Mon Mar 14 14:53:13 2016 kern.notice kernel: [    0.000000] Linux version 3.10.20 (daniel@Ayoub) (gcc version 4.7.0 (Cavium Inc. Version: SDK_3_1_0_p2 build 34) ) #149 SMP Mon May 18 16:39:16 PDT 2015
Mon Mar 14 14:53:13 2016 kern.notice kernel: [    0.000000] CVMSEG size: 2 cache lines (256 bytes)
Mon Mar 14 14:53:13 2016 kern.info kernel: [    0.000000] Cavium Inc. SDK-3.1
Mon Mar 14 14:53:13 2016 kern.info kernel: [    0.000000] bootconsole [early0] enabled
Mon Mar 14 14:53:13 2016 kern.info kernel: [    0.000000] CPU revision is: 000d9602 (Cavium Octeon III)
Mon Mar 14 14:53:13 2016 kern.info kernel: [    0.000000] FPU revision is: 00739600
Mon Mar 14 14:53:13 2016 kern.debug kernel: [    0.000000] Checking for the multiply/shift bug... no.
Mon Mar 14 14:53:13 2016 kern.debug kernel: [    0.000000] Checking for the daddiu bug... no.
Mon Mar 14 14:53:13 2016 kern.info kernel: [    0.000000] Determined physical RAM map:
Mon Mar 14 14:53:13 2016 kern.info kernel: [    0.000000]  memory: 000000000b400000 @ 0000000003a00000 (usable)
Mon Mar 14 14:53:13 2016 kern.info kernel: [    0.000000]  memory: 0000000000c00000 @ 000000000f200000 (usable)
Mon Mar 14 14:53:13 2016 kern.info kernel: [    0.000000]  memory: 000000002f000000 @ 0000000020000000 (usable)
Mon Mar 14 14:53:13 2016 kern.info kernel: [    0.000000]  memory: 0000000000830000 @ 0000000000100000 (usable)
Mon Mar 14 14:53:13 2016 kern.info kernel: [    0.000000]  memory: 0000000002f40000 @ 0000000000930000 (usable after init)
Mon Mar 14 14:53:13 2016 kern.info kernel: [    0.000000] Wasting 896 bytes for tracking 16 unused pages
Mon Mar 14 14:53:13 2016 kern.info kernel: [    0.000000] Initrd not found or empty - disabling initrd
Mon Mar 14 14:53:13 2016 kern.info kernel: [    0.000000] Using passed Device Tree <8000000000080000>.
Mon Mar 14 14:53:13 2016 kern.info kernel: [    0.000000] software IO TLB [mem 0x03b70000-0x03bb0000] (0MB) mapped at [8000000003b70000-8000000003baffff]
Mon Mar 14 14:53:13 2016 kern.debug kernel: [    0.000000] Zone ranges:
Mon Mar 14 14:53:13 2016 kern.debug kernel: [    0.000000]   DMA32    [mem 0x00100000-0xefffffff]
Mon Mar 14 14:53:13 2016 kern.debug kernel: [    0.000000]   Normal   empty
Mon Mar 14 14:53:13 2016 kern.debug kernel: [    0.000000] Movable zone start for each node
Mon Mar 14 14:53:13 2016 kern.debug kernel: [    0.000000] Early memory node ranges
Mon Mar 14 14:53:13 2016 kern.debug kernel: [    0.000000]   node   0: [mem 0x00100000-0x0386ffff]
Mon Mar 14 14:53:13 2016 kern.debug kernel: [    0.000000]   node   0: [mem 0x03a00000-0x0edfffff]
Mon Mar 14 14:53:13 2016 kern.debug kernel: [    0.000000]   node   0: [mem 0x0f200000-0x0fdfffff]
Mon Mar 14 14:53:13 2016 kern.debug kernel: [    0.000000]   node   0: [mem 0x20000000-0x4effffff]
Mon Mar 14 14:53:13 2016 kern.debug kernel: [    0.000000] On node 0 totalpages: 15991
Mon Mar 14 14:53:13 2016 kern.debug kernel: [    0.000000]   DMA32 zone: 14 pages used for memmap
Mon Mar 14 14:53:13 2016 kern.debug kernel: [    0.000000]   DMA32 zone: 0 pages reserved
Mon Mar 14 14:53:13 2016 kern.debug kernel: [    0.000000]   DMA32 zone: 15991 pages, LIFO batch:1
Mon Mar 14 14:53:13 2016 kern.info kernel: [    0.000000] Cavium Hotplug: Available coremask 0x0
Mon Mar 14 14:53:13 2016 kern.notice kernel: [    0.000000] Primary instruction cache 78kB, virtually tagged, 39 way, 16 sets, linesize 128 bytes.
Mon Mar 14 14:53:13 2016 kern.notice kernel: [    0.000000] Primary data cache 32kB, 32-way, 8 sets, linesize 128 bytes.
Mon Mar 14 14:53:13 2016 kern.notice kernel: [    0.000000] Secondary unified cache 512kB, 4-way, 1024 sets, linesize 128 bytes.
Mon Mar 14 14:53:13 2016 kern.info kernel: [    0.000000] PERCPU: Embedded 1 pages/cpu @8000000003c10000 s12544 r8192 d44800 u65536
Mon Mar 14 14:53:13 2016 kern.debug kernel: [    0.000000] pcpu-alloc: s12544 r8192 d44800 u65536 alloc=1*65536
Mon Mar 14 14:53:13 2016 kern.debug kernel: [    0.000000] pcpu-alloc: [0] 0 [0] 1 
Mon Mar 14 14:53:13 2016 kern.debug kernel: [    0.000000] Built 1 zonelists in Zone order, mobility grouping off.  Total pages: 15977
Mon Mar 14 14:53:13 2016 kern.notice kernel: [    0.000000] Kernel command line:  bootoctlinux 0x20000000 numcores=2 serial#=752011191521-36924 console=ttyS0,115200
Mon Mar 14 14:53:13 2016 kern.info kernel: [    0.000000] PID hash table entries: 4096 (order: -1, 32768 bytes)
Mon Mar 14 14:53:13 2016 kern.info kernel: [    0.000000] Dentry cache hash table entries: 131072 (order: 4, 1048576 bytes)
Mon Mar 14 14:53:13 2016 kern.info kernel: [    0.000000] Inode-cache hash table entries: 65536 (order: 3, 524288 bytes)
Mon Mar 14 14:53:13 2016 kern.info kernel: [    0.000000] Memory: 962816k/1023424k available (5825k kernel code, 60608k reserved, 2536k data, 48384k init, 0k highmem)
Mon Mar 14 14:53:13 2016 kern.info kernel: [    0.000000] Hierarchical RCU implementation.
Mon Mar 14 14:53:13 2016 kern.info kernel: [    0.000000] 	RCU restricting CPUs from NR_CPUS=32 to nr_cpu_ids=2.
Mon Mar 14 14:53:13 2016 kern.info kernel: [    0.000000] NR_IRQS:512
Mon Mar 14 14:53:13 2016 kern.info kernel: [    0.000000] CIB interrupt controller probed: 800107000000e000 23 bits
Mon Mar 14 14:53:13 2016 kern.info kernel: [    0.000000] CIB interrupt controller probed: 800107000000e200 12 bits
Mon Mar 14 14:53:13 2016 kern.info kernel: [    0.000000] CIB interrupt controller probed: 800107000000e400 6 bits
Mon Mar 14 14:53:13 2016 kern.info kernel: [    0.000000] CIB interrupt controller probed: 800107000000ec00 15 bits
Mon Mar 14 14:53:13 2016 kern.info kernel: [    0.000000] CIB interrupt controller probed: 800107000000e600 4 bits
Mon Mar 14 14:53:13 2016 kern.info kernel: [    0.000000] CIB interrupt controller probed: 800107000000e800 11 bits
Mon Mar 14 14:53:13 2016 kern.info kernel: [    0.000000] CIB interrupt controller probed: 800107000000e900 11 bits
Mon Mar 14 14:53:13 2016 kern.info kernel: [   24.222062] Calibrating delay loop (skipped) preset value.. 2000.00 BogoMIPS (lpj=10000000)
Mon Mar 14 14:53:13 2016 kern.info kernel: [   24.230277] pid_max: default: 32768 minimum: 501
Mon Mar 14 14:53:13 2016 kern.info kernel: [   24.234993] Security Framework initialized
Mon Mar 14 14:53:13 2016 kern.info kernel: [   24.239011] Mount-cache hash table entries: 4096
Mon Mar 14 14:53:13 2016 kern.debug kernel: [   24.245261] Checking for the daddi bug... no.
Mon Mar 14 14:53:13 2016 kern.info kernel: [   24.246050] SMP: Booting CPU01 (CoreId  1)...
Mon Mar 14 14:53:13 2016 kern.info kernel: [   24.250252] CPU revision is: 000d9602 (Cavium Octeon III)
Mon Mar 14 14:53:13 2016 kern.info kernel: [   24.250256] FPU revision is: 00739600
Mon Mar 14 14:53:13 2016 kern.info kernel: [   24.250440] Cpu 1 online
Mon Mar 14 14:53:13 2016 kern.info kernel: [   24.261856] Brought up 2 CPUs
Mon Mar 14 14:53:13 2016 kern.info kernel: [   24.264800] Cavium Hotplug: Available coremask 0x0
Mon Mar 14 14:53:13 2016 kern.info kernel: [   24.271781] NET: Registered protocol family 16
Mon Mar 14 14:53:13 2016 kern.notice kernel: [   24.277189] Installing handlers for error tree at: ffffffff808be430
Mon Mar 14 14:53:13 2016 kern.notice kernel: [   24.294712] PCIe: Initializing port 0
Mon Mar 14 14:53:13 2016 kern.debug kernel: [   26.357255] PCIe: Link timeout on port 0, probably the slot is empty
Mon Mar 14 14:53:13 2016 kern.notice kernel: [   26.357261] PCIe: Initializing port 1
Mon Mar 14 14:53:13 2016 kern.debug kernel: [   26.360756] PCIe: Port 1 not in PCIe mode, skipping
Mon Mar 14 14:53:13 2016 kern.notice kernel: [   26.360761] PCIe: Initializing port 2
Mon Mar 14 14:53:13 2016 kern.debug kernel: [   26.364403] PCIe: Port 2 not in PCIe mode, skipping
Mon Mar 14 14:53:13 2016 kern.warn kernel: [   26.370771] [sched_delayed] sched: RT throttling activated
Mon Mar 14 14:53:13 2016 kern.info kernel: [   26.384100] bio: create slab <bio-0> at 0
Mon Mar 14 14:53:13 2016 kern.info kernel: [   26.388521] vgaarb: loaded
Mon Mar 14 14:53:13 2016 kern.notice kernel: [   26.391453] SCSI subsystem initialized
Mon Mar 14 14:53:13 2016 kern.debug kernel: [   26.395304] libata version 3.00 loaded.
Mon Mar 14 14:53:13 2016 kern.info kernel: [   26.395719] usbcore: registered new interface driver usbfs
Mon Mar 14 14:53:13 2016 kern.info kernel: [   26.401153] usbcore: registered new interface driver hub
Mon Mar 14 14:53:13 2016 kern.info kernel: [   26.406449] usbcore: registered new device driver usb
Mon Mar 14 14:53:13 2016 kern.info kernel: [   26.411602] pps_core: LinuxPPS API ver. 1 registered
Mon Mar 14 14:53:13 2016 kern.info kernel: [   26.416400] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti <giometti@linux.it>
Mon Mar 14 14:53:13 2016 kern.info kernel: [   26.425627] PTP clock support registered
Mon Mar 14 14:53:13 2016 kern.info kernel: [   26.429502] EDAC MC: Ver: 3.0.0
Mon Mar 14 14:53:13 2016 kern.info kernel: [   26.433183] PCI host bridge to bus 0000:00
Mon Mar 14 14:53:13 2016 kern.info kernel: [   26.437138] pci_bus 0000:00: root bus resource [mem 0x1000000000000]
Mon Mar 14 14:53:13 2016 kern.info kernel: [   26.443463] pci_bus 0000:00: root bus resource [io  0x0000]
Mon Mar 14 14:53:13 2016 kern.info kernel: [   26.449031] pci_bus 0000:00: No busn resource found for root bus, will use [bus 00-ff]
Mon Mar 14 14:53:13 2016 kern.debug kernel: [   26.456957] pci_bus 0000:00: busn_res: [bus 00-ff] end is updated to 00
Mon Mar 14 14:53:13 2016 kern.info kernel: [   26.457909] Switching to clocksource OCTEON_CVMCOUNT
Mon Mar 14 14:53:13 2016 kern.info kernel: [   26.464182] NET: Registered protocol family 2
Mon Mar 14 14:53:13 2016 kern.info kernel: [   26.468823] TCP established hash table entries: 8192 (order: 1, 131072 bytes)
Mon Mar 14 14:53:13 2016 kern.info kernel: [   26.475942] TCP bind hash table entries: 8192 (order: 1, 131072 bytes)
Mon Mar 14 14:53:13 2016 kern.info kernel: [   26.482430] TCP: Hash tables configured (established 8192 bind 8192)
Mon Mar 14 14:53:13 2016 kern.info kernel: [   26.488701] TCP: reno registered
Mon Mar 14 14:53:13 2016 kern.info kernel: [   26.491880] UDP hash table entries: 2048 (order: 0, 65536 bytes)
Mon Mar 14 14:53:13 2016 kern.info kernel: [   26.497967] UDP-Lite hash table entries: 2048 (order: 0, 65536 bytes)
Mon Mar 14 14:53:13 2016 kern.info kernel: [   26.504623] NET: Registered protocol family 1
Mon Mar 14 14:53:13 2016 kern.debug kernel: [   26.508828] PCI: CLS 0 bytes, default 128
Mon Mar 14 14:53:13 2016 kern.notice kernel: [   29.428726] octeon_pci_console: Console not created.
Mon Mar 14 14:53:13 2016 kern.notice kernel: [   29.433548] /proc/octeon_perf: Octeon performance counter interface loaded
Mon Mar 14 14:53:13 2016 kern.info kernel: [   29.442239] HugeTLB registered 512 MB page size, pre-allocated 0 pages
Mon Mar 14 14:53:13 2016 kern.debug kernel: [   29.449896] sys_fw_version: 0.1.17
Mon Mar 14 14:53:13 2016 kern.debug kernel: [   29.449910] sys_revision: 21
Mon Mar 14 14:53:13 2016 kern.info kernel: [   29.450247] squashfs: version 4.0 (2009/01/31) Phillip Lougher
Mon Mar 14 14:53:13 2016 kern.info kernel: [   29.456183] NTFS driver 2.1.30 [Flags: R/W].
Mon Mar 14 14:53:13 2016 kern.info kernel: [   29.460333] jffs2: version 2.2. (NAND) © 2001-2006 Red Hat, Inc.
Mon Mar 14 14:53:13 2016 kern.info kernel: [   29.466509] msgmni has been set to 1880
Mon Mar 14 14:53:13 2016 kern.notice kernel: [   29.471166] Key type asymmetric registered
Mon Mar 14 14:53:13 2016 kern.notice kernel: [   29.475125] Asymmetric key parser 'x509' registered
Mon Mar 14 14:53:13 2016 kern.info kernel: [   29.479978] io scheduler noop registered
Mon Mar 14 14:53:13 2016 kern.info kernel: [   29.483889] io scheduler deadline registered
Mon Mar 14 14:53:13 2016 kern.info kernel: [   29.488160] io scheduler cfq registered (default)
Mon Mar 14 14:53:13 2016 kern.info kernel: [   29.493092] octeon_gpio 1070000000800.gpio-controller: OCTEON GPIO
Mon Mar 14 14:53:13 2016 kern.info kernel: [   29.541305] Serial: 8250/16550 driver, 6 ports, IRQ sharing disabled
Mon Mar 14 14:53:13 2016 kern.info kernel: [   29.548944] 1180000000800.serial: ttyS0 at MMIO 0x1180000000800 (irq = 34) is a OCTEON
Mon Mar 14 14:53:13 2016 kern.info kernel: [   29.556733] console [ttyS0] enabled, bootconsole disabled
Mon Mar 14 14:53:13 2016 kern.info kernel: [   29.580371] 1180000000c00.serial: ttyS1 at MMIO 0x1180000000c00 (irq = 35) is a OCTEON
Mon Mar 14 14:53:13 2016 kern.info kernel: [   29.601306] brd: module loaded
Mon Mar 14 14:53:13 2016 kern.info kernel: [   29.619638] loop: module loaded
Mon Mar 14 14:53:13 2016 kern.notice kernel: [   29.636372] slram: not enough parameters.
Mon Mar 14 14:53:13 2016 kern.info kernel: [   29.659791] IMQ driver loaded successfully. (numdevs = 16, numqueues = 1)
Mon Mar 14 14:53:13 2016 kern.info kernel: [   29.678873] 	Hooking IMQ after NAT on PREROUTING.
Mon Mar 14 14:53:13 2016 kern.info kernel: [   29.695845] 	Hooking IMQ before NAT on POSTROUTING.
Mon Mar 14 14:53:13 2016 kern.info kernel: [   29.714856] libphy: mdio-octeon: probed
Mon Mar 14 14:53:13 2016 kern.info kernel: [   29.732200] mdio-octeon 1180000001800.mdio: Version 1.0
Mon Mar 14 14:53:13 2016 kern.info kernel: [   29.749826] spi_ks8995: Micrel KS8995 Ethernet switch SPI driver version 0.1.1
Mon Mar 14 14:53:13 2016 kern.info kernel: [   29.769892] e1000e: Intel(R) PRO/1000 Network Driver - 2.3.2-k
Mon Mar 14 14:53:13 2016 kern.info kernel: [   29.788010] e1000e: Copyright(c) 1999 - 2013 Intel Corporation.
Mon Mar 14 14:53:13 2016 kern.err kernel: [   29.806468] octeon-pow-ethernet ERROR: You must specify a broadcast group mask.
Mon Mar 14 14:53:13 2016 kern.notice kernel: [   29.826102] octeon-ethernet 2.0
Mon Mar 14 14:53:13 2016 kern.debug kernel: [   29.843143] Interface 0 has 4 ports (QSGMII)
Mon Mar 14 14:53:13 2016 kern.debug kernel: [   29.843223] Interface 1 has 4 ports (QSGMII)
Mon Mar 14 14:53:13 2016 kern.debug kernel: [   29.843230] Interface 2 has 4 ports (NPI)
Mon Mar 14 14:53:13 2016 kern.debug kernel: [   29.843244] Interface 3 has 4 ports (LOOP)
Mon Mar 14 14:53:13 2016 kern.debug kernel: [   29.843261] Interface 4 has 1 ports (AGL)
Mon Mar 14 14:53:13 2016 kern.info kernel: [   29.851167] usbcore: registered new interface driver cdc_ether
Mon Mar 14 14:53:13 2016 kern.info kernel: [   29.869254] usbcore: registered new interface driver plusb
Mon Mar 14 14:53:13 2016 kern.info kernel: [   29.886987] usbcore: registered new interface driver sierra_net
Mon Mar 14 14:53:13 2016 kern.info kernel: [   29.905682] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
Mon Mar 14 14:53:13 2016 kern.info kernel: [   29.924480] ehci-pci: EHCI PCI platform driver
Mon Mar 14 14:53:13 2016 kern.info kernel: [   29.941175] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
Mon Mar 14 14:53:13 2016 kern.info kernel: [   29.960114] usbcore: registered new interface driver usb-storage
Mon Mar 14 14:53:13 2016 kern.info kernel: [   29.978461] usbcore: registered new interface driver usbserial
Mon Mar 14 14:53:13 2016 kern.info kernel: [   29.996520] usbcore: registered new interface driver usbserial_generic
Mon Mar 14 14:53:13 2016 kern.info kernel: [   30.015266] usbserial: USB Serial support registered for generic
Mon Mar 14 14:53:13 2016 kern.info kernel: [   30.033525] usbcore: registered new interface driver sierra
Mon Mar 14 14:53:13 2016 kern.info kernel: [   30.051314] usbserial: USB Serial support registered for Sierra USB modem
Mon Mar 14 14:53:13 2016 kern.info kernel: [   30.070509] i2c /dev entries driver
Mon Mar 14 14:53:13 2016 kern.info kernel: [   30.086521] i2c-octeon 1180000001000.i2c: version 2.5
Mon Mar 14 14:53:13 2016 kern.info kernel: [   30.104493] octeon_wdt: Initial granularity 5 Sec
Mon Mar 14 14:53:13 2016 kern.info kernel: [   30.121588] EDAC DEVICE0: Giving out device to module 'octeon-cpu' controller 'cache': DEV 'octeon_pc_edac' (INTERRUPT)
Mon Mar 14 14:53:13 2016 kern.info kernel: [   30.144680] EDAC DEVICE1: Giving out device to module 'octeon-l2c' controller 'octeon_l2c_err': DEV 'octeon_l2c_edac' (POLLED)
Mon Mar 14 14:53:13 2016 kern.info kernel: [   30.168337] octeon_lmc_edac octeon_lmc_edac.0: Disabled (ECC not enabled)
Mon Mar 14 14:53:13 2016 kern.info kernel: [   31.942955] Netfilter messages via NETLINK v0.30.
Mon Mar 14 14:53:13 2016 kern.info kernel: [   31.959799] nfnl_acct: registering with nfnetlink.
Mon Mar 14 14:53:13 2016 kern.info kernel: [   31.976758] nf_conntrack version 0.5.0 (7522 buckets, 30088 max)
Mon Mar 14 14:53:13 2016 kern.info kernel: [   31.995177] ctnetlink v0.93: registering with nfnetlink.
