may take a minute. Wed Aug 31 14:38:41 2016 daemon.emerg procd: sed: unsupported command / Wed Aug 31 14:38:42 2016 daemon.crit dnsmasq[4379]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf Wed Aug 31 14:38:42 2016 daemon.crit dnsmasq[4379]: FAILED to start up Wed Aug 31 14:38:44 2016 daemon.notice netifd: Interface 'blockdomain' is now down Wed Aug 31 14:38:44 2016 daemon.notice netifd: Interface 'blockdomain' is setting up now Wed Aug 31 14:38:44 2016 daemon.notice netifd: Interface 'blockdomain' is now up Wed Aug 31 14:38:46 2016 daemon.crit dnsmasq[4696]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf Wed Aug 31 14:38:46 2016 daemon.crit dnsmasq[4696]: FAILED to start up Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: [ Port Based Pattern Matching Memory ] Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: +- [ Aho-Corasick Summary ] ------------------------------------- Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: | Storage Format : Full Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: | Finite Automaton : DFA Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: | Alphabet Size : 256 Chars Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: | Sizeof State : Variable (1,2,4 bytes) Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: | Instances : 89 Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: | 1 byte states : 79 Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: | 2 byte states : 10 Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: | 4 byte states : 0 Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: | Characters : 56713 Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: | States : 37977 Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: | Transitions : 2049839 Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: | State Density : 21.1% Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: | Patterns : 4096 Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: | Match States : 4183 Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: | Memory (MB) : 20.16 Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: | Patterns : 0.42 Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: | Match Lists : 1.10 Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: | DFA Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: | 1 byte states : 0.55 Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: | 2 byte states : 17.89 Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: | 4 byte states : 0.00 Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: +---------------------------------------------------------------- Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: [ Number of patterns truncated to 20 bytes: 921 ] Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: afpacket DAQ configured to inline. Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: Acquiring network traffic from "eth0:eth2". Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: Initializing daemon mode Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: Daemon initialized, signaled parent pid: 1 Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: Reload thread starting... Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: Reload thread started, thread 0xffeaf2f210 (4736) Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: Checking PID path... Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: PID path stat checked out ok, PID path set to /var/snort/ Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: Writing PID "3610" to file "/var/snort//snort_eth0:eth2.pid" Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: --== Initialization Complete ==-- Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: ,,_ -*> Snort! <*- Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: o" )~ Version 2.9.7.2 GRE (Build 177) Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: '''' By Martin Roesch & The Snort Team: http://www.snort.org/contact#team Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: Copyright (C) 2014 Cisco and/or its affiliates. All rights reserved. Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: Copyright (C) 1998-2013 Sourcefire, Inc., et al. Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: Using libpcap version 1.5.3 Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: Using PCRE version: 8.36 2014-09-26 Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: Using ZLIB version: 1.2.8 Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: Rules Engine: SF_SNORT_DETECTION_ENGINE Version 2.4 Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: Preprocessor Object: SF_DCERPC2 Version 1.0 Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: Preprocessor Object: SF_SSH Version 1.1 Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: Preprocessor Object: SF_DNS Version 1.1 Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: Preprocessor Object: SF_FTPTELNET Version 1.2 Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: Preprocessor Object: SF_SSLPP Version 1.1 Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: Commencing packet processing (pid=3610) Wed Aug 31 14:38:47 2016 daemon.notice snort[3610]: Decoding Ethernet Wed Aug 31 14:38:47 2016 user.notice update_webfilter: updated dnsmasq blacklist Wed Aug 31 14:38:47 2016 user.notice update_webfilter: updated network.interface.blockdomain: 192.168.1.112 Wed Aug 31 14:38:47 2016 user.notice update_webfilter: updated firewall.@redirect[0].Itusfilter: 192.168.1.112 Wed Aug 31 14:38:47 2016 user.notice update_webfilter: updated firewall.@redirect[1]dns-traffic-to-shield: 192.168.1.112 Wed Aug 31 14:38:47 2016 user.notice update_webfilter: updated uhttpd.Itusfilter Wed Aug 31 14:38:47 2016 daemon.crit dnsmasq[4747]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf Wed Aug 31 14:38:47 2016 daemon.crit dnsmasq[4747]: FAILED to start up Wed Aug 31 14:38:53 2016 daemon.crit dnsmasq[4758]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf Wed Aug 31 14:38:53 2016 daemon.crit dnsmasq[4758]: FAILED to start up Wed Aug 31 14:38:58 2016 daemon.crit dnsmasq[4769]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf Wed Aug 31 14:38:58 2016 daemon.crit dnsmasq[4769]: FAILED to start up Wed Aug 31 14:38:59 2016 kern.notice kernel: [ 99.583757] eth0: Link down Wed Aug 31 14:39:00 2016 daemon.notice netifd: Network device 'eth0' link is down Wed Aug 31 14:39:00 2016 daemon.notice netifd: Interface 'wan' has link connectivity loss Wed Aug 31 14:39:00 2016 daemon.notice netifd: Interface 'wan' is now down Wed Aug 31 14:39:00 2016 daemon.notice snort[3610]: Can't acquire (-1) - afpacket_daq_acquire: Encountered error condition on a packet socket! Wed Aug 31 14:39:00 2016 daemon.notice netifd: Interface 'wan' is disabled Wed Aug 31 14:39:00 2016 daemon.notice netifd: Interface 'wan' is enabled Wed Aug 31 14:39:00 2016 kern.info kernel: [ 100.580267] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: =============================================================================== Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Memory usage summary: Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Total non-mmapped bytes (arena): 76834848 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Bytes in mapped regions (hblkhd): 14483456 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Total allocated space (uordblks): 56570496 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Total free space (fordblks): 20264352 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Topmost releasable block (keepcost): 165056 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: =============================================================================== Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Packet I/O Totals: Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Received: 807 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Analyzed: 807 (100.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Dropped: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Filtered: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Outstanding: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Injected: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: =============================================================================== Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Breakdown by protocol (includes rebuilt packets): Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Eth: 822 (100.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: VLAN: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: IP4: 445 ( 54.136%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Frag: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: ICMP: 4 ( 0.487%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: UDP: 65 ( 7.908%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: TCP: 376 ( 45.742%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: IP6: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: IP6 Ext: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: IP6 Opts: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Frag6: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: ICMP6: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: UDP6: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: TCP6: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Teredo: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: ICMP-IP: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: IP4/IP4: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: IP4/IP6: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: IP6/IP4: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: IP6/IP6: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: GRE: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: GRE Eth: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: GRE VLAN: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: GRE IP4: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: GRE IP6: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: GRE IP6 Ext: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: GRE PPTP: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: GRE ARP: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: GRE IPX: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: GRE Loop: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: MPLS: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: ARP: 377 ( 45.864%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: IPX: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Eth Loop: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Eth Disc: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: IP4 Disc: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: IP6 Disc: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: TCP Disc: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: UDP Disc: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: ICMP Disc: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: All Discard: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Other: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Bad Chk Sum: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Bad TTL: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: S5 G 1: 13 ( 1.582%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: S5 G 2: 2 ( 0.243%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Total: 822 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: =============================================================================== Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Action Stats: Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Alerts: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Logged: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Passed: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Limits: Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Match: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Queue: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Log: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Event: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Alert: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Verdicts: Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Allow: 591 ( 73.234%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Block: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Replace: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Whitelist: 216 ( 26.766%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Blacklist: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Ignore: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Retry: 0 ( 0.000%) Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: =============================================================================== Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Normalizer statistics: Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: ip4::trim: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Would ip4::trim: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: ip4::tos: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Would ip4::tos: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: ip4::df: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Would ip4::df: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: ip4::rf: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Would ip4::rf: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: ip4::ttl: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Would ip4::ttl: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: ip4::opts: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Would ip4::opts: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: icmp4::echo: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Would icmp4::echo: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: ip6::ttl: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Would ip6::ttl: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: ip6::opts: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Would ip6::opts: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: icmp6::echo: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Would icmp6::echo: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: tcp::syn_opt: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Would tcp::syn_opt: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: tcp::opt: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Would tcp::opt: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: tcp::pad: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Would tcp::pad: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: tcp::rsv: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Would tcp::rsv: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: tcp::ns: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Would tcp::ns: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: tcp::urp: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Would tcp::urp: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: tcp::ecn_pkt: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Would tcp::ecn_pkt: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: tcp::ts_ecr: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Would tcp::ts_ecr: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: tcp::req_urg: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Would tcp::req_urg: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: tcp::req_pay: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Would tcp::req_pay: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: tcp::req_urp: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Would tcp::req_urp: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: tcp::ecn_ssn: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Would tcp::ecn_ssn: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: tcp::ts_nop: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Would tcp::ts_nop: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: tcp::ips_data: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Would tcp::ips_data: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: tcp::block: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Would tcp::block: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: tcp::trim_syn: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Would tcp::trim_syn: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: tcp::trim_rst: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Would tcp::trim_rst: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: tcp::trim_win: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Would tcp::trim_win: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: tcp::trim_mss: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Would tcp::trim_mss: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: =============================================================================== Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Frag3 statistics: Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Total Fragments: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Frags Reassembled: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Discards: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Memory Faults: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Timeouts: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Overlaps: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Anomalies: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Alerts: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Drops: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: FragTrackers Added: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: FragTrackers Dumped: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: FragTrackers Auto Freed: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Frag Nodes Inserted: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Frag Nodes Deleted: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: =============================================================================== Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: =============================================================================== Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Stream statistics: Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Total sessions: 43 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: TCP sessions: 30 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: UDP sessions: 13 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: ICMP sessions: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: IP sessions: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: TCP Prunes: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: UDP Prunes: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: ICMP Prunes: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: IP Prunes: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: TCP StreamTrackers Created: 30 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: TCP StreamTrackers Deleted: 30 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: TCP Timeouts: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: TCP Overlaps: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: TCP Segments Queued: 73 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: TCP Segments Released: 73 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: TCP Rebuilt Packets: 54 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: TCP Segments Used: 45 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: TCP Discards: 2 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: TCP Gaps: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: UDP Sessions Created: 13 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: UDP Sessions Deleted: 13 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: UDP Timeouts: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: UDP Discards: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Events: 2 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Internal Events: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: TCP Port Filter Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Filtered: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Inspected: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Tracked: 361 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: UDP Port Filter Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Filtered: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Inspected: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Tracked: 13 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: =============================================================================== Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: HTTP Inspect - encodings (Note: stream-reassembled packets included): Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: POST methods: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: GET methods: 3 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: HTTP Request Headers extracted: 3 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: HTTP Request Cookies extracted: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Post parameters extracted: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: HTTP response Headers extracted: 3 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: HTTP Response Cookies extracted: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Unicode: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Double unicode: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Non-ASCII representable: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Directory traversals: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Extra slashes ("//"): 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Self-referencing paths ("./"): 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: HTTP Response Gzip packets extracted: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Gzip Compressed Data Processed: n/a Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Gzip Decompressed Data Processed: n/a Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Total packets processed: 14 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: =============================================================================== Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: SSL Preprocessor: Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: SSL packets decoded: 113 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Client Hello: 16 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Server Hello: 16 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Certificate: 6 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Server Done: 35 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Client Key Exchange: 6 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Server Key Exchange: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Change Cipher: 29 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Finished: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Client Application: 11 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Server Application: 12 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Alert: 30 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Unrecognized records: 22 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Completed handshakes: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Bad handshakes: 0 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Sessions ignored: 11 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Detection disabled: 1 Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: =============================================================================== Wed Aug 31 14:39:01 2016 kern.notice kernel: [ 101.533693] eth1: Link down Wed Aug 31 14:39:01 2016 daemon.notice snort[3610]: Snort exiting Wed Aug 31 14:39:02 2016 daemon.notice netifd: Network device 'eth1' link is down Wed Aug 31 14:39:02 2016 kern.info kernel: [ 102.524101] br-lan: port 1(eth1) entered disabled state Wed Aug 31 14:39:02 2016 daemon.notice netifd: Network device 'eth0' link is up Wed Aug 31 14:39:02 2016 daemon.notice netifd: Interface 'wan' has link connectivity Wed Aug 31 14:39:02 2016 daemon.notice netifd: Interface 'wan' is setting up now Wed Aug 31 14:39:02 2016 kern.notice kernel: [ 102.594140] eth0: 1000 Mbps Full duplex, port 0 Wed Aug 31 14:39:02 2016 kern.info kernel: [ 102.594159] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready Wed Aug 31 14:39:02 2016 daemon.notice netifd: Interface 'wan' is now up Wed Aug 31 14:39:02 2016 user.notice firewall: Reloading firewall due to ifup of wan (eth0) Wed Aug 31 14:39:03 2016 daemon.notice netifd: Bridge 'br-lan' link is down Wed Aug 31 14:39:03 2016 daemon.notice netifd: Interface 'lan' has link connectivity loss Wed Aug 31 14:39:03 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity loss Wed Aug 31 14:39:03 2016 kern.notice kernel: [ 103.573735] eth2: Link down Wed Aug 31 14:39:03 2016 daemon.crit dnsmasq[4899]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf Wed Aug 31 14:39:03 2016 daemon.crit dnsmasq[4899]: FAILED to start up Wed Aug 31 14:39:04 2016 daemon.notice netifd: Network device 'eth2' link is down Wed Aug 31 14:39:04 2016 daemon.notice netifd: Interface 'wan6' has link connectivity loss Wed Aug 31 14:39:04 2016 daemon.notice netifd: Interface 'wan6' is now down Wed Aug 31 14:39:04 2016 daemon.notice netifd: Interface 'wan6' is disabled Wed Aug 31 14:39:04 2016 daemon.notice netifd: Interface 'wan6' is enabled Wed Aug 31 14:39:04 2016 kern.info kernel: [ 104.567985] IPv6: ADDRCONF(NETDEV_UP): eth2: link is not ready Wed Aug 31 14:39:05 2016 daemon.notice netifd: Network device 'eth1' link is up Wed Aug 31 14:39:05 2016 daemon.notice netifd: Bridge 'br-lan' link is up Wed Aug 31 14:39:05 2016 daemon.notice netifd: Interface 'lan' has link connectivity Wed Aug 31 14:39:05 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity Wed Aug 31 14:39:05 2016 kern.notice kernel: [ 105.544015] eth1: 1000 Mbps Full duplex, port 1 Wed Aug 31 14:39:05 2016 kern.info kernel: [ 105.544050] br-lan: port 1(eth1) entered forwarding state Wed Aug 31 14:39:05 2016 kern.info kernel: [ 105.544074] br-lan: port 1(eth1) entered forwarding state Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Enabling inline operation Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Found pid path directive (/var/snort/) Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Running in IDS mode Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: --== Initializing Snort ==-- Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Initializing Output Plugins! Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Initializing Preprocessors! Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Initializing Plug-ins! Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Parsing Rules file "/etc/snort/snort_bridge.conf" Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: PortVar 'HTTP_PORTS' defined : Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: [ 36 80:90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 33300 34412 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: PortVar 'SHELLCODE_PORTS' defined : Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: [ 1:65535 ] Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: PortVar 'ORACLE_PORTS' defined : Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: [ 1024:65535 ] Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: PortVar 'SSH_PORTS' defined : Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: [ 22 ] Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: PortVar 'FTP_PORTS' defined : Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: [ 21 2100 3535 ] Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: PortVar 'SIP_PORTS' defined : Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: [ 5060:5061 5600 ] Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: PortVar 'FILE_DATA_PORTS' defined : Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: [ 36 80:90 110 143 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 3330Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: PortVar 'GTP_PORTS' defined : Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: [ 2123 2152 3386 ] Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Detection: Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Search-Method = AC-Full Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Split Any/Any group = enabled Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Search-Method-Optimizations = enabled Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Maximum pattern length = 20 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Found pid path directive (/var/snort/) Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Tagged Packet Limit: 256 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so... Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: done Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/... Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: done Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so... Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: done Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so... Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: done Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so... Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: done Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so... Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: done Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/ Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Log directory = /tmp/snort/ Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Normalizer config: Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: ip4: on Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: ip4::df: off Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: ip4::rf: off Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: ip4::tos: off Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: ip4::trim: off Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: ip4::ttl: on (min=1, new=5) Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Normalizer config: Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: tcp: on Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: tcp::ecn: stream Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: tcp::block: off Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: tcp::rsv: off Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: tcp::pad: off Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: tcp::req_urg: off Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: tcp::req_pay: off Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: tcp::req_urp: off Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: tcp::urp: off Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: tcp::opt: off Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: tcp::ips: on Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: tcp::trim_syn: off Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: tcp::trim_rst: off Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: tcp::trim_win: off Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: tcp::trim_mss: off Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Normalizer config: Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: icmp4: on Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Normalizer config: Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: ip6: on Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: ip6::hops: on (min=1, new=5) Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Normalizer config: Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: icmp6: on Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Frag3 global config: Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Max frags: 65536 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Fragment memory cap: 4194304 bytes Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Frag3 engine config: Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Bound Address: default Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Target-based policy: WINDOWS Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Fragment timeout: 180 seconds Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Fragment min_ttl: 1 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Fragment Anomalies: Alert Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Overlap Limit: 10 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Min fragment Length: 100 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Max Expected Streams: 39 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Stream global config: Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Track TCP sessions: ACTIVE Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Max TCP sessions: 10000 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: TCP cache pruning timeout: 30 seconds Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: TCP cache nominal timeout: 3600 seconds Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Memcap (for reassembly packet storage): 8388608 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Track UDP sessions: ACTIVE Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Max UDP sessions: 10000 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: UDP cache pruning timeout: 30 seconds Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: UDP cache nominal timeout: 180 seconds Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Track ICMP sessions: ACTIVE Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Max ICMP sessions: 65536 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Track IP sessions: INACTIVE Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Log info if session memory consumption exceeds 2097152 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Send up to 2 active responses Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Wait at least 5 seconds between responses Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Protocol Aware Flushing: ACTIVE Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Maximum Flush Point: 16000 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Stream TCP Policy config: Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Bound Address: default Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Reassembly Policy: WINDOWS Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Timeout: 180 seconds Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Limit on TCP Overlaps: 10 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Maximum number of bytes to queue per session: 3137628 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Maximum number of segs to queue per session: 2621 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Options: Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Require 3-Way Handshake: YES Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: 3-Way Handshake Timeout: 180 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Detect Anomalies: YES Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Reassembly Ports: Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: 21 client (Footprint-IPS) Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: 22 client (Footprint-IPS) Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: 23 client (Footprint-IPS) Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: 25 client (Footprint-IPS) Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: 36 client (Footprint-IPS) server (Footprint-IPS) Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: 42 client (Footprint-IPS) Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: 53 client (Footprint-IPS) Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: 70 client (Footprint-IPS) Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: 79 client (Footprint-IPS) Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: 80 client (Footprint-IPS) server (Footprint-IPS) Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: 81 client (Footprint-IPS) server (Footprint-IPS) Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: 82 client (Footprint-IPS) server (Footprint-IPS) Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: 83 client (Footprint-IPS) server (Footprint-IPS) Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: 84 client (Footprint-IPS) server (Footprint-IPS) Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: 85 client (Footprint-IPS) server (Footprint-IPS) Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: 86 client (Footprint-IPS) server (Footprint-IPS) Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: 87 client (Footprint-IPS) server (Footprint-IPS) Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: 88 client (Footprint-IPS) server (Footprint-IPS) Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: 89 client (Footprint-IPS) server (Footprint-IPS) Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: 90 client (Footprint-IPS) server (Footprint-IPS) Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: additional ports configured but not printed. Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Stream UDP Policy config: Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Timeout: 180 seconds Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: HttpInspect Config: Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: GLOBAL CONFIG Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Detect Proxy Usage: NO Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: IIS Unicode Map Filename: /etc/snort/unicode.map Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: IIS Unicode Map Codepage: 1252 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Memcap used for logging URI and Hostname: 150994944 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Max Gzip Memory: 838860 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Max Gzip Sessions: 1807 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Gzip Compress Depth: 65535 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Gzip Decompress Depth: 65535 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: DEFAULT SERVER CONFIG: Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Server profile: All Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Ports (PAF): 36 80 81 82 83 84 85 86 87 88 89 90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000 7001 7071 7144 7145 7510 7770 7777 7778 7779 8000 8008 8014 8028 8080 8081 8082 8085 8088 8090 8118 8123 8180 8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090 9091 9111 9290 9443 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Server Flow Depth: 0 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Client Flow Depth: 0 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Max Chunk Length: 500000 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Small Chunk Length Evasion: chunk size <= 10, threshold >= 5 times Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Max Header Field Length: 750 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Max Number Header Fields: 100 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Max Number of WhiteSpaces allowed with header folding: 200 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Inspect Pipeline Requests: YES Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: URI Discovery Strict Mode: NO Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Allow Proxy Usage: NO Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Disable Alerting: NO Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Oversize Dir Length: 500 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Only inspect URI: NO Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Normalize HTTP Headers: NO Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Inspect HTTP Cookies: YES Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Inspect HTTP Responses: YES Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Extract Gzip from responses: YES Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Decompress response files: Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Unlimited decompression of gzip data from responses: YES Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Normalize Javascripts in HTTP Responses: YES Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Max Number of WhiteSpaces allowed with Javascript Obfuscation in HTTP responses: 200 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Normalize HTTP Cookies: NO Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Enable XFF and True Client IP: NO Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Log HTTP URI data: NO Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Log HTTP Hostname data: NO Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Extended ASCII code support in URI: NO Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Ascii: YES alert: NO Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Double Decoding: YES alert: NO Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: %U Encoding: YES alert: YES Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Bare Byte: YES alert: NO Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: UTF 8: YES alert: NO Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: IIS Unicode: YES alert: NO Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Multiple Slash: YES alert: NO Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: IIS Backslash: YES alert: NO Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Directory Traversal: YES alert: NO Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Web Root Traversal: YES alert: NO Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Apache WhiteSpace: YES alert: NO Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: IIS Delimiter: YES alert: NO Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Whitespace Characters: 0x09 0x0b 0x0c 0x0d Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: rpc_decode arguments: Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: alert_fragments: INACTIVE Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: alert_large_fragments: INACTIVE Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: alert_incomplete: INACTIVE Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: alert_multiple_requests: INACTIVE Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: FTPTelnet Config: Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: GLOBAL CONFIG Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Inspection Type: stateful Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Check for Encrypted Traffic: YES alert: NO Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Continue to check encrypted data: YES Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: TELNET CONFIG: Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Ports: 23 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Are You There Threshold: 20 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Normalize: YES Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Detect Anomalies: YES Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: FTP CONFIG: Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: FTP Server: default Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Ports (PAF): 21 2100 3535 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Check for Telnet Cmds: YES alert: YES Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Ignore Telnet Cmd Operations: YES alert: YES Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Ignore open data channels: NO Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: FTP Client: default Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Check for Bounce Attacks: YES alert: YES Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Check for Telnet Cmds: YES alert: YES Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Ignore Telnet Cmd Operations: YES alert: YES Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Max Response Length: 256 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: SSH config: Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Autodetection: ENABLED Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Challenge-Response Overflow Alert: ENABLED Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: SSH1 CRC32 Alert: ENABLED Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Server Version String Overflow Alert: ENABLED Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Protocol Mismatch Alert: ENABLED Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Bad Message Direction Alert: DISABLED Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Bad Payload Size Alert: DISABLED Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Unrecognized Version Alert: DISABLED Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Max Encrypted Packets: 20 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Max Server Version String Length: 100 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: MaxClientBytes: 19600 (Default) Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Ports: Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: 22 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: DNS config: Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: DNS Client rdata txt Overflow Alert: ACTIVE Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Obsolete DNS RR Types Alert: INACTIVE Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Experimental DNS RR Types Alert: INACTIVE Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Ports: Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: 53 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: SSLPP config: Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Encrypted packets: not inspected Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Ports: Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: 443 465 563 636 989 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: 992 993 994 995 7801 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: 7802 7900 7901 7902 7903 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: 7904 7905 7906 7907 7908 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: 7909 7910 7911 7912 7913 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: 7914 7915 7916 7917 7918 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: 7919 7920 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Server side data is trusted Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Maximum SSL Heartbeat length: 0 Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: +++++++++++++++++++++++++++++++++++++++++++++++++++ Wed Aug 31 14:39:06 2016 daemon.notice snort[4981]: Initializing rule chains... Wed Aug 31 14:39:07 2016 daemon.notice snort[4981]: WARNING: /etc/snort/rules/snort.rules(1174) threshold (in rule) is deprecated; use detection_filter instead. Wed Aug 31 14:39:07 2016 kern.info kernel: [ 107.543927] br-lan: port 1(eth1) entered forwarding state Wed Aug 31 14:39:07 2016 daemon.notice netifd: Network device 'eth2' link is up Wed Aug 31 14:39:07 2016 daemon.notice netifd: Interface 'wan6' has link connectivity Wed Aug 31 14:39:07 2016 daemon.notice netifd: Interface 'wan6' is setting up now Wed Aug 31 14:39:07 2016 kern.notice kernel: [ 107.584080] eth2: 1000 Mbps Full duplex, port 2 Wed Aug 31 14:39:07 2016 kern.info kernel: [ 107.584114] IPv6: ADDRCONF(NETDEV_CHANGE): eth2: link becomes ready Wed Aug 31 14:39:07 2016 daemon.notice netifd: Interface 'wan6' is now up Wed Aug 31 14:39:07 2016 user.notice firewall: Reloading firewall due to ifup of wan6 (eth2) Wed Aug 31 14:39:09 2016 daemon.crit dnsmasq[5076]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf Wed Aug 31 14:39:09 2016 daemon.crit dnsmasq[5076]: FAILED to start up Wed Aug 31 14:39:09 2016 daemon.info procd: Instance dnsmasq::instance1 s in a crash loop 6 crashes, 0 seconds since last crash Wed Aug 31 14:39:09 2016 daemon.err uhttpd[4624]: cut: standard output: Broken pipe Wed Aug 31 14:39:12 2016 daemon.notice snort[4981]: 4821 Snort rules read Wed Aug 31 14:39:12 2016 daemon.notice snort[4981]: 4821 detection rules Wed Aug 31 14:39:12 2016 daemon.notice snort[4981]: 0 decoder rules Wed Aug 31 14:39:12 2016 daemon.notice snort[4981]: 0 preprocessor rules Wed Aug 31 14:39:12 2016 daemon.notice snort[4981]: 4821 Option Chains linked into 901 Chain Headers Wed Aug 31 14:39:12 2016 daemon.notice snort[4981]: 0 Dynamic rules Wed Aug 31 14:39:12 2016 daemon.notice snort[4981]: +++++++++++++++++++++++++++++++++++++++++++++++++++ Wed Aug 31 14:39:12 2016 daemon.notice snort[4981]: Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: +-------------------[Rule Port Counts]--------------------------------------- Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | tcp udp icmp ip Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | src 1407 8 0 0 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | dst 2371 120 0 0 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | any 555 360 0 0 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | nc 403 354 0 0 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | s+d 28 0 0 0 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: +---------------------------------------------------------------------------- Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: +-----------------------[detection-filter-config]------------------------------ Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | memory-cap : 1048576 bytes Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: +-----------------------[detection-filter-rules]------------------------------- Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: ------------------------------------------------------------------------------- Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: +-----------------------[rate-filter-config]----------------------------------- Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | memory-cap : 1048576 bytes Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: +-----------------------[rate-filter-rules]------------------------------------ Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | none Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: ------------------------------------------------------------------------------- Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: +-----------------------[event-filter-config]---------------------------------- Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | memory-cap : 1048576 bytes Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: +-----------------------[event-filter-global]---------------------------------- Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | none Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: +-----------------------[event-filter-local]----------------------------------- Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2003583 type=Limit tracking=src count=3 seconds=300 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2003585 type=Limit tracking=src count=3 seconds=300 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2003566 type=Limit tracking=src count=3 seconds=300 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2003493 type=Limit tracking=src count=2 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2003497 type=Limit tracking=src count=3 seconds=300 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2001564 type=Limit tracking=src count=5 seconds=300 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2001562 type=Limit tracking=src count=2 seconds=300 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404097 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404096 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404099 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404098 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405026 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405025 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405024 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405023 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405022 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405021 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405020 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405019 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405034 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405033 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405032 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405031 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405030 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405029 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404006 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404005 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405028 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405027 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404004 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404003 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405042 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405041 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404002 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404001 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405040 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404000 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405039 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405038 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404014 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405037 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404013 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405036 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405035 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404012 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404011 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404010 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404009 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405048 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404008 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405047 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404007 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405046 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405045 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405044 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405043 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405002 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405001 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405000 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405010 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405009 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405008 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405007 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405006 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405005 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405004 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405003 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405018 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405017 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405016 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405015 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405014 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405013 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405012 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2405011 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404086 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404085 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404084 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404083 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404082 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404081 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404080 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404079 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404094 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404093 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404092 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404091 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404090 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404089 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404088 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404087 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404095 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404054 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404053 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404052 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404051 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404050 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404049 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404048 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404047 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404062 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404061 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404060 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404059 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404058 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404057 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404056 