Tue Apr 19 19:29:22 2016 kern.notice kernel: [ 0.000000] Linux version 3.10.20 (daniel@Ayoub) (gcc version 4.7.0 (Cavium Inc. Version: SDK_3_1_0_p2 build 34) ) #165 SMP Mon May 18 23:41:17 PDT 2015 Tue Apr 19 19:29:22 2016 kern.notice kernel: [ 0.000000] CVMSEG size: 2 cache lines (256 bytes) Tue Apr 19 19:29:22 2016 kern.info kernel: [ 0.000000] Cavium Inc. SDK-3.1 Tue Apr 19 19:29:22 2016 kern.info kernel: [ 0.000000] bootconsole [early0] enabled Tue Apr 19 19:29:22 2016 kern.info kernel: [ 0.000000] CPU revision is: 000d9602 (Cavium Octeon III) Tue Apr 19 19:29:22 2016 kern.info kernel: [ 0.000000] FPU revision is: 00739600 Tue Apr 19 19:29:22 2016 kern.debug kernel: [ 0.000000] Checking for the multiply/shift bug... no. Tue Apr 19 19:29:22 2016 kern.debug kernel: [ 0.000000] Checking for the daddiu bug... no. Tue Apr 19 19:29:22 2016 kern.info kernel: [ 0.000000] Determined physical RAM map: Tue Apr 19 19:29:22 2016 kern.info kernel: [ 0.000000] memory: 000000000c800000 @ 0000000002500000 (usable) Tue Apr 19 19:29:22 2016 kern.info kernel: [ 0.000000] memory: 0000000000c00000 @ 000000000f200000 (usable) Tue Apr 19 19:29:22 2016 kern.info kernel: [ 0.000000] memory: 000000002f000000 @ 0000000020000000 (usable) Tue Apr 19 19:29:22 2016 kern.info kernel: [ 0.000000] memory: 0000000000830000 @ 0000000000100000 (usable) Tue Apr 19 19:29:22 2016 kern.info kernel: [ 0.000000] memory: 0000000001a00000 @ 0000000000930000 (usable after init) Tue Apr 19 19:29:22 2016 kern.info kernel: [ 0.000000] Wasting 896 bytes for tracking 16 unused pages Tue Apr 19 19:29:22 2016 kern.info kernel: [ 0.000000] Initrd not found or empty - disabling initrd Tue Apr 19 19:29:22 2016 kern.info kernel: [ 0.000000] Using passed Device Tree <8000000000080000>. Tue Apr 19 19:29:22 2016 kern.info kernel: [ 0.000000] software IO TLB [mem 0x02670000-0x026b0000] (0MB) mapped at [8000000002670000-80000000026affff] Tue Apr 19 19:29:22 2016 kern.debug kernel: [ 0.000000] Zone ranges: Tue Apr 19 19:29:22 2016 kern.debug kernel: [ 0.000000] DMA32 [mem 0x00100000-0xefffffff] Tue Apr 19 19:29:22 2016 kern.debug kernel: [ 0.000000] Normal empty Tue Apr 19 19:29:22 2016 kern.debug kernel: [ 0.000000] Movable zone start for each node Tue Apr 19 19:29:22 2016 kern.debug kernel: [ 0.000000] Early memory node ranges Tue Apr 19 19:29:22 2016 kern.debug kernel: [ 0.000000] node 0: [mem 0x00100000-0x0232ffff] Tue Apr 19 19:29:22 2016 kern.debug kernel: [ 0.000000] node 0: [mem 0x02500000-0x0ecfffff] Tue Apr 19 19:29:22 2016 kern.debug kernel: [ 0.000000] node 0: [mem 0x0f200000-0x0fdfffff] Tue Apr 19 19:29:22 2016 kern.debug kernel: [ 0.000000] node 0: [mem 0x20000000-0x4effffff] Tue Apr 19 19:29:22 2016 kern.debug kernel: [ 0.000000] On node 0 totalpages: 15971 Tue Apr 19 19:29:22 2016 kern.debug kernel: [ 0.000000] DMA32 zone: 14 pages used for memmap Tue Apr 19 19:29:22 2016 kern.debug kernel: [ 0.000000] DMA32 zone: 0 pages reserved Tue Apr 19 19:29:22 2016 kern.debug kernel: [ 0.000000] DMA32 zone: 15971 pages, LIFO batch:1 Tue Apr 19 19:29:22 2016 kern.info kernel: [ 0.000000] Cavium Hotplug: Available coremask 0x0 Tue Apr 19 19:29:22 2016 kern.notice kernel: [ 0.000000] Primary instruction cache 78kB, virtually tagged, 39 way, 16 sets, linesize 128 