Mon Mar 14 14:53:13 2016 kern.info kernel: [   32.012984] xt_time: kernel timezone is -0000
Mon Mar 14 14:53:13 2016 kern.notice kernel: [   32.029473] ip_set: protocol 6
Mon Mar 14 14:53:13 2016 kern.info kernel: [   32.044769] ipip: IPv4 over IPv4 tunneling driver
Mon Mar 14 14:53:13 2016 kern.info kernel: [   32.062082] gre: GRE over IPv4 demultiplexor driver
Mon Mar 14 14:53:13 2016 kern.info kernel: [   32.079093] ip_gre: GRE over IPv4 tunneling driver
Mon Mar 14 14:53:13 2016 kern.info kernel: [   32.097212] ip_tables: (C) 2000-2006 Netfilter Core Team
Mon Mar 14 14:53:13 2016 kern.info kernel: [   32.114850] ipt_CLUSTERIP: ClusterIP Version 0.8 loaded successfully
Mon Mar 14 14:53:13 2016 kern.info kernel: [   32.133380] arp_tables: (C) 2002 David S. Miller
Mon Mar 14 14:53:13 2016 kern.info kernel: [   32.150176] TCP: cubic registered
Mon Mar 14 14:53:13 2016 kern.info kernel: [   32.165618] Initializing XFRM netlink socket
Mon Mar 14 14:53:13 2016 kern.info kernel: [   32.182065] NET: Registered protocol family 10
Mon Mar 14 14:53:13 2016 kern.info kernel: [   32.201849] mip6: Mobile IPv6
Mon Mar 14 14:53:13 2016 kern.info kernel: [   32.216994] ip6_tables: (C) 2000-2006 Netfilter Core Team
Mon Mar 14 14:53:13 2016 kern.info kernel: [   32.234815] sit: IPv6 over IPv4 tunneling driver
Mon Mar 14 14:53:13 2016 kern.info kernel: [   32.252805] ip6_gre: GRE over IPv6 tunneling driver
Mon Mar 14 14:53:13 2016 kern.info kernel: [   32.270407] NET: Registered protocol family 17
Mon Mar 14 14:53:13 2016 kern.info kernel: [   32.287021] NET: Registered protocol family 15
Mon Mar 14 14:53:13 2016 kern.notice kernel: [   32.303688] Bridge firewalling registered
Mon Mar 14 14:53:13 2016 kern.info kernel: [   32.319841] Ebtables v2.0 registered
Mon Mar 14 14:53:13 2016 kern.info kernel: [   32.362766] 8021q: 802.1Q VLAN Support v1.8
Mon Mar 14 14:53:13 2016 kern.notice kernel: [   32.379141] Key type dns_resolver registered
Mon Mar 14 14:53:13 2016 kern.info kernel: [   32.395673] L2 lock: TLB refill 256 bytes
Mon Mar 14 14:53:13 2016 kern.info kernel: [   32.411808] L2 lock: General exception 128 bytes
Mon Mar 14 14:53:13 2016 kern.info kernel: [   32.428545] L2 lock: low-level interrupt 128 bytes
Mon Mar 14 14:53:13 2016 kern.info kernel: [   32.445456] L2 lock: interrupt 640 bytes
Mon Mar 14 14:53:13 2016 kern.info kernel: [   32.461506] L2 lock: memcpy 1152 bytes
Mon Mar 14 14:53:13 2016 kern.err kernel: [   32.479445] drivers/rtc/hctosys.c: unable to open rtc device (rtc0)
Mon Mar 14 14:53:13 2016 kern.info kernel: [   32.508938] Freeing unused kernel memory: 48384K (ffffffff80930000 - ffffffff83870000)
Mon Mar 14 14:53:13 2016 kern.info kernel: [   49.826395] mmc1: BKOPS_EN bit is not set
Mon Mar 14 14:53:13 2016 kern.info kernel: [   49.847067] mmc1: new high speed DDR MMC card at address 0001
Mon Mar 14 14:53:13 2016 kern.info kernel: [   49.865525] mmcblk0: mmc1:0001 P1XXXX 3.60 GiB 
Mon Mar 14 14:53:13 2016 kern.info kernel: [   49.882491] mmcblk0boot0: mmc1:0001 P1XXXX partition 1 2.00 MiB
Mon Mar 14 14:53:13 2016 kern.info kernel: [   49.900844] mmcblk0boot1: mmc1:0001 P1XXXX partition 2 2.00 MiB
Mon Mar 14 14:53:13 2016 kern.info kernel: [   49.919194] mmcblk0rpmb: mmc1:0001 P1XXXX partition 3 128 KiB
Mon Mar 14 14:53:13 2016 kern.info kernel: [   49.941282]  mmcblk0: p1 p2 p3 p4
Mon Mar 14 14:53:13 2016 kern.info kernel: [   49.962111]  mmcblk0boot1: unknown partition table
Mon Mar 14 14:53:13 2016 kern.info kernel: [   49.983613]  mmcblk0boot0: unknown partition table
Mon Mar 14 14:53:13 2016 kern.info kernel: [   50.712162] kjournald starting.  Commit interval 5 seconds
Mon Mar 14 14:53:13 2016 kern.info kernel: [   50.730792] EXT3-fs (mmcblk0p2): using internal journal
Mon Mar 14 14:53:13 2016 kern.info kernel: [   50.749071] EXT3-fs (mmcblk0p2): recovery complete
Mon Mar 14 14:53:13 2016 kern.info kernel: [   50.766138] EXT3-fs (mmcblk0p2): mounted filesystem with writeback data mode
Mon Mar 14 14:53:13 2016 user.err kernel: [   51.027284] init: failed to symlink /tmp -> /var
Mon Mar 14 14:53:13 2016 user.info kernel: [   51.044346] init: Console is alive
Mon Mar 14 14:53:13 2016 user.info kernel: [   51.060227] init: - watchdog -
Mon Mar 14 14:53:13 2016 user.info kernel: [   52.076396] init: - preinit -
Mon Mar 14 14:53:13 2016 user.notice kernel: [   55.275506] mount_root: mounting /dev/root
Mon Mar 14 14:53:13 2016 user.info kernel: [   55.292472] mount_root: loading kmods from internal overlay
Mon Mar 14 14:53:13 2016 user.info kernel: [   55.414165] block: attempting to load /etc/config/fstab
Mon Mar 14 14:53:13 2016 user.info kernel: [   55.434724] block: extroot: not configured
Mon Mar 14 14:53:13 2016 user.info kernel: [   55.455745] procd: - early -
Mon Mar 14 14:53:13 2016 user.info kernel: [   55.471092] procd: - watchdog -
Mon Mar 14 14:53:13 2016 user.info kernel: [   56.186640] procd: - ubus -
Mon Mar 14 14:53:13 2016 user.info kernel: [   57.202075] procd: - init -
Mon Mar 14 14:53:13 2016 kern.info kernel: [   59.035439] NET: Registered protocol family 38
Mon Mar 14 14:53:13 2016 kern.info kernel: [   59.058675] tun: Universal TUN/TAP device driver, 1.6
Mon Mar 14 14:53:13 2016 kern.info kernel: [   59.075872] tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
Mon Mar 14 14:53:13 2016 kern.info kernel: [   59.103724] u32 classifier
Mon Mar 14 14:53:13 2016 kern.info kernel: [   59.118595]     input device check on
Mon Mar 14 14:53:13 2016 kern.info kernel: [   59.134380]     Actions configured
Mon Mar 14 14:53:13 2016 kern.info kernel: [   59.151030] Mirror/redirect action on
Mon Mar 14 14:53:13 2016 kern.info kernel: [   59.176051] PPP generic driver version 2.4.2
Mon Mar 14 14:53:13 2016 kern.info kernel: [   59.193328] NET: Registered protocol family 24
Mon Mar 14 14:53:14 2016 user.emerg procd: this file has been obseleted. please call "/sbin/block mount" directly
Mon Mar 14 14:53:14 2016 daemon.notice netifd: Interface 'lan' is enabled
Mon Mar 14 14:53:14 2016 daemon.notice netifd: Interface 'lan' is setting up now
Mon Mar 14 14:53:14 2016 daemon.notice netifd: Interface 'lan' is now up
Mon Mar 14 14:53:14 2016 daemon.notice netifd: Interface 'blockdomain' is enabled
Mon Mar 14 14:53:14 2016 daemon.notice netifd: Interface 'blockdomain' is setting up now
Mon Mar 14 14:53:14 2016 daemon.notice netifd: Interface 'blockdomain' is now up
Mon Mar 14 14:53:14 2016 kern.info kernel: [   61.157550] IPv6: ADDRCONF(NETDEV_UP): eth1: link is not ready
Mon Mar 14 14:53:14 2016 kern.info kernel: [   61.158321] device eth1 entered promiscuous mode
Mon Mar 14 14:53:14 2016 kern.info kernel: [   61.159434] IPv6: ADDRCONF(NETDEV_UP): br-lan: link is not ready
Mon Mar 14 14:53:14 2016 daemon.err block: /dev/mmcblk0p2 is already mounted
Mon Mar 14 14:53:14 2016 kern.debug kernel: [   61.186972] SGMII0: Port 2 link timeout
Mon Mar 14 14:53:14 2016 kern.notice kernel: [   61.187198] eth2: 1000 Mbps Full duplex, port 2
Mon Mar 14 14:53:14 2016 kern.info kernel: [   61.187292] IPv6: ADDRCONF(NETDEV_UP): eth2: link is not ready
Mon Mar 14 14:53:14 2016 kern.info kernel: [   61.188038] device eth2 entered promiscuous mode
Mon Mar 14 14:53:14 2016 daemon.notice netifd: Interface 'loopback' is enabled
Mon Mar 14 14:53:14 2016 daemon.notice netifd: Interface 'loopback' is setting up now
Mon Mar 14 14:53:14 2016 daemon.notice netifd: Interface 'loopback' is now up
Mon Mar 14 14:53:14 2016 daemon.notice netifd: Interface 'wan' is enabled
Mon Mar 14 14:53:14 2016 daemon.notice netifd: Network device 'lo' link is up
Mon Mar 14 14:53:14 2016 daemon.notice netifd: Interface 'loopback' has link connectivity 
Mon Mar 14 14:53:14 2016 kern.notice kernel: [   61.215537] eth0: 1000 Mbps Full duplex, port 0
Mon Mar 14 14:53:14 2016 kern.info kernel: [   61.215638] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
Mon Mar 14 14:53:14 2016 cron.info crond[3187]: crond (busybox 1.23.2) started, log level 5
Mon Mar 14 14:53:14 2016 user.notice firewall: Reloading firewall due to ifup of lan (br-lan)
Mon Mar 14 14:53:14 2016 authpriv.warn dropbear[3219]: Failed listening on '22': Error listening: Cannot assign requested address
Mon Mar 14 14:53:14 2016 authpriv.info dropbear[3219]: Not backgrounding
Mon Mar 14 14:53:15 2016 daemon.notice netifd: Network device 'eth2' link is up
Mon Mar 14 14:53:15 2016 daemon.notice netifd: Bridge 'br-lan' link is up
Mon Mar 14 14:53:15 2016 daemon.notice netifd: Interface 'lan' has link connectivity 
Mon Mar 14 14:53:15 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity 
Mon Mar 14 14:53:15 2016 kern.info kernel: [   62.162986] IPv6: ADDRCONF(NETDEV_CHANGE): eth2: link becomes ready
Mon Mar 14 14:53:15 2016 kern.info kernel: [   62.163051] br-lan: port 2(eth2) entered forwarding state
Mon Mar 14 14:53:15 2016 kern.info kernel: [   62.163073] br-lan: port 2(eth2) entered forwarding state
Mon Mar 14 14:53:15 2016 kern.info kernel: [   62.163123] IPv6: ADDRCONF(NETDEV_CHANGE): br-lan: link becomes ready
Mon Mar 14 14:53:15 2016 daemon.notice netifd: Network device 'eth0' link is up
Mon Mar 14 14:53:15 2016 daemon.notice netifd: Interface 'wan' has link connectivity 
Mon Mar 14 14:53:15 2016 daemon.notice netifd: Interface 'wan' is setting up now
Mon Mar 14 14:53:15 2016 kern.info kernel: [   62.192981] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
Mon Mar 14 14:53:15 2016 daemon.notice netifd: wan (3336): udhcpc (v1.23.2) started
Mon Mar 14 14:53:15 2016 daemon.notice netifd: wan (3336): Sending discover...
Mon Mar 14 14:53:15 2016 daemon.notice netifd: wan (3336): Sending select for 192.168.1.11...
Mon Mar 14 14:53:15 2016 kern.info kernel: [   62.470431] nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to attach helpers instead.
Mon Mar 14 14:53:15 2016 daemon.notice netifd: wan (3336): Lease of 192.168.1.11 obtained, lease time 86400
Mon Mar 14 14:53:15 2016 daemon.notice netifd: Interface 'wan' is now up
Mon Mar 14 14:53:17 2016 kern.info kernel: [   64.162784] br-lan: port 2(eth2) entered forwarding state
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: Enabling inline operation
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: Found pid path directive (/var/run/)
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: Running in IDS mode
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:         --== Initializing Snort ==--
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: Initializing Output Plugins!
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: Initializing Preprocessors!
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: Initializing Plug-ins!
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: Parsing Rules file "/etc/snort/snort8.conf"
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: PortVar 'HTTP_PORTS' defined : 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:  [ 36 80:90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 33300 34412 Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: PortVar 'SHELLCODE_PORTS' defined : 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:  [ 1:65535 ]
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: PortVar 'ORACLE_PORTS' defined : 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:  [ 1024:65535 ]
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: PortVar 'SSH_PORTS' defined : 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:  [ 22 ]
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: PortVar 'FTP_PORTS' defined : 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:  [ 21 2100 3535 ]
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: PortVar 'SIP_PORTS' defined : 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:  [ 5060:5061 5600 ]
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: PortVar 'FILE_DATA_PORTS' defined : 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:  [ 36 80:90 110 143 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 3330Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: PortVar 'GTP_PORTS' defined : 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:  [ 2123 2152 3386 ]
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: Detection:
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:    Search-Method = AC-Full-Q
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Search-Method-Optimizations = enabled
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Maximum pattern length = 20
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: Found pid path directive (/var/run/)
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: Tagged Packet Limit: 256
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so... 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: done
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/...
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: done
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dnp3_preproc.so... 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: done
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sip_preproc.so... 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: done
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so... 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: done
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so... 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: done
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_pop_preproc.so... 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: done
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so... 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: done
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_imap_preproc.so... 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: done
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so... 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: done
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so... 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: done
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_reputation_preproc.so... 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: done
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_modbus_preproc.so... 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: done
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so... 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: done
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_gtp_preproc.so... 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: done
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:   Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: Log directory = /tmp/snort/
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: Normalizer config:
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:          ip4: on
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:      ip4::df: off
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:      ip4::rf: off
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     ip4::tos: off
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:    ip4::trim: off
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     ip4::ttl: on (min=1, new=5)
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: Normalizer config:
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:          tcp: on
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     tcp::ecn: stream
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:   tcp::block: off
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     tcp::rsv: off
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     tcp::pad: off
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: tcp::req_urg: off
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: tcp::req_pay: off
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: tcp::req_urp: off
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     tcp::urp: off
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     tcp::opt: off
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     tcp::ips: on
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: tcp::trim_syn: off
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: tcp::trim_rst: off
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: tcp::trim_win: off
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: tcp::trim_mss: off
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: Normalizer config:
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:        icmp4: on
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: Normalizer config:
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:          ip6: on
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:    ip6::hops: on (min=1, new=5)
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: Normalizer config:
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:        icmp6: on
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: Frag3 global config:
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Max frags: 65536
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Fragment memory cap: 4194304 bytes
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: Frag3 engine config:
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Bound Address: default
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Target-based policy: WINDOWS
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Fragment timeout: 180 seconds
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Fragment min_ttl:   1
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Fragment Anomalies: Alert
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Overlap Limit:     10
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Min fragment Length:     100
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Max Expected Streams: 39
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: Stream global config:
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Track TCP sessions: ACTIVE
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Max TCP sessions: 10000
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     TCP cache pruning timeout: 30 seconds
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     TCP cache nominal timeout: 3600 seconds
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Memcap (for reassembly packet storage): 8388608
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Track UDP sessions: ACTIVE
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Max UDP sessions: 10000
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     UDP cache pruning timeout: 30 seconds
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     UDP cache nominal timeout: 180 seconds
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Track ICMP sessions: ACTIVE
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Max ICMP sessions: 65536
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Track IP sessions: INACTIVE
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Log info if session memory consumption exceeds 1048576
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Send up to 2 active responses
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Wait at least 5 seconds between responses
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Protocol Aware Flushing: ACTIVE
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:         Maximum Flush Point: 16000
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: Stream TCP Policy config:
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Bound Address: default
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Reassembly Policy: WINDOWS
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Timeout: 180 seconds
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Limit on TCP Overlaps: 10
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Maximum number of bytes to queue per session: 1048576
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Maximum number of segs to queue per session: 2621
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Options:
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:         Require 3-Way Handshake: YES
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:         3-Way Handshake Timeout: 180
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:         Detect Anomalies: YES
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Reassembly Ports:
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       21 client (Footprint-IPS) 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       22 client (Footprint-IPS) 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       23 client (Footprint-IPS) 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       25 client (Footprint-IPS) 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       36 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       42 client (Footprint-IPS) 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       53 client (Footprint-IPS) 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       70 client (Footprint-IPS) 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       79 client (Footprint-IPS) 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       80 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       81 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       82 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       83 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       84 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       85 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       86 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       87 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       88 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       89 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       90 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       additional ports configured but not printed.
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: Stream UDP Policy config:
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Timeout: 180 seconds
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: HttpInspect Config:
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     GLOBAL CONFIG
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Detect Proxy Usage:       NO
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       IIS Unicode Map Filename: /etc/snort/unicode.map
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       IIS Unicode Map Codepage: 1252
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Memcap used for logging URI and Hostname: 150994944
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Max Gzip Memory: 838860
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Max Gzip Sessions: 1807
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Gzip Compress Depth: 65535
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Gzip Decompress Depth: 65535
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     DEFAULT SERVER CONFIG:
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Server profile: All
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Ports (PAF): 36 80 81 82 83 84 85 86 87 88 89 90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000 7001 7071 7144 7145 7510 7770 7777 7778 7779 8000 8008 8014 8028 8080 8081 8082 8085 8088 8090 8118 8123 8180 8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090 9091 9111 9290 9443 Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Server Flow Depth: 0
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Client Flow Depth: 0
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Max Chunk Length: 500000
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Small Chunk Length Evasion: chunk size <= 10, threshold >= 5 times
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Max Header Field Length: 750
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Max Number Header Fields: 100
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Max Number of WhiteSpaces allowed with header folding: 200
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Inspect Pipeline Requests: YES
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       URI Discovery Strict Mode: NO
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Allow Proxy Usage: NO
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Disable Alerting: NO
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Oversize Dir Length: 500
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Only inspect URI: NO
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Normalize HTTP Headers: NO
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Inspect HTTP Cookies: YES
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Inspect HTTP Responses: YES
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Extract Gzip from responses: YES
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Decompress response files:   
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Unlimited decompression of gzip data from responses: YES
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Normalize Javascripts in HTTP Responses: YES
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Max Number of WhiteSpaces allowed with Javascript Obfuscation in HTTP responses: 200
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Normalize HTTP Cookies: NO
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Enable XFF and True Client IP: NO
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Log HTTP URI data: NO
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Log HTTP Hostname data: NO
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Extended ASCII code support in URI: NO
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Ascii: YES alert: NO
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Double Decoding: YES alert: NO
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       %U Encoding: YES alert: YES
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Bare Byte: YES alert: NO
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       UTF 8: YES alert: NO
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       IIS Unicode: YES alert: NO
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Multiple Slash: YES alert: NO
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       IIS Backslash: YES alert: NO
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Directory Traversal: YES alert: NO
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Web Root Traversal: YES alert: NO
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Apache WhiteSpace: YES alert: NO
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       IIS Delimiter: YES alert: NO
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Whitespace Characters: 0x09 0x0b 0x0c 0x0d 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: rpc_decode arguments:
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     alert_fragments: INACTIVE
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     alert_large_fragments: INACTIVE
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     alert_incomplete: INACTIVE
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     alert_multiple_requests: INACTIVE
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: Portscan Detection Config:
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Detect Protocols:  TCP UDP ICMP IP
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Detect Scan Type:  portscan portsweep decoy_portscan distributed_portscan
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Sensitivity Level: Medium
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Memcap (in bytes): 500000
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Number of Nodes:   978
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: FTPTelnet Config:
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     GLOBAL CONFIG
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Inspection Type: stateful
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Check for Encrypted Traffic: YES alert: NO
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Continue to check encrypted data: YES
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     TELNET CONFIG:
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Ports: 23 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Are You There Threshold: 20
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Normalize: YES
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       Detect Anomalies: YES
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     FTP CONFIG:
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       FTP Server: default
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:         Ports (PAF): 21 2100 3535 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:         Check for Telnet Cmds: YES alert: YES
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:         Ignore Telnet Cmd Operations: YES alert: YES
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:         Ignore open data channels: NO
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       FTP Client: default
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:         Check for Bounce Attacks: YES alert: YES
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:         Check for Telnet Cmds: YES alert: YES
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:         Ignore Telnet Cmd Operations: YES alert: YES
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:         Max Response Length: 256
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: SSH config: 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Autodetection: ENABLED
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Challenge-Response Overflow Alert: ENABLED
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     SSH1 CRC32 Alert: ENABLED
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Server Version String Overflow Alert: ENABLED
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Protocol Mismatch Alert: ENABLED
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Bad Message Direction Alert: DISABLED
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Bad Payload Size Alert: DISABLED
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Unrecognized Version Alert: DISABLED
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Max Encrypted Packets: 20  
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Max Server Version String Length: 100  
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     MaxClientBytes: 19600 (Default) 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Ports:
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: 	22
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: DCE/RPC 2 Preprocessor Configuration
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:   Global Configuration
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     DCE/RPC Defragmentation: Enabled
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Memcap: 102400 KB
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Events: co 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     SMB Fingerprint policy: Disabled
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:   Server Default Configuration
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Policy: WinXP
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Detect ports (PAF)
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       SMB: 139 445 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       TCP: 135 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       UDP: 135 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       RPC over HTTP server: 593 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       RPC over HTTP proxy: None
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Autodetect ports (PAF)
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       SMB: None
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       TCP: 1025-65535 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       UDP: 1025-65535 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       RPC over HTTP server: 1025-65535 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       RPC over HTTP proxy: None
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Invalid SMB shares: C$ D$ ADMIN$ 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Maximum SMB command chaining: 3 commands
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     SMB file inspection: Disabled
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: DNS config: 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     DNS Client rdata txt Overflow Alert: ACTIVE
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Obsolete DNS RR Types Alert: INACTIVE
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Experimental DNS RR Types Alert: INACTIVE
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Ports:
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:  53
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: SSLPP config:
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Encrypted packets: not inspected
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Ports:
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       443      465      563      636      989
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:       992      993      994      995     7801
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:      7802     7900     7901     7902     7903
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:      7904     7905     7906     7907     7908
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:      7909     7910     7911     7912     7913
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:      7914     7915     7916     7917     7918
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:      7919     7920
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Server side data is trusted
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Maximum SSL Heartbeat length: 0
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: Sensitive Data preprocessor config: 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Global Alert Threshold: 25
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Masked Output: DISABLED
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: SIP config: 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Max number of sessions: 1024  
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Max number of dialogs in a session: 4 (Default) 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Status: ENABLED
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Ignore media channel: DISABLED
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Max URI length: 512  
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Max Call ID length: 80  
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Max Request name length: 20 (Default) 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Max From length: 256 (Default) 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Max To length: 256 (Default) 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Max Via length: 1024 (Default) 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Max Contact length: 512  
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Max Content length: 2048  
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Ports:
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: 	5060
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: 	5061
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: 	5600
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:     Methods:
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: 	 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:  invite
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:  cancel
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:  ack
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:  bye
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:  register
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:  options
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:  refer
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:  subscribe
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:  update
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:  join
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:  info
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:  message
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:  notify
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:  benotify
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:  do
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:  qauth
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:  sprack
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:  publish
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:  service
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:  unsubscribe
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]:  prack
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: 
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: +++++++++++++++++++++++++++++++++++++++++++++++++++
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: Initializing rule chains...
Mon Mar 14 14:53:39 2016 daemon.notice snort[3493]: WARNING: /etc/snort/rules//snort.rules(1) threshold (in rule) is deprecated; use detection_filter instead.

Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: Enabling inline operation
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: Found pid path directive (/var/snort/)
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: Running in IDS mode
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:         --== Initializing Snort ==--
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: Initializing Output Plugins!
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: Initializing Preprocessors!
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: Initializing Plug-ins!
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: Parsing Rules file "/etc/snort/snort7.conf"
Mon Mar 14 14:53:42 2016 user.emerg procd: mv: can't rename '/etc/config/network-itus': No such file or directory
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: PortVar 'HTTP_PORTS' defined : 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:  [ 36 80:90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 33300 34412 Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: PortVar 'SHELLCODE_PORTS' defined : 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:  [ 1:65535 ]
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: PortVar 'ORACLE_PORTS' defined : 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:  [ 1024:65535 ]
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: PortVar 'SSH_PORTS' defined : 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:  [ 22 ]
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: PortVar 'FTP_PORTS' defined : 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:  [ 21 2100 3535 ]
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: PortVar 'SIP_PORTS' defined : 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:  [ 5060:5061 5600 ]
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: PortVar 'FILE_DATA_PORTS' defined : 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:  [ 36 80:90 110 143 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 3330Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: PortVar 'GTP_PORTS' defined : 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:  [ 2123 2152 3386 ]
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: Detection:
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:    Search-Method = AC-Full-Q
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Search-Method-Optimizations = enabled
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Maximum pattern length = 20
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: Found pid path directive (/var/snort/)
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: Tagged Packet Limit: 256
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so... 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: done
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/...