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404055 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404070 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404069 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404068 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404067 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404066 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404065 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404064 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404063 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404078 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404077 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404076 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404075 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404074 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404073 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404072 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404071 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404022 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404021 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404020 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2402001 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404019 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2402000 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404018 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2021444 type=Both tracking=src count=10 seconds=120 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404017 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2021443 type=Both tracking=src count=10 seconds=120 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404016 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404015 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404030 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404029 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404028 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404027 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404026 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404025 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404024 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404023 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404038 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404037 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404036 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404035 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404034 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404033 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404032 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404031 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404046 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404045 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404044 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404043 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404042 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404041 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404040 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404039 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2021410 type=Both tracking=src count=10 seconds=120 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2021409 type=Both tracking=src count=10 seconds=120 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2021575 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2021574 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2021573 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2021572 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2022618 type=Limit tracking=src count=1 seconds=30 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2022617 type=Limit tracking=src count=1 seconds=30 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2022616 type=Limit tracking=src count=1 seconds=30 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2022615 type=Limit tracking=src count=1 seconds=30 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2018433 type=Limit tracking=src count=1 seconds=300 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2018432 type=Limit tracking=src count=1 seconds=300 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2018431 type=Limit tracking=src count=1 seconds=300 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2008085 type=Limit tracking=src count=2 seconds=300 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2018430 type=Limit tracking=src count=1 seconds=300 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2018374 type=Limit tracking=src count=1 seconds=120 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2018373 type=Limit tracking=src count=1 seconds=120 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2018372 type=Limit tracking=src count=1 seconds=120 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2018382 type=Limit tracking=dst count=1 seconds=120 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2018378 type=Limit tracking=src count=1 seconds=120 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2018377 type=Limit tracking=src count=1 seconds=120 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2018389 type=Limit tracking=src count=1 seconds=120 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2018388 type=Limit tracking=src count=1 seconds=120 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2018383 type=Limit tracking=src count=1 seconds=120 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2019418 type=Both tracking=src count=50 seconds=300 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2011146 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2001858 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2001855 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2001864 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2001872 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404404 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404403 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404402 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404401 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404400 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404185 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404184 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404183 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404182 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404181 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404180 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404179 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404178 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404193 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404192 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404191 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404190 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404189 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404188 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404187 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404186 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404201 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404200 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404195 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404194 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404207 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404206 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404205 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404204 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404203 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404202 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404153 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404152 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404151 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404150 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404161 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404160 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404159 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404158 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404157 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404156 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404155 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404154 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404169 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404168 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404167 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404166 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404165 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404164 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404163 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404162 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404177 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404176 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404175 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404174 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404173 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404172 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404171 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404170 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2403309 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2403308 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2403307 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404345 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2403306 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2403305 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404344 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404343 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2403304 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2403303 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404342 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404341 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2403302 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2403317 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404340 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404339 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2403316 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2403315 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404338 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2403314 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2403313 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2403312 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2403311 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404349 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2403310 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404348 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404347 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2403323 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404346 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2403322 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2403321 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2403320 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2403319 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2403318 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404313 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404312 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404311 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404310 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404309 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404308 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404307 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404306 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404321 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404320 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404319 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404318 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404317 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404316 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404315 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404314 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404329 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404328 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404327 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404326 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404325 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2403301 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404324 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404323 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2403300 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404322 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404337 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404336 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404335 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404334 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404333 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404332 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404331 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404330 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2018569 type=Limit tracking=src count=1 seconds=120 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2018568 type=Limit tracking=src count=1 seconds=120 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404305 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404304 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404303 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404302 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404301 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404300 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2021691 type=Limit tracking=src count=3 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2020661 type=Limit tracking=dst count=1 seconds=1200 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2019778 type=Both tracking=dst count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2022775 type=Limit tracking=dst count=1 seconds=300 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2020712 type=Limit tracking=src count=2 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2000929 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2000049 type=Limit tracking=dst count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2000048 type=Limit tracking=dst count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2000031 type=Limit tracking=dst count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404639 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404638 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404637 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404636 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404635 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404634 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404633 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404632 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404647 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404646 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404645 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404644 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404643 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404642 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404641 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404640 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404655 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404654 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404653 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404652 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404651 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404650 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404649 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404648 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404663 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404662 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404661 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404660 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404659 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404658 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404657 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404656 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404615 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404614 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404613 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404612 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404611 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404610 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404609 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404608 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404623 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404622 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404621 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404620 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404619 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404618 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404617 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404616 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404631 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404630 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404629 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404628 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404627 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404626 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404625 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404624 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404508 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404507 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404506 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404505 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404504 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404503 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404502 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404501 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404516 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404515 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404514 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404513 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404512 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404511 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404510 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404509 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404524 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404523 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404522 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404521 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404520 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404519 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404518 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404517 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404532 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404531 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404530 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404529 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404528 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404527 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404526 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404525 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404476 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404475 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404474 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404473 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404472 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404471 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404470 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404469 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404484 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404483 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404482 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404481 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404480 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404479 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404478 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404477 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404492 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404491 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404490 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404489 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404488 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404487 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404486 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404485 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404500 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404499 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404498 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404497 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404496 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404495 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404494 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404493 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404444 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404443 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404442 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404441 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404440 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404439 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404438 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404437 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404452 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404451 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404450 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404449 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404448 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404447 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404446 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404445 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404460 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404459 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404458 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404457 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404456 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404455 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404454 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404453 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404468 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404467 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404466 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404465 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404464 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404463 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404462 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404461 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404412 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404411 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404410 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404409 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404408 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404407 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404406 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404405 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404420 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404419 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404418 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404417 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404416 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404415 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404414 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404413 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404428 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404427 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404426 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404425 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404424 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404423 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404422 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404421 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404436 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404435 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404434 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404433 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404432 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404431 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404430 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404429 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404604 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404603 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404602 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404601 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404600 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404599 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404598 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404597 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404607 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404606 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404605 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404572 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404571 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404570 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404569 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404568 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404567 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404566 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404565 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404580 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404579 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404578 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404577 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404576 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404575 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404574 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404573 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404588 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404587 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404586 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404585 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404584 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404583 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404582 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404581 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404596 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404595 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404594 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404593 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404592 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404591 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404590 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404589 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404540 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404539 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404538 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404537 