bytes. Tue Apr 19 19:29:22 2016 kern.notice kernel: [ 0.000000] Primary data cache 32kB, 32-way, 8 sets, linesize 128 bytes. Tue Apr 19 19:29:22 2016 kern.notice kernel: [ 0.000000] Secondary unified cache 512kB, 4-way, 1024 sets, linesize 128 bytes. Tue Apr 19 19:29:22 2016 kern.info kernel: [ 0.000000] PERCPU: Embedded 1 pages/cpu @8000000002710000 s12544 r8192 d44800 u65536 Tue Apr 19 19:29:22 2016 kern.debug kernel: [ 0.000000] pcpu-alloc: s12544 r8192 d44800 u65536 alloc=1*65536 Tue Apr 19 19:29:22 2016 kern.debug kernel: [ 0.000000] pcpu-alloc: [0] 0 [0] 1 Tue Apr 19 19:29:22 2016 kern.debug kernel: [ 0.000000] Built 1 zonelists in Zone order, mobility grouping off. Total pages: 15957 Tue Apr 19 19:29:22 2016 kern.notice kernel: [ 0.000000] Kernel command line: bootoctlinux 0x20000000 numcores=2 serial#=752011191521-36287 console=ttyS0,115200 Tue Apr 19 19:29:22 2016 kern.info kernel: [ 0.000000] PID hash table entries: 4096 (order: -1, 32768 bytes) Tue Apr 19 19:29:22 2016 kern.info kernel: [ 0.000000] Dentry cache hash table entries: 131072 (order: 4, 1048576 bytes) Tue Apr 19 19:29:22 2016 kern.info kernel: [ 0.000000] Inode-cache hash table entries: 65536 (order: 3, 524288 bytes) Tue Apr 19 19:29:22 2016 kern.info kernel: [ 0.000000] Memory: 983296k/1022144k available (5825k kernel code, 38848k reserved, 2536k data, 26624k init, 0k highmem) Tue Apr 19 19:29:22 2016 kern.info kernel: [ 0.000000] Hierarchical RCU implementation. Tue Apr 19 19:29:22 2016 kern.info kernel: [ 0.000000] RCU restricting CPUs from NR_CPUS=32 to nr_cpu_ids=2. Tue Apr 19 19:29:22 2016 kern.info kernel: [ 0.000000] NR_IRQS:512 Tue Apr 19 19:29:22 2016 kern.info kernel: [ 0.000000] CIB interrupt controller probed: 800107000000e000 23 bits Tue Apr 19 19:29:22 2016 kern.info kernel: [ 0.000000] CIB interrupt controller probed: 800107000000e200 12 bits Tue Apr 19 19:29:22 2016 kern.info kernel: [ 0.000000] CIB interrupt controller probed: 800107000000e400 6 bits Tue Apr 19 19:29:22 2016 kern.info kernel: [ 0.000000] CIB interrupt controller probed: 800107000000ec00 15 bits Tue Apr 19 19:29:22 2016 kern.info kernel: [ 0.000000] CIB interrupt controller probed: 800107000000e600 4 bits Tue Apr 19 19:29:22 2016 kern.info kernel: [ 0.000000] CIB interrupt controller probed: 800107000000e800 11 bits Tue Apr 19 19:29:22 2016 kern.info kernel: [ 0.000000] CIB interrupt controller probed: 800107000000e900 11 bits Tue Apr 19 19:29:22 2016 kern.info kernel: [ 22.554488] Calibrating delay loop (skipped) preset value.. 2000.00 BogoMIPS (lpj=10000000) Tue Apr 19 19:29:22 2016 kern.info kernel: [ 22.562701] pid_max: default: 32768 minimum: 501 Tue Apr 19 19:29:22 2016 kern.info kernel: [ 22.567418] Security Framework initialized Tue Apr 19 19:29:22 2016 kern.info kernel: [ 22.571434] Mount-cache hash table entries: 4096 Tue Apr 19 19:29:22 2016 kern.debug kernel: [ 22.577687] Checking for the daddi bug... no. Tue Apr 19 19:29:22 2016 kern.info kernel: [ 22.578476] SMP: Booting CPU01 (CoreId 1)... Tue Apr 19 19:29:22 2016 kern.info kernel: [ 22.582679] CPU revision is: 000d9602 (Cavium Octeon III) Tue Apr 19 19:29:22 2016 kern.info kernel: [ 22.582682] FPU revision is: 00739600 Tue Apr 19 19:29:22 2016 kern.info kernel: [ 22.582864] Cpu 1 online Tue