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: done
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dnp3_preproc.so... 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: done
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sip_preproc.so... 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: done
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so... 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: done
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so... 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: done
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_pop_preproc.so... 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: done
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so... 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: done
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_imap_preproc.so... 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: done
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so... 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: done
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so... 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: done
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_reputation_preproc.so... 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: done
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_modbus_preproc.so... 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: done
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so... 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: done
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_gtp_preproc.so... 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: done
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:   Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: Log directory = /tmp/snort/
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: Normalizer config:
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:          ip4: on
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:      ip4::df: off
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:      ip4::rf: off
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     ip4::tos: off
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:    ip4::trim: off
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     ip4::ttl: on (min=1, new=5)
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: Normalizer config:
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:          tcp: on
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     tcp::ecn: stream
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:   tcp::block: off
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     tcp::rsv: off
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     tcp::pad: off
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: tcp::req_urg: off
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: tcp::req_pay: off
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: tcp::req_urp: off
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     tcp::urp: off
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     tcp::opt: off
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     tcp::ips: on
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: tcp::trim_syn: off
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: tcp::trim_rst: off
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: tcp::trim_win: off
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: tcp::trim_mss: off
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: Normalizer config:
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:        icmp4: on
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: Normalizer config:
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:          ip6: on
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:    ip6::hops: on (min=1, new=5)
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: Normalizer config:
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:        icmp6: on
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: Frag3 global config:
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Max frags: 65536
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Fragment memory cap: 4194304 bytes
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: Frag3 engine config:
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Bound Address: default
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Target-based policy: WINDOWS
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Fragment timeout: 180 seconds
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Fragment min_ttl:   1
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Fragment Anomalies: Alert
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Overlap Limit:     10
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Min fragment Length:     100
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Max Expected Streams: 39
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: Stream global config:
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Track TCP sessions: ACTIVE
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Max TCP sessions: 10000
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     TCP cache pruning timeout: 30 seconds
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     TCP cache nominal timeout: 3600 seconds
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Memcap (for reassembly packet storage): 8388608
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Track UDP sessions: ACTIVE
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Max UDP sessions: 10000
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     UDP cache pruning timeout: 30 seconds
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     UDP cache nominal timeout: 180 seconds
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Track ICMP sessions: ACTIVE
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Max ICMP sessions: 65536
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Track IP sessions: INACTIVE
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Log info if session memory consumption exceeds 1048576
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Send up to 2 active responses
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Wait at least 5 seconds between responses
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Protocol Aware Flushing: ACTIVE
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:         Maximum Flush Point: 16000
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: Stream TCP Policy config:
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Bound Address: default
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Reassembly Policy: WINDOWS
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Timeout: 180 seconds
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Limit on TCP Overlaps: 10
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Maximum number of bytes to queue per session: 1048576
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Maximum number of segs to queue per session: 2621
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Options:
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:         Require 3-Way Handshake: YES
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:         3-Way Handshake Timeout: 180
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:         Detect Anomalies: YES
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Reassembly Ports:
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       21 client (Footprint-IPS) 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       22 client (Footprint-IPS) 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       23 client (Footprint-IPS) 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       25 client (Footprint-IPS) 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       36 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       42 client (Footprint-IPS) 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       53 client (Footprint-IPS) 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       70 client (Footprint-IPS) 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       79 client (Footprint-IPS) 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       80 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       81 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       82 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       83 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       84 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       85 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       86 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       87 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       88 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       89 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       90 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       additional ports configured but not printed.
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: Stream UDP Policy config:
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Timeout: 180 seconds
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: HttpInspect Config:
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     GLOBAL CONFIG
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Detect Proxy Usage:       NO
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       IIS Unicode Map Filename: /etc/snort/unicode.map
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       IIS Unicode Map Codepage: 1252
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Memcap used for logging URI and Hostname: 150994944
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Max Gzip Memory: 838860
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Max Gzip Sessions: 1807
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Gzip Compress Depth: 65535
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Gzip Decompress Depth: 65535
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     DEFAULT SERVER CONFIG:
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Server profile: All
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Ports (PAF): 36 80 81 82 83 84 85 86 87 88 89 90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000 7001 7071 7144 7145 7510 7770 7777 7778 7779 8000 8008 8014 8028 8080 8081 8082 8085 8088 8090 8118 8123 8180 8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090 9091 9111 9290 9443 Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Server Flow Depth: 0
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Client Flow Depth: 0
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Max Chunk Length: 500000
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Small Chunk Length Evasion: chunk size <= 10, threshold >= 5 times
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Max Header Field Length: 750
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Max Number Header Fields: 100
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Max Number of WhiteSpaces allowed with header folding: 200
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Inspect Pipeline Requests: YES
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       URI Discovery Strict Mode: NO
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Allow Proxy Usage: NO
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Disable Alerting: NO
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Oversize Dir Length: 500
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Only inspect URI: NO
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Normalize HTTP Headers: NO
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Inspect HTTP Cookies: YES
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Inspect HTTP Responses: YES
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Extract Gzip from responses: YES
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Decompress response files:   
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Unlimited decompression of gzip data from responses: YES
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Normalize Javascripts in HTTP Responses: YES
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Max Number of WhiteSpaces allowed with Javascript Obfuscation in HTTP responses: 200
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Normalize HTTP Cookies: NO
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Enable XFF and True Client IP: NO
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Log HTTP URI data: NO
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Log HTTP Hostname data: NO
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Extended ASCII code support in URI: NO
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Ascii: YES alert: NO
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Double Decoding: YES alert: NO
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       %U Encoding: YES alert: YES
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Bare Byte: YES alert: NO
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       UTF 8: YES alert: NO
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       IIS Unicode: YES alert: NO
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Multiple Slash: YES alert: NO
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       IIS Backslash: YES alert: NO
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Directory Traversal: YES alert: NO
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Web Root Traversal: YES alert: NO
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Apache WhiteSpace: YES alert: NO
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       IIS Delimiter: YES alert: NO
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Whitespace Characters: 0x09 0x0b 0x0c 0x0d 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: rpc_decode arguments:
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     alert_fragments: INACTIVE
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     alert_large_fragments: INACTIVE
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     alert_incomplete: INACTIVE
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     alert_multiple_requests: INACTIVE
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: Portscan Detection Config:
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Detect Protocols:  TCP UDP ICMP IP
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Detect Scan Type:  portscan portsweep decoy_portscan distributed_portscan
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Sensitivity Level: Medium
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Memcap (in bytes): 500000
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Number of Nodes:   978
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: FTPTelnet Config:
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     GLOBAL CONFIG
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Inspection Type: stateful
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Check for Encrypted Traffic: YES alert: NO
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Continue to check encrypted data: YES
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     TELNET CONFIG:
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Ports: 23 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Are You There Threshold: 20
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Normalize: YES
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       Detect Anomalies: YES
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     FTP CONFIG:
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       FTP Server: default
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:         Ports (PAF): 21 2100 3535 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:         Check for Telnet Cmds: YES alert: YES
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:         Ignore Telnet Cmd Operations: YES alert: YES
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:         Ignore open data channels: NO
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       FTP Client: default
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:         Check for Bounce Attacks: YES alert: YES
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:         Check for Telnet Cmds: YES alert: YES
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:         Ignore Telnet Cmd Operations: YES alert: YES
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:         Max Response Length: 256
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: SSH config: 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Autodetection: ENABLED
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Challenge-Response Overflow Alert: ENABLED
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     SSH1 CRC32 Alert: ENABLED
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Server Version String Overflow Alert: ENABLED
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Protocol Mismatch Alert: ENABLED
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Bad Message Direction Alert: DISABLED
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Bad Payload Size Alert: DISABLED
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Unrecognized Version Alert: DISABLED
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Max Encrypted Packets: 20  
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Max Server Version String Length: 100  
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     MaxClientBytes: 19600 (Default) 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Ports:
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: 	22
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: DCE/RPC 2 Preprocessor Configuration
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:   Global Configuration
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     DCE/RPC Defragmentation: Enabled
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Memcap: 102400 KB
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Events: co 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     SMB Fingerprint policy: Disabled
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:   Server Default Configuration
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Policy: WinXP
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Detect ports (PAF)
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       SMB: 139 445 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       TCP: 135 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       UDP: 135 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       RPC over HTTP server: 593 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       RPC over HTTP proxy: None
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Autodetect ports (PAF)
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       SMB: None
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       TCP: 1025-65535 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       UDP: 1025-65535 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       RPC over HTTP server: 1025-65535 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       RPC over HTTP proxy: None
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Invalid SMB shares: C$ D$ ADMIN$ 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Maximum SMB command chaining: 3 commands
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     SMB file inspection: Disabled
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: DNS config: 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     DNS Client rdata txt Overflow Alert: ACTIVE
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Obsolete DNS RR Types Alert: INACTIVE
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Experimental DNS RR Types Alert: INACTIVE
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Ports:
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:  53
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: SSLPP config:
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Encrypted packets: not inspected
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Ports:
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       443      465      563      636      989
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:       992      993      994      995     7801
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:      7802     7900     7901     7902     7903
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:      7904     7905     7906     7907     7908
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:      7909     7910     7911     7912     7913
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:      7914     7915     7916     7917     7918
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:      7919     7920
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Server side data is trusted
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Maximum SSL Heartbeat length: 0
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: Sensitive Data preprocessor config: 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Global Alert Threshold: 25
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Masked Output: DISABLED
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: SIP config: 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Max number of sessions: 1024  
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Max number of dialogs in a session: 4 (Default) 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Status: ENABLED
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Ignore media channel: DISABLED
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Max URI length: 512  
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Max Call ID length: 80  
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Max Request name length: 20 (Default) 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Max From length: 256 (Default) 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Max To length: 256 (Default) 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Max Via length: 1024 (Default) 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Max Contact length: 512  
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Max Content length: 2048  
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Ports:
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: 	5060
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: 	5061
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: 	5600
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:     Methods:
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: 	 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:  invite
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:  cancel
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:  ack
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:  bye
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:  register
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:  options
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:  refer
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:  subscribe
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:  update
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:  join
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:  info
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:  message
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:  notify
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:  benotify
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:  do
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:  qauth
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:  sprack
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:  publish
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:  service
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:  unsubscribe
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]:  prack
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: 
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: +++++++++++++++++++++++++++++++++++++++++++++++++++
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: Initializing rule chains...
Mon Mar 14 14:53:42 2016 daemon.notice snort[3569]: WARNING: /etc/snort/rules//snort.rules(1) threshold (in rule) is deprecated; use detection_filter instead.

Mon Mar 14 14:53:43 2016 daemon.notice snort[3493]: WARNING: /etc/snort/rules//snort.rules(4278) GID 1 SID 2405001 in rule duplicates previous rule. Ignoring old rule.

Mon Mar 14 14:53:43 2016 daemon.err snort[3493]: FATAL ERROR: /etc/snort/rules//snort.rules(4278) threshold (in rule): could not create threshold - only one per sig_id=2405001.
Mon Mar 14 14:53:43 2016 daemon.notice netifd: Interface 'blockdomain' is now down
Mon Mar 14 14:53:43 2016 daemon.notice netifd: Interface 'lan' is now down
Mon Mar 14 14:53:43 2016 kern.info kernel: [   90.694670] br-lan: port 2(eth2) entered disabled state
Mon Mar 14 14:53:43 2016 kern.info kernel: [   90.696424] device eth1 left promiscuous mode
Mon Mar 14 14:53:43 2016 kern.info kernel: [   90.696443] br-lan: port 1(eth1) entered disabled state
Mon Mar 14 14:53:43 2016 kern.info kernel: [   90.697325] IPv6: ADDRCONF(NETDEV_UP): eth1: link is not ready
Mon Mar 14 14:53:43 2016 kern.info kernel: [   90.697793] device eth2 left promiscuous mode
Mon Mar 14 14:53:43 2016 kern.info kernel: [   90.697809] br-lan: port 2(eth2) entered disabled state
Mon Mar 14 14:53:43 2016 kern.notice kernel: [   90.722574] eth2: Link down
Mon Mar 14 14:53:43 2016 kern.info kernel: [   90.732907] IPv6: ADDRCONF(NETDEV_UP): eth2: link is not ready
Mon Mar 14 14:53:43 2016 daemon.notice netifd: Interface 'lan' is disabled
Mon Mar 14 14:53:43 2016 daemon.notice netifd: Interface 'blockdomain' is disabled
Mon Mar 14 14:53:43 2016 daemon.notice netifd: Network device 'eth2' link is down
Mon Mar 14 14:53:43 2016 daemon.notice netifd: Bridge 'br-lan' link is down
Mon Mar 14 14:53:43 2016 daemon.notice netifd: Interface 'lan' has link connectivity loss
Mon Mar 14 14:53:43 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity loss
Mon Mar 14 14:53:43 2016 daemon.notice netifd: Interface 'loopback' is now down
Mon Mar 14 14:53:43 2016 daemon.notice netifd: Interface 'loopback' is disabled
Mon Mar 14 14:53:43 2016 daemon.notice netifd: Network device 'lo' link is down
Mon Mar 14 14:53:43 2016 daemon.notice netifd: Interface 'loopback' has link connectivity loss
Mon Mar 14 14:53:43 2016 daemon.notice netifd: wan (3336): Received SIGTERM
Mon Mar 14 14:53:43 2016 daemon.notice netifd: Interface 'wan' is now down
Mon Mar 14 14:53:43 2016 kern.notice kernel: [   90.925148] eth0: Link down
Mon Mar 14 14:53:43 2016 daemon.notice netifd: Interface 'wan' is disabled
Mon Mar 14 14:53:43 2016 daemon.notice netifd: Network device 'eth0' link is down
Mon Mar 14 14:53:43 2016 daemon.notice netifd: Interface 'wan' has link connectivity loss
Mon Mar 14 14:53:45 2016 daemon.notice netifd: Interface 'lan' is enabled
Mon Mar 14 14:53:45 2016 daemon.notice netifd: Interface 'lan' is setting up now
Mon Mar 14 14:53:45 2016 daemon.notice netifd: Interface 'lan' is now up
Mon Mar 14 14:53:45 2016 daemon.notice netifd: Interface 'blockdomain' is enabled
Mon Mar 14 14:53:45 2016 daemon.notice netifd: Interface 'blockdomain' is setting up now
Mon Mar 14 14:53:45 2016 daemon.notice netifd: Interface 'blockdomain' is now up
Mon Mar 14 14:53:45 2016 kern.info kernel: [   92.335687] IPv6: ADDRCONF(NETDEV_UP): eth1: link is not ready
Mon Mar 14 14:53:45 2016 kern.info kernel: [   92.336395] device eth1 entered promiscuous mode
Mon Mar 14 14:53:45 2016 kern.info kernel: [   92.337388] IPv6: ADDRCONF(NETDEV_UP): br-lan: link is not ready
Mon Mar 14 14:53:45 2016 kern.notice kernel: [   92.364941] eth2: 1000 Mbps Full duplex, port 2
Mon Mar 14 14:53:45 2016 daemon.notice netifd: Interface 'loopback' is enabled
Mon Mar 14 14:53:45 2016 daemon.notice netifd: Interface 'loopback' is setting up now
Mon Mar 14 14:53:45 2016 daemon.notice netifd: Interface 'loopback' is now up
Mon Mar 14 14:53:45 2016 kern.info kernel: [   92.373612] device eth2 entered promiscuous mode
Mon Mar 14 14:53:45 2016 kern.info kernel: [   92.373699] br-lan: port 2(eth2) entered forwarding state
Mon Mar 14 14:53:45 2016 kern.info kernel: [   92.373738] br-lan: port 2(eth2) entered forwarding state
Mon Mar 14 14:53:45 2016 kern.info kernel: [   92.373786] IPv6: ADDRCONF(NETDEV_CHANGE): br-lan: link becomes ready
Mon Mar 14 14:53:45 2016 kern.notice kernel: [   92.397751] eth0: 1000 Mbps Full duplex, port 0
Mon Mar 14 14:53:45 2016 daemon.notice netifd: Interface 'wan' is enabled
Mon Mar 14 14:53:45 2016 daemon.notice netifd: Bridge 'br-lan' link is up
Mon Mar 14 14:53:45 2016 daemon.notice netifd: Interface 'lan' has link connectivity 
Mon Mar 14 14:53:45 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity 
Mon Mar 14 14:53:45 2016 daemon.notice netifd: Network device 'eth2' link is up
Mon Mar 14 14:53:45 2016 daemon.notice netifd: Network device 'lo' link is up
Mon Mar 14 14:53:45 2016 daemon.notice netifd: Interface 'loopback' has link connectivity 
Mon Mar 14 14:53:45 2016 daemon.notice netifd: Network device 'eth0' link is up
Mon Mar 14 14:53:45 2016 daemon.notice netifd: Interface 'wan' has link connectivity 
Mon Mar 14 14:53:45 2016 daemon.notice netifd: Interface 'wan' is setting up now
Mon Mar 14 14:53:45 2016 daemon.notice netifd: wan (3680): udhcpc (v1.23.2) started
Mon Mar 14 14:53:45 2016 daemon.notice netifd: wan (3680): Sending discover...
Mon Mar 14 14:53:45 2016 user.notice firewall: Reloading firewall due to ifup of lan (br-lan)
Mon Mar 14 14:53:45 2016 daemon.notice netifd: wan (3680): Sending select for 192.168.1.11...
Mon Mar 14 14:53:45 2016 daemon.notice netifd: wan (3680): Lease of 192.168.1.11 obtained, lease time 86400
Mon Mar 14 14:53:45 2016 daemon.notice netifd: Interface 'wan' is now up
Mon Mar 14 14:53:46 2016 user.emerg procd: Warning: Unable to locate ipset utility, disabling ipset support
Mon Mar 14 14:53:46 2016 user.emerg procd: Warning: Section @redirect[0] (Itusfilter) does not specify a destination, assuming 'lan'
Mon Mar 14 14:53:46 2016 user.emerg procd: Warning: Section @redirect[1] (dns-traffic-to-shield) refers to a destination address on this router, assuming port redirection
Mon Mar 14 14:53:46 2016 user.emerg procd:  * Flushing IPv4 filter table
Mon Mar 14 14:53:46 2016 user.emerg procd:  * Flushing IPv4 nat table
Mon Mar 14 14:53:46 2016 user.emerg procd:  * Flushing IPv4 mangle table
Mon Mar 14 14:53:46 2016 user.emerg procd:  * Flushing IPv4 raw table
Mon Mar 14 14:53:46 2016 user.emerg procd:  * Flushing IPv6 filter table
Mon Mar 14 14:53:46 2016 user.emerg procd:  * Flushing IPv6 nat table
Mon Mar 14 14:53:46 2016 user.emerg procd:  * Flushing IPv6 mangle table
Mon Mar 14 14:53:46 2016 user.emerg procd:  * Flushing IPv6 raw table
Mon Mar 14 14:53:46 2016 user.emerg procd:  * Flushing conntrack table ...
Mon Mar 14 14:53:46 2016 user.emerg procd:  * Populating IPv4 filter table
Mon Mar 14 14:53:46 2016 user.emerg procd:    * Zone 'lan'
Mon Mar 14 14:53:46 2016 user.emerg procd:    * Zone 'wan'
Mon Mar 14 14:53:46 2016 user.emerg procd:    * Rule 'Allow-DHCP-Renew'
Mon Mar 14 14:53:46 2016 user.emerg procd:    * Redirect 'Itusfilter'
Mon Mar 14 14:53:46 2016 user.emerg procd:    * Redirect 'dns-traffic-to-shield'
Mon Mar 14 14:53:46 2016 user.emerg procd:    * Forward 'lan' -> 'wan'
Mon Mar 14 14:53:46 2016 user.emerg procd:  * Populating IPv4 nat table
Mon Mar 14 14:53:46 2016 user.emerg procd:    * Zone 'lan'
Mon Mar 14 14:53:46 2016 user.emerg procd:    * Zone 'wan'
Mon Mar 14 14:53:46 2016 user.emerg procd:    * Redirect 'Itusfilter'
Mon Mar 14 14:53:46 2016 user.emerg procd:    * Redirect 'dns-traffic-to-shield'
Mon Mar 14 14:53:46 2016 user.emerg procd:  * Populating IPv4 mangle table
Mon Mar 14 14:53:46 2016 user.emerg procd:    * Zone 'lan'
Mon Mar 14 14:53:46 2016 user.emerg procd:    * Zone 'wan'
Mon Mar 14 14:53:46 2016 user.emerg procd:  * Populating IPv4 raw table
Mon Mar 14 14:53:46 2016 user.emerg procd:    * Zone 'lan'
Mon Mar 14 14:53:46 2016 user.emerg procd:    * Zone 'wan'
Mon Mar 14 14:53:46 2016 user.emerg procd:  * Set tcp_ecn to off
Mon Mar 14 14:53:46 2016 user.emerg procd:  * Set tcp_syncookies to on
Mon Mar 14 14:53:46 2016 user.emerg procd:  * Set tcp_window_scaling to on
Mon Mar 14 14:53:46 2016 user.emerg procd:  * Running script '/etc/snort.user'
Mon Mar 14 14:53:46 2016 user.emerg procd: Cannot change large-receive-offload
Mon Mar 14 14:53:47 2016 daemon.notice snort[3569]: WARNING: /etc/snort/rules//snort.rules(4278) GID 1 SID 2405001 in rule duplicates previous rule. Ignoring old rule.

Mon Mar 14 14:53:47 2016 daemon.err snort[3569]: FATAL ERROR: /etc/snort/rules//snort.rules(4278) threshold (in rule): could not create threshold - only one per sig_id=2405001.