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404536 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404535 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404534 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404533 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404548 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404547 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404546 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404545 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404544 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404543 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404542 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404541 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404556 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404555 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404554 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404553 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2019897 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404552 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404551 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404550 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404549 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404564 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404563 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404562 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404561 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404560 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404559 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404558 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404557 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2023066 type=Limit tracking=src count=1 seconds=30 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2023065 type=Limit tracking=src count=1 seconds=30 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2023092 type=Limit tracking=src count=1 seconds=30 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2021018 type=Both tracking=dst count=10 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2019922 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2019950 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2003281 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2003280 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2003279 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2003278 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2003261 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2003260 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2003259 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2003258 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2003257 type=Both tracking=src count=2 seconds=900 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2003256 type=Both tracking=src count=2 seconds=900 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2003255 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2003254 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2003269 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2003268 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2003267 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2003266 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2003263 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2003262 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2003277 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2003276 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2003275 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2003274 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2003273 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2003272 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2003271 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2003270 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2002402 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2002400 type=Limit tracking=src count=2 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2001316 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2001315 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2003387 type=Limit tracking=src count=5 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2003384 type=Limit tracking=src count=1 seconds=300 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2003397 type=Both tracking=src count=1 seconds=300 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2008549 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404767 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404766 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404765 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404764 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404763 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404762 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404761 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404760 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404775 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404774 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404773 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404772 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404771 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404770 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404769 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404768 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404783 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404782 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404781 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404780 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404779 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404778 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404777 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404776 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404791 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404790 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404789 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404788 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404787 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404786 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404785 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404784 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404735 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404734 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404733 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404732 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404731 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404730 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404729 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404728 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404743 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404742 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404741 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404740 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404739 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404738 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404737 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404736 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404751 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404750 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404749 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404748 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404747 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404746 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404745 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404744 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404759 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404758 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404757 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404756 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404755 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404754 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404753 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404752 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404703 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404702 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404701 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404700 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404699 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404698 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404697 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404696 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404711 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404710 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404709 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404708 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404707 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404706 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404705 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404704 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404719 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404718 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404717 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404716 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404715 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404714 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404713 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404712 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404727 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404726 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404725 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404724 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404723 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404722 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404721 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404720 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404671 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404670 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404669 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404668 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404667 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404666 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404665 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404664 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404679 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404678 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404677 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404676 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404675 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404674 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404673 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404672 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404687 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404686 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404685 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404684 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404683 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404682 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404681 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404680 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404695 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404694 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404693 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404692 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404691 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404690 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404689 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404688 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2018090 type=Limit tracking=src count=1 seconds=300 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2018088 type=Limit tracking=src count=1 seconds=300 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404797 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404796 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404795 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404794 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404793 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2404792 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2021327 type=Both tracking=src count=10 seconds=120 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2021326 type=Limit tracking=src count=3 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2021333 type=Both tracking=src count=10 seconds=120 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2021332 type=Both tracking=src count=10 seconds=120 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2021331 type=Both tracking=src count=10 seconds=120 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2021330 type=Both tracking=src count=10 seconds=120 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2021329 type=Both tracking=src count=10 seconds=120 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2021328 type=Both tracking=src count=10 seconds=120 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500073 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500072 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500071 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500070 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500069 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500068 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500067 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500066 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500079 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500078 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500077 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500076 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500075 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500074 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2022291 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500041 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500040 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500039 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500038 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500037 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500036 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500035 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500034 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500049 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500048 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500047 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500046 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500045 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500044 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500043 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500042 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500057 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500056 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500055 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500054 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500053 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500052 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500051 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2020240 type=Limit tracking=src count=1 seconds=180 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500050 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500065 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500064 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500063 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500062 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500061 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500060 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500059 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500058 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500009 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500008 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500007 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500006 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500005 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500004 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500003 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500002 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500017 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500016 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500015 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500014 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500013 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500012 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500011 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500010 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500025 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500024 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500023 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500022 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500021 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500020 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500019 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500018 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500033 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500032 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500031 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500030 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500029 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500028 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500027 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500026 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500001 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=1 sig-id=2500000 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: +-----------------------[suppression]------------------------------------------ Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=129 sig-id=20 tracking=none Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: | gen-id=129 sig-id=12 tracking=none Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: ------------------------------------------------------------------------------- Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: Rule application order: activation->dynamic->pass->drop->sdrop->reject->alert->log Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: Verifying Preprocessor Configurations! Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: WARNING: flowbits key 'ET.http.javaclient' is checked but not ever set. Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: WARNING: flowbits key 'ET.Symantec.Site.Download' is checked but not ever set. Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: WARNING: flowbits key 'ET.http.javaclient.SakuraPorts' is checked but not ever set. Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: WARNING: flowbits key 'ETPRO.RTF' is set but not ever checked. Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: WARNING: flowbits key 'NuclearEK' is set but not ever checked. Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: WARNING: flowbits key 'ET.RIGEKExploit' is set but not ever checked. Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: WARNING: flowbits key 'ET.http.javaclient.vulnerable' is checked but not ever set. Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: WARNING: flowbits key 'ET.BotccIP' is set but not ever checked. Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: WARNING: flowbits key 'ET.pdf.in.http' is checked but not ever set. Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: WARNING: flowbits key 'et.MCOFF' is checked but not ever set. Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: WARNING: flowbits key 'et.JavaArchiveOrClass' is checked but not ever set. Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: WARNING: flowbits key 'et.http.PK' is checked but not ever set. Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: WARNING: flowbits key 'et.MS.XMLHTTP.no.exe.request' is checked but not ever set. Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: WARNING: flowbits key 'ET.JS.Obfus.Func' is checked but not ever set. Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: WARNING: flowbits key 'ET.Evil' is set but not ever checked. Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: WARNING: flowbits key 'ET.wininet.UA' is checked but not ever set. Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: WARNING: flowbits key 'ET.Adobe.Site.Download' is checked but not ever set. Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: WARNING: flowbits key 'AnglerEK' is set but not ever checked. Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: WARNING: flowbits key 'ET.http.binary' is checked but not ever set. Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: WARNING: flowbits key 'ET.QuickenUpdater' is checked but not ever set. Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: WARNING: flowbits key 'et.DocVBAProject' is set but not ever checked. Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: WARNING: flowbits key 'ET.http.rtf.download' is set but not ever checked. Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: WARNING: flowbits key 'EXE2' is set but not ever checked. Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: WARNING: flowbits key 'et.WinHttpRequest' is checked but not ever set. Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: WARNING: flowbits key 'SunDown.EK' is set but not ever checked. Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: WARNING: flowbits key 'et.MS.XMLHTTP.ip.request' is checked but not ever set. Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: WARNING: flowbits key 'ET.CottonCastle.Exploit' is set but not ever checked. Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: WARNING: flowbits key 'FlimKit.SWF.Redirect' is checked but not ever set. Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: WARNING: flowbits key 'ET.CompIP' is set but not ever checked. Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: WARNING: flowbits key 'et.MS.WinHttpRequest.no.exe.request' is checked but not ever set. Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: WARNING: flowbits key 'ET.DshieldIP' is set but not ever checked. Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: WARNING: flowbits key 'ET.ZoneAlarm.Site.Download' is checked but not ever set. Wed Aug 31 14:39:18 2016 daemon.notice snort[4981]: 84 out of 1024 flowbits in use. Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: [ Port Based Pattern Matching Memory ] Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: +- [ Aho-Corasick Summary ] ------------------------------------- Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: | Storage Format : Full Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: | Finite Automaton : DFA Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: | Alphabet Size : 256 Chars Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: | Sizeof State : Variable (1,2,4 bytes) Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: | Instances : 89 Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: | 1 byte states : 79 Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: | 2 byte states : 10 Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: | 4 byte states : 0 Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: | Characters : 56713 Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: | States : 37977 Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: | Transitions : 2049839 Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: | State Density : 21.1% Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: | Patterns : 4096 Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: | Match States : 4183 Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: | Memory (MB) : 20.16 Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: | Patterns : 0.42 Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: | Match Lists : 1.10 Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: | DFA Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: | 1 byte states : 0.55 Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: | 2 byte states : 17.89 Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: | 4 byte states : 0.00 Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: +---------------------------------------------------------------- Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: [ Number of patterns truncated to 20 bytes: 921 ] Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: afpacket DAQ configured to inline. Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: Acquiring network traffic from "eth0:eth2". Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: Initializing daemon mode Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: Daemon initialized, signaled parent pid: 1 Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: Reload thread starting... Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: Reload thread started, thread 0xffe51af210 (5190) Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: Checking PID path... Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: PID path stat checked out ok, PID path set to /var/snort/ Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: Writing PID "4981" to file "/var/snort//snort_eth0:eth2.pid" Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: --== Initialization Complete ==-- Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: ,,_ -*> Snort! <*- Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: o" )~ Version 2.9.7.2 GRE (Build 177) Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: '''' By Martin Roesch & The Snort Team: http://www.snort.org/contact#team Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: Copyright (C) 2014 Cisco and/or its affiliates. All rights reserved. Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: Copyright (C) 1998-2013 Sourcefire, Inc., et al. Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: Using libpcap version 1.5.3 Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: Using PCRE version: 8.36 2014-09-26 Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: Using ZLIB version: 1.2.8 Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: Rules Engine: SF_SNORT_DETECTION_ENGINE Version 2.4 Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: Preprocessor Object: SF_DCERPC2 Version 1.0 Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: Preprocessor Object: SF_SSH Version 1.1 Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: Preprocessor Object: SF_DNS Version 1.1 Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: Preprocessor Object: SF_FTPTELNET Version 1.2 Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: Preprocessor Object: SF_SSLPP Version 1.1 Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: Commencing packet processing (pid=4981) Wed Aug 31 14:39:29 2016 daemon.notice snort[4981]: Decoding Ethernet Wed Aug 31 14:39:34 2016 authpriv.info dropbear[3238]: Early exit: Terminated by signal Wed Aug 31 14:39:34 2016 authpriv.info dropbear[5227]: Not backgrounding Wed Aug 31 14:39:34 2016 authpriv.warn dropbear[5225]: Failed listening on '22': Error listening: Address already in use Wed Aug 31 14:39:34 2016 authpriv.info dropbear[5225]: Early exit: No listening ports available. Wed Aug 31 14:39:34 2016 authpriv.warn dropbear[5226]: Failed listening on '22': Error listening: Address already in use Wed Aug 31 14:39:34 2016 authpriv.info dropbear[5226]: Early exit: No listening ports available. Wed Aug 31 14:39:34 2016 authpriv.warn dropbear[5228]: Failed listening on '22': Error listening: Address already in use Wed Aug 31 14:39:34 2016 authpriv.info dropbear[5228]: Early exit: No listening ports available. Wed Aug 31 14:40:46 2016 daemon.emerg procd: 42611 77984.915 41611.0 68.1 61151329.5 30166.6 0 Wed Aug 31 14:40:46 2016 user.notice root: Successful NTP clock adjust (0.us.pool.ntp.org). Wed Aug 31 14:40:46 2016 daemon.info procd: - init complete - Wed Aug 31 14:43:49 2016 daemon.notice snort[4981]: S5: Session exceeded configured max bytes to queue 3137628 using 3138883 bytes (server queue). 