Apr 19 19:29:22 2016 kern.info kernel: [ 22.594279] Brought up 2 CPUs Tue Apr 19 19:29:22 2016 kern.info kernel: [ 22.597224] Cavium Hotplug: Available coremask 0x0 Tue Apr 19 19:29:22 2016 kern.info kernel: [ 22.604214] NET: Registered protocol family 16 Tue Apr 19 19:29:22 2016 kern.notice kernel: [ 22.609627] Installing handlers for error tree at: ffffffff808be430 Tue Apr 19 19:29:22 2016 kern.notice kernel: [ 22.627148] PCIe: Initializing port 0 Tue Apr 19 19:29:22 2016 kern.debug kernel: [ 24.689683] PCIe: Link timeout on port 0, probably the slot is empty Tue Apr 19 19:29:22 2016 kern.notice kernel: [ 24.689689] PCIe: Initializing port 1 Tue Apr 19 19:29:22 2016 kern.debug kernel: [ 24.693184] PCIe: Port 1 not in PCIe mode, skipping Tue Apr 19 19:29:22 2016 kern.notice kernel: [ 24.693190] PCIe: Initializing port 2 Tue Apr 19 19:29:22 2016 kern.debug kernel: [ 24.696832] PCIe: Port 2 not in PCIe mode, skipping Tue Apr 19 19:29:22 2016 kern.warn kernel: [ 24.703200] [sched_delayed] sched: RT throttling activated Tue Apr 19 19:29:22 2016 kern.info kernel: [ 24.716518] bio: create slab at 0 Tue Apr 19 19:29:22 2016 kern.info kernel: [ 24.720938] vgaarb: loaded Tue Apr 19 19:29:22 2016 kern.notice kernel: [ 24.723868] SCSI subsystem initialized Tue Apr 19 19:29:22 2016 kern.debug kernel: [ 24.727718] libata version 3.00 loaded. Tue Apr 19 19:29:22 2016 kern.info kernel: [ 24.728136] usbcore: registered new interface driver usbfs Tue Apr 19 19:29:22 2016 kern.info kernel: [ 24.733570] usbcore: registered new interface driver hub Tue Apr 19 19:29:22 2016 kern.info kernel: [ 24.738865] usbcore: registered new device driver usb Tue Apr 19 19:29:22 2016 kern.info kernel: [ 24.744016] pps_core: LinuxPPS API ver. 1 registered Tue Apr 19 19:29:22 2016 kern.info kernel: [ 24.748814] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti Tue Apr 19 19:29:22 2016 kern.info kernel: [ 24.758039] PTP clock support registered Tue Apr 19 19:29:22 2016 kern.info kernel: [ 24.761916] EDAC MC: Ver: 3.0.0 Tue Apr 19 19:29:22 2016 kern.info kernel: [ 24.765594] PCI host bridge to bus 0000:00 Tue Apr 19 19:29:22 2016 kern.info kernel: [ 24.769550] pci_bus 0000:00: root bus resource [mem 0x1000000000000] Tue Apr 19 19:29:22 2016 kern.info kernel: [ 24.775873] pci_bus 0000:00: root bus resource [io 0x0000] Tue Apr 19 19:29:22 2016 kern.info kernel: [ 24.781441] pci_bus 0000:00: No busn resource found for root bus, will use [bus 00-ff] Tue Apr 19 19:29:22 2016 kern.debug kernel: [ 24.789368] pci_bus 0000:00: busn_res: [bus 00-ff] end is updated to 00 Tue Apr 19 19:29:22 2016 kern.info kernel: [ 24.790317] Switching to clocksource OCTEON_CVMCOUNT Tue Apr 19 19:29:22 2016 kern.info kernel: [ 24.796591] NET: Registered protocol family 2 Tue Apr 19 19:29:22 2016 kern.info kernel: [ 24.801235] TCP established hash table entries: 8192 (order: 1, 131072 bytes) Tue Apr 19 19:29:22 2016 kern.info kernel: [ 24.808353] TCP bind hash table entries: 8192 (order: 1, 131072 bytes) Tue Apr 19 19:29:22 2016 kern.info kernel: [ 24.814842] TCP: Hash tables configured (established 8192 bind 8192) Tue Apr 19 19:29:22 2016 kern.info kernel: [ 24.821111] TCP: reno registered Tue Apr 19 19:29:22 2016 kern.info kernel: [ 24.824292] UDP hash table entries: 