Mon Mar 14 14:53:47 2016 kern.info kernel: [   94.372774] br-lan: port 2(eth2) entered forwarding state
Mon Mar 14 14:53:48 2016 kern.notice kernel: [   95.392572] eth0: Link down
Mon Mar 14 14:53:49 2016 daemon.notice netifd: Network device 'eth0' link is down
Mon Mar 14 14:53:49 2016 daemon.notice netifd: Interface 'wan' has link connectivity loss
Mon Mar 14 14:53:49 2016 daemon.notice netifd: wan (3680): Received SIGTERM
Mon Mar 14 14:53:49 2016 user.emerg procd: Cannot change large-receive-offload
Mon Mar 14 14:53:50 2016 daemon.info dnsmasq[3859]: started, version 2.73rc7 cachesize 150
Mon Mar 14 14:53:50 2016 daemon.info dnsmasq[3859]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-DNSSEC loop-detect inotify
Mon Mar 14 14:53:50 2016 daemon.info dnsmasq[3859]: DNS service limited to local subnets
Mon Mar 14 14:53:50 2016 daemon.info dnsmasq-dhcp[3859]: DHCP, IP range 10.10.10.100 -- 10.10.10.254, lease time 12h
Mon Mar 14 14:53:50 2016 daemon.info dnsmasq[3859]: using local addresses only for domain lan
Mon Mar 14 14:53:50 2016 daemon.info dnsmasq[3859]: reading /tmp/resolv.conf.auto
Mon Mar 14 14:53:50 2016 daemon.info dnsmasq[3859]: using local addresses only for domain lan
Mon Mar 14 14:53:50 2016 daemon.info dnsmasq[3859]: using nameserver 192.168.1.1#53
Mon Mar 14 14:53:50 2016 daemon.info dnsmasq[3859]: read /etc/hosts - 1 addresses
Mon Mar 14 14:53:50 2016 daemon.info dnsmasq[3859]: read /tmp/hosts/dhcp - 1 addresses
Mon Mar 14 14:53:50 2016 daemon.info dnsmasq-dhcp[3859]: read /etc/ethers - 0 addresses
Mon Mar 14 14:53:50 2016 daemon.info dnsmasq[3859]: query[AAAA] lan.lan from 10.10.10.228
Mon Mar 14 14:53:50 2016 daemon.info dnsmasq[3859]: config lan.lan is NXDOMAIN
Mon Mar 14 14:53:50 2016 daemon.info dnsmasq[3859]: query[AAAA] lan.lan from 10.10.10.229
Mon Mar 14 14:53:50 2016 daemon.info dnsmasq[3859]: config lan.lan is NXDOMAIN
Mon Mar 14 14:53:50 2016 daemon.info dnsmasq[3859]: query[A] ssl.gstatic.com from 10.10.10.229
Mon Mar 14 14:53:50 2016 daemon.info dnsmasq[3859]: query[A] play.google.com from 10.10.10.224
Mon Mar 14 14:53:50 2016 daemon.info dnsmasq[3859]: query[A] ssl.gstatic.com from 10.10.10.229
Mon Mar 14 14:53:50 2016 daemon.info dnsmasq[3859]: query[A] play.google.com from 10.10.10.224
Mon Mar 14 14:53:50 2016 daemon.info dnsmasq[3859]: query[A] play.google.com from 10.10.10.224
Mon Mar 14 14:53:51 2016 daemon.info dnsmasq[3859]: query[A] fpm-prod.firebaseio.com from 10.10.10.228
Mon Mar 14 14:53:51 2016 daemon.info dnsmasq[3859]: query[A] fpm-prod.firebaseio.com from 10.10.10.228
Mon Mar 14 14:53:51 2016 daemon.info dnsmasq[3859]: query[A] fpm-prod.firebaseio.com from 10.10.10.229
Mon Mar 14 14:53:51 2016 daemon.info dnsmasq[3859]: query[A] fpm-prod.firebaseio.com from 10.10.10.229
Mon Mar 14 14:53:51 2016 daemon.info dnsmasq[3859]: query[A] www.google-analytics.com from 10.10.10.228
Mon Mar 14 14:53:51 2016 daemon.info dnsmasq[3859]: query[A] www.google-analytics.com from 10.10.10.228
Mon Mar 14 14:53:51 2016 daemon.info dnsmasq[3859]: query[A] www.google-analytics.com from 10.10.10.229
Mon Mar 14 14:53:51 2016 daemon.info dnsmasq[3859]: query[A] www.google-analytics.com from 10.10.10.229
Mon Mar 14 14:53:52 2016 daemon.info dnsmasq[3859]: query[A] webhook.logentries.com from 10.10.10.228
Mon Mar 14 14:53:52 2016 daemon.info dnsmasq[3859]: query[A] webhook.logentries.com from 10.10.10.228
Mon Mar 14 14:53:52 2016 daemon.info dnsmasq[3859]: query[A] webhook.logentries.com from 10.10.10.229
Mon Mar 14 14:53:52 2016 daemon.info dnsmasq[3859]: query[A] webhook.logentries.com from 10.10.10.229
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: Enabling inline operation
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: Found pid path directive (/var/snort/)
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: Running in IDS mode
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:         --== Initializing Snort ==--
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: Initializing Output Plugins!
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: Initializing Preprocessors!
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: Initializing Plug-ins!
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: Parsing Rules file "/etc/snort/snort7.conf"
Mon Mar 14 14:53:52 2016 daemon.info dnsmasq[3859]: query[A] www.aim.com from 10.10.10.228
Mon Mar 14 14:53:52 2016 daemon.info dnsmasq[3859]: query[AAAA] www.aim.com from 10.10.10.228
Mon Mar 14 14:53:52 2016 daemon.info dnsmasq[3859]: query[A] www.aim.com from 10.10.10.229
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: PortVar 'HTTP_PORTS' defined : 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:  [ 36 80:90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 33300 34412 Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: PortVar 'SHELLCODE_PORTS' defined : 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:  [ 1:65535 ]
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: PortVar 'ORACLE_PORTS' defined : 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:  [ 1024:65535 ]
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: PortVar 'SSH_PORTS' defined : 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:  [ 22 ]
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: PortVar 'FTP_PORTS' defined : 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:  [ 21 2100 3535 ]
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: PortVar 'SIP_PORTS' defined : 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:  [ 5060:5061 5600 ]
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: PortVar 'FILE_DATA_PORTS' defined : 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:  [ 36 80:90 110 143 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 3330Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: PortVar 'GTP_PORTS' defined : 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:  [ 2123 2152 3386 ]
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: Detection:
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:    Search-Method = AC-Full-Q
Mon Mar 14 14:53:52 2016 daemon.info dnsmasq[3859]: query[AAAA] www.aim.com from 10.10.10.229
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Search-Method-Optimizations = enabled
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Maximum pattern length = 20
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: Found pid path directive (/var/snort/)
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: Tagged Packet Limit: 256
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so... 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: done
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/...
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: done
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dnp3_preproc.so... 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: done
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sip_preproc.so... 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: done
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so... 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: done
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so... 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: done
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_pop_preproc.so... 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: done
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so... 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: done
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_imap_preproc.so... 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: done
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so... 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: done
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so... 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: done
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_reputation_preproc.so... 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: done
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_modbus_preproc.so... 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: done
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so... 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: done
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_gtp_preproc.so... 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: done
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:   Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: Log directory = /tmp/snort/
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: Normalizer config:
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:          ip4: on
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:      ip4::df: off
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:      ip4::rf: off
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     ip4::tos: off
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:    ip4::trim: off
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     ip4::ttl: on (min=1, new=5)
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: Normalizer config:
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:          tcp: on
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     tcp::ecn: stream
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:   tcp::block: off
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     tcp::rsv: off
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     tcp::pad: off
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: tcp::req_urg: off
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: tcp::req_pay: off
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: tcp::req_urp: off
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     tcp::urp: off
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     tcp::opt: off
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     tcp::ips: on
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: tcp::trim_syn: off
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: tcp::trim_rst: off
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: tcp::trim_win: off
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: tcp::trim_mss: off
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: Normalizer config:
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:        icmp4: on
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: Normalizer config:
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:          ip6: on
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:    ip6::hops: on (min=1, new=5)
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: Normalizer config:
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:        icmp6: on
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: Frag3 global config:
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Max frags: 65536
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Fragment memory cap: 4194304 bytes
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: Frag3 engine config:
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Bound Address: default
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Target-based policy: WINDOWS
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Fragment timeout: 180 seconds
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Fragment min_ttl:   1
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Fragment Anomalies: Alert
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Overlap Limit:     10
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Min fragment Length:     100
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Max Expected Streams: 39
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: Stream global config:
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Track TCP sessions: ACTIVE
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Max TCP sessions: 10000
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     TCP cache pruning timeout: 30 seconds
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     TCP cache nominal timeout: 3600 seconds
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Memcap (for reassembly packet storage): 8388608
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Track UDP sessions: ACTIVE
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Max UDP sessions: 10000
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     UDP cache pruning timeout: 30 seconds
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     UDP cache nominal timeout: 180 seconds
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Track ICMP sessions: ACTIVE
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Max ICMP sessions: 65536
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Track IP sessions: INACTIVE
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Log info if session memory consumption exceeds 1048576
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Send up to 2 active responses
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Wait at least 5 seconds between responses
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Protocol Aware Flushing: ACTIVE
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:         Maximum Flush Point: 16000
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: Stream TCP Policy config:
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Bound Address: default
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Reassembly Policy: WINDOWS
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Timeout: 180 seconds
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Limit on TCP Overlaps: 10
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Maximum number of bytes to queue per session: 1048576
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Maximum number of segs to queue per session: 2621
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Options:
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:         Require 3-Way Handshake: YES
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:         3-Way Handshake Timeout: 180
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:         Detect Anomalies: YES
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Reassembly Ports:
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       21 client (Footprint-IPS) 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       22 client (Footprint-IPS) 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       23 client (Footprint-IPS) 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       25 client (Footprint-IPS) 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       36 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       42 client (Footprint-IPS) 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       53 client (Footprint-IPS) 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       70 client (Footprint-IPS) 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       79 client (Footprint-IPS) 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       80 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       81 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       82 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       83 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       84 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       85 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       86 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       87 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       88 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       89 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       90 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       additional ports configured but not printed.
Mon Mar 14 14:53:52 2016 daemon.info dnsmasq[3859]: query[A] www.aim.com from 10.10.10.228
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: Stream UDP Policy config:
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Timeout: 180 seconds
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: HttpInspect Config:
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     GLOBAL CONFIG
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Detect Proxy Usage:       NO
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       IIS Unicode Map Filename: /etc/snort/unicode.map
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       IIS Unicode Map Codepage: 1252
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Memcap used for logging URI and Hostname: 150994944
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Max Gzip Memory: 838860
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Max Gzip Sessions: 1807
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Gzip Compress Depth: 65535
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Gzip Decompress Depth: 65535
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     DEFAULT SERVER CONFIG:
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Server profile: All
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Ports (PAF): 36 80 81 82 83 84 85 86 87 88 89 90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000 7001 7071 7144 7145 7510 7770 7777 7778 7779 8000 8008 8014 8028 8080 8081 8082 8085 8088 8090 8118 8123 8180 8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090 9091 9111 9290 9443 Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Server Flow Depth: 0
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Client Flow Depth: 0
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Max Chunk Length: 500000
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Small Chunk Length Evasion: chunk size <= 10, threshold >= 5 times
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Max Header Field Length: 750
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Max Number Header Fields: 100
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Max Number of WhiteSpaces allowed with header folding: 200
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Inspect Pipeline Requests: YES
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       URI Discovery Strict Mode: NO
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Allow Proxy Usage: NO
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Disable Alerting: NO
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Oversize Dir Length: 500
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Only inspect URI: NO
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Normalize HTTP Headers: NO
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Inspect HTTP Cookies: YES
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Inspect HTTP Responses: YES
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Extract Gzip from responses: YES
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Decompress response files:   
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Unlimited decompression of gzip data from responses: YES
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Normalize Javascripts in HTTP Responses: YES
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Max Number of WhiteSpaces allowed with Javascript Obfuscation in HTTP responses: 200
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Normalize HTTP Cookies: NO
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Enable XFF and True Client IP: NO
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Log HTTP URI data: NO
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Log HTTP Hostname data: NO
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Extended ASCII code support in URI: NO
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Ascii: YES alert: NO
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Double Decoding: YES alert: NO
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       %U Encoding: YES alert: YES
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Bare Byte: YES alert: NO
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       UTF 8: YES alert: NO
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       IIS Unicode: YES alert: NO
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Multiple Slash: YES alert: NO
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       IIS Backslash: YES alert: NO
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Directory Traversal: YES alert: NO
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Web Root Traversal: YES alert: NO
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Apache WhiteSpace: YES alert: NO
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       IIS Delimiter: YES alert: NO
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Whitespace Characters: 0x09 0x0b 0x0c 0x0d 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: rpc_decode arguments:
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     alert_fragments: INACTIVE
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     alert_large_fragments: INACTIVE
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     alert_incomplete: INACTIVE
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     alert_multiple_requests: INACTIVE
Mon Mar 14 14:53:52 2016 kern.notice kernel: [   99.403067] eth0: 1000 Mbps Full duplex, port 0
Mon Mar 14 14:53:52 2016 daemon.notice netifd: Network device 'eth0' link is up
Mon Mar 14 14:53:52 2016 daemon.notice netifd: Interface 'wan' has link connectivity 
Mon Mar 14 14:53:52 2016 daemon.notice netifd: Interface 'wan' is setting up now
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: Portscan Detection Config:
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Detect Protocols:  TCP UDP ICMP IP
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Detect Scan Type:  portscan portsweep decoy_portscan distributed_portscan
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Sensitivity Level: Medium
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Memcap (in bytes): 500000
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Number of Nodes:   978
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: FTPTelnet Config:
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     GLOBAL CONFIG
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Inspection Type: stateful
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Check for Encrypted Traffic: YES alert: NO
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Continue to check encrypted data: YES
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     TELNET CONFIG:
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Ports: 23 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Are You There Threshold: 20
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Normalize: YES
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       Detect Anomalies: YES
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     FTP CONFIG:
Mon Mar 14 14:53:52 2016 daemon.info dnsmasq[3859]: query[AAAA] www.aim.com from 10.10.10.228
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       FTP Server: default
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:         Ports (PAF): 21 2100 3535 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:         Check for Telnet Cmds: YES alert: YES
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:         Ignore Telnet Cmd Operations: YES alert: YES
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:         Ignore open data channels: NO
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       FTP Client: default
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:         Check for Bounce Attacks: YES alert: YES
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:         Check for Telnet Cmds: YES alert: YES
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:         Ignore Telnet Cmd Operations: YES alert: YES
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:         Max Response Length: 256
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: SSH config: 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Autodetection: ENABLED
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Challenge-Response Overflow Alert: ENABLED
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     SSH1 CRC32 Alert: ENABLED
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Server Version String Overflow Alert: ENABLED
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Protocol Mismatch Alert: ENABLED
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Bad Message Direction Alert: DISABLED
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Bad Payload Size Alert: DISABLED
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Unrecognized Version Alert: DISABLED
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Max Encrypted Packets: 20  
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Max Server Version String Length: 100  
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     MaxClientBytes: 19600 (Default) 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Ports:
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: 	22
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: DCE/RPC 2 Preprocessor Configuration
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:   Global Configuration
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     DCE/RPC Defragmentation: Enabled
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Memcap: 102400 KB
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Events: co 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     SMB Fingerprint policy: Disabled
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:   Server Default Configuration
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Policy: WinXP
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Detect ports (PAF)
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       SMB: 139 445 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       TCP: 135 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       UDP: 135 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       RPC over HTTP server: 593 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       RPC over HTTP proxy: None
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Autodetect ports (PAF)
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       SMB: None
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       TCP: 1025-65535 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       UDP: 1025-65535 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       RPC over HTTP server: 1025-65535 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       RPC over HTTP proxy: None
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Invalid SMB shares: C$ D$ ADMIN$ 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Maximum SMB command chaining: 3 commands
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     SMB file inspection: Disabled
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: DNS config: 
Mon Mar 14 14:53:52 2016 daemon.info dnsmasq[3859]: query[SRV] lan.lan from 10.10.10.228
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     DNS Client rdata txt Overflow Alert: ACTIVE
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Obsolete DNS RR Types Alert: INACTIVE
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Experimental DNS RR Types Alert: INACTIVE
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Ports:
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:  53
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: SSLPP config:
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Encrypted packets: not inspected
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Ports:
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       443      465      563      636      989
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:       992      993      994      995     7801
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:      7802     7900     7901     7902     7903
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:      7904     7905     7906     7907     7908
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:      7909     7910     7911     7912     7913
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:      7914     7915     7916     7917     7918
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:      7919     7920
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Server side data is trusted
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Maximum SSL Heartbeat length: 0
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: Sensitive Data preprocessor config: 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Global Alert Threshold: 25
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Masked Output: DISABLED
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: SIP config: 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Max number of sessions: 1024  
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Max number of dialogs in a session: 4 (Default) 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Status: ENABLED
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Ignore media channel: DISABLED
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Max URI length: 512  
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Max Call ID length: 80  
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Max Request name length: 20 (Default) 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Max From length: 256 (Default) 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Max To length: 256 (Default) 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Max Via length: 1024 (Default) 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Max Contact length: 512  
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Max Content length: 2048  
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Ports:
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: 	5060
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: 	5061
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: 	5600
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:     Methods:
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: 	 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:  invite
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:  cancel
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:  ack
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:  bye
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:  register
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:  options
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:  refer
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:  subscribe
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:  update
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:  join
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:  info
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:  message
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:  notify
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:  benotify
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:  do
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:  qauth
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:  sprack
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:  publish
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:  service
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:  unsubscribe
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]:  prack
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: 
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: +++++++++++++++++++++++++++++++++++++++++++++++++++
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: Initializing rule chains...
Mon Mar 14 14:53:52 2016 daemon.notice snort[3897]: WARNING: /etc/snort/rules//snort.rules(1) threshold (in rule) is deprecated; use detection_filter instead.

Mon Mar 14 14:53:52 2016 daemon.notice netifd: wan (3903): udhcpc (v1.23.2) started
Mon Mar 14 14:53:52 2016 daemon.info dnsmasq[3859]: config lan.lan is NXDOMAIN
Mon Mar 14 14:53:52 2016 daemon.info dnsmasq[3859]: query[SRV] lan.lan from 10.10.10.229
Mon Mar 14 14:53:52 2016 daemon.info dnsmasq[3859]: config lan.lan is NXDOMAIN
Mon Mar 14 14:53:52 2016 daemon.info dnsmasq[3859]: query[A] www.aim.com from 10.10.10.229
Mon Mar 14 14:53:52 2016 user.emerg procd: Cannot change large-receive-offload
Mon Mar 14 14:53:52 2016 daemon.info dnsmasq[3859]: query[AAAA] www.aim.com from 10.10.10.229
Mon Mar 14 14:53:52 2016 daemon.notice netifd: wan (3903): Sending discover...
Mon Mar 14 14:53:52 2016 daemon.info dnsmasq[3859]: query[A] fpm-prod.firebaseio.com from 10.10.10.228
Mon Mar 14 14:53:52 2016 daemon.notice netifd: wan (3903): Sending select for 192.168.1.11...
Mon Mar 14 14:53:52 2016 daemon.info dnsmasq[3859]: query[A] fpm-prod.firebaseio.com from 10.10.10.229
Mon Mar 14 14:53:52 2016 daemon.notice netifd: wan (3903): Lease of 192.168.1.11 obtained, lease time 86400
Mon Mar 14 14:53:52 2016 daemon.info dnsmasq[3859]: query[A] fpm-prod.firebaseio.com from 10.10.10.228
Mon Mar 14 14:53:52 2016 daemon.info dnsmasq[3859]: query[A] dm2306.storage.live.com from 10.10.10.228
Mon Mar 14 14:53:52 2016 daemon.notice netifd: Interface 'wan' is now up
Mon Mar 14 14:53:52 2016 daemon.info dnsmasq[3859]: forwarded dm2306.storage.live.com to 192.168.1.1
Mon Mar 14 14:53:52 2016 daemon.info dnsmasq[3859]: query[A] dm2306.storage.live.com from 10.10.10.228
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: forwarded dm2306.storage.live.com to 192.168.1.1
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: reply dm2306.storage.live.com is <CNAME>
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: reply dm2306geo.storage.skyprod.akadns.net is <CNAME>
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: reply dm2306-storage-live-com.a-0011.a-msedge.net is <CNAME>
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: reply a-0011.a-msedge.net is 204.79.197.213
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: query[AAAA] dm2306.storage.live.com from 10.10.10.228
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: cached dm2306.storage.live.com is <CNAME>
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: cached dm2306geo.storage.skyprod.akadns.net is <CNAME>
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: cached dm2306-storage-live-com.a-0011.a-msedge.net is <CNAME>
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: forwarded dm2306.storage.live.com to 192.168.1.1
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq-dhcp[3859]: DHCPDISCOVER(br-lan) b8:e8:56:74:00:de 
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq-dhcp[3859]: DHCPOFFER(br-lan) 10.10.10.143 b8:e8:56:74:00:de 
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: reading /tmp/resolv.conf.auto
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: using local addresses only for domain lan
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: using nameserver 192.168.1.1#53
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: reply dm2306.storage.live.com is <CNAME>
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: reply dm2306geo.storage.skyprod.akadns.net is <CNAME>
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: reply dm2306-storage-live-com.a-0011.a-msedge.net is <CNAME>
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: reply a-0011.a-msedge.net is 204.79.197.213
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: query[AAAA] dm2306.storage.live.com from 10.10.10.228
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: cached dm2306.storage.live.com is <CNAME>
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: cached dm2306geo.storage.skyprod.akadns.net is <CNAME>
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: cached dm2306-storage-live-com.a-0011.a-msedge.net is <CNAME>
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: forwarded dm2306.storage.live.com to 192.168.1.1
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq-dhcp[3859]: DHCPDISCOVER(br-lan) 68:64:4b:f3:e9:a6 
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq-dhcp[3859]: DHCPOFFER(br-lan) 10.10.10.211 68:64:4b:f3:e9:a6 
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: reply dm2306.storage.live.com is <CNAME>
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: reply dm2306geo.storage.skyprod.akadns.net is <CNAME>
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: reply dm2306-storage-live-com.a-0011.a-msedge.net is <CNAME>
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: reply a-0011.a-msedge.net is NODATA-IPv6
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: reply dm2306.storage.live.com is <CNAME>
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: reply dm2306geo.storage.skyprod.akadns.net is <CNAME>
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: reply dm2306-storage-live-com.a-0011.a-msedge.net is <CNAME>
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: reply a-0011.a-msedge.net is NODATA-IPv6
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: query[A] dm2306.storage.live.com from 10.10.10.229
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: cached dm2306.storage.live.com is <CNAME>
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: cached dm2306geo.storage.skyprod.akadns.net is <CNAME>
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: cached dm2306-storage-live-com.a-0011.a-msedge.net is <CNAME>
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: cached a-0011.a-msedge.net is 204.79.197.213
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: query[AAAA] dm2306.storage.live.com from 10.10.10.229
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: cached dm2306.storage.live.com is <CNAME>
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: cached dm2306geo.storage.skyprod.akadns.net is <CNAME>
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: cached dm2306-storage-live-com.a-0011.a-msedge.net is <CNAME>
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: cached a-0011.a-msedge.net is NODATA-IPv6
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: query[AAAA] dm2306.storage.live.com from 10.10.10.229
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: cached dm2306.storage.live.com is <CNAME>
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: cached dm2306geo.storage.skyprod.akadns.net is <CNAME>
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: cached dm2306-storage-live-com.a-0011.a-msedge.net is <CNAME>
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: cached a-0011.a-msedge.net is NODATA-IPv6
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: query[A] dm2306.storage.live.com from 10.10.10.229
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: cached dm2306.storage.live.com is <CNAME>
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: cached dm2306geo.storage.skyprod.akadns.net is <CNAME>
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: cached dm2306-storage-live-com.a-0011.a-msedge.net is <CNAME>
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: cached a-0011.a-msedge.net is 204.79.197.213
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: query[A] fpm-prod.firebaseio.com from 10.10.10.229
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: forwarded fpm-prod.firebaseio.com to 192.168.1.1
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: query[A] clients4.google.com from 10.10.10.228
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: forwarded clients4.google.com to 192.168.1.1
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: query[A] clients4.google.com from 10.10.10.228
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: forwarded clients4.google.com to 192.168.1.1
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: reply fpm-prod.firebaseio.com is 130.211.139.229
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: reply fpm-prod.firebaseio.com is 104.197.46.104
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: reply fpm-prod.firebaseio.com is 104.197.24.164
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: reply fpm-prod.firebaseio.com is 104.154.34.157
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: reply fpm-prod.firebaseio.com is 104.154.65.200
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: reply fpm-prod.firebaseio.com is 104.197.145.189
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: reply fpm-prod.firebaseio.com is 104.197.151.48
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: reply fpm-prod.firebaseio.com is 104.197.106.184
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: reply fpm-prod.firebaseio.com is 104.197.110.104
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: reply fpm-prod.firebaseio.com is 104.154.86.52
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: reply fpm-prod.firebaseio.com is 104.197.138.230
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: reply fpm-prod.firebaseio.com is 104.197.83.18
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: reply fpm-prod.firebaseio.com is 104.197.44.157
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: reply fpm-prod.firebaseio.com is 146.148.82.162
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: reply fpm-prod.firebaseio.com is 104.197.7.176
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: query[A] clients4.google.com from 10.10.10.229
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: forwarded clients4.google.com to 192.168.1.1
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: reply clients4.google.com is <CNAME>
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: reply clients.l.google.com is 216.58.216.110
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: reply clients4.google.com is <CNAME>
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: reply clients.l.google.com is 216.58.216.110
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: query[A] clients4.google.com from 10.10.10.229
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: cached clients4.google.com is <CNAME>
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: cached clients.l.google.com is 216.58.216.110
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: reply clients4.google.com is <CNAME>
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: reply clients.l.google.com is 216.58.216.110
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: query[A] www.gstatic.com from 10.10.10.224
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: forwarded www.gstatic.com to 192.168.1.1
Mon Mar 14 14:53:53 2016 daemon.info dnsmasq[3859]: reply www.gstatic.com is 216.58.216.227
Mon Mar 14 14:53:54 2016 daemon.info dnsmasq[3859]: query[AAAA] yourhost.example.com from 127.0.0.1
Mon Mar 14 14:53:54 2016 daemon.info dnsmasq[3859]: forwarded yourhost.example.com to 192.168.1.1
Mon Mar 14 14:53:54 2016 kern.notice kernel: [  101.362576] eth2: Link down
Mon Mar 14 14:53:55 2016 daemon.notice netifd: Network device 'eth2' link is down
Mon Mar 14 14:53:55 2016 kern.info kernel: [  102.352965] br-lan: port 2(eth2) entered disabled state
Mon Mar 14 14:53:55 2016 daemon.notice snort[3897]: WARNING: /etc/snort/rules//snort.rules(4278) GID 1 SID 2405001 in rule duplicates previous rule. Ignoring old rule.