66.234.209.81 55555 --> 208.69.40.37 8080 (0) : LWstate 0x9 LWFlags 0x6007 Wed Aug 31 14:44:24 2016 kern.notice kernel: [ 364.033728] eth2: Link down Wed Aug 31 14:44:24 2016 daemon.notice netifd: Network device 'eth2' link is down Wed Aug 31 14:44:24 2016 daemon.notice netifd: Interface 'wan6' has link connectivity loss Wed Aug 31 14:44:24 2016 daemon.notice netifd: Interface 'wan6' is now down Wed Aug 31 14:44:24 2016 daemon.notice snort[4981]: Can't acquire (-1) - afpacket_daq_acquire: Encountered error condition on a packet socket! Wed Aug 31 14:44:24 2016 daemon.notice netifd: Interface 'wan6' is disabled Wed Aug 31 14:44:24 2016 daemon.notice netifd: Interface 'wan6' is enabled Wed Aug 31 14:44:24 2016 kern.info kernel: [ 364.037746] IPv6: ADDRCONF(NETDEV_UP): eth2: link is not ready Wed Aug 31 14:44:25 2016 kern.notice kernel: [ 364.613855] eth0: Link down Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: =============================================================================== Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Memory usage summary: Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Total non-mmapped bytes (arena): 76769312 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Bytes in mapped regions (hblkhd): 14483456 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Total allocated space (uordblks): 56568672 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Total free space (fordblks): 20200640 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Topmost releasable block (keepcost): 45376 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: =============================================================================== Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Packet I/O Totals: Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Received: 161248 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Analyzed: 161248 (100.000%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Dropped: 0 ( 0.000%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Filtered: 0 ( 0.000%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Outstanding: 0 ( 0.000%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Injected: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: =============================================================================== Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Breakdown by protocol (includes rebuilt packets): Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Eth: 161505 (100.000%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: VLAN: 0 ( 0.000%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: IP4: 154965 ( 95.951%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Frag: 0 ( 0.000%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: ICMP: 16 ( 0.010%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: UDP: 2985 ( 1.848%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: TCP: 151962 ( 94.091%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: IP6: 12 ( 0.007%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: IP6 Ext: 12 ( 0.007%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: IP6 Opts: 0 ( 0.000%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Frag6: 0 ( 0.000%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: ICMP6: 12 ( 0.007%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: UDP6: 0 ( 0.000%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: TCP6: 0 ( 0.000%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Teredo: 12 ( 0.007%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: ICMP-IP: 0 ( 0.000%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: IP4/IP4: 0 ( 0.000%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: IP4/IP6: 0 ( 0.000%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: IP6/IP4: 0 ( 0.000%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: IP6/IP6: 0 ( 0.000%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: GRE: 0 ( 0.000%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: GRE Eth: 0 ( 0.000%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: GRE VLAN: 0 ( 0.000%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: GRE IP4: 0 ( 0.000%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: GRE IP6: 0 ( 0.000%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: GRE IP6 Ext: 0 ( 0.000%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: GRE PPTP: 0 ( 0.000%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: GRE ARP: 0 ( 0.000%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: GRE IPX: 0 ( 0.000%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: GRE Loop: 0 ( 0.000%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: MPLS: 0 ( 0.000%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: ARP: 6540 ( 4.049%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: IPX: 0 ( 0.000%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Eth Loop: 0 ( 0.000%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Eth Disc: 0 ( 0.000%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: IP4 Disc: 0 ( 0.000%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: IP6 Disc: 0 ( 0.000%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: TCP Disc: 0 ( 0.000%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: UDP Disc: 0 ( 0.000%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: ICMP Disc: 0 ( 0.000%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: All Discard: 0 ( 0.000%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Other: 2 ( 0.001%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Bad Chk Sum: 0 ( 0.000%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Bad TTL: 0 ( 0.000%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: S5 G 1: 212 ( 0.131%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: S5 G 2: 45 ( 0.028%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Total: 161505 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: =============================================================================== Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Action Stats: Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Alerts: 0 ( 0.000%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Logged: 0 ( 0.000%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Passed: 0 ( 0.000%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Limits: Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Match: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Queue: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Log: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Event: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Alert: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Verdicts: Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Allow: 136275 ( 84.513%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Block: 0 ( 0.000%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Replace: 62 ( 0.038%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Whitelist: 24911 ( 15.449%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Blacklist: 0 ( 0.000%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Ignore: 0 ( 0.000%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Retry: 0 ( 0.000%) Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: =============================================================================== Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Normalizer statistics: Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: ip4::trim: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Would ip4::trim: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: ip4::tos: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Would ip4::tos: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: ip4::df: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Would ip4::df: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: ip4::rf: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Would ip4::rf: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: ip4::ttl: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Would ip4::ttl: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: ip4::opts: 2 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Would ip4::opts: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: icmp4::echo: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Would icmp4::echo: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: ip6::ttl: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Would ip6::ttl: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: ip6::opts: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Would ip6::opts: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: icmp6::echo: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Would icmp6::echo: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: tcp::syn_opt: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Would tcp::syn_opt: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: tcp::opt: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Would tcp::opt: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: tcp::pad: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Would tcp::pad: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: tcp::rsv: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Would tcp::rsv: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: tcp::ns: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Would tcp::ns: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: tcp::urp: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Would tcp::urp: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: tcp::ecn_pkt: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Would tcp::ecn_pkt: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: tcp::ts_ecr: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Would tcp::ts_ecr: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: tcp::req_urg: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Would tcp::req_urg: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: tcp::req_pay: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Would tcp::req_pay: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: tcp::req_urp: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Would tcp::req_urp: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: tcp::ecn_ssn: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Would tcp::ecn_ssn: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: tcp::ts_nop: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Would tcp::ts_nop: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: tcp::ips_data: 104 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Would tcp::ips_data: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: tcp::block: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Would tcp::block: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: tcp::trim_syn: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Would tcp::trim_syn: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: tcp::trim_rst: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Would tcp::trim_rst: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: tcp::trim_win: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Would tcp::trim_win: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: tcp::trim_mss: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Would tcp::trim_mss: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: =============================================================================== Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Frag3 statistics: Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Total Fragments: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Frags Reassembled: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Discards: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Memory Faults: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Timeouts: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Overlaps: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Anomalies: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Alerts: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Drops: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: FragTrackers Added: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: FragTrackers Dumped: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: FragTrackers Auto Freed: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Frag Nodes Inserted: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Frag Nodes Deleted: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: =============================================================================== Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: =============================================================================== Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Stream statistics: Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Total sessions: 894 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: TCP sessions: 830 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: UDP sessions: 64 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: ICMP sessions: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: IP sessions: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: TCP Prunes: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: UDP Prunes: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: ICMP Prunes: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: IP Prunes: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: TCP StreamTrackers Created: 834 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: TCP StreamTrackers Deleted: 834 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: TCP Timeouts: 2 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: TCP Overlaps: 104 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: TCP Segments Queued: 81137 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: TCP Segments Released: 81137 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: TCP Rebuilt Packets: 9134 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: TCP Segments Used: 73648 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: TCP Discards: 636 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: TCP Gaps: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: UDP Sessions Created: 64 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: UDP Sessions Deleted: 64 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: UDP Timeouts: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: UDP Discards: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Events: 540 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Internal Events: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: TCP Port Filter Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Filtered: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Inspected: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Tracked: 151705 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: UDP Port Filter Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Filtered: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Inspected: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Tracked: 64 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: =============================================================================== Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: HTTP Inspect - encodings (Note: stream-reassembled packets included): Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: POST methods: 52 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: GET methods: 143 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: HTTP Request Headers extracted: 223 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: HTTP Request Cookies extracted: 52 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Post parameters extracted: 52 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: HTTP response Headers extracted: 211 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: HTTP Response Cookies extracted: 79 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Unicode: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Double unicode: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Non-ASCII representable: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Directory traversals: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Extra slashes ("//"): 63 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Self-referencing paths ("./"): 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: HTTP Response Gzip packets extracted: 23 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Gzip Compressed Data Processed: 284847.00 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Gzip Decompressed Data Processed: 1051654.00 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Total packets processed: 84140 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: =============================================================================== Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: SSL Preprocessor: Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: SSL packets decoded: 7194 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Client Hello: 1168 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Server Hello: 1173 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Certificate: 814 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Server Done: 3036 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Client Key Exchange: 812 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Server Key Exchange: 607 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Change Cipher: 2323 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Finished: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Client Application: 835 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Server Application: 531 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Alert: 596 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Unrecognized records: 1767 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Completed handshakes: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Bad handshakes: 0 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Sessions ignored: 373 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Detection disabled: 494 Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: =============================================================================== Wed Aug 31 14:44:25 2016 daemon.notice snort[4981]: Snort exiting Wed Aug 31 14:44:25 2016 daemon.notice netifd: Network device 'eth0' link is down Wed Aug 31 14:44:25 2016 daemon.notice netifd: Interface 'wan' has link connectivity loss Wed Aug 31 14:44:25 2016 daemon.notice netifd: Interface 'wan' is now down Wed Aug 31 14:44:25 2016 daemon.notice netifd: Interface 'wan' is disabled Wed Aug 31 14:44:25 2016 daemon.notice netifd: Interface 'wan' is enabled Wed Aug 31 14:44:25 2016 kern.info kernel: [ 365.028071] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Enabling inline operation Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Found pid path directive (/var/snort/) Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Running in IDS mode Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: --== Initializing Snort ==-- Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Initializing Output Plugins! Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Initializing Preprocessors! Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Initializing Plug-ins! Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Parsing Rules file "/etc/snort/snort_bridge.conf" Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: PortVar 'HTTP_PORTS' defined : Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: [ 36 80:90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 33300 34412 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: PortVar 'SHELLCODE_PORTS' defined : Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: [ 1:65535 ] Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: PortVar 'ORACLE_PORTS' defined : Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: [ 1024:65535 ] Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: PortVar 'SSH_PORTS' defined : Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: [ 22 ] Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: PortVar 'FTP_PORTS' defined : Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: [ 21 2100 3535 ] Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: PortVar 'SIP_PORTS' defined : Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: [ 5060:5061 5600 ] Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: PortVar 'FILE_DATA_PORTS' defined : Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: [ 36 80:90 110 143 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 3330Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: PortVar 'GTP_PORTS' defined : Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: [ 2123 2152 3386 ] Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Detection: Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Search-Method = AC-Full Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Split Any/Any group = enabled Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Search-Method-Optimizations = enabled Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Maximum pattern length = 20 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Found pid path directive (/var/snort/) Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Tagged Packet Limit: 256 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so... Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: done Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/... Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: done Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so... Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: done Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so... Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: done Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so... Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: done Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so... Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: done Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/ Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Log directory = /tmp/snort/ Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Normalizer config: Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: ip4: on Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: ip4::df: off Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: ip4::rf: off Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: ip4::tos: off Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: ip4::trim: off Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: ip4::ttl: on (min=1, new=5) Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Normalizer config: Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: tcp: on Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: tcp::ecn: stream Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: tcp::block: off Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: tcp::rsv: off Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: tcp::pad: off Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: tcp::req_urg: off Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: tcp::req_pay: off Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: tcp::req_urp: off Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: tcp::urp: off Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: tcp::opt: off Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: tcp::ips: on Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: tcp::trim_syn: off Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: tcp::trim_rst: off Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: tcp::trim_win: off Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: tcp::trim_mss: off Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Normalizer config: Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: icmp4: on Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Normalizer config: Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: ip6: on Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: ip6::hops: on (min=1, new=5) Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Normalizer config: Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: icmp6: on Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Frag3 global config: Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Max frags: 65536 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Fragment memory cap: 4194304 bytes Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Frag3 engine config: Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Bound Address: default Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Target-based policy: WINDOWS Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Fragment timeout: 180 seconds Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Fragment min_ttl: 1 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Fragment Anomalies: Alert Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Overlap Limit: 10 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Min fragment Length: 100 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Max Expected Streams: 39 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Stream global config: Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Track TCP sessions: ACTIVE Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Max TCP sessions: 10000 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: TCP cache pruning timeout: 30 seconds Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: TCP cache nominal timeout: 3600 seconds Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Memcap (for reassembly packet storage): 8388608 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Track UDP sessions: ACTIVE Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Max UDP sessions: 10000 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: UDP cache pruning timeout: 30 seconds Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: UDP cache nominal timeout: 180 seconds Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Track ICMP sessions: ACTIVE Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Max ICMP sessions: 65536 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Track IP sessions: INACTIVE Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Log info if session memory consumption exceeds 2097152 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Send up to 2 active responses Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Wait at least 5 seconds between responses Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Protocol Aware Flushing: ACTIVE Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Maximum Flush Point: 16000 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Stream TCP Policy config: Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Bound Address: default Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Reassembly Policy: WINDOWS Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Timeout: 180 seconds Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Limit on TCP Overlaps: 10 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Maximum number of bytes to queue per session: 3137628 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Maximum number of segs to queue per session: 2621 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Options: Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Require 3-Way Handshake: YES Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: 3-Way Handshake Timeout: 180 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Detect Anomalies: YES Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Reassembly Ports: Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: 21 client (Footprint-IPS) Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: 22 client (Footprint-IPS) Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: 23 client (Footprint-IPS) Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: 25 client (Footprint-IPS) Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: 36 client (Footprint-IPS) server (Footprint-IPS) Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: 42 client (Footprint-IPS) Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: 53 client (Footprint-IPS) Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: 70 client (Footprint-IPS) Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: 79 client (Footprint-IPS) Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: 80 client (Footprint-IPS) server (Footprint-IPS) Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: 81 client (Footprint-IPS) server (Footprint-IPS) Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: 82 client (Footprint-IPS) server (Footprint-IPS) Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: 83 client (Footprint-IPS) server (Footprint-IPS) Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: 84 client (Footprint-IPS) server (Footprint-IPS) Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: 85 client (Footprint-IPS) server (Footprint-IPS) Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: 86 client (Footprint-IPS) server (Footprint-IPS) Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: 87 client (Footprint-IPS) server (Footprint-IPS) Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: 88 client (Footprint-IPS) server (Footprint-IPS) Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: 89 client (Footprint-IPS) server (Footprint-IPS) Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: 90 client (Footprint-IPS) server (Footprint-IPS) Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: additional ports configured but not printed. Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Stream UDP Policy config: Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Timeout: 180 seconds Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: HttpInspect Config: Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: GLOBAL CONFIG Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Detect Proxy Usage: NO Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: IIS Unicode Map Filename: /etc/snort/unicode.map Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: IIS Unicode Map Codepage: 1252 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Memcap used for logging URI and Hostname: 150994944 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Max Gzip Memory: 838860 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Max Gzip Sessions: 1807 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Gzip Compress Depth: 65535 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Gzip Decompress Depth: 65535 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: DEFAULT SERVER CONFIG: Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Server profile: All Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Ports (PAF): 36 80 81 82 83 84 85 86 87 88 89 90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000 7001 7071 7144 7145 7510 7770 7777 7778 7779 8000 8008 8014 8028 8080 8081 8082 8085 8088 8090 8118 8123 8180 8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090 9091 9111 9290 9443 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Server Flow Depth: 0 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Client Flow Depth: 0 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Max Chunk Length: 500000 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Small Chunk Length Evasion: chunk size <= 10, threshold >= 5 times Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Max Header Field Length: 750 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Max Number Header Fields: 100 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Max Number of WhiteSpaces allowed with header folding: 200 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Inspect Pipeline Requests: YES Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: URI Discovery Strict Mode: NO Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Allow Proxy Usage: NO Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Disable Alerting: NO Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Oversize Dir Length: 500 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Only inspect URI: NO Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Normalize HTTP Headers: NO Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Inspect HTTP Cookies: YES Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Inspect HTTP Responses: YES Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Extract Gzip from responses: YES Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Decompress response files: Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Unlimited decompression of gzip data from responses: YES Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Normalize Javascripts in HTTP Responses: YES Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Max Number of WhiteSpaces allowed with Javascript Obfuscation in HTTP responses: 200 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Normalize HTTP Cookies: NO Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Enable XFF and True Client IP: NO Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Log HTTP URI data: NO Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Log HTTP Hostname data: NO Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Extended ASCII code support in URI: NO Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Ascii: YES alert: NO Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Double Decoding: YES alert: NO Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: %U Encoding: YES alert: YES Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Bare Byte: YES alert: NO Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: UTF 8: YES alert: NO Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: IIS Unicode: YES alert: NO Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Multiple Slash: YES alert: NO Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: IIS Backslash: YES alert: NO Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Directory Traversal: YES alert: NO Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Web Root Traversal: YES alert: NO Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Apache WhiteSpace: YES alert: NO Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: IIS Delimiter: YES alert: NO Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Whitespace Characters: 0x09 0x0b 0x0c 0x0d Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: rpc_decode arguments: Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: alert_fragments: INACTIVE Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: alert_large_fragments: INACTIVE Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: alert_incomplete: INACTIVE Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: alert_multiple_requests: INACTIVE Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: FTPTelnet Config: Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: GLOBAL CONFIG Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Inspection Type: stateful Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Check for Encrypted Traffic: YES alert: NO Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Continue to check encrypted data: YES Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: TELNET CONFIG: Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Ports: 23 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Are You There Threshold: 20 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Normalize: YES Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Detect Anomalies: YES Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: FTP CONFIG: Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: FTP Server: default Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Ports (PAF): 21 2100 3535 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Check for Telnet Cmds: YES alert: YES Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Ignore Telnet Cmd Operations: YES alert: YES Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Ignore open data channels: NO Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: FTP Client: default Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Check for Bounce Attacks: YES alert: YES Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Check for Telnet Cmds: YES alert: YES Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Ignore Telnet Cmd Operations: YES alert: YES Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Max Response Length: 256 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: SSH config: Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Autodetection: ENABLED Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Challenge-Response Overflow Alert: ENABLED Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: SSH1 CRC32 Alert: ENABLED Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Server Version String Overflow Alert: ENABLED Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Protocol Mismatch Alert: ENABLED Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Bad Message Direction Alert: DISABLED Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Bad Payload Size Alert: DISABLED Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Unrecognized Version Alert: DISABLED Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Max Encrypted Packets: 20 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Max Server Version String Length: 100 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: MaxClientBytes: 19600 (Default) Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Ports: Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: 22 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: DNS config: Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: DNS Client rdata txt Overflow Alert: ACTIVE Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Obsolete DNS RR Types Alert: INACTIVE Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Experimental DNS RR Types Alert: INACTIVE Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Ports: Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: 53 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: SSLPP config: Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Encrypted packets: not inspected Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Ports: Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: 443 465 563 636 989 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: 992 993 994 995 7801 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: 7802 7900 7901 7902 7903 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: 7904 7905 7906 7907 7908 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: 7909 7910 7911 7912 7913 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: 7914 7915 7916 7917 7918 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: 7919 7920 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Server side data is trusted Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Maximum SSL Heartbeat length: 0 Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: +++++++++++++++++++++++++++++++++++++++++++++++++++ Wed Aug 31 14:44:30 2016 daemon.notice snort[5363]: Initializing rule chains... Wed Aug 31 14:44:31 2016 daemon.notice snort[5363]: WARNING: /etc/snort/rules/snort.rules(1174) threshold (in rule) is deprecated; use detection_filter instead. Wed Aug 31 14:44:36 2016 daemon.notice snort[5363]: 4821 Snort rules read Wed Aug 31 14:44:36 2016 daemon.notice snort[5363]: 4821 detection rules Wed Aug 31 14:44:36 2016 daemon.notice snort[5363]: 0 decoder rules Wed Aug 31 14:44:36 2016 daemon.notice snort[5363]: 0 preprocessor rules Wed Aug 31 14:44:36 2016 daemon.notice snort[5363]: 4821 Option Chains linked into 901 Chain Headers Wed Aug 31 14:44:36 2016 daemon.notice snort[5363]: 0 Dynamic rules Wed Aug 31 14:44:36 2016 daemon.notice snort[5363]: +++++++++++++++++++++++++++++++++++++++++++++++++++ Wed Aug 31 14:44:36 2016 daemon.notice snort[5363]: Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: +-------------------[Rule Port Counts]--------------------------------------- Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | tcp udp icmp ip Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | src 1407 8 0 0 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | dst 2371 120 0 0 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | any 555 360 0 0 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | nc 403 354 0 0 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | s+d 28 0 0 0 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: +---------------------------------------------------------------------------- Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: +-----------------------[detection-filter-config]------------------------------ Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | memory-cap : 1048576 bytes Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: +-----------------------[detection-filter-rules]------------------------------- Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: ------------------------------------------------------------------------------- Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: +-----------------------[rate-filter-config]----------------------------------- Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | memory-cap : 1048576 bytes Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: +-----------------------[rate-filter-rules]------------------------------------ Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | none Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: ------------------------------------------------------------------------------- Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: +-----------------------[event-filter-config]---------------------------------- Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | memory-cap : 1048576 bytes Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: +-----------------------[event-filter-global]---------------------------------- Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | none Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: +-----------------------[event-filter-local]----------------------------------- Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2011146 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2001562 type=Limit tracking=src count=2 seconds=300 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2001564 type=Limit tracking=src count=5 seconds=300 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404097 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404096 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404099 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404098 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404092 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404091 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404094 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404093 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404095 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404084 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404083 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404086 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404085 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404088 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404087 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404090 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404089 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2003583 type=Limit tracking=src count=3 seconds=300 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404076 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404075 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2003585 type=Limit tracking=src count=3 seconds=300 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404078 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404077 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404080 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404079 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404082 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404081 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404068 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404067 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404070 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404069 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2020712 type=Limit tracking=src count=2 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404072 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2003566 type=Limit tracking=src count=3 seconds=300 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404071 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404074 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404073 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404060 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404059 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404062 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404061 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404064 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404063 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404066 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404065 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404052 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404051 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404054 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404053 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404056 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404055 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2008549 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404058 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404057 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404044 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404043 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404046 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404045 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404048 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404047 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404050 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404049 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404036 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404035 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404038 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404037 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404040 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404039 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404042 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404041 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2020661 type=Limit tracking=dst count=1 seconds=1200 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2003493 type=Limit tracking=src count=2 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2003497 type=Limit tracking=src count=3 seconds=300 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2018432 type=Limit tracking=src count=1 seconds=300 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2018431 type=Limit tracking=src count=1 seconds=300 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2018433 type=Limit tracking=src count=1 seconds=300 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2018430 type=Limit tracking=src count=1 seconds=300 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2018383 type=Limit tracking=src count=1 seconds=120 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2018388 type=Limit tracking=src count=1 seconds=120 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2018389 type=Limit tracking=src count=1 seconds=120 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2001315 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2018378 type=Limit tracking=src count=1 seconds=120 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2018377 type=Limit tracking=src count=1 seconds=120 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2001316 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2018382 type=Limit tracking=dst count=1 seconds=120 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2018372 type=Limit tracking=src count=1 seconds=120 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2018374 type=Limit tracking=src count=1 seconds=120 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2018373 type=Limit tracking=src count=1 seconds=120 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2003281 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2003280 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2003273 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2003272 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2003275 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2003274 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2003277 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2003276 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2003279 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2003278 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2003267 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2003266 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2003269 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2003268 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2003271 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2003270 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2003257 type=Both tracking=src count=2 seconds=900 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2003256 type=Both tracking=src count=2 seconds=900 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2003259 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2003258 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2003261 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2003260 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2003263 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2003262 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2003255 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2003254 type=Both tracking=src count=1 seconds=900 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2018090 type=Limit tracking=src count=1 seconds=300 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2018088 type=Limit tracking=src count=1 seconds=300 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2023092 type=Limit tracking=src count=1 seconds=30 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2023066 type=Limit tracking=src count=1 seconds=30 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2023065 type=Limit tracking=src count=1 seconds=30 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2008085 type=Limit tracking=src count=2 seconds=300 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2403317 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2403316 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2403319 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2403318 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2000929 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2403321 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2403320 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2403323 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2403322 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2403309 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2403308 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2403311 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2403310 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2403313 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2403312 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2403315 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2403314 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2403301 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2403300 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2403303 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2403302 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2403305 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2403304 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2403307 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2403306 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2003397 type=Both tracking=src count=1 seconds=300 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2003384 type=Limit tracking=src count=1 seconds=300 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2003387 type=Limit tracking=src count=5 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2022616 type=Limit tracking=src count=1 seconds=30 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2022615 type=Limit tracking=src count=1 seconds=30 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2022618 type=Limit tracking=src count=1 seconds=30 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2022617 type=Limit tracking=src count=1 seconds=30 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2022775 type=Limit tracking=dst count=1 seconds=300 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2020240 type=Limit tracking=src count=1 seconds=180 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2022291 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2019778 type=Both tracking=dst count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500045 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500044 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500047 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500046 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500049 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500048 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500051 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500050 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500037 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500036 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500039 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500038 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500041 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500040 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500043 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500042 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500029 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500028 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500031 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500030 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500033 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500032 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500035 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500034 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500021 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500020 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500023 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500022 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500025 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500024 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500027 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500026 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500013 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500012 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500015 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500014 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500017 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500016 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500019 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500018 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500005 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500004 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500007 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500006 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500009 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500008 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500011 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500010 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500001 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500000 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500003 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500002 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2019950 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2019922 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2019897 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2002400 type=Limit tracking=src count=2 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2002402 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500077 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500076 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500079 