2048 (order: 0, 65536 bytes) Tue Apr 19 19:29:22 2016 kern.info kernel: [ 24.830379] UDP-Lite hash table entries: 2048 (order: 0, 65536 bytes) Tue Apr 19 19:29:22 2016 kern.info kernel: [ 24.837036] NET: Registered protocol family 1 Tue Apr 19 19:29:22 2016 kern.debug kernel: [ 24.841241] PCI: CLS 0 bytes, default 128 Tue Apr 19 19:29:22 2016 kern.notice kernel: [ 26.430606] octeon_pci_console: Console not created. Tue Apr 19 19:29:22 2016 kern.notice kernel: [ 26.435465] /proc/octeon_perf: Octeon performance counter interface loaded Tue Apr 19 19:29:22 2016 kern.info kernel: [ 26.444216] HugeTLB registered 512 MB page size, pre-allocated 0 pages Tue Apr 19 19:29:22 2016 kern.debug kernel: [ 26.451935] sys_fw_version: 0.1.17 Tue Apr 19 19:29:22 2016 kern.debug kernel: [ 26.451949] sys_revision: 21 Tue Apr 19 19:29:22 2016 kern.info kernel: [ 26.452305] squashfs: version 4.0 (2009/01/31) Phillip Lougher Tue Apr 19 19:29:22 2016 kern.info kernel: [ 26.458240] NTFS driver 2.1.30 [Flags: R/W]. Tue Apr 19 19:29:22 2016 kern.info kernel: [ 26.462370] jffs2: version 2.2. (NAND) © 2001-2006 Red Hat, Inc. Tue Apr 19 19:29:22 2016 kern.info kernel: [ 26.468503] msgmni has been set to 1920 Tue Apr 19 19:29:22 2016 kern.notice kernel: [ 26.473245] Key type asymmetric registered Tue Apr 19 19:29:22 2016 kern.notice kernel: [ 26.477232] Asymmetric key parser 'x509' registered Tue Apr 19 19:29:22 2016 kern.info kernel: [ 26.482055] io scheduler noop registered Tue Apr 19 19:29:22 2016 kern.info kernel: [ 26.485970] io scheduler deadline registered Tue Apr 19 19:29:22 2016 kern.info kernel: [ 26.490232] io scheduler cfq registered (default) Tue Apr 19 19:29:22 2016 kern.info kernel: [ 26.495256] octeon_gpio 1070000000800.gpio-controller: OCTEON GPIO Tue Apr 19 19:29:22 2016 kern.info kernel: [ 26.551045] Serial: 8250/16550 driver, 6 ports, IRQ sharing disabled Tue Apr 19 19:29:22 2016 kern.info kernel: [ 26.560638] 1180000000800.serial: ttyS0 at MMIO 0x1180000000800 (irq = 34) is a OCTEON Tue Apr 19 19:29:22 2016 kern.info kernel: [ 26.568426] console [ttyS0] enabled, bootconsole disabled Tue Apr 19 19:29:22 2016 kern.info kernel: [ 26.591966] 1180000000c00.serial: ttyS1 at MMIO 0x1180000000c00 (irq = 35) is a OCTEON Tue Apr 19 19:29:22 2016 kern.info kernel: [ 26.614114] brd: module loaded Tue Apr 19 19:29:22 2016 kern.info kernel: [ 26.632637] loop: module loaded Tue Apr 19 19:29:22 2016 kern.notice kernel: [ 26.649504] slram: not enough parameters. Tue Apr 19 19:29:22 2016 kern.info kernel: [ 26.673725] IMQ driver loaded successfully. (numdevs = 16, numqueues = 1) Tue Apr 19 19:29:22 2016 kern.info kernel: [ 26.692804] Hooking IMQ after NAT on PREROUTING. Tue Apr 19 19:29:22 2016 kern.info kernel: [ 26.709777] Hooking IMQ before NAT on POSTROUTING. Tue Apr 19 19:29:22 2016 kern.info kernel: [ 26.729138] libphy: mdio-octeon: probed Tue Apr 19 19:29:22 2016 kern.info kernel: [ 26.746607] mdio-octeon 1180000001800.mdio: Version 1.0 Tue Apr 19 19:29:22 2016 kern.info kernel: [ 26.764241] spi_ks8995: Micrel KS8995 Ethernet switch SPI driver version 0.1.1 Tue Apr 19 19:29:22 2016 kern.info kernel: [ 26.784371] e1000e: Intel(R) PRO/1000 Network Driver - 2.3.2-k Tue Apr 19 19:29:22 2016 kern.info kernel: [ 26.802573] e1000e: Copyright(c) 