Mon Mar 14 14:53:55 2016 daemon.err snort[3897]: FATAL ERROR: /etc/snort/rules//snort.rules(4278) threshold (in rule): could not create threshold - only one per sig_id=2405001.
Mon Mar 14 14:53:56 2016 daemon.notice netifd: Bridge 'br-lan' link is down
Mon Mar 14 14:53:56 2016 daemon.notice netifd: Interface 'lan' has link connectivity loss
Mon Mar 14 14:53:56 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity loss
Mon Mar 14 14:53:57 2016 daemon.notice netifd: Network device 'eth2' link is up
Mon Mar 14 14:53:57 2016 daemon.notice netifd: Bridge 'br-lan' link is up
Mon Mar 14 14:53:57 2016 daemon.notice netifd: Interface 'lan' has link connectivity 
Mon Mar 14 14:53:57 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity 
Mon Mar 14 14:53:57 2016 kern.notice kernel: [  104.372887] eth2: 1000 Mbps Full duplex, port 2
Mon Mar 14 14:53:57 2016 kern.info kernel: [  104.372935] br-lan: port 2(eth2) entered forwarding state
Mon Mar 14 14:53:57 2016 kern.info kernel: [  104.372966] br-lan: port 2(eth2) entered forwarding state
Mon Mar 14 14:53:57 2016 daemon.info dnsmasq[3859]: query[AAAA] dm2306.storage.live.com from 10.10.10.224
Mon Mar 14 14:53:57 2016 daemon.info dnsmasq[3859]: cached dm2306.storage.live.com is <CNAME>
Mon Mar 14 14:53:57 2016 daemon.info dnsmasq[3859]: cached dm2306geo.storage.skyprod.akadns.net is <CNAME>
Mon Mar 14 14:53:57 2016 daemon.info dnsmasq[3859]: cached dm2306-storage-live-com.a-0011.a-msedge.net is <CNAME>
Mon Mar 14 14:53:57 2016 daemon.info dnsmasq[3859]: cached a-0011.a-msedge.net is NODATA-IPv6
Mon Mar 14 14:53:57 2016 daemon.info dnsmasq[3859]: query[A] dm2306.storage.live.com from 10.10.10.224
Mon Mar 14 14:53:57 2016 daemon.info dnsmasq[3859]: cached dm2306.storage.live.com is <CNAME>
Mon Mar 14 14:53:57 2016 daemon.info dnsmasq[3859]: cached dm2306geo.storage.skyprod.akadns.net is <CNAME>
Mon Mar 14 14:53:57 2016 daemon.info dnsmasq[3859]: cached dm2306-storage-live-com.a-0011.a-msedge.net is <CNAME>
Mon Mar 14 14:53:57 2016 daemon.info dnsmasq[3859]: cached a-0011.a-msedge.net is 204.79.197.213
Mon Mar 14 14:53:57 2016 daemon.info dnsmasq[3859]: query[A] www.aim.com from 10.10.10.228
Mon Mar 14 14:53:57 2016 daemon.info dnsmasq[3859]: forwarded www.aim.com to 192.168.1.1
Mon Mar 14 14:53:57 2016 daemon.info dnsmasq[3859]: query[AAAA] www.aim.com from 10.10.10.228
Mon Mar 14 14:53:57 2016 daemon.info dnsmasq[3859]: forwarded www.aim.com to 192.168.1.1
Mon Mar 14 14:53:57 2016 daemon.info dnsmasq[3859]: query[A] www.aim.com from 10.10.10.229
Mon Mar 14 14:53:57 2016 daemon.info dnsmasq[3859]: forwarded www.aim.com to 192.168.1.1
Mon Mar 14 14:53:57 2016 daemon.info dnsmasq[3859]: query[AAAA] www.aim.com from 10.10.10.229
Mon Mar 14 14:53:57 2016 daemon.info dnsmasq[3859]: forwarded www.aim.com to 192.168.1.1
Mon Mar 14 14:53:57 2016 daemon.info dnsmasq[3859]: reply www.aim.com is <CNAME>
Mon Mar 14 14:53:57 2016 daemon.info dnsmasq[3859]: reply www.aim.com.websys.akadns.net is 64.12.89.250
Mon Mar 14 14:53:57 2016 daemon.info dnsmasq[3859]: reply www.aim.com.websys.akadns.net is 64.12.89.122
Mon Mar 14 14:53:57 2016 daemon.info dnsmasq[3859]: reply www.aim.com is <CNAME>
Mon Mar 14 14:53:57 2016 daemon.info dnsmasq[3859]: reply www.aim.com.websys.akadns.net is 64.12.89.250
Mon Mar 14 14:53:57 2016 daemon.info dnsmasq[3859]: reply www.aim.com.websys.akadns.net is 64.12.89.122
Mon Mar 14 14:53:57 2016 daemon.info dnsmasq[3859]: reply www.aim.com is <CNAME>
Mon Mar 14 14:53:57 2016 daemon.info dnsmasq[3859]: reply www.aim.com.websys.akadns.net is NODATA-IPv6
Mon Mar 14 14:53:57 2016 daemon.info dnsmasq[3859]: reply www.aim.com is <CNAME>
Mon Mar 14 14:53:57 2016 daemon.info dnsmasq[3859]: reply www.aim.com.websys.akadns.net is NODATA-IPv6
Mon Mar 14 14:53:57 2016 daemon.info dnsmasq[3859]: query[AAAA] www.aim.com from 10.10.10.228
Mon Mar 14 14:53:57 2016 daemon.info dnsmasq[3859]: cached www.aim.com is <CNAME>
Mon Mar 14 14:53:57 2016 daemon.info dnsmasq[3859]: cached www.aim.com.websys.akadns.net is NODATA-IPv6
Mon Mar 14 14:53:57 2016 daemon.info dnsmasq[3859]: query[AAAA] www.aim.com from 10.10.10.229
Mon Mar 14 14:53:57 2016 daemon.info dnsmasq[3859]: cached www.aim.com is <CNAME>
Mon Mar 14 14:53:57 2016 daemon.info dnsmasq[3859]: cached www.aim.com.websys.akadns.net is NODATA-IPv6
Mon Mar 14 14:53:57 2016 daemon.info dnsmasq[3859]: query[A] www.aim.com from 10.10.10.229
Mon Mar 14 14:53:57 2016 daemon.info dnsmasq[3859]: cached www.aim.com is <CNAME>
Mon Mar 14 14:53:57 2016 daemon.info dnsmasq[3859]: cached www.aim.com.websys.akadns.net is 64.12.89.122
Mon Mar 14 14:53:57 2016 daemon.info dnsmasq[3859]: cached www.aim.com.websys.akadns.net is 64.12.89.250
Mon Mar 14 14:53:57 2016 daemon.info dnsmasq[3859]: query[AAAA] a-0011.a-msedge.net from 10.10.10.224
Mon Mar 14 14:53:57 2016 daemon.info dnsmasq[3859]: cached a-0011.a-msedge.net is NODATA-IPv6
Mon Mar 14 14:53:57 2016 daemon.info dnsmasq[3859]: query[AAAA] init-p01st.push.apple.com from 10.10.10.216
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: forwarded init-p01st.push.apple.com to 192.168.1.1
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: query[A] init-p01st.push.apple.com from 10.10.10.216
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: forwarded init-p01st.push.apple.com to 192.168.1.1
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: reply init-p01st.push.apple.com is <CNAME>
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: reply init-p01st.push.apple.com.edgesuite.net is <CNAME>
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: reply a1441.g4.akamai.net is NODATA-IPv6
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: query[AAAA] a1441.g4.akamai.net from 10.10.10.216
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: cached a1441.g4.akamai.net is NODATA-IPv6
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: query[A] a1441.g4.akamai.net from 10.10.10.216
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: forwarded a1441.g4.akamai.net to 192.168.1.1
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: reply init-p01st.push.apple.com is <CNAME>
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: reply init-p01st.push.apple.com.edgesuite.net is <CNAME>
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: reply a1441.g4.akamai.net is 23.67.60.51
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: reply a1441.g4.akamai.net is 23.67.60.50
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: query[A] wpad.lan from 10.10.10.228
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: config wpad.lan is NXDOMAIN
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: reply a1441.g4.akamai.net is 23.67.60.51
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: reply a1441.g4.akamai.net is 23.67.60.50
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: query[AAAA] wpad.lan from 10.10.10.228
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: config wpad.lan is NXDOMAIN
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: query[AAAA] wpad.lan from 10.10.10.229
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: config wpad.lan is NXDOMAIN
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: query[A] wpad.lan from 10.10.10.229
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: config wpad.lan is NXDOMAIN
Mon Mar 14 14:53:58 2016 daemon.notice vnstatd[3960]: vnStat daemon 1.12 started. (uid:0 gid:0)
Mon Mar 14 14:53:58 2016 daemon.notice vnstatd[3960]: Monitoring: br-lan (100 Mbit) eth0 (100 Mbit) 
Mon Mar 14 14:53:58 2016 user.emerg procd: Stopping strongSwan IPsec failed: starter is not running
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: query[AAAA] guzzoni.apple.com from 10.10.10.216
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: forwarded guzzoni.apple.com to 192.168.1.1
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: query[AAAA] apple.com from 10.10.10.216
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: forwarded apple.com to 192.168.1.1
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: query[A] guzzoni.apple.com from 10.10.10.216
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: forwarded guzzoni.apple.com to 192.168.1.1
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: query[A] apple.com from 10.10.10.216
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: forwarded apple.com to 192.168.1.1
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: query[AAAA] r7.sn-bvvbax-hn2d.googlevideo.com from 10.10.10.216
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: forwarded r7.sn-bvvbax-hn2d.googlevideo.com to 192.168.1.1
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: reply guzzoni.apple.com is <CNAME>
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: reply origin.guzzoni-apple.com.akadns.net is <CNAME>
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: reply st14p02sa.guzzoni-apple.com.akadns.net is NODATA-IPv6
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: reply apple.com is 17.142.160.59
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: reply apple.com is 17.172.224.47
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: reply apple.com is 17.178.96.59
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: reply guzzoni.apple.com is <CNAME>
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: reply origin.guzzoni-apple.com.akadns.net is <CNAME>
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: reply st14p02sa.guzzoni-apple.com.akadns.net is 17.174.2.5
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: query[A] r7.sn-bvvbax-hn2d.googlevideo.com from 10.10.10.216
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: forwarded r7.sn-bvvbax-hn2d.googlevideo.com to 192.168.1.1
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: query[AAAA] www.apple.com from 10.10.10.216
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: forwarded www.apple.com to 192.168.1.1
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: reply r7.sn-bvvbax-hn2d.googlevideo.com is 208.117.253.90
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: query[A] www.apple.com from 10.10.10.216
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: forwarded www.apple.com to 192.168.1.1
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: reply www.apple.com is <CNAME>
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: reply www.apple.com.edgekey.net is <CNAME>
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: reply www.apple.com.edgekey.net.globalredir.akadns.net is <CNAME>
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: reply e6858.dscc.akamaiedge.net is 2001:559:16:182::1aca
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: reply e6858.dscc.akamaiedge.net is 2001:559:16:186::1aca
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: query[AAAA] p29-keyvalueservice-current.edge.icloud.apple-dns.net from 10.10.10.216
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: forwarded p29-keyvalueservice-current.edge.icloud.apple-dns.net to 192.168.1.1
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: reply www.apple.com is <CNAME>
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: reply www.apple.com.edgekey.net is <CNAME>
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: reply www.apple.com.edgekey.net.globalredir.akadns.net is <CNAME>
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: reply e6858.dscc.akamaiedge.net is 104.73.154.242
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: query[A] p29-keyvalueservice-current.edge.icloud.apple-dns.net from 10.10.10.216
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: forwarded p29-keyvalueservice-current.edge.icloud.apple-dns.net to 192.168.1.1
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: query[A] st14p02sa.guzzoni-apple.com.akadns.net from 10.10.10.216
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: cached st14p02sa.guzzoni-apple.com.akadns.net is 17.174.2.5
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: query[AAAA] st14p02sa.guzzoni-apple.com.akadns.net from 10.10.10.216
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: cached st14p02sa.guzzoni-apple.com.akadns.net is NODATA-IPv6
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: reply p29-keyvalueservice-current.edge.icloud.apple-dns.net is 17.248.132.177
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: query[A] e6858.dscc.akamaiedge.net from 10.10.10.216
Mon Mar 14 14:53:58 2016 daemon.info dnsmasq[3859]: cached e6858.dscc.akamaiedge.net is 104.73.154.242
Mon Mar 14 14:53:59 2016 daemon.info dnsmasq[3859]: query[A] mail.google.com from 10.10.10.228
Mon Mar 14 14:53:59 2016 daemon.info dnsmasq[3859]: forwarded mail.google.com to 192.168.1.1
Mon Mar 14 14:53:59 2016 daemon.info dnsmasq[3859]: query[A] mail.google.com from 10.10.10.229
Mon Mar 14 14:53:59 2016 daemon.info dnsmasq[3859]: forwarded mail.google.com to 192.168.1.1
Mon Mar 14 14:53:59 2016 daemon.info dnsmasq[3859]: reply mail.google.com is <CNAME>
Mon Mar 14 14:53:59 2016 daemon.info dnsmasq[3859]: reply googlemail.l.google.com is 216.58.216.229
Mon Mar 14 14:53:59 2016 daemon.info dnsmasq[3859]: reply mail.google.com is <CNAME>
Mon Mar 14 14:53:59 2016 daemon.info dnsmasq[3859]: reply googlemail.l.google.com is 216.58.216.229
Mon Mar 14 14:53:59 2016 daemon.info dnsmasq[3859]: query[A] www.gstatic.com from 10.10.10.224
Mon Mar 14 14:53:59 2016 daemon.info dnsmasq[3859]: cached www.gstatic.com is 216.58.216.227
Mon Mar 14 14:53:59 2016 daemon.info dnsmasq[3859]: query[A] apple.com from 10.10.10.224
Mon Mar 14 14:53:59 2016 daemon.info dnsmasq[3859]: cached apple.com is 17.178.96.59
Mon Mar 14 14:53:59 2016 daemon.info dnsmasq[3859]: cached apple.com is 17.172.224.47
Mon Mar 14 14:53:59 2016 daemon.info dnsmasq[3859]: cached apple.com is 17.142.160.59
Mon Mar 14 14:53:59 2016 kern.info kernel: [  106.372759] br-lan: port 2(eth2) entered forwarding state
Mon Mar 14 14:53:59 2016 daemon.info dnsmasq[3859]: query[A] www.google.com from 10.10.10.224
Mon Mar 14 14:53:59 2016 daemon.info dnsmasq[3859]: forwarded www.google.com to 192.168.1.1
Mon Mar 14 14:53:59 2016 daemon.info dnsmasq[3859]: reply www.google.com is 74.125.21.99
Mon Mar 14 14:53:59 2016 daemon.info dnsmasq[3859]: reply www.google.com is 74.125.21.104
Mon Mar 14 14:53:59 2016 daemon.info dnsmasq[3859]: reply www.google.com is 74.125.21.147
Mon Mar 14 14:53:59 2016 daemon.info dnsmasq[3859]: reply www.google.com is 74.125.21.103
Mon Mar 14 14:53:59 2016 daemon.info dnsmasq[3859]: reply www.google.com is 74.125.21.106
Mon Mar 14 14:53:59 2016 daemon.info dnsmasq[3859]: reply www.google.com is 74.125.21.105
Mon Mar 14 14:54:00 2016 daemon.info dnsmasq[3859]: exiting on receipt of SIGTERM
Mon Mar 14 14:54:00 2016 daemon.notice snort[4070]: Enabling inline operation
Mon Mar 14 14:54:00 2016 daemon.notice snort[4070]: Found pid path directive (/var/snort/)
Mon Mar 14 14:54:00 2016 daemon.notice snort[4070]: Running in IDS mode
Mon Mar 14 14:54:00 2016 daemon.notice snort[4070]: 
Mon Mar 14 14:54:00 2016 daemon.notice snort[4070]:         --== Initializing Snort ==--
Mon Mar 14 14:54:00 2016 daemon.notice snort[4070]: Initializing Output Plugins!
Mon Mar 14 14:54:00 2016 daemon.notice snort[4070]: Initializing Preprocessors!
Mon Mar 14 14:54:00 2016 daemon.notice snort[4070]: Initializing Plug-ins!
Mon Mar 14 14:54:00 2016 daemon.notice snort[4070]: Parsing Rules file "/etc/snort/snort7.conf"
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: PortVar 'HTTP_PORTS' defined : 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:  [ 36 80:90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 33300 34412 Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: PortVar 'SHELLCODE_PORTS' defined : 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:  [ 1:65535 ]
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: PortVar 'ORACLE_PORTS' defined : 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:  [ 1024:65535 ]
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: PortVar 'SSH_PORTS' defined : 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:  [ 22 ]
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: PortVar 'FTP_PORTS' defined : 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:  [ 21 2100 3535 ]
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: PortVar 'SIP_PORTS' defined : 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:  [ 5060:5061 5600 ]
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: PortVar 'FILE_DATA_PORTS' defined : 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:  [ 36 80:90 110 143 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 3330Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: PortVar 'GTP_PORTS' defined : 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:  [ 2123 2152 3386 ]
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: Detection:
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:    Search-Method = AC-Full-Q
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Search-Method-Optimizations = enabled
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Maximum pattern length = 20
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: Found pid path directive (/var/snort/)
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: Tagged Packet Limit: 256
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so... 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: done
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/...
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: done
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dnp3_preproc.so... 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: done
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sip_preproc.so... 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: done
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so... 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: done
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so... 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: done
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_pop_preproc.so... 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: done
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so... 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: done
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_imap_preproc.so... 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: done
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so... 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: done
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so... 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: done
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_reputation_preproc.so... 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: done
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_modbus_preproc.so... 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: done
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so... 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: done
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_gtp_preproc.so... 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: done
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:   Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: Log directory = /tmp/snort/
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: Normalizer config:
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:          ip4: on
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:      ip4::df: off
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:      ip4::rf: off
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     ip4::tos: off
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:    ip4::trim: off
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     ip4::ttl: on (min=1, new=5)
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: Normalizer config:
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:          tcp: on
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     tcp::ecn: stream
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:   tcp::block: off
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     tcp::rsv: off
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     tcp::pad: off
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: tcp::req_urg: off
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: tcp::req_pay: off
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: tcp::req_urp: off
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     tcp::urp: off
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     tcp::opt: off
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     tcp::ips: on
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: tcp::trim_syn: off
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: tcp::trim_rst: off
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: tcp::trim_win: off
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: tcp::trim_mss: off
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: Normalizer config:
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:        icmp4: on
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: Normalizer config:
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:          ip6: on
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:    ip6::hops: on (min=1, new=5)
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: Normalizer config:
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:        icmp6: on
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: Frag3 global config:
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Max frags: 65536
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Fragment memory cap: 4194304 bytes
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: Frag3 engine config:
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Bound Address: default
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Target-based policy: WINDOWS
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Fragment timeout: 180 seconds
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Fragment min_ttl:   1
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Fragment Anomalies: Alert
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Overlap Limit:     10
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Min fragment Length:     100
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Max Expected Streams: 39
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: Stream global config:
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Track TCP sessions: ACTIVE
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Max TCP sessions: 10000
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     TCP cache pruning timeout: 30 seconds
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     TCP cache nominal timeout: 3600 seconds
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Memcap (for reassembly packet storage): 8388608
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Track UDP sessions: ACTIVE
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Max UDP sessions: 10000
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     UDP cache pruning timeout: 30 seconds
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     UDP cache nominal timeout: 180 seconds
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Track ICMP sessions: ACTIVE
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Max ICMP sessions: 65536
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Track IP sessions: INACTIVE
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Log info if session memory consumption exceeds 1048576
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Send up to 2 active responses
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Wait at least 5 seconds between responses
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Protocol Aware Flushing: ACTIVE
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:         Maximum Flush Point: 16000
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: Stream TCP Policy config:
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Bound Address: default
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Reassembly Policy: WINDOWS
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Timeout: 180 seconds
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Limit on TCP Overlaps: 10
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Maximum number of bytes to queue per session: 1048576
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Maximum number of segs to queue per session: 2621
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Options:
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:         Require 3-Way Handshake: YES
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:         3-Way Handshake Timeout: 180
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:         Detect Anomalies: YES
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Reassembly Ports:
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       21 client (Footprint-IPS) 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       22 client (Footprint-IPS) 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       23 client (Footprint-IPS) 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       25 client (Footprint-IPS) 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       36 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       42 client (Footprint-IPS) 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       53 client (Footprint-IPS) 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       70 client (Footprint-IPS) 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       79 client (Footprint-IPS) 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       80 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       81 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       82 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       83 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       84 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       85 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       86 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       87 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       88 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       89 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       90 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       additional ports configured but not printed.