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500078 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500069 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500068 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500071 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500070 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500073 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500072 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500075 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500074 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500061 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500060 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500063 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500062 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500065 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500064 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500067 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500066 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500053 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500052 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500055 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500054 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500057 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500056 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500059 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2500058 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2000048 type=Limit tracking=dst count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2000049 type=Limit tracking=dst count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2000031 type=Limit tracking=dst count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2021691 type=Limit tracking=src count=3 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405048 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405047 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405040 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405039 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405042 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405041 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405044 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405043 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405046 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405045 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405032 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405031 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405034 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405033 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405036 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405035 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405038 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405037 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405024 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405023 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405026 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405025 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405028 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405027 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405030 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405029 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405016 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405015 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405018 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405017 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405020 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405019 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405022 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405021 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405008 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405007 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405010 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405009 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405012 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405011 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405014 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405013 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405000 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405002 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405001 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405004 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405003 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405006 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2405005 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2019418 type=Both tracking=src count=50 seconds=300 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404606 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404605 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404607 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404598 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404597 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404600 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404599 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404602 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404601 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404604 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404603 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404590 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404589 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404592 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404591 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404594 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404593 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404596 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404595 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404582 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404581 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404584 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404583 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404586 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404585 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404588 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404587 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404574 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404573 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404576 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404575 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404578 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404577 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404580 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404579 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404566 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404565 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404568 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404567 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404570 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404569 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404572 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404571 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404558 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404557 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404560 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404559 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404562 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404561 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404564 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404563 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404550 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404549 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404552 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404551 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404554 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404553 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404556 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404555 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404542 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404541 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404544 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404543 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404546 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404545 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404548 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404547 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404534 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404533 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404536 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404535 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404538 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404537 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404540 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404539 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404526 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404525 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404528 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404527 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404530 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404529 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404532 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404531 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404518 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404517 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404520 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404519 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404522 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404521 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404524 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404523 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404510 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404509 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404512 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404511 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404514 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404513 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404516 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404515 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404502 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404501 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404504 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404503 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404506 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404505 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404508 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404507 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404494 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404493 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404496 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404495 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404498 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404497 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404500 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404499 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404486 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404485 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404488 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404487 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404490 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404489 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404492 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404491 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404478 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404477 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404480 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404479 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404482 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404481 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404484 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404483 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404470 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404469 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404472 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404471 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404474 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404473 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404476 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404475 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404462 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404461 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404464 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404463 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404466 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404795 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404465 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404794 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404468 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404797 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404467 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404796 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404787 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404786 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404789 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404788 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404791 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404790 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404793 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404792 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404779 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404778 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404781 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404780 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404783 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404782 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404785 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404784 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404771 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404770 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404773 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404772 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404775 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404774 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404777 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404776 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404763 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404762 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404765 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404764 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404767 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404766 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404769 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404768 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404755 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404754 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404757 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404756 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404759 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404758 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404761 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404760 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404747 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404746 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404749 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404748 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404751 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404750 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404753 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404752 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404739 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404738 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404741 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404740 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404743 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404742 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404745 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404744 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404731 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404730 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404733 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404732 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404735 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404734 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404737 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404736 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404723 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404722 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404725 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404724 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404727 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404726 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404729 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404728 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404715 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404714 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404717 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404716 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404719 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404718 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404721 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404720 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404707 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404706 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404709 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404708 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404711 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404710 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404713 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404712 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404699 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404698 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404701 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404700 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404703 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404702 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404705 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404704 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404691 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404690 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404693 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404692 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404695 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404694 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404697 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404696 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404683 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404682 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404685 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404684 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404687 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404686 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404689 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404688 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404675 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404674 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404677 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404676 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404679 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404678 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404681 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404680 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404667 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404666 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404669 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404668 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404671 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404670 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404673 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404672 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404659 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404658 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404661 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404660 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404663 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404662 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404665 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404664 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404651 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404650 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404653 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404652 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404655 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404654 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404657 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404656 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404643 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404642 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404645 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404644 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404647 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404646 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404649 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404648 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404635 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404634 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404637 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404636 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404639 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404638 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404641 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404640 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404627 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404626 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404629 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404628 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404631 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404630 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404633 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404632 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404619 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404618 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404621 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404620 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404623 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404622 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404625 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404624 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404611 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404610 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404613 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404612 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404615 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404614 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404617 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404616 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404609 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404608 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2021327 type=Both tracking=src count=10 seconds=120 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2021326 type=Limit tracking=src count=3 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2021329 type=Both tracking=src count=10 seconds=120 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2021328 type=Both tracking=src count=10 seconds=120 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2021331 type=Both tracking=src count=10 seconds=120 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2021330 type=Both tracking=src count=10 seconds=120 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404345 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2021333 type=Both tracking=src count=10 seconds=120 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404344 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2021332 type=Both tracking=src count=10 seconds=120 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404347 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404346 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404349 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404348 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404337 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404336 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404339 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404338 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404341 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404340 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404343 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404342 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404329 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404328 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404331 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404330 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404333 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404332 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404335 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404334 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404321 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404320 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404323 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404322 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404325 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404324 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404327 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404326 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404313 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404312 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404315 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404314 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404317 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404316 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404319 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404318 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404305 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404304 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404307 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404306 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404309 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404308 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404311 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404310 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404301 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404300 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404303 