1999 - 2013 Intel Corporation. Tue Apr 19 19:29:22 2016 kern.err kernel: [ 26.821078] octeon-pow-ethernet ERROR: You must specify a broadcast group mask. Tue Apr 19 19:29:22 2016 kern.notice kernel: [ 26.840585] octeon-ethernet 2.0 Tue Apr 19 19:29:22 2016 kern.debug kernel: [ 26.857458] Interface 0 has 4 ports (QSGMII) Tue Apr 19 19:29:22 2016 kern.debug kernel: [ 26.857537] Interface 1 has 4 ports (QSGMII) Tue Apr 19 19:29:22 2016 kern.debug kernel: [ 26.857544] Interface 2 has 4 ports (NPI) Tue Apr 19 19:29:22 2016 kern.debug kernel: [ 26.857558] Interface 3 has 4 ports (LOOP) Tue Apr 19 19:29:22 2016 kern.debug kernel: [ 26.857575] Interface 4 has 1 ports (AGL) Tue Apr 19 19:29:22 2016 kern.info kernel: [ 26.865545] usbcore: registered new interface driver cdc_ether Tue Apr 19 19:29:22 2016 kern.info kernel: [ 26.883628] usbcore: registered new interface driver plusb Tue Apr 19 19:29:22 2016 kern.info kernel: [ 26.901356] usbcore: registered new interface driver sierra_net Tue Apr 19 19:29:22 2016 kern.info kernel: [ 26.920072] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver Tue Apr 19 19:29:22 2016 kern.info kernel: [ 26.938876] ehci-pci: EHCI PCI platform driver Tue Apr 19 19:29:22 2016 kern.info kernel: [ 26.955555] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver Tue Apr 19 19:29:22 2016 kern.info kernel: [ 26.974498] usbcore: registered new interface driver usb-storage Tue Apr 19 19:29:22 2016 kern.info kernel: [ 26.992856] usbcore: registered new interface driver usbserial Tue Apr 19 19:29:22 2016 kern.info kernel: [ 27.010917] usbcore: registered new interface driver usbserial_generic Tue Apr 19 19:29:22 2016 kern.info kernel: [ 27.029666] usbserial: USB Serial support registered for generic Tue Apr 19 19:29:22 2016 kern.info kernel: [ 27.047898] usbcore: registered new interface driver sierra Tue Apr 19 19:29:22 2016 kern.info kernel: [ 27.065685] usbserial: USB Serial support registered for Sierra USB modem Tue Apr 19 19:29:22 2016 kern.info kernel: [ 27.084881] i2c /dev entries driver Tue Apr 19 19:29:22 2016 kern.info kernel: [ 27.100906] i2c-octeon 1180000001000.i2c: version 2.5 Tue Apr 19 19:29:22 2016 kern.info kernel: [ 27.118876] octeon_wdt: Initial granularity 5 Sec Tue Apr 19 19:29:22 2016 kern.info kernel: [ 27.135970] EDAC DEVICE0: Giving out device to module 'octeon-cpu' controller 'cache': DEV 'octeon_pc_edac' (INTERRUPT) Tue Apr 19 19:29:22 2016 kern.info kernel: [ 27.159064] EDAC DEVICE1: Giving out device to module 'octeon-l2c' controller 'octeon_l2c_err': DEV 'octeon_l2c_edac' (POLLED) Tue Apr 19 19:29:22 2016 kern.info kernel: [ 27.182715] octeon_lmc_edac octeon_lmc_edac.0: Disabled (ECC not enabled) Tue Apr 19 19:29:22 2016 kern.info kernel: [ 28.955353] Netfilter messages via NETLINK v0.30. Tue Apr 19 19:29:22 2016 kern.info kernel: [ 28.972197] nfnl_acct: registering with nfnetlink. Tue Apr 19 19:29:22 2016 kern.info kernel: [ 28.989156] nf_conntrack version 0.5.0 (7682 buckets, 30728 max) Tue Apr 19 19:29:22 2016 kern.info kernel: [ 29.007579] ctnetlink v0.93: registering with nfnetlink. Tue Apr 19 19:29:22 2016 kern.info kernel: [ 29.025383] xt_time: kernel timezone is -0000 Tue Apr 19 19:29:22 2016 kern.notice kernel: [ 29.041871] ip_set: protocol 6 Tue