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: Stream UDP Policy config:
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Timeout: 180 seconds
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: HttpInspect Config:
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     GLOBAL CONFIG
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Detect Proxy Usage:       NO
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       IIS Unicode Map Filename: /etc/snort/unicode.map
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       IIS Unicode Map Codepage: 1252
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Memcap used for logging URI and Hostname: 150994944
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Max Gzip Memory: 838860
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Max Gzip Sessions: 1807
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Gzip Compress Depth: 65535
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Gzip Decompress Depth: 65535
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     DEFAULT SERVER CONFIG:
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Server profile: All
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Ports (PAF): 36 80 81 82 83 84 85 86 87 88 89 90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000 7001 7071 7144 7145 7510 7770 7777 7778 7779 8000 8008 8014 8028 8080 8081 8082 8085 8088 8090 8118 8123 8180 8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090 9091 9111 9290 9443 Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Server Flow Depth: 0
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Client Flow Depth: 0
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Max Chunk Length: 500000
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Small Chunk Length Evasion: chunk size <= 10, threshold >= 5 times
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Max Header Field Length: 750
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Max Number Header Fields: 100
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Max Number of WhiteSpaces allowed with header folding: 200
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Inspect Pipeline Requests: YES
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       URI Discovery Strict Mode: NO
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Allow Proxy Usage: NO
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Disable Alerting: NO
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Oversize Dir Length: 500
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Only inspect URI: NO
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Normalize HTTP Headers: NO
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Inspect HTTP Cookies: YES
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Inspect HTTP Responses: YES
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Extract Gzip from responses: YES
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Decompress response files:   
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Unlimited decompression of gzip data from responses: YES
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Normalize Javascripts in HTTP Responses: YES
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Max Number of WhiteSpaces allowed with Javascript Obfuscation in HTTP responses: 200
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Normalize HTTP Cookies: NO
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Enable XFF and True Client IP: NO
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Log HTTP URI data: NO
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Log HTTP Hostname data: NO
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Extended ASCII code support in URI: NO
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Ascii: YES alert: NO
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Double Decoding: YES alert: NO
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       %U Encoding: YES alert: YES
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Bare Byte: YES alert: NO
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       UTF 8: YES alert: NO
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       IIS Unicode: YES alert: NO
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Multiple Slash: YES alert: NO
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       IIS Backslash: YES alert: NO
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Directory Traversal: YES alert: NO
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Web Root Traversal: YES alert: NO
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Apache WhiteSpace: YES alert: NO
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       IIS Delimiter: YES alert: NO
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Whitespace Characters: 0x09 0x0b 0x0c 0x0d 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: rpc_decode arguments:
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     alert_fragments: INACTIVE
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     alert_large_fragments: INACTIVE
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     alert_incomplete: INACTIVE
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     alert_multiple_requests: INACTIVE
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: Portscan Detection Config:
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Detect Protocols:  TCP UDP ICMP IP
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Detect Scan Type:  portscan portsweep decoy_portscan distributed_portscan
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Sensitivity Level: Medium
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Memcap (in bytes): 500000
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Number of Nodes:   978
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: FTPTelnet Config:
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     GLOBAL CONFIG
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Inspection Type: stateful
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Check for Encrypted Traffic: YES alert: NO
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Continue to check encrypted data: YES
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: started, version 2.73rc7 cachesize 150
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-DNSSEC loop-detect inotify
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: DNS service limited to local subnets
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: using local addresses only for domain lan
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     TELNET CONFIG:
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Ports: 23 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Are You There Threshold: 20
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Normalize: YES
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       Detect Anomalies: YES
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     FTP CONFIG:
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       FTP Server: default
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:         Ports (PAF): 21 2100 3535 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:         Check for Telnet Cmds: YES alert: YES
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:         Ignore Telnet Cmd Operations: YES alert: YES
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:         Ignore open data channels: NO
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       FTP Client: default
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:         Check for Bounce Attacks: YES alert: YES
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:         Check for Telnet Cmds: YES alert: YES
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:         Ignore Telnet Cmd Operations: YES alert: YES
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:         Max Response Length: 256
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: SSH config: 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Autodetection: ENABLED
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Challenge-Response Overflow Alert: ENABLED
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     SSH1 CRC32 Alert: ENABLED
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Server Version String Overflow Alert: ENABLED
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Protocol Mismatch Alert: ENABLED
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Bad Message Direction Alert: DISABLED
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Bad Payload Size Alert: DISABLED
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Unrecognized Version Alert: DISABLED
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Max Encrypted Packets: 20  
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Max Server Version String Length: 100  
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     MaxClientBytes: 19600 (Default) 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Ports:
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: 	22
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: DCE/RPC 2 Preprocessor Configuration
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:   Global Configuration
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     DCE/RPC Defragmentation: Enabled
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Memcap: 102400 KB
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Events: co 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     SMB Fingerprint policy: Disabled
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:   Server Default Configuration
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Policy: WinXP
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Detect ports (PAF)
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       SMB: 139 445 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       TCP: 135 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       UDP: 135 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       RPC over HTTP server: 593 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       RPC over HTTP proxy: None
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Autodetect ports (PAF)
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       SMB: None
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       TCP: 1025-65535 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       UDP: 1025-65535 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       RPC over HTTP server: 1025-65535 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       RPC over HTTP proxy: None
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Invalid SMB shares: C$ D$ ADMIN$ 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Maximum SMB command chaining: 3 commands
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     SMB file inspection: Disabled
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: DNS config: 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     DNS Client rdata txt Overflow Alert: ACTIVE
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Obsolete DNS RR Types Alert: INACTIVE
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Experimental DNS RR Types Alert: INACTIVE
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Ports:
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:  53
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: SSLPP config:
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Encrypted packets: not inspected
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Ports:
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       443      465      563      636      989
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:       992      993      994      995     7801
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:      7802     7900     7901     7902     7903
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:      7904     7905     7906     7907     7908
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:      7909     7910     7911     7912     7913
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:      7914     7915     7916     7917     7918
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:      7919     7920
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Server side data is trusted
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Maximum SSL Heartbeat length: 0
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: Sensitive Data preprocessor config: 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Global Alert Threshold: 25
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Masked Output: DISABLED
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: SIP config: 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Max number of sessions: 1024  
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Max number of dialogs in a session: 4 (Default) 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Status: ENABLED
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Ignore media channel: DISABLED
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Max URI length: 512  
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Max Call ID length: 80  
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Max Request name length: 20 (Default) 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Max From length: 256 (Default) 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Max To length: 256 (Default) 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Max Via length: 1024 (Default) 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Max Contact length: 512  
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Max Content length: 2048  
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Ports:
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: 	5060
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: 	5061
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: 	5600
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:     Methods:
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: 	 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:  invite
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:  cancel
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:  ack
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:  bye
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:  register
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:  options
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:  refer
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:  subscribe
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:  update
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:  join
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:  info
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:  message
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:  notify
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:  benotify
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:  do
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:  qauth
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:  sprack
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:  publish
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:  service
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:  unsubscribe
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]:  prack
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: 
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: +++++++++++++++++++++++++++++++++++++++++++++++++++
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: Initializing rule chains...
Mon Mar 14 14:54:01 2016 daemon.notice snort[4070]: WARNING: /etc/snort/rules//snort.rules(1) threshold (in rule) is deprecated; use detection_filter instead.

Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: reading /tmp/resolv.conf.auto
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: using local addresses only for domain lan
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: using nameserver 192.168.1.1#53
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: read /etc/hosts - 1 addresses
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: read /tmp/hosts/dhcp - 1 addresses
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: query[AAAA] 39-courier.push.apple.com from 10.10.10.216
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: forwarded 39-courier.push.apple.com to 192.168.1.1
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: query[A] 39-courier.push.apple.com from 10.10.10.216
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: forwarded 39-courier.push.apple.com to 192.168.1.1
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: reply 39-courier.push.apple.com is <CNAME>
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: reply 39.courier-push-apple.com.akadns.net is <CNAME>
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: reply us-courier.push-apple.com.akadns.net is 17.110.229.214
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: reply us-courier.push-apple.com.akadns.net is 17.110.229.145
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: reply us-courier.push-apple.com.akadns.net is 17.110.228.34
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: reply us-courier.push-apple.com.akadns.net is 17.110.228.210
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: reply us-courier.push-apple.com.akadns.net is 17.110.229.15
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: reply us-courier.push-apple.com.akadns.net is 17.110.226.16
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: reply us-courier.push-apple.com.akadns.net is 17.110.226.17
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: reply us-courier.push-apple.com.akadns.net is 17.110.228.140
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: reply 39-courier.push.apple.com is <CNAME>
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: reply 39.courier-push-apple.com.akadns.net is <CNAME>
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: reply us-courier.push-apple.com.akadns.net is NODATA-IPv6
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: query[AAAA] skydrive.wns.windows.com from 10.10.10.228
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: forwarded skydrive.wns.windows.com to 192.168.1.1
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: query[A] skydrive.wns.windows.com from 10.10.10.228
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: forwarded skydrive.wns.windows.com to 192.168.1.1
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: query[AAAA] skydrive.wns.windows.com from 10.10.10.229
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: forwarded skydrive.wns.windows.com to 192.168.1.1
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: reply skydrive.wns.windows.com is <CNAME>
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: reply client.wns.windows.com is <CNAME>
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: reply wns.notify.windows.com.akadns.net is <CNAME>
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: reply americas2.notify.windows.com.akadns.net is <CNAME>
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: reply bn2.wns.notify.windows.com.akadns.net is <CNAME>
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: reply bn2wns1.wns.windows.com is 2a01:111:f004:20::101
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: reply skydrive.wns.windows.com is <CNAME>
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: reply client.wns.windows.com is <CNAME>
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: reply wns.notify.windows.com.akadns.net is <CNAME>
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: reply americas2.notify.windows.com.akadns.net is <CNAME>
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: reply bn2.wns.notify.windows.com.akadns.net is <CNAME>
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: reply bn2wns1.wns.windows.com is 131.253.34.230
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: query[A] skydrive.wns.windows.com from 10.10.10.229
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: cached skydrive.wns.windows.com is <CNAME>
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: cached client.wns.windows.com is <CNAME>
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: forwarded skydrive.wns.windows.com to 192.168.1.1
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: reply skydrive.wns.windows.com is <CNAME>
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: reply client.wns.windows.com is <CNAME>
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: reply wns.notify.windows.com.akadns.net is <CNAME>
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: reply americas2.notify.windows.com.akadns.net is <CNAME>
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: reply bn2.wns.notify.windows.com.akadns.net is <CNAME>
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: reply bn2wns1.wns.windows.com is 131.253.34.230
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: reply skydrive.wns.windows.com is <CNAME>
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: reply client.wns.windows.com is <CNAME>
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: reply wns.notify.windows.com.akadns.net is <CNAME>
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: reply americas2.notify.windows.com.akadns.net is <CNAME>
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: reply bn2.wns.notify.windows.com.akadns.net is <CNAME>
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: reply bn2wns1.wns.windows.com is 2a01:111:f004:20::101
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: query[AAAA] us-courier.push-apple.com.akadns.net from 10.10.10.216
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: cached us-courier.push-apple.com.akadns.net is NODATA-IPv6
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: query[A] yourhost.example.com from 127.0.0.1
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: forwarded yourhost.example.com to 192.168.1.1
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: reply yourhost.example.com is 198.105.244.63
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: reply yourhost.example.com is 198.105.254.63
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: query[A] ssl.gstatic.com from 10.10.10.228
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: forwarded ssl.gstatic.com to 192.168.1.1
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: query[A] ssl.gstatic.com from 10.10.10.229
Mon Mar 14 14:54:01 2016 daemon.info dnsmasq[4014]: forwarded ssl.gstatic.com to 192.168.1.1
Mon Mar 14 14:54:02 2016 daemon.info dnsmasq[4014]: reply ssl.gstatic.com is 216.58.216.227
Mon Mar 14 14:54:02 2016 daemon.info dnsmasq[4014]: reply ssl.gstatic.com is 216.58.216.227
Mon Mar 14 14:54:02 2016 daemon.info dnsmasq[4014]: query[AAAA] yourhost.example.com from 127.0.0.1
Mon Mar 14 14:54:02 2016 daemon.info dnsmasq[4014]: forwarded yourhost.example.com to 192.168.1.1
Mon Mar 14 14:54:04 2016 daemon.notice snort[4070]: WARNING: /etc/snort/rules//snort.rules(4278) GID 1 SID 2405001 in rule duplicates previous rule. Ignoring old rule.

Mon Mar 14 14:54:04 2016 daemon.err snort[4070]: FATAL ERROR: /etc/snort/rules//snort.rules(4278) threshold (in rule): could not create threshold - only one per sig_id=2405001.
Mon Mar 14 14:54:04 2016 daemon.info dnsmasq[4014]: query[A] www.cnn.com from 10.10.10.224
Mon Mar 14 14:54:04 2016 daemon.info dnsmasq[4014]: forwarded www.cnn.com to 192.168.1.1
Mon Mar 14 14:54:04 2016 daemon.info dnsmasq[4014]: reply www.cnn.com is <CNAME>
Mon Mar 14 14:54:04 2016 daemon.info dnsmasq[4014]: reply turner.map.fastly.net is 23.235.40.73
Mon Mar 14 14:54:04 2016 daemon.info dnsmasq[4014]: query[AAAA] iphonesubmissions.apple.com from 10.10.10.216
Mon Mar 14 14:54:04 2016 daemon.info dnsmasq[4014]: forwarded iphonesubmissions.apple.com to 192.168.1.1
Mon Mar 14 14:54:04 2016 daemon.info dnsmasq[4014]: query[A] iphonesubmissions.apple.com from 10.10.10.216
Mon Mar 14 14:54:04 2016 daemon.info dnsmasq[4014]: forwarded iphonesubmissions.apple.com to 192.168.1.1
Mon Mar 14 14:54:05 2016 daemon.info dnsmasq[4014]: reply iphonesubmissions.apple.com is 17.171.75.198
Mon Mar 14 14:54:07 2016 daemon.info dnsmasq[4014]: query[A] yourhost.example.com from 127.0.0.1
Mon Mar 14 14:54:07 2016 daemon.info dnsmasq[4014]: cached yourhost.example.com is 198.105.254.63
Mon Mar 14 14:54:07 2016 daemon.info dnsmasq[4014]: cached yourhost.example.com is 198.105.244.63
Mon Mar 14 14:54:07 2016 daemon.info dnsmasq[4014]: query[AAAA] yourhost.example.com from 127.0.0.1
Mon Mar 14 14:54:07 2016 daemon.info dnsmasq[4014]: forwarded yourhost.example.com to 192.168.1.1
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: Enabling inline operation
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: Found pid path directive (/var/snort/)
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: Running in IDS mode
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:         --== Initializing Snort ==--
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: Initializing Output Plugins!
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: Initializing Preprocessors!
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: Initializing Plug-ins!
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: Parsing Rules file "/etc/snort/snort7.conf"
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: PortVar 'HTTP_PORTS' defined : 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:  [ 36 80:90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 33300 34412 Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: PortVar 'SHELLCODE_PORTS' defined : 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:  [ 1:65535 ]
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: PortVar 'ORACLE_PORTS' defined : 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:  [ 1024:65535 ]
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: PortVar 'SSH_PORTS' defined : 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:  [ 22 ]
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: PortVar 'FTP_PORTS' defined : 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:  [ 21 2100 3535 ]
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: PortVar 'SIP_PORTS' defined : 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:  [ 5060:5061 5600 ]
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: PortVar 'FILE_DATA_PORTS' defined : 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:  [ 36 80:90 110 143 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 3330Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: PortVar 'GTP_PORTS' defined : 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:  [ 2123 2152 3386 ]
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: Detection:
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:    Search-Method = AC-Full-Q
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Search-Method-Optimizations = enabled
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Maximum pattern length = 20
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: Found pid path directive (/var/snort/)
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: Tagged Packet Limit: 256
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so... 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: done
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/...
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: done
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dnp3_preproc.so... 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: done
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sip_preproc.so... 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: done
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so... 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: done
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so... 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: done
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_pop_preproc.so... 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: done
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so... 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: done
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_imap_preproc.so... 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: done
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so... 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: done
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so... 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: done
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_reputation_preproc.so... 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: done
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_modbus_preproc.so... 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: done
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so... 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: done
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_gtp_preproc.so... 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: done
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:   Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: Log directory = /tmp/snort/
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: Normalizer config:
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:          ip4: on
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:      ip4::df: off
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:      ip4::rf: off
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     ip4::tos: off
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:    ip4::trim: off
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     ip4::ttl: on (min=1, new=5)
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: Normalizer config:
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:          tcp: on
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     tcp::ecn: stream
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:   tcp::block: off
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     tcp::rsv: off
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     tcp::pad: off
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: tcp::req_urg: off
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: tcp::req_pay: off
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: tcp::req_urp: off
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     tcp::urp: off
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     tcp::opt: off
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     tcp::ips: on
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: tcp::trim_syn: off
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: tcp::trim_rst: off
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: tcp::trim_win: off
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: tcp::trim_mss: off
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: Normalizer config:
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:        icmp4: on
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: Normalizer config:
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:          ip6: on
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:    ip6::hops: on (min=1, new=5)
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: Normalizer config:
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:        icmp6: on
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: Frag3 global config:
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Max frags: 65536
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Fragment memory cap: 4194304 bytes
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: Frag3 engine config:
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Bound Address: default
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Target-based policy: WINDOWS
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Fragment timeout: 180 seconds
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Fragment min_ttl:   1
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Fragment Anomalies: Alert
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Overlap Limit:     10
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Min fragment Length:     100
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Max Expected Streams: 39
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: Stream global config:
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Track TCP sessions: ACTIVE
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Max TCP sessions: 10000
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     TCP cache pruning timeout: 30 seconds
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     TCP cache nominal timeout: 3600 seconds
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Memcap (for reassembly packet storage): 8388608
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Track UDP sessions: ACTIVE
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Max UDP sessions: 10000
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     UDP cache pruning timeout: 30 seconds
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     UDP cache nominal timeout: 180 seconds
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Track ICMP sessions: ACTIVE
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Max ICMP sessions: 65536
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Track IP sessions: INACTIVE
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Log info if session memory consumption exceeds 1048576
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Send up to 2 active responses
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Wait at least 5 seconds between responses
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Protocol Aware Flushing: ACTIVE
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:         Maximum Flush Point: 16000
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: Stream TCP Policy config:
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Bound Address: default
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Reassembly Policy: WINDOWS
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Timeout: 180 seconds
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Limit on TCP Overlaps: 10
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Maximum number of bytes to queue per session: 1048576
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Maximum number of segs to queue per session: 2621
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Options:
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:         Require 3-Way Handshake: YES
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:         3-Way Handshake Timeout: 180
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:         Detect Anomalies: YES
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Reassembly Ports:
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       21 client (Footprint-IPS) 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       22 client (Footprint-IPS) 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       23 client (Footprint-IPS) 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       25 client (Footprint-IPS) 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       36 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       42 client (Footprint-IPS) 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       53 client (Footprint-IPS) 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       70 client (Footprint-IPS) 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       79 client (Footprint-IPS) 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       80 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       81 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       82 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       83 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       84 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       85 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       86 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       87 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       88 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       89 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       90 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       additional ports configured but not printed.
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: Stream UDP Policy config:
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Timeout: 180 seconds
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: HttpInspect Config:
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     GLOBAL CONFIG
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Detect Proxy Usage:       NO
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       IIS Unicode Map Filename: /etc/snort/unicode.map
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       IIS Unicode Map Codepage: 1252
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Memcap used for logging URI and Hostname: 150994944
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Max Gzip Memory: 838860
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Max Gzip Sessions: 1807
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Gzip Compress Depth: 65535
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Gzip Decompress Depth: 65535
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     DEFAULT SERVER CONFIG:
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Server profile: All
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Ports (PAF): 36 80 81 82 83 84 85 86 87 88 89 90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000 7001 7071 7144 7145 7510 7770 7777 7778 7779 8000 8008 8014 8028 8080 8081 8082 8085 8088 8090 8118 8123 8180 8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090 9091 9111 9290 9443 Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Server Flow Depth: 0
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Client Flow Depth: 0
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Max Chunk Length: 500000
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Small Chunk Length Evasion: chunk size <= 10, threshold >= 5 times
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Max Header Field Length: 750
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Max Number Header Fields: 100
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Max Number of WhiteSpaces allowed with header folding: 200
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Inspect Pipeline Requests: YES
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       URI Discovery Strict Mode: NO
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Allow Proxy Usage: NO
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Disable Alerting: NO
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Oversize Dir Length: 500
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Only inspect URI: NO
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Normalize HTTP Headers: NO
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Inspect HTTP Cookies: YES
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Inspect HTTP Responses: YES
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Extract Gzip from responses: YES
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Decompress response files:   
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Unlimited decompression of gzip data from responses: YES
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Normalize Javascripts in HTTP Responses: YES
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Max Number of WhiteSpaces allowed with Javascript Obfuscation in HTTP responses: 200
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Normalize HTTP Cookies: NO
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Enable XFF and True Client IP: NO
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Log HTTP URI data: NO
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Log HTTP Hostname data: NO
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Extended ASCII code support in URI: NO
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Ascii: YES alert: NO
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Double Decoding: YES alert: NO
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       %U Encoding: YES alert: YES
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Bare Byte: YES alert: NO
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       UTF 8: YES alert: NO
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       IIS Unicode: YES alert: NO
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Multiple Slash: YES alert: NO
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       IIS Backslash: YES alert: NO
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Directory Traversal: YES alert: NO
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Web Root Traversal: YES alert: NO
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Apache WhiteSpace: YES alert: NO
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       IIS Delimiter: YES alert: NO
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Whitespace Characters: 0x09 0x0b 0x0c 0x0d 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: rpc_decode arguments:
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     alert_fragments: INACTIVE
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     alert_large_fragments: INACTIVE
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     alert_incomplete: INACTIVE
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     alert_multiple_requests: INACTIVE
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: Portscan Detection Config:
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Detect Protocols:  TCP UDP ICMP IP
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Detect Scan Type:  portscan portsweep decoy_portscan distributed_portscan
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Sensitivity Level: Medium
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Memcap (in bytes): 500000
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Number of Nodes:   978
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: FTPTelnet Config:
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     GLOBAL CONFIG
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Inspection Type: stateful
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Check for Encrypted Traffic: YES alert: NO
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Continue to check encrypted data: YES
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     TELNET CONFIG:
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Ports: 23 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Are You There Threshold: 20
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Normalize: YES
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       Detect Anomalies: YES
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     FTP CONFIG:
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       FTP Server: default
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:         Ports (PAF): 21 2100 3535 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:         Check for Telnet Cmds: YES alert: YES
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:         Ignore Telnet Cmd Operations: YES alert: YES
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:         Ignore open data channels: NO
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       FTP Client: default
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:         Check for Bounce Attacks: YES alert: YES
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:         Check for Telnet Cmds: YES alert: YES
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:         Ignore Telnet Cmd Operations: YES alert: YES
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:         Max Response Length: 256
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: SSH config: 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Autodetection: ENABLED
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Challenge-Response Overflow Alert: ENABLED
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     SSH1 CRC32 Alert: ENABLED
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Server Version String Overflow Alert: ENABLED
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Protocol Mismatch Alert: ENABLED
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Bad Message Direction Alert: DISABLED
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Bad Payload Size Alert: DISABLED
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Unrecognized Version Alert: DISABLED
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Max Encrypted Packets: 20  
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Max Server Version String Length: 100  
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     MaxClientBytes: 19600 (Default) 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Ports:
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: 	22
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: DCE/RPC 2 Preprocessor Configuration
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:   Global Configuration
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     DCE/RPC Defragmentation: Enabled
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Memcap: 102400 KB
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Events: co 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     SMB Fingerprint policy: Disabled
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:   Server Default Configuration
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Policy: WinXP
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Detect ports (PAF)
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       SMB: 139 445 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       TCP: 135 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       UDP: 135 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       RPC over HTTP server: 593 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       RPC over HTTP proxy: None
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Autodetect ports (PAF)
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       SMB: None
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       TCP: 1025-65535 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       UDP: 1025-65535 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       RPC over HTTP server: 1025-65535 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       RPC over HTTP proxy: None
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Invalid SMB shares: C$ D$ ADMIN$ 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Maximum SMB command chaining: 3 commands
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     SMB file inspection: Disabled
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: DNS config: 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     DNS Client rdata txt Overflow Alert: ACTIVE
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Obsolete DNS RR Types Alert: INACTIVE
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Experimental DNS RR Types Alert: INACTIVE
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Ports:
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:  53
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: SSLPP config:
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Encrypted packets: not inspected
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Ports:
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       443      465      563      636      989
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:       992      993      994      995     7801
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:      7802     7900     7901     7902     7903
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:      7904     7905     7906     7907     7908
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:      7909     7910     7911     7912     7913
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:      7914     7915     7916     7917     7918
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:      7919     7920
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Server side data is trusted
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Maximum SSL Heartbeat length: 0
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: Sensitive Data preprocessor config: 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Global Alert Threshold: 25
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Masked Output: DISABLED
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]: SIP config: 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Max number of sessions: 1024  
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Max number of dialogs in a session: 4 (Default) 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Status: ENABLED
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Ignore media channel: DISABLED
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Max URI length: 512  
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Max Call ID length: 80  
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Max Request name length: 20 (Default) 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Max From length: 256 (Default) 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Max To length: 256 (Default) 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Max Via length: 1024 (Default) 
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Max Contact length: 512  
Mon Mar 14 14:54:09 2016 daemon.notice snort[4279]:     Max Content length: 2048  
Mon Mar 14 14:54:10 2016 daemon.notice snort[4279]:     Ports:
Mon Mar 14 14:54:10 2016 daemon.notice snort[4279]: 	5060
Mon Mar 14 14:54:10 2016 daemon.notice snort[4279]: 	5061
Mon Mar 14 14:54:10 2016 daemon.notice snort[4279]: 	5600
Mon Mar 14 14:54:10 2016 daemon.notice snort[4279]: 
Mon Mar 14 14:54:10 2016 daemon.notice snort[4279]:     Methods:
Mon Mar 14 14:54:10 2016 daemon.notice snort[4279]: 	 
Mon Mar 14 14:54:10 2016 daemon.notice snort[4279]:  invite
Mon Mar 14 14:54:10 2016 daemon.notice snort[4279]:  cancel
Mon Mar 14 14:54:10 2016 daemon.notice snort[4279]:  ack
Mon Mar 14 14:54:10 2016 daemon.notice snort[4279]:  bye
Mon Mar 14 14:54:10 2016 daemon.notice snort[4279]:  register
Mon Mar 14 14:54:10 2016 daemon.notice snort[4279]:  options
Mon Mar 14 14:54:10 2016 daemon.notice snort[4279]:  refer
Mon Mar 14 14:54:10 2016 daemon.notice snort[4279]:  subscribe
Mon Mar 14 14:54:10 2016 daemon.notice snort[4279]:  update
Mon Mar 14 14:54:10 2016 daemon.notice snort[4279]:  join
Mon Mar 14 14:54:10 2016 daemon.notice snort[4279]:  info
Mon Mar 14 14:54:10 2016 daemon.notice snort[4279]:  message
Mon Mar 14 14:54:10 2016 daemon.notice snort[4279]:  notify
Mon Mar 14 14:54:10 2016 daemon.notice snort[4279]:  benotify
Mon Mar 14 14:54:10 2016 daemon.notice snort[4279]:  do
Mon Mar 14 14:54:10 2016 daemon.notice snort[4279]:  qauth
Mon Mar 14 14:54:10 2016 daemon.notice snort[4279]:  sprack
Mon Mar 14 14:54:10 2016 daemon.notice snort[4279]:  publish
Mon Mar 14 14:54:10 2016 daemon.notice snort[4279]:  service
Mon Mar 14 14:54:10 2016 daemon.notice snort[4279]:  unsubscribe
Mon Mar 14 14:54:10 2016 daemon.notice snort[4279]:  prack
Mon Mar 14 14:54:10 2016 daemon.notice snort[4279]: 
Mon Mar 14 14:54:10 2016 daemon.notice snort[4279]: 
Mon Mar 14 14:54:10 2016 daemon.notice snort[4279]: +++++++++++++++++++++++++++++++++++++++++++++++++++
Mon Mar 14 14:54:10 2016 daemon.notice snort[4279]: Initializing rule chains...