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404302 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2021572 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2021574 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2021573 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2021575 type=Limit tracking=src count=1 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404201 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404200 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404203 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404202 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404205 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404204 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404207 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404206 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404193 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404192 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404195 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404194 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404185 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404184 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404187 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404186 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404189 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404188 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404191 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404190 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404177 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404176 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404179 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404178 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404181 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404180 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404183 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404182 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404169 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404168 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404171 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404170 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404173 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404172 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404175 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404174 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404161 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404160 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404163 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404162 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404165 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404164 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404167 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404166 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404153 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404152 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404155 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404154 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404157 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404156 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404159 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404158 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404151 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404150 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2021444 type=Both tracking=src count=10 seconds=120 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2021443 type=Both tracking=src count=10 seconds=120 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404454 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404453 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404456 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404455 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404458 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404457 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404460 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404459 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404446 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404445 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2001872 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404448 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404447 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2018569 type=Limit tracking=src count=1 seconds=120 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2001858 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2018568 type=Limit tracking=src count=1 seconds=120 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404450 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404449 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404452 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404451 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404438 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404437 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2001864 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404440 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404439 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404442 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404441 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404444 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2001855 type=Limit tracking=src count=1 seconds=360 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404443 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404430 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404429 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404432 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404431 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404434 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404433 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404436 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404435 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404422 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2021410 type=Both tracking=src count=10 seconds=120 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404421 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2021409 type=Both tracking=src count=10 seconds=120 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404424 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404423 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404426 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404425 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2402000 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404428 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404427 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2402001 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404414 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404413 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404416 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404415 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404418 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404417 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404420 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404419 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404406 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404405 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404408 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404407 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404410 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404409 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404412 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404411 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404400 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404402 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404401 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404404 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404403 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404028 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404027 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404030 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404029 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404032 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404031 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404034 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404033 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404020 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404019 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404022 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404021 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2021018 type=Both tracking=dst count=10 seconds=60 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404024 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404023 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404026 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404025 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404012 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404011 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404014 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404013 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404016 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404015 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404018 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404017 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404004 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404003 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404006 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404005 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404008 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404007 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404010 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404009 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404000 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404002 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=1 sig-id=2404001 type=Limit tracking=src count=1 seconds=3600 Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: +-----------------------[suppression]------------------------------------------ Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=129 sig-id=20 tracking=none Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: | gen-id=129 sig-id=12 tracking=none Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: ------------------------------------------------------------------------------- Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: Rule application order: activation->dynamic->pass->drop->sdrop->reject->alert->log Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: Verifying Preprocessor Configurations! Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: WARNING: flowbits key 'ET.CottonCastle.Exploit' is set but not ever checked. Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: WARNING: flowbits key 'ET.BotccIP' is set but not ever checked. Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: WARNING: flowbits key 'et.MS.XMLHTTP.no.exe.request' is checked but not ever set. Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: WARNING: flowbits key 'AnglerEK' is set but not ever checked. Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: WARNING: flowbits key 'SunDown.EK' is set but not ever checked. Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: WARNING: flowbits key 'et.http.PK' is checked but not ever set. Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: WARNING: flowbits key 'ET.ZoneAlarm.Site.Download' is checked but not ever set. Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: WARNING: flowbits key 'et.JavaArchiveOrClass' is checked but not ever set. Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: WARNING: flowbits key 'ET.RIGEKExploit' is set but not ever checked. Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: WARNING: flowbits key 'ETPRO.RTF' is set but not ever checked. Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: WARNING: flowbits key 'ET.Evil' is set but not ever checked. Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: WARNING: flowbits key 'NuclearEK' is set but not ever checked. Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: WARNING: flowbits key 'et.MCOFF' is checked but not ever set. Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: WARNING: flowbits key 'ET.http.rtf.download' is set but not ever checked. Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: WARNING: flowbits key 'et.MS.XMLHTTP.ip.request' is checked but not ever set. Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: WARNING: flowbits key 'ET.pdf.in.http' is checked but not ever set. Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: WARNING: flowbits key 'ET.JS.Obfus.Func' is checked but not ever set. Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: WARNING: flowbits key 'ET.Symantec.Site.Download' is checked but not ever set. Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: WARNING: flowbits key 'ET.http.binary' is checked but not ever set. Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: WARNING: flowbits key 'FlimKit.SWF.Redirect' is checked but not ever set. Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: WARNING: flowbits key 'ET.http.javaclient' is checked but not ever set. Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: WARNING: flowbits key 'ET.Adobe.Site.Download' is checked but not ever set. Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: WARNING: flowbits key 'et.WinHttpRequest' is checked but not ever set. Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: WARNING: flowbits key 'ET.http.javaclient.SakuraPorts' is checked but not ever set. Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: WARNING: flowbits key 'ET.DshieldIP' is set but not ever checked. Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: WARNING: flowbits key 'ET.http.javaclient.vulnerable' is checked but not ever set. Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: WARNING: flowbits key 'ET.QuickenUpdater' is checked but not ever set. Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: WARNING: flowbits key 'ET.CompIP' is set but not ever checked. Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: WARNING: flowbits key 'ET.wininet.UA' is checked but not ever set. Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: WARNING: flowbits key 'et.MS.WinHttpRequest.no.exe.request' is checked but not ever set. Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: WARNING: flowbits key 'et.DocVBAProject' is set but not ever checked. Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: WARNING: flowbits key 'EXE2' is set but not ever checked. Wed Aug 31 14:44:42 2016 daemon.notice snort[5363]: 84 out of 1024 flowbits in use. Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: [ Port Based Pattern Matching Memory ] Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: +- [ Aho-Corasick Summary ] ------------------------------------- Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: | Storage Format : Full Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: | Finite Automaton : DFA Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: | Alphabet Size : 256 Chars Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: | Sizeof State : Variable (1,2,4 bytes) Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: | Instances : 89 Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: | 1 byte states : 79 Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: | 2 byte states : 10 Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: | 4 byte states : 0 Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: | Characters : 56713 Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: | States : 37977 Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: | Transitions : 2049839 Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: | State Density : 21.1% Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: | Patterns : 4096 Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: | Match States : 4183 Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: | Memory (MB) : 20.16 Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: | Patterns : 0.42 Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: | Match Lists : 1.10 Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: | DFA Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: | 1 byte states : 0.55 Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: | 2 byte states : 17.89 Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: | 4 byte states : 0.00 Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: +---------------------------------------------------------------- Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: [ Number of patterns truncated to 20 bytes: 921 ] Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: afpacket DAQ configured to inline. Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: Acquiring network traffic from "eth0:eth2". Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: Initializing daemon mode Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: Daemon initialized, signaled parent pid: 1 Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: Reload thread starting... Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: Reload thread started, thread 0xffed66f210 (5364) Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: Checking PID path... Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: PID path stat checked out ok, PID path set to /var/snort/ Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: Writing PID "5363" to file "/var/snort//snort_eth0:eth2.pid" Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: --== Initialization Complete ==-- Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: ,,_ -*> Snort! <*- Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: o" )~ Version 2.9.7.2 GRE (Build 177) Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: '''' By Martin Roesch & The Snort Team: http://www.snort.org/contact#team Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: Copyright (C) 2014 Cisco and/or its affiliates. All rights reserved. Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: Copyright (C) 1998-2013 Sourcefire, Inc., et al. Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: Using libpcap version 1.5.3 Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: Using PCRE version: 8.36 2014-09-26 Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: Using ZLIB version: 1.2.8 Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: Rules Engine: SF_SNORT_DETECTION_ENGINE Version 2.4 Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: Preprocessor Object: SF_DCERPC2 Version 1.0 Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: Preprocessor Object: SF_SSH Version 1.1 Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: Preprocessor Object: SF_DNS Version 1.1 Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: Preprocessor Object: SF_FTPTELNET Version 1.2 Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: Preprocessor Object: SF_SSLPP Version 1.1 Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: Commencing packet processing (pid=5363) Wed Aug 31 14:44:53 2016 daemon.notice snort[5363]: Decoding Ethernet Wed Aug 31 14:46:12 2016 daemon.notice netifd: Network device 'eth2' link is up Wed Aug 31 14:46:12 2016 daemon.notice netifd: Interface 'wan6' has link connectivity Wed Aug 31 14:46:12 2016 daemon.notice netifd: Interface 'wan6' is setting up now Wed Aug 31 14:46:12 2016 daemon.notice netifd: Interface 'wan6' is now up Wed Aug 31 14:46:12 2016 kern.notice kernel: [ 472.104072] eth2: 1000 Mbps Full duplex, port 2 Wed Aug 31 14:46:12 2016 kern.info kernel: [ 472.104095] IPv6: ADDRCONF(NETDEV_CHANGE): eth2: link becomes ready Wed Aug 31 14:46:13 2016 user.notice firewall: Reloading firewall due to ifup of wan6 (eth2) Wed Aug 31 14:46:13 2016 daemon.notice netifd: Network device 'eth0' link is up Wed Aug 31 14:46:13 2016 daemon.notice netifd: Interface 'wan' has link connectivity Wed Aug 31 14:46:13 2016 daemon.notice netifd: Interface 'wan' is setting up now Wed Aug 31 14:46:13 2016 kern.notice kernel: [ 473.104243] eth0: 1000 Mbps Full duplex, port 0 Wed Aug 31 14:46:13 2016 kern.info kernel: [ 473.104282] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready Wed Aug 31 14:46:13 2016 daemon.notice netifd: Interface 'wan' is now up Wed Aug 31 14:46:14 2016 user.notice firewall: Reloading firewall due to ifup of wan (eth0) Wed Aug 31 14:46:14 2016 daemon.crit dnsmasq[5466]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf Wed Aug 31 14:46:14 2016 daemon.crit dnsmasq[5466]: FAILED to start up Wed Aug 31 14:46:16 2016 daemon.crit dnsmasq[5595]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf Wed Aug 31 14:46:16 2016 daemon.crit dnsmasq[5595]: FAILED to start up Wed Aug 31 14:49:59 2016 daemon.notice snort[5363]: S5: Session exceeded configured max bytes to queue 3137628 using 3138871 bytes (server queue). 66.234.209.81 56187 --> 216.38.158.170 8080 (0) : LWstate 0x9 LWFlags 0x6007 Wed Aug 31 14:50:04 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 220 scbs remain. memcap: 8388812/8388608 Wed Aug 31 14:50:04 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 215 scbs remain. memcap: 8390405/8388608 Wed Aug 31 14:50:04 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 210 scbs remain. memcap: 8391834/8388608 Wed Aug 31 14:50:04 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 205 scbs remain. memcap: 8393230/8388608 Wed Aug 31 14:50:04 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 200 scbs remain. memcap: 8393174/8388608 Wed Aug 31 14:50:04 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 195 scbs remain. memcap: 8393194/8388608 Wed Aug 31 14:50:04 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 190 scbs remain. memcap: 8394062/8388608 Wed Aug 31 14:50:04 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 185 scbs remain. memcap: 8395471/8388608 Wed Aug 31 14:50:04 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 180 scbs remain. memcap: 8395263/8388608 Wed Aug 31 14:50:04 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 175 scbs remain. memcap: 8396654/8388608 Wed Aug 31 14:50:04 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 170 scbs remain. memcap: 8398247/8388608 Wed Aug 31 14:50:04 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 165 scbs remain. memcap: 8398598/8388608 Wed Aug 31 14:50:04 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 160 scbs remain. memcap: 8398546/8388608 Wed Aug 31 14:50:04 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 155 scbs remain. memcap: 8398194/8388608 Wed Aug 31 14:50:04 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 150 scbs remain. memcap: 8399260/8388608 Wed Aug 31 14:50:04 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 145 scbs remain. memcap: 8400282/8388608 Wed Aug 31 14:50:04 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 140 scbs remain. memcap: 8401547/8388608 Wed Aug 31 14:50:04 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 135 scbs remain. memcap: 8402183/8388608 Wed Aug 31 14:50:04 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 130 scbs remain. memcap: 8401984/8388608 Wed Aug 31 14:50:04 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 125 scbs remain. memcap: 8403382/8388608 Wed Aug 31 14:50:04 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 120 scbs remain. memcap: 8403555/8388608 Wed Aug 31 14:50:04 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 115 scbs remain. memcap: 8403273/8388608 Wed Aug 31 14:50:04 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 110 scbs remain. memcap: 8403584/8388608 Wed Aug 31 14:50:04 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 105 scbs remain. memcap: 8403684/8388608 Wed Aug 31 14:50:04 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 100 scbs remain. memcap: 8404357/8388608 Wed Aug 31 14:50:04 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 95 scbs remain. memcap: 8405030/8388608 Wed Aug 31 14:50:04 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 90 scbs remain. memcap: 8405846/8388608 Wed Aug 31 14:50:04 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 85 scbs remain. memcap: 8402523/8388608 Wed Aug 31 14:50:04 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 80 scbs remain. memcap: 8403358/8388608 Wed Aug 31 14:50:04 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 75 scbs remain. memcap: 8404613/8388608 Wed Aug 31 14:50:04 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 70 scbs remain. memcap: 8405928/8388608 Wed Aug 31 14:50:04 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 65 scbs remain. memcap: 8406714/8388608 Wed Aug 31 14:50:04 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 60 scbs remain. memcap: 8408307/8388608 Wed Aug 31 14:50:04 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 55 scbs remain. memcap: 8409033/8388608 Wed Aug 31 14:50:04 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 50 scbs remain. memcap: 8408671/8388608 Wed Aug 31 14:50:04 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 45 scbs remain. memcap: 8410264/8388608 Wed Aug 31 14:50:04 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 40 scbs remain. memcap: 8410855/8388608 Wed Aug 31 14:50:04 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 35 scbs remain. memcap: 8411753/8388608 Wed Aug 31 14:50:04 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 30 scbs remain. memcap: 8412651/8388608 Wed Aug 31 14:50:04 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 25 scbs remain. memcap: 8413578/8388608 Wed Aug 31 14:50:04 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 20 scbs remain. memcap: 8414630/8388608 Wed Aug 31 14:50:04 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 15 scbs remain. memcap: 8415806/8388608 Wed Aug 31 14:50:04 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 10 scbs remain. memcap: 8416139/8388608 Wed Aug 31 14:50:04 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 5 scbs remain. memcap: 8414375/8388608 Wed Aug 31 14:50:04 2016 daemon.notice snort[5363]: S5: Pruned 2 sessions from cache for memcap. 3 scbs remain. memcap: 7689975/8388608 Wed Aug 31 14:50:06 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 67 scbs remain. memcap: 8389757/8388608 Wed Aug 31 14:50:06 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 62 scbs remain. memcap: 8391350/8388608 Wed Aug 31 14:50:06 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 57 scbs remain. memcap: 8392943/8388608 Wed Aug 31 14:50:06 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 52 scbs remain. memcap: 8394536/8388608 Wed Aug 31 14:50:06 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 47 scbs remain. memcap: 8396129/8388608 Wed Aug 31 14:50:06 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 42 scbs remain. memcap: 8397722/8388608 Wed Aug 31 14:50:06 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 37 scbs remain. memcap: 8399315/8388608 Wed Aug 31 14:50:06 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 32 scbs remain. memcap: 8400908/8388608 Wed Aug 31 14:50:06 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 27 scbs remain. memcap: 8400694/8388608 Wed Aug 31 14:50:06 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 22 scbs remain. memcap: 8402287/8388608 Wed Aug 31 14:50:06 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 17 scbs remain. memcap: 8403880/8388608 Wed Aug 31 14:50:06 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 12 scbs remain. memcap: 8405473/8388608 Wed Aug 31 14:50:06 2016 daemon.notice snort[5363]: S5: Pruned 5 sessions from cache for memcap. 7 scbs remain. memcap: 8407066/8388608 Wed Aug 31 14:50:06 2016 daemon.notice snort[5363]: S5: Pruned session from cache that was using 3078400 bytes (memcap/check). 66.234.209.81 56188 --> 216.38.158.170 8080 (0) : LWstate 0x9 LWFlags 0x6007 Wed Aug 31 14:50:06 2016 daemon.notice snort[5363]: S5: Pruned 2 sessions from cache for memcap. 5 scbs remain. memcap: 5330259/8388608 Wed Aug 31 14:53:45 2016 kern.info kernel: [ 924.403058] nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to attach helpers instead. Wed Aug 31 14:58:24 2016 daemon.err uhttpd[4624]: cut: standard output: Broken pipe