Mon Mar 14 14:54:10 2016 daemon.notice snort[4279]: WARNING: /etc/snort/rules//snort.rules(1) threshold (in rule) is deprecated; use detection_filter instead.

Mon Mar 14 14:54:10 2016 daemon.info dnsmasq[4014]: query[A] init-p01st.push.apple.com from 10.10.10.228
Mon Mar 14 14:54:10 2016 daemon.info dnsmasq[4014]: forwarded init-p01st.push.apple.com to 192.168.1.1
Mon Mar 14 14:54:10 2016 daemon.info dnsmasq[4014]: query[AAAA] init-p01st.push.apple.com from 10.10.10.228
Mon Mar 14 14:54:10 2016 daemon.info dnsmasq[4014]: forwarded init-p01st.push.apple.com to 192.168.1.1
Mon Mar 14 14:54:10 2016 daemon.info dnsmasq[4014]: reply init-p01st.push.apple.com is <CNAME>
Mon Mar 14 14:54:10 2016 daemon.info dnsmasq[4014]: reply init-p01st.push.apple.com.edgesuite.net is <CNAME>
Mon Mar 14 14:54:10 2016 daemon.info dnsmasq[4014]: reply a1441.g4.akamai.net is 23.67.60.51
Mon Mar 14 14:54:10 2016 daemon.info dnsmasq[4014]: reply a1441.g4.akamai.net is 23.67.60.50
Mon Mar 14 14:54:10 2016 daemon.info dnsmasq[4014]: reply init-p01st.push.apple.com is <CNAME>
Mon Mar 14 14:54:10 2016 daemon.info dnsmasq[4014]: reply init-p01st.push.apple.com.edgesuite.net is <CNAME>
Mon Mar 14 14:54:10 2016 daemon.info dnsmasq[4014]: reply a1441.g4.akamai.net is NODATA-IPv6
Mon Mar 14 14:54:10 2016 daemon.info dnsmasq[4014]: query[A] init-p01st.push.apple.com from 10.10.10.229
Mon Mar 14 14:54:10 2016 daemon.info dnsmasq[4014]: cached init-p01st.push.apple.com is <CNAME>
Mon Mar 14 14:54:10 2016 daemon.info dnsmasq[4014]: cached init-p01st.push.apple.com.edgesuite.net is <CNAME>
Mon Mar 14 14:54:10 2016 daemon.info dnsmasq[4014]: cached a1441.g4.akamai.net is 23.67.60.50
Mon Mar 14 14:54:10 2016 daemon.info dnsmasq[4014]: cached a1441.g4.akamai.net is 23.67.60.51
Mon Mar 14 14:54:10 2016 daemon.info dnsmasq[4014]: query[AAAA] init-p01st.push.apple.com from 10.10.10.229
Mon Mar 14 14:54:10 2016 daemon.info dnsmasq[4014]: cached init-p01st.push.apple.com is <CNAME>
Mon Mar 14 14:54:10 2016 daemon.info dnsmasq[4014]: cached init-p01st.push.apple.com.edgesuite.net is <CNAME>
Mon Mar 14 14:54:10 2016 daemon.info dnsmasq[4014]: cached a1441.g4.akamai.net is NODATA-IPv6
Mon Mar 14 14:54:10 2016 daemon.info dnsmasq[4014]: query[A] clients2.google.com from 10.10.10.224
Mon Mar 14 14:54:10 2016 daemon.info dnsmasq[4014]: forwarded clients2.google.com to 192.168.1.1
Mon Mar 14 14:54:10 2016 daemon.info dnsmasq[4014]: query[AAAA] init-p01st.push.apple.com from 10.10.10.228
Mon Mar 14 14:54:10 2016 daemon.info dnsmasq[4014]: cached init-p01st.push.apple.com is <CNAME>
Mon Mar 14 14:54:10 2016 daemon.info dnsmasq[4014]: cached init-p01st.push.apple.com.edgesuite.net is <CNAME>
Mon Mar 14 14:54:10 2016 daemon.info dnsmasq[4014]: cached a1441.g4.akamai.net is NODATA-IPv6
Mon Mar 14 14:54:10 2016 daemon.info dnsmasq[4014]: query[AAAA] init-p01st.push.apple.com from 10.10.10.229
Mon Mar 14 14:54:10 2016 daemon.info dnsmasq[4014]: cached init-p01st.push.apple.com is <CNAME>
Mon Mar 14 14:54:10 2016 daemon.info dnsmasq[4014]: cached init-p01st.push.apple.com.edgesuite.net is <CNAME>
Mon Mar 14 14:54:10 2016 daemon.info dnsmasq[4014]: cached a1441.g4.akamai.net is NODATA-IPv6
Mon Mar 14 14:54:10 2016 daemon.info dnsmasq[4014]: query[A] init-p01st.push.apple.com from 10.10.10.229
Mon Mar 14 14:54:10 2016 daemon.info dnsmasq[4014]: cached init-p01st.push.apple.com is <CNAME>
Mon Mar 14 14:54:10 2016 daemon.info dnsmasq[4014]: cached init-p01st.push.apple.com.edgesuite.net is <CNAME>
Mon Mar 14 14:54:10 2016 daemon.info dnsmasq[4014]: cached a1441.g4.akamai.net is 23.67.60.51
Mon Mar 14 14:54:10 2016 daemon.info dnsmasq[4014]: cached a1441.g4.akamai.net is 23.67.60.50
Mon Mar 14 14:54:10 2016 daemon.info dnsmasq[4014]: reply clients2.google.com is <CNAME>
Mon Mar 14 14:54:10 2016 daemon.info dnsmasq[4014]: reply clients.l.google.com is 216.58.216.110
Mon Mar 14 14:54:11 2016 daemon.info dnsmasq[4014]: query[AAAA] wns.notify.windows.com.akadns.net from 10.10.10.224
Mon Mar 14 14:54:12 2016 daemon.info dnsmasq[4014]: forwarded wns.notify.windows.com.akadns.net to 192.168.1.1
Mon Mar 14 14:54:12 2016 daemon.info dnsmasq[4014]: query[A] wns.notify.windows.com.akadns.net from 10.10.10.224
Mon Mar 14 14:54:12 2016 daemon.info dnsmasq[4014]: forwarded wns.notify.windows.com.akadns.net to 192.168.1.1
Mon Mar 14 14:54:12 2016 daemon.info dnsmasq[4014]: reply wns.notify.windows.com.akadns.net is <CNAME>
Mon Mar 14 14:54:12 2016 daemon.info dnsmasq[4014]: reply americas2.notify.windows.com.akadns.net is <CNAME>
Mon Mar 14 14:54:12 2016 daemon.info dnsmasq[4014]: reply bn2.wns.notify.windows.com.akadns.net is <CNAME>
Mon Mar 14 14:54:12 2016 daemon.info dnsmasq[4014]: reply bn2wns1.wns.windows.com is 2a01:111:f004:20::101
Mon Mar 14 14:54:12 2016 daemon.info dnsmasq[4014]: query[A] mail.google.com from 10.10.10.224
Mon Mar 14 14:54:12 2016 daemon.info dnsmasq[4014]: forwarded mail.google.com to 192.168.1.1
Mon Mar 14 14:54:12 2016 daemon.info dnsmasq[4014]: reply mail.google.com is <CNAME>
Mon Mar 14 14:54:12 2016 daemon.info dnsmasq[4014]: reply googlemail.l.google.com is 216.58.216.229
Mon Mar 14 14:54:12 2016 daemon.info dnsmasq[4014]: reply wns.notify.windows.com.akadns.net is <CNAME>
Mon Mar 14 14:54:12 2016 daemon.info dnsmasq[4014]: reply americas2.notify.windows.com.akadns.net is <CNAME>
Mon Mar 14 14:54:12 2016 daemon.info dnsmasq[4014]: reply bn2.wns.notify.windows.com.akadns.net is <CNAME>
Mon Mar 14 14:54:12 2016 daemon.info dnsmasq[4014]: reply bn2wns1.wns.windows.com is 131.253.34.230
Mon Mar 14 14:54:12 2016 daemon.info dnsmasq[4014]: query[A] plus.google.com from 10.10.10.224
Mon Mar 14 14:54:12 2016 daemon.info dnsmasq[4014]: forwarded plus.google.com to 192.168.1.1
Mon Mar 14 14:54:12 2016 daemon.info dnsmasq[4014]: reply plus.google.com is 216.58.216.238
Mon Mar 14 14:54:12 2016 daemon.info dnsmasq[4014]: query[A] yourhost.example.com from 127.0.0.1
Mon Mar 14 14:54:12 2016 daemon.info dnsmasq[4014]: forwarded yourhost.example.com to 192.168.1.1
Mon Mar 14 14:54:12 2016 daemon.info dnsmasq[4014]: reply yourhost.example.com is 198.105.244.63
Mon Mar 14 14:54:12 2016 daemon.info dnsmasq[4014]: reply yourhost.example.com is 198.105.254.63
Mon Mar 14 14:54:12 2016 daemon.info dnsmasq[4014]: query[AAAA] yourhost.example.com from 127.0.0.1
Mon Mar 14 14:54:12 2016 daemon.info dnsmasq[4014]: forwarded yourhost.example.com to 192.168.1.1
Mon Mar 14 14:54:15 2016 daemon.notice snort[4279]: WARNING: /etc/snort/rules//snort.rules(4278) GID 1 SID 2405001 in rule duplicates previous rule. Ignoring old rule.

Mon Mar 14 14:54:15 2016 daemon.err snort[4279]: FATAL ERROR: /etc/snort/rules//snort.rules(4278) threshold (in rule): could not create threshold - only one per sig_id=2405001.
Mon Mar 14 14:54:16 2016 daemon.info dnsmasq[4014]: query[A] clients5.google.com from 10.10.10.224
Mon Mar 14 14:54:16 2016 daemon.info dnsmasq[4014]: forwarded clients5.google.com to 192.168.1.1
Mon Mar 14 14:54:17 2016 daemon.info dnsmasq[4014]: reply clients5.google.com is <CNAME>
Mon Mar 14 14:54:17 2016 daemon.info dnsmasq[4014]: reply clients.l.google.com is 216.58.216.110
Mon Mar 14 14:54:17 2016 daemon.info dnsmasq[4014]: query[A] yourhost.example.com from 127.0.0.1
Mon Mar 14 14:54:17 2016 daemon.info dnsmasq[4014]: cached yourhost.example.com is 198.105.254.63
Mon Mar 14 14:54:17 2016 daemon.info dnsmasq[4014]: cached yourhost.example.com is 198.105.244.63
Mon Mar 14 14:54:17 2016 daemon.info dnsmasq[4014]: query[AAAA] yourhost.example.com from 127.0.0.1
Mon Mar 14 14:54:17 2016 daemon.info dnsmasq[4014]: forwarded yourhost.example.com to 192.168.1.1
Mon Mar 14 14:54:17 2016 daemon.info dnsmasq[4014]: query[A] clients4.google.com from 10.10.10.224
Mon Mar 14 14:54:17 2016 daemon.info dnsmasq[4014]: forwarded clients4.google.com to 192.168.1.1
Mon Mar 14 14:54:18 2016 daemon.info dnsmasq[4014]: reply clients4.google.com is <CNAME>
Mon Mar 14 14:54:18 2016 daemon.info dnsmasq[4014]: reply clients.l.google.com is 216.58.216.110
Mon Mar 14 14:54:18 2016 daemon.info dnsmasq[4014]: query[A] clients4.google.com from 10.10.10.224
Mon Mar 14 14:54:18 2016 daemon.info dnsmasq[4014]: cached clients4.google.com is <CNAME>
Mon Mar 14 14:54:18 2016 daemon.info dnsmasq[4014]: cached clients.l.google.com is 216.58.216.110
Mon Mar 14 14:54:20 2016 daemon.info dnsmasq[4014]: query[A] clients2.google.com from 10.10.10.228
Mon Mar 14 14:54:20 2016 daemon.info dnsmasq[4014]: forwarded clients2.google.com to 192.168.1.1
Mon Mar 14 14:54:20 2016 daemon.info dnsmasq[4014]: query[A] clients2.google.com from 10.10.10.229
Mon Mar 14 14:54:20 2016 daemon.info dnsmasq[4014]: forwarded clients2.google.com to 192.168.1.1
Mon Mar 14 14:54:20 2016 daemon.info dnsmasq[4014]: reply clients2.google.com is <CNAME>
Mon Mar 14 14:54:20 2016 daemon.info dnsmasq[4014]: reply clients.l.google.com is 216.58.216.110
Mon Mar 14 14:54:20 2016 daemon.info dnsmasq[4014]: reply clients2.google.com is <CNAME>
Mon Mar 14 14:54:20 2016 daemon.info dnsmasq[4014]: reply clients.l.google.com is 216.58.216.110
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: Enabling inline operation
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: Found pid path directive (/var/snort/)
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: Running in IDS mode
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:         --== Initializing Snort ==--
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: Initializing Output Plugins!
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: Initializing Preprocessors!
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: Initializing Plug-ins!
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: Parsing Rules file "/etc/snort/snort7.conf"
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: PortVar 'HTTP_PORTS' defined : 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:  [ 36 80:90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 33300 34412 Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: PortVar 'SHELLCODE_PORTS' defined : 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:  [ 1:65535 ]
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: PortVar 'ORACLE_PORTS' defined : 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:  [ 1024:65535 ]
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: PortVar 'SSH_PORTS' defined : 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:  [ 22 ]
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: PortVar 'FTP_PORTS' defined : 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:  [ 21 2100 3535 ]
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: PortVar 'SIP_PORTS' defined : 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:  [ 5060:5061 5600 ]
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: PortVar 'FILE_DATA_PORTS' defined : 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:  [ 36 80:90 110 143 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 3330Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: PortVar 'GTP_PORTS' defined : 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:  [ 2123 2152 3386 ]
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: Detection:
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:    Search-Method = AC-Full-Q
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Search-Method-Optimizations = enabled
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Maximum pattern length = 20
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: Found pid path directive (/var/snort/)
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: Tagged Packet Limit: 256
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so... 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: done
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/...
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: done
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dnp3_preproc.so... 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: done
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sip_preproc.so... 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: done
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so... 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: done
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so... 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: done
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_pop_preproc.so... 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: done
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so... 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: done
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_imap_preproc.so... 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: done
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so... 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: done
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so... 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: done
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_reputation_preproc.so... 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: done
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_modbus_preproc.so... 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: done
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so... 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: done
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_gtp_preproc.so... 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: done
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:   Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: Log directory = /tmp/snort/
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: Normalizer config:
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:          ip4: on
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:      ip4::df: off
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:      ip4::rf: off
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     ip4::tos: off
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:    ip4::trim: off
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     ip4::ttl: on (min=1, new=5)
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: Normalizer config:
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:          tcp: on
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     tcp::ecn: stream
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:   tcp::block: off
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     tcp::rsv: off
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     tcp::pad: off
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: tcp::req_urg: off
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: tcp::req_pay: off
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: tcp::req_urp: off
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     tcp::urp: off
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     tcp::opt: off
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     tcp::ips: on
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: tcp::trim_syn: off
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: tcp::trim_rst: off
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: tcp::trim_win: off
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: tcp::trim_mss: off
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: Normalizer config:
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:        icmp4: on
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: Normalizer config:
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:          ip6: on
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:    ip6::hops: on (min=1, new=5)
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: Normalizer config:
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:        icmp6: on
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: Frag3 global config:
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Max frags: 65536
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Fragment memory cap: 4194304 bytes
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: Frag3 engine config:
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Bound Address: default
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Target-based policy: WINDOWS
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Fragment timeout: 180 seconds
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Fragment min_ttl:   1
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Fragment Anomalies: Alert
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Overlap Limit:     10
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Min fragment Length:     100
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Max Expected Streams: 39
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: Stream global config:
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Track TCP sessions: ACTIVE
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Max TCP sessions: 10000
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     TCP cache pruning timeout: 30 seconds
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     TCP cache nominal timeout: 3600 seconds
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Memcap (for reassembly packet storage): 8388608
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Track UDP sessions: ACTIVE
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Max UDP sessions: 10000
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     UDP cache pruning timeout: 30 seconds
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     UDP cache nominal timeout: 180 seconds
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Track ICMP sessions: ACTIVE
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Max ICMP sessions: 65536
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Track IP sessions: INACTIVE
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Log info if session memory consumption exceeds 1048576
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Send up to 2 active responses
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Wait at least 5 seconds between responses
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Protocol Aware Flushing: ACTIVE
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:         Maximum Flush Point: 16000
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: Stream TCP Policy config:
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Bound Address: default
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Reassembly Policy: WINDOWS
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Timeout: 180 seconds
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Limit on TCP Overlaps: 10
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Maximum number of bytes to queue per session: 1048576
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Maximum number of segs to queue per session: 2621
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Options:
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:         Require 3-Way Handshake: YES
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:         3-Way Handshake Timeout: 180
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:         Detect Anomalies: YES
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Reassembly Ports:
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       21 client (Footprint-IPS) 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       22 client (Footprint-IPS) 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       23 client (Footprint-IPS) 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       25 client (Footprint-IPS) 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       36 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       42 client (Footprint-IPS) 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       53 client (Footprint-IPS) 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       70 client (Footprint-IPS) 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       79 client (Footprint-IPS) 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       80 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       81 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       82 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       83 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       84 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       85 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       86 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       87 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       88 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       89 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       90 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       additional ports configured but not printed.
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: Stream UDP Policy config:
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Timeout: 180 seconds
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: HttpInspect Config:
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     GLOBAL CONFIG
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Detect Proxy Usage:       NO
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       IIS Unicode Map Filename: /etc/snort/unicode.map
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       IIS Unicode Map Codepage: 1252
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Memcap used for logging URI and Hostname: 150994944
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Max Gzip Memory: 838860
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Max Gzip Sessions: 1807
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Gzip Compress Depth: 65535
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Gzip Decompress Depth: 65535
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     DEFAULT SERVER CONFIG:
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Server profile: All
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Ports (PAF): 36 80 81 82 83 84 85 86 87 88 89 90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000 7001 7071 7144 7145 7510 7770 7777 7778 7779 8000 8008 8014 8028 8080 8081 8082 8085 8088 8090 8118 8123 8180 8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090 9091 9111 9290 9443 Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Server Flow Depth: 0
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Client Flow Depth: 0
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Max Chunk Length: 500000
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Small Chunk Length Evasion: chunk size <= 10, threshold >= 5 times
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Max Header Field Length: 750
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Max Number Header Fields: 100
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Max Number of WhiteSpaces allowed with header folding: 200
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Inspect Pipeline Requests: YES
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       URI Discovery Strict Mode: NO
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Allow Proxy Usage: NO
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Disable Alerting: NO
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Oversize Dir Length: 500
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Only inspect URI: NO
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Normalize HTTP Headers: NO
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Inspect HTTP Cookies: YES
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Inspect HTTP Responses: YES
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Extract Gzip from responses: YES
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Decompress response files:   
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Unlimited decompression of gzip data from responses: YES
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Normalize Javascripts in HTTP Responses: YES
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Max Number of WhiteSpaces allowed with Javascript Obfuscation in HTTP responses: 200
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Normalize HTTP Cookies: NO
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Enable XFF and True Client IP: NO
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Log HTTP URI data: NO
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Log HTTP Hostname data: NO
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Extended ASCII code support in URI: NO
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Ascii: YES alert: NO
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Double Decoding: YES alert: NO
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       %U Encoding: YES alert: YES
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Bare Byte: YES alert: NO
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       UTF 8: YES alert: NO
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       IIS Unicode: YES alert: NO
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Multiple Slash: YES alert: NO
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       IIS Backslash: YES alert: NO
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Directory Traversal: YES alert: NO
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Web Root Traversal: YES alert: NO
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Apache WhiteSpace: YES alert: NO
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       IIS Delimiter: YES alert: NO
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Whitespace Characters: 0x09 0x0b 0x0c 0x0d 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: rpc_decode arguments:
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     alert_fragments: INACTIVE
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     alert_large_fragments: INACTIVE
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     alert_incomplete: INACTIVE
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     alert_multiple_requests: INACTIVE
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: Portscan Detection Config:
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Detect Protocols:  TCP UDP ICMP IP
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Detect Scan Type:  portscan portsweep decoy_portscan distributed_portscan
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Sensitivity Level: Medium
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Memcap (in bytes): 500000
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Number of Nodes:   978
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: FTPTelnet Config:
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     GLOBAL CONFIG
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Inspection Type: stateful
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Check for Encrypted Traffic: YES alert: NO
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Continue to check encrypted data: YES
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     TELNET CONFIG:
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Ports: 23 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Are You There Threshold: 20
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Normalize: YES
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       Detect Anomalies: YES
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     FTP CONFIG:
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       FTP Server: default
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:         Ports (PAF): 21 2100 3535 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:         Check for Telnet Cmds: YES alert: YES
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:         Ignore Telnet Cmd Operations: YES alert: YES
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:         Ignore open data channels: NO
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       FTP Client: default
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:         Check for Bounce Attacks: YES alert: YES
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:         Check for Telnet Cmds: YES alert: YES
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:         Ignore Telnet Cmd Operations: YES alert: YES
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:         Max Response Length: 256
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: SSH config: 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Autodetection: ENABLED
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Challenge-Response Overflow Alert: ENABLED
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     SSH1 CRC32 Alert: ENABLED
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Server Version String Overflow Alert: ENABLED
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Protocol Mismatch Alert: ENABLED
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Bad Message Direction Alert: DISABLED
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Bad Payload Size Alert: DISABLED
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Unrecognized Version Alert: DISABLED
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Max Encrypted Packets: 20  
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Max Server Version String Length: 100  
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     MaxClientBytes: 19600 (Default) 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Ports:
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: 	22
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: DCE/RPC 2 Preprocessor Configuration
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:   Global Configuration
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     DCE/RPC Defragmentation: Enabled
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Memcap: 102400 KB
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Events: co 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     SMB Fingerprint policy: Disabled
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:   Server Default Configuration
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Policy: WinXP
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Detect ports (PAF)
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       SMB: 139 445 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       TCP: 135 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       UDP: 135 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       RPC over HTTP server: 593 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       RPC over HTTP proxy: None
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Autodetect ports (PAF)
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       SMB: None
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       TCP: 1025-65535 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       UDP: 1025-65535 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       RPC over HTTP server: 1025-65535 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       RPC over HTTP proxy: None
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Invalid SMB shares: C$ D$ ADMIN$ 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Maximum SMB command chaining: 3 commands
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     SMB file inspection: Disabled
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: DNS config: 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     DNS Client rdata txt Overflow Alert: ACTIVE
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Obsolete DNS RR Types Alert: INACTIVE
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Experimental DNS RR Types Alert: INACTIVE
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Ports:
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:  53
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: SSLPP config:
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Encrypted packets: not inspected
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Ports:
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       443      465      563      636      989
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:       992      993      994      995     7801
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:      7802     7900     7901     7902     7903
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:      7904     7905     7906     7907     7908
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:      7909     7910     7911     7912     7913
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:      7914     7915     7916     7917     7918
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:      7919     7920
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Server side data is trusted
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Maximum SSL Heartbeat length: 0
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: Sensitive Data preprocessor config: 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Global Alert Threshold: 25
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Masked Output: DISABLED
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: SIP config: 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Max number of sessions: 1024  
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Max number of dialogs in a session: 4 (Default) 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Status: ENABLED
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Ignore media channel: DISABLED
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Max URI length: 512  
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Max Call ID length: 80  
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Max Request name length: 20 (Default) 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Max From length: 256 (Default) 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Max To length: 256 (Default) 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Max Via length: 1024 (Default) 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Max Contact length: 512  
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Max Content length: 2048  
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Ports:
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: 	5060
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: 	5061
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: 	5600
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:     Methods:
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: 	 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:  invite
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:  cancel
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:  ack
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:  bye
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:  register
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:  options
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:  refer
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:  subscribe
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:  update
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:  join
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:  info
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:  message
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:  notify
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:  benotify
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:  do
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:  qauth
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:  sprack
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:  publish
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:  service
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:  unsubscribe
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]:  prack
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: 
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: +++++++++++++++++++++++++++++++++++++++++++++++++++
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: Initializing rule chains...
Mon Mar 14 14:54:21 2016 daemon.notice snort[4389]: WARNING: /etc/snort/rules//snort.rules(1) threshold (in rule) is deprecated; use detection_filter instead.

Mon Mar 14 14:54:22 2016 daemon.info dnsmasq[4014]: query[A] yourhost.example.com from 127.0.0.1
Mon Mar 14 14:54:22 2016 daemon.info dnsmasq[4014]: forwarded yourhost.example.com to 192.168.1.1
Mon Mar 14 14:54:22 2016 daemon.info dnsmasq[4014]: reply yourhost.example.com is 198.105.244.63
Mon Mar 14 14:54:22 2016 daemon.info dnsmasq[4014]: reply yourhost.example.com is 198.105.254.63
Mon Mar 14 14:54:22 2016 daemon.info dnsmasq[4014]: query[AAAA] yourhost.example.com from 127.0.0.1
Mon Mar 14 14:54:22 2016 daemon.info dnsmasq[4014]: forwarded yourhost.example.com to 192.168.1.1
Mon Mar 14 14:54:23 2016 daemon.info dnsmasq[4014]: query[A] init.itunes.apple.com from 10.10.10.216
Mon Mar 14 14:54:23 2016 daemon.info dnsmasq[4014]: forwarded init.itunes.apple.com to 192.168.1.1
Mon Mar 14 14:54:23 2016 daemon.info dnsmasq[4014]: reply init.itunes.apple.com is <CNAME>
Mon Mar 14 14:54:23 2016 daemon.info dnsmasq[4014]: reply init-cdn.itunes-apple.com.akadns.net is <CNAME>
Mon Mar 14 14:54:23 2016 daemon.info dnsmasq[4014]: reply itunes.apple.com.edgekey.net is <CNAME>
Mon Mar 14 14:54:23 2016 daemon.info dnsmasq[4014]: reply e673.e9.akamaiedge.net is 23.210.50.217
Mon Mar 14 14:54:24 2016 daemon.info dnsmasq[4014]: query[AAAA] e673.e9.akamaiedge.net from 10.10.10.216
Mon Mar 14 14:54:24 2016 daemon.info dnsmasq[4014]: forwarded e673.e9.akamaiedge.net to 192.168.1.1
Mon Mar 14 14:54:24 2016 daemon.info dnsmasq[4014]: query[A] p29-keyvalueservice-current.edge.icloud.apple-dns.net from 10.10.10.216
Mon Mar 14 14:54:24 2016 daemon.info dnsmasq[4014]: forwarded p29-keyvalueservice-current.edge.icloud.apple-dns.net to 192.168.1.1
Mon Mar 14 14:54:24 2016 daemon.info dnsmasq[4014]: reply p29-keyvalueservice-current.edge.icloud.apple-dns.net is 17.248.133.149
Mon Mar 14 14:54:24 2016 daemon.info dnsmasq[4014]: query[A] www.google-analytics.com from 10.10.10.224
Mon Mar 14 14:54:24 2016 daemon.info dnsmasq[4014]: forwarded www.google-analytics.com to 192.168.1.1
Mon Mar 14 14:54:24 2016 daemon.info dnsmasq[4014]: reply www.google-analytics.com is <CNAME>
Mon Mar 14 14:54:24 2016 daemon.info dnsmasq[4014]: reply www-google-analytics.l.google.com is 216.58.216.238
Mon Mar 14 14:54:25 2016 daemon.notice snort[4389]: WARNING: /etc/snort/rules//snort.rules(4278) GID 1 SID 2405001 in rule duplicates previous rule. Ignoring old rule.

Mon Mar 14 14:54:25 2016 daemon.err snort[4389]: FATAL ERROR: /etc/snort/rules//snort.rules(4278) threshold (in rule): could not create threshold - only one per sig_id=2405001.
Mon Mar 14 14:54:25 2016 daemon.info dnsmasq[4014]: query[A] iphonesubmissions.apple.com from 10.10.10.216
Mon Mar 14 14:54:25 2016 daemon.info dnsmasq[4014]: forwarded iphonesubmissions.apple.com to 192.168.1.1
Mon Mar 14 14:54:25 2016 daemon.info dnsmasq[4014]: reply iphonesubmissions.apple.com is 17.171.75.198
Mon Mar 14 14:54:27 2016 daemon.info dnsmasq[4014]: query[A] yourhost.example.com from 127.0.0.1
Mon Mar 14 14:54:27 2016 daemon.info dnsmasq[4014]: forwarded yourhost.example.com to 192.168.1.1
Mon Mar 14 14:54:27 2016 daemon.info dnsmasq[4014]: reply yourhost.example.com is 198.105.244.63
Mon Mar 14 14:54:27 2016 daemon.info dnsmasq[4014]: reply yourhost.example.com is 198.105.254.63
Mon Mar 14 14:54:27 2016 daemon.info dnsmasq[4014]: query[AAAA] yourhost.example.com from 127.0.0.1
Mon Mar 14 14:54:27 2016 daemon.info dnsmasq[4014]: forwarded yourhost.example.com to 192.168.1.1
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: Enabling inline operation
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: Found pid path directive (/var/snort/)
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: Running in IDS mode
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:         --== Initializing Snort ==--
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: Initializing Output Plugins!
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: Initializing Preprocessors!
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: Initializing Plug-ins!
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: Parsing Rules file "/etc/snort/snort7.conf"
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: PortVar 'HTTP_PORTS' defined : 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:  [ 36 80:90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 33300 34412 Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: PortVar 'SHELLCODE_PORTS' defined : 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:  [ 1:65535 ]
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: PortVar 'ORACLE_PORTS' defined : 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:  [ 1024:65535 ]
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: PortVar 'SSH_PORTS' defined : 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:  [ 22 ]
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: PortVar 'FTP_PORTS' defined : 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:  [ 21 2100 3535 ]
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: PortVar 'SIP_PORTS' defined : 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:  [ 5060:5061 5600 ]
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: PortVar 'FILE_DATA_PORTS' defined : 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:  [ 36 80:90 110 143 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 3330Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: PortVar 'GTP_PORTS' defined : 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:  [ 2123 2152 3386 ]
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: Detection:
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:    Search-Method = AC-Full-Q
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Search-Method-Optimizations = enabled
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Maximum pattern length = 20
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: Found pid path directive (/var/snort/)
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: Tagged Packet Limit: 256
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so... 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: done
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/...
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: done
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dnp3_preproc.so... 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: done
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sip_preproc.so... 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: done
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so... 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: done
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so... 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: done
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_pop_preproc.so... 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: done
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so... 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: done
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_imap_preproc.so... 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: done
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so... 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: done
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so... 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: done
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_reputation_preproc.so... 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: done
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_modbus_preproc.so... 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: done
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so... 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: done
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:   Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_gtp_preproc.so... 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: done
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:   Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: Log directory = /tmp/snort/
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: Normalizer config:
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:          ip4: on
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:      ip4::df: off
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:      ip4::rf: off
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     ip4::tos: off
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:    ip4::trim: off
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     ip4::ttl: on (min=1, new=5)
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: Normalizer config:
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:          tcp: on
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     tcp::ecn: stream
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:   tcp::block: off
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     tcp::rsv: off
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     tcp::pad: off
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: tcp::req_urg: off
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: tcp::req_pay: off
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: tcp::req_urp: off
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     tcp::urp: off
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     tcp::opt: off
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     tcp::ips: on
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: tcp::trim_syn: off
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: tcp::trim_rst: off
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: tcp::trim_win: off
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: tcp::trim_mss: off
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: Normalizer config:
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:        icmp4: on
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: Normalizer config:
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:          ip6: on
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:    ip6::hops: on (min=1, new=5)
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: Normalizer config:
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:        icmp6: on
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: Frag3 global config:
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Max frags: 65536
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Fragment memory cap: 4194304 bytes
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: Frag3 engine config:
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Bound Address: default
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Target-based policy: WINDOWS
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Fragment timeout: 180 seconds
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Fragment min_ttl:   1
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Fragment Anomalies: Alert
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Overlap Limit:     10
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Min fragment Length:     100
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Max Expected Streams: 39
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: Stream global config:
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Track TCP sessions: ACTIVE
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Max TCP sessions: 10000
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     TCP cache pruning timeout: 30 seconds
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     TCP cache nominal timeout: 3600 seconds
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Memcap (for reassembly packet storage): 8388608
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Track UDP sessions: ACTIVE
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Max UDP sessions: 10000
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     UDP cache pruning timeout: 30 seconds
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     UDP cache nominal timeout: 180 seconds
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Track ICMP sessions: ACTIVE
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Max ICMP sessions: 65536
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Track IP sessions: INACTIVE
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Log info if session memory consumption exceeds 1048576
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Send up to 2 active responses
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Wait at least 5 seconds between responses
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Protocol Aware Flushing: ACTIVE
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:         Maximum Flush Point: 16000
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: Stream TCP Policy config:
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Bound Address: default
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Reassembly Policy: WINDOWS
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Timeout: 180 seconds
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Limit on TCP Overlaps: 10
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Maximum number of bytes to queue per session: 1048576
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Maximum number of segs to queue per session: 2621
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Options:
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:         Require 3-Way Handshake: YES
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:         3-Way Handshake Timeout: 180
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:         Detect Anomalies: YES
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Reassembly Ports:
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       21 client (Footprint-IPS) 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       22 client (Footprint-IPS) 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       23 client (Footprint-IPS) 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       25 client (Footprint-IPS) 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       36 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       42 client (Footprint-IPS) 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       53 client (Footprint-IPS) 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       70 client (Footprint-IPS) 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       79 client (Footprint-IPS) 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       80 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       81 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       82 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       83 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       84 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       85 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       86 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       87 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       88 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       89 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       90 client (Footprint-IPS) server (Footprint-IPS)
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       additional ports configured but not printed.
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: Stream UDP Policy config:
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Timeout: 180 seconds
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: HttpInspect Config:
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     GLOBAL CONFIG
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Detect Proxy Usage:       NO
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       IIS Unicode Map Filename: /etc/snort/unicode.map
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       IIS Unicode Map Codepage: 1252
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Memcap used for logging URI and Hostname: 150994944
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Max Gzip Memory: 838860
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Max Gzip Sessions: 1807
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Gzip Compress Depth: 65535
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Gzip Decompress Depth: 65535
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     DEFAULT SERVER CONFIG:
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Server profile: All
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Ports (PAF): 36 80 81 82 83 84 85 86 87 88 89 90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000 7001 7071 7144 7145 7510 7770 7777 7778 7779 8000 8008 8014 8028 8080 8081 8082 8085 8088 8090 8118 8123 8180 8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090 9091 9111 9290 9443 Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Server Flow Depth: 0
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Client Flow Depth: 0
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Max Chunk Length: 500000
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Small Chunk Length Evasion: chunk size <= 10, threshold >= 5 times
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Max Header Field Length: 750
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Max Number Header Fields: 100
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Max Number of WhiteSpaces allowed with header folding: 200
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Inspect Pipeline Requests: YES
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       URI Discovery Strict Mode: NO
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Allow Proxy Usage: NO
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Disable Alerting: NO
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Oversize Dir Length: 500
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Only inspect URI: NO
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Normalize HTTP Headers: NO
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Inspect HTTP Cookies: YES
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Inspect HTTP Responses: YES
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Extract Gzip from responses: YES
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Decompress response files:   
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Unlimited decompression of gzip data from responses: YES
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Normalize Javascripts in HTTP Responses: YES
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Max Number of WhiteSpaces allowed with Javascript Obfuscation in HTTP responses: 200
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Normalize HTTP Cookies: NO
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Enable XFF and True Client IP: NO
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Log HTTP URI data: NO
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Log HTTP Hostname data: NO
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Extended ASCII code support in URI: NO
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Ascii: YES alert: NO
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Double Decoding: YES alert: NO
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       %U Encoding: YES alert: YES
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Bare Byte: YES alert: NO
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       UTF 8: YES alert: NO
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       IIS Unicode: YES alert: NO
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Multiple Slash: YES alert: NO
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       IIS Backslash: YES alert: NO
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Directory Traversal: YES alert: NO
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Web Root Traversal: YES alert: NO
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Apache WhiteSpace: YES alert: NO
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       IIS Delimiter: YES alert: NO
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Whitespace Characters: 0x09 0x0b 0x0c 0x0d 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: rpc_decode arguments:
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     alert_fragments: INACTIVE
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     alert_large_fragments: INACTIVE
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     alert_incomplete: INACTIVE
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     alert_multiple_requests: INACTIVE
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: Portscan Detection Config:
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Detect Protocols:  TCP UDP ICMP IP
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Detect Scan Type:  portscan portsweep decoy_portscan distributed_portscan
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Sensitivity Level: Medium
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Memcap (in bytes): 500000
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Number of Nodes:   978
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: FTPTelnet Config:
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     GLOBAL CONFIG
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Inspection Type: stateful
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Check for Encrypted Traffic: YES alert: NO
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Continue to check encrypted data: YES
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     TELNET CONFIG:
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Ports: 23 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Are You There Threshold: 20
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Normalize: YES
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       Detect Anomalies: YES
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     FTP CONFIG:
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       FTP Server: default
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:         Ports (PAF): 21 2100 3535 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:         Check for Telnet Cmds: YES alert: YES
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:         Ignore Telnet Cmd Operations: YES alert: YES
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:         Ignore open data channels: NO
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       FTP Client: default
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:         Check for Bounce Attacks: YES alert: YES
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:         Check for Telnet Cmds: YES alert: YES
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:         Ignore Telnet Cmd Operations: YES alert: YES
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:         Max Response Length: 256
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: SSH config: 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Autodetection: ENABLED
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Challenge-Response Overflow Alert: ENABLED
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     SSH1 CRC32 Alert: ENABLED
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Server Version String Overflow Alert: ENABLED
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Protocol Mismatch Alert: ENABLED
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Bad Message Direction Alert: DISABLED
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Bad Payload Size Alert: DISABLED
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Unrecognized Version Alert: DISABLED
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Max Encrypted Packets: 20  
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Max Server Version String Length: 100  
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     MaxClientBytes: 19600 (Default) 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Ports:
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: 	22
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: DCE/RPC 2 Preprocessor Configuration
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:   Global Configuration
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     DCE/RPC Defragmentation: Enabled
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Memcap: 102400 KB
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Events: co 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     SMB Fingerprint policy: Disabled
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:   Server Default Configuration
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Policy: WinXP
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Detect ports (PAF)
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       SMB: 139 445 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       TCP: 135 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       UDP: 135 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       RPC over HTTP server: 593 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       RPC over HTTP proxy: None
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Autodetect ports (PAF)
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       SMB: None
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       TCP: 1025-65535 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       UDP: 1025-65535 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       RPC over HTTP server: 1025-65535 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       RPC over HTTP proxy: None
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Invalid SMB shares: C$ D$ ADMIN$ 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Maximum SMB command chaining: 3 commands
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     SMB file inspection: Disabled
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: DNS config: 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     DNS Client rdata txt Overflow Alert: ACTIVE
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Obsolete DNS RR Types Alert: INACTIVE
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Experimental DNS RR Types Alert: INACTIVE
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Ports:
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:  53
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: SSLPP config:
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Encrypted packets: not inspected
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Ports:
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       443      465      563      636      989
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:       992      993      994      995     7801
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:      7802     7900     7901     7902     7903
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:      7904     7905     7906     7907     7908
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:      7909     7910     7911     7912     7913
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:      7914     7915     7916     7917     7918
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:      7919     7920
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Server side data is trusted
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Maximum SSL Heartbeat length: 0
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: Sensitive Data preprocessor config: 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Global Alert Threshold: 25
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Masked Output: DISABLED
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: SIP config: 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Max number of sessions: 1024  
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Max number of dialogs in a session: 4 (Default) 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Status: ENABLED
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Ignore media channel: DISABLED
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Max URI length: 512  
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Max Call ID length: 80  
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Max Request name length: 20 (Default) 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Max From length: 256 (Default) 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Max To length: 256 (Default) 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Max Via length: 1024 (Default) 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Max Contact length: 512  
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Max Content length: 2048  
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Ports:
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: 	5060
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: 	5061
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: 	5600
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:     Methods:
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: 	 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:  invite
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:  cancel
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:  ack
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:  bye
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:  register
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:  options
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:  refer
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:  subscribe
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:  update
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:  join
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:  info
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:  message
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:  notify
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:  benotify
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:  do
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:  qauth
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:  sprack
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:  publish
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:  service
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:  unsubscribe
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]:  prack
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: 
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: +++++++++++++++++++++++++++++++++++++++++++++++++++
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: Initializing rule chains...
Mon Mar 14 14:54:30 2016 daemon.notice snort[4500]: WARNING: /etc/snort/rules//snort.rules(1) threshold (in rule) is deprecated; use detection_filter instead.

Mon Mar 14 14:54:31 2016 daemon.info dnsmasq[4014]: query[A] mtalk.google.com from 10.10.10.228
Mon Mar 14 14:54:31 2016 daemon.info dnsmasq[4014]: forwarded mtalk.google.com to 192.168.1.1
Mon Mar 14 14:54:31 2016 daemon.info dnsmasq[4014]: query[A] mtalk.google.com from 10.10.10.229
Mon Mar 14 14:54:31 2016 daemon.info dnsmasq[4014]: forwarded mtalk.google.com to 192.168.1.1
Mon Mar 14 14:54:31 2016 daemon.info dnsmasq[4014]: reply mtalk.google.com is <CNAME>
Mon Mar 14 14:54:31 2016 daemon.info dnsmasq[4014]: reply mobile-gtalk.l.google.com is 74.125.135.188
Mon Mar 14 14:54:32 2016 daemon.info dnsmasq[4014]: reply mtalk.google.com is <CNAME>
Mon Mar 14 14:54:32 2016 daemon.info dnsmasq[4014]: reply mobile-gtalk.l.google.com is 74.125.135.188
Mon Mar 14 14:54:32 2016 daemon.info dnsmasq[4014]: query[A] mtalk.google.com from 10.10.10.228
Mon Mar 14 14:54:32 2016 daemon.info dnsmasq[4014]: cached mtalk.google.com is <CNAME>
Mon Mar 14 14:54:32 2016 daemon.info dnsmasq[4014]: cached mobile-gtalk.l.google.com is 74.125.135.188
Mon Mar 14 14:54:32 2016 daemon.info dnsmasq[4014]: query[A] mtalk.google.com from 10.10.10.229
Mon Mar 14 14:54:32 2016 daemon.info dnsmasq[4014]: cached mtalk.google.com is <CNAME>
Mon Mar 14 14:54:32 2016 daemon.info dnsmasq[4014]: cached mobile-gtalk.l.google.com is 74.125.135.188
Mon Mar 14 14:54:32 2016 daemon.info dnsmasq[4014]: query[A] yourhost.example.com from 127.0.0.1
Mon Mar 14 14:54:32 2016 daemon.info dnsmasq[4014]: cached yourhost.example.com is 198.105.254.63
Mon Mar 14 14:54:32 2016 daemon.info dnsmasq[4014]: cached yourhost.example.com is 198.105.244.63
Mon Mar 14 14:54:32 2016 daemon.info dnsmasq[4014]: query[AAAA] yourhost.example.com from 127.0.0.1
Mon Mar 14 14:54:32 2016 daemon.info dnsmasq[4014]: forwarded yourhost.example.com to 192.168.1.1
Mon Mar 14 14:54:33 2016 daemon.notice snort[4500]: WARNING: /etc/snort/rules//snort.rules(4278) GID 1 SID 2405001 in rule duplicates previous rule. Ignoring old rule.

Mon Mar 14 14:54:33 2016 daemon.err snort[4500]: FATAL ERROR: /etc/snort/rules//snort.rules(4278) threshold (in rule): could not create threshold - only one per sig_id=2405001.
Mon Mar 14 14:54:33 2016 daemon.info procd: Instance snort::instance1 s in a crash loop 6 crashes, 3 seconds since last crash
Mon Mar 14 14:54:36 2016 daemon.info dnsmasq[4014]: query[A] yourhost.example.com from 127.0.0.1
Mon Mar 14 14:54:36 2016 daemon.info dnsmasq[4014]: cached yourhost.example.com is 198.105.244.63
Mon Mar 14 14:54:36 2016 daemon.info dnsmasq[4014]: cached yourhost.example.com is 198.105.254.63
Mon Mar 14 14:54:37 2016 daemon.info dnsmasq[4014]: query[AAAA] yourhost.example.com from 127.0.0.1
Mon Mar 14 14:54:37 2016 daemon.info dnsmasq[4014]: forwarded yourhost.example.com to 192.168.1.1
Mon Mar 14 14:54:41 2016 daemon.info dnsmasq[4014]: query[A] yourhost.example.com from 127.0.0.1
Mon Mar 14 14:54:41 2016 daemon.info dnsmasq[4014]: forwarded yourhost.example.com to 192.168.1.1
Mon Mar 14 14:54:41 2016 daemon.info dnsmasq[4014]: reply yourhost.example.com is 198.105.244.63
Mon Mar 14 14:54:41 2016 daemon.info dnsmasq[4014]: reply yourhost.example.com is 198.105.254.63
Mon Mar 14 14:54:41 2016 daemon.info dnsmasq[4014]: query[AAAA] yourhost.example.com from 127.0.0.1
Mon Mar 14 14:54:41 2016 daemon.info dnsmasq[4014]: forwarded yourhost.example.com to 192.168.1.1