Apr 19 19:29:22 2016 kern.info kernel: [ 29.057168] ipip: IPv4 over IPv4 tunneling driver Tue Apr 19 19:29:22 2016 kern.info kernel: [ 29.074487] gre: GRE over IPv4 demultiplexor driver Tue Apr 19 19:29:22 2016 kern.info kernel: [ 29.091499] ip_gre: GRE over IPv4 tunneling driver Tue Apr 19 19:29:22 2016 kern.info kernel: [ 29.109611] ip_tables: (C) 2000-2006 Netfilter Core Team Tue Apr 19 19:29:22 2016 kern.info kernel: [ 29.127248] ipt_CLUSTERIP: ClusterIP Version 0.8 loaded successfully Tue Apr 19 19:29:22 2016 kern.info kernel: [ 29.145778] arp_tables: (C) 2002 David S. Miller Tue Apr 19 19:29:22 2016 kern.info kernel: [ 29.162575] TCP: cubic registered Tue Apr 19 19:29:22 2016 kern.info kernel: [ 29.178016] Initializing XFRM netlink socket Tue Apr 19 19:29:22 2016 kern.info kernel: [ 29.194462] NET: Registered protocol family 10 Tue Apr 19 19:29:22 2016 kern.info kernel: [ 29.214273] mip6: Mobile IPv6 Tue Apr 19 19:29:22 2016 kern.info kernel: [ 29.229417] ip6_tables: (C) 2000-2006 Netfilter Core Team Tue Apr 19 19:29:22 2016 kern.info kernel: [ 29.247233] sit: IPv6 over IPv4 tunneling driver Tue Apr 19 19:29:22 2016 kern.info kernel: [ 29.265226] ip6_gre: GRE over IPv6 tunneling driver Tue Apr 19 19:29:22 2016 kern.info kernel: [ 29.282817] NET: Registered protocol family 17 Tue Apr 19 19:29:22 2016 kern.info kernel: [ 29.299434] NET: Registered protocol family 15 Tue Apr 19 19:29:22 2016 kern.notice kernel: [ 29.316092] Bridge firewalling registered Tue Apr 19 19:29:22 2016 kern.info kernel: [ 29.332242] Ebtables v2.0 registered Tue Apr 19 19:29:22 2016 kern.info kernel: [ 29.375171] 8021q: 802.1Q VLAN Support v1.8 Tue Apr 19 19:29:22 2016 kern.notice kernel: [ 29.391538] Key type dns_resolver registered Tue Apr 19 19:29:22 2016 kern.info kernel: [ 29.408069] L2 lock: TLB refill 256 bytes Tue Apr 19 19:29:22 2016 kern.info kernel: [ 29.424205] L2 lock: General exception 128 bytes Tue Apr 19 19:29:22 2016 kern.info kernel: [ 29.440943] L2 lock: low-level interrupt 128 bytes Tue Apr 19 19:29:22 2016 kern.info kernel: [ 29.457854] L2 lock: interrupt 640 bytes Tue Apr 19 19:29:22 2016 kern.info kernel: [ 29.473903] L2 lock: memcpy 1152 bytes Tue Apr 19 19:29:22 2016 kern.err kernel: [ 29.491753] drivers/rtc/hctosys.c: unable to open rtc device (rtc0) Tue Apr 19 19:29:22 2016 kern.info kernel: [ 29.516479] Freeing unused kernel memory: 26624K (ffffffff80930000 - ffffffff82330000) Tue Apr 19 19:29:22 2016 kern.info kernel: [ 46.838804] mmc1: BKOPS_EN bit is not set Tue Apr 19 19:29:22 2016 kern.info kernel: [ 46.859509] mmc1: new high speed DDR MMC card at address 0001 Tue Apr 19 19:29:22 2016 kern.info kernel: [ 46.877985] mmcblk0: mmc1:0001 P1XXXX 3.60 GiB Tue Apr 19 19:29:22 2016 kern.info kernel: [ 46.894964] mmcblk0boot0: mmc1:0001 P1XXXX partition 1 2.00 MiB Tue Apr 19 19:29:22 2016 kern.info kernel: [ 46.913330] mmcblk0boot1: mmc1:0001 P1XXXX partition 2 2.00 MiB Tue Apr 19 19:29:22 2016 kern.info kernel: [ 46.931698] mmcblk0rpmb: mmc1:0001 P1XXXX partition 3 128 KiB Tue Apr 19 19:29:22 2016 kern.info kernel: [ 46.953581] mmcblk0: p1 p2 p3 p4 Tue Apr 19 19:29:22 2016 kern.info kernel: [ 46.974423] mmcblk0boot1: unknown partition table Tue Apr 19 19:29:22 2016 kern.info kernel: [ 46.995932] mmcblk0boot0: unknown partition table Tue Apr 19 19:29:22 2016 kern.info kernel: [ 47.830864] kjournald starting. Commit interval 5 seconds Tue Apr 19 19:29:22 2016 kern.info kernel: [ 47.831667] EXT3-fs (mmcblk0p4): using internal journal Tue Apr 19 19:29:22 2016 kern.info kernel: [ 47.832390] EXT3-fs (mmcblk0p4): recovery complete Tue Apr 19 19:29:22 2016 kern.info kernel: [ 47.832394] EXT3-fs (mmcblk0p4): mounted filesystem with writeback data mode Tue Apr 19 19:29:22 2016 user.err kernel: [ 48.121244] init: failed to symlink /tmp -> /var Tue Apr 19 19:29:22 2016 user.info kernel: [ 48.138318] init: Console is alive Tue Apr 19 19:29:22 2016 user.info kernel: [ 48.154198] init: - watchdog - Tue Apr 19 19:29:22 2016 user.info kernel: [ 49.170349] init: - preinit - Tue Apr 19 19:29:22 2016 user.notice kernel: [ 52.370623] mount_root: mounting /dev/root Tue Apr 19 19:29:22 2016 user.info kernel: [ 52.387594] mount_root: loading kmods from internal overlay Tue Apr 19 19:29:22 2016 user.info kernel: [ 52.517165] block: attempting to load /etc/config/fstab Tue Apr 19 19:29:22 2016 user.info kernel: [ 52.536815] block: extroot: not configured Tue Apr 19 19:29:22 2016 user.info kernel: [ 52.557853] procd: - early - Tue Apr 19 19:29:22 2016 user.info kernel: [ 52.573207] procd: - watchdog - Tue Apr 19 19:29:22 2016 user.info kernel: [ 53.289159] procd: - ubus - Tue Apr 19 19:29:22 2016 user.info kernel: [ 54.304851] procd: - init - Tue Apr 19 19:29:22 2016 kern.info kernel: [ 56.122495] NET: Registered protocol family 38 Tue Apr 19 19:29:22 2016 kern.info kernel: [ 56.145684] tun: Universal TUN/TAP device driver, 1.6 Tue Apr 19 19:29:22 2016 kern.info kernel: [ 56.163036] tun: (C) 1999-2004 Max Krasnyansky Tue Apr 19 19:29:22 2016 kern.info kernel: [ 56.196850] u32 classifier Tue Apr 19 19:29:22 2016 kern.info kernel: [ 56.211853] input device check on Tue Apr 19 19:29:22 2016 kern.info kernel: [ 56.227789] Actions configured Tue Apr 19 19:29:22 2016 kern.info kernel: [ 56.244524] Mirror/redirect action on Tue Apr 19 19:29:22 2016 kern.info kernel: [ 56.269075] PPP generic driver version 2.4.2 Tue Apr 19 19:29:22 2016 kern.info kernel: [ 56.286411] NET: Registered protocol family 24 Tue Apr 19 19:29:23 2016 user.emerg procd: this file has been obseleted. please call "/sbin/block mount" directly Tue Apr 19 19:29:23 2016 daemon.warn netifd: You have delegated IPv6-prefixes but haven't assigned them to any interface. Did you forget to set option ip6assign on your lan-interfaces? Tue Apr 19 19:29:23 2016 daemon.notice netifd: Interface 'lan' is enabled Tue Apr 19 19:29:23 2016 daemon.notice netifd: Interface 'blockdomain' is enabled Tue Apr 19 19:29:23 2016 daemon.notice netifd: Interface 'blockdomain' is setting up now Tue Apr 19 19:29:23 2016 daemon.notice netifd: Interface 'blockdomain' is now up Tue Apr 19 19:29:23 2016 kern.debug kernel: [ 58.278503] SGMII0: Port 1 link timeout Tue Apr 19 19:29:23 2016 kern.notice kernel: [ 58.278784] eth1: 1000 Mbps Full duplex, port 1 Tue Apr 19 19:29:23 2016 kern.info kernel: [ 58.278863] IPv6: ADDRCONF(NETDEV_UP): eth1: link is not ready Tue Apr 19 19:29:23 2016 kern.info kernel: [ 58.279583] device eth1 entered promiscuous mode Tue Apr 19 19:29:23 2016 kern.info kernel: [ 58.281659] IPv6: ADDRCONF(NETDEV_UP): br-lan: link is not ready Tue Apr 19 19:29:23 2016 daemon.notice netifd: Interface 'loopback' is enabled Tue Apr 19 19:29:23 2016 daemon.notice netifd: Interface 'loopback' is setting up now Tue Apr 19 19:29:23 2016 daemon.notice netifd: Interface 'loopback' is now up Tue Apr 19 19:29:23 2016 daemon.err block: /dev/mmcblk0p4 is already mounted Tue Apr 19 19:29:23 2016 daemon.notice netifd: Interface 'wan' is enabled Tue Apr 19 19:29:23 2016 kern.notice kernel: [ 58.309248] eth0: 1000 Mbps Full duplex, port 0 Tue Apr 19 19:29:23 2016 kern.info kernel: [ 58.309339] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready Tue Apr 19 19:29:23 2016 kern.notice kernel: [ 58.330940] eth2: 1000 Mbps Full duplex, port 2 Tue Apr 19 19:29:23 2016 kern.info kernel: [ 58.331033] IPv6: ADDRCONF(NETDEV_UP): eth2: link is not ready Tue Apr 19 19:29:23 2016 daemon.notice netifd: Interface 'wan6' is enabled Tue Apr 19 19:29:23 2016 daemon.notice netifd: Network device 'lo' link is up Tue Apr 19 19:29:23 2016 daemon.notice netifd: Interface 'loopback' has link connectivity Tue Apr 19 19:29:23 2016 cron.info crond[3195]: crond (busybox 1.23.2) started, log level 5 Tue Apr 19 19:29:23 2016 user.emerg procd: interface lan has no physdev or physdev has no suitable ip Tue Apr 19 19:29:23 2016 authpriv.info dropbear[3225]: Not backgrounding Tue Apr 19 19:29:23 2016 daemon.info dnsmasq[3277]: started, version 2.73rc7 cachesize 150 Tue Apr 19 19:29:23 2016 daemon.info dnsmasq[3277]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-DNSSEC loop-detect inotify Tue Apr 19 19:29:23 2016 daemon.info dnsmasq[3277]: DNS service limited to local subnets Tue Apr 19 19:29:23 2016 daemon.info dnsmasq[3277]: using local addresses only for domain lan Tue Apr 19 19:29:23 2016 daemon.warn dnsmasq[3277]: no servers found in /tmp/resolv.conf.auto, will retry Tue Apr 19 19:29:23 2016 daemon.info dnsmasq[3277]: read /etc/hosts - 1 addresses Tue Apr 19 19:29:24 2016 daemon.notice netifd: Network device 'eth1' link is up Tue Apr 19 19:29:24 2016 daemon.notice netifd: Bridge 'br-lan' link is up Tue Apr 19 19:29:24 2016 daemon.notice netifd: Interface 'lan' has link connectivity Tue Apr 19 19:29:24 2016 daemon.notice netifd: Interface 'lan' is setting up now Tue Apr 19 19:29:24 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity Tue Apr 19 19:29:24 2016 kern.info kernel: [ 59.255399] IPv6: ADDRCONF(NETDEV_CHANGE): eth1: link becomes ready Tue Apr 19 19:29:24 2016 kern.info kernel: [ 59.255484] br-lan: port 1(eth1) entered forwarding state Tue Apr 19 19:29:24 2016 kern.info kernel: [ 59.255518] br-lan: port 1(eth1) entered forwarding state Tue Apr 19 19:29:24 2016 kern.info kernel: [ 59.255570] IPv6: ADDRCONF(NETDEV_CHANGE): br-lan: link becomes ready Tue Apr 19 19:29:24 2016 daemon.notice netifd: Network device 'eth0' link is up Tue Apr 19 19:29:24 2016 daemon.notice netifd: Interface 'wan' has link connectivity Tue Apr 19 19:29:24 2016 daemon.notice netifd: Interface 'wan' is setting up now Tue Apr 19 19:29:24 2016 daemon.notice netifd: Interface 'wan' is now up Tue Apr 19 19:29:24 2016 kern.info kernel: [ 59.285391] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready Tue Apr 19 19:29:24 2016 daemon.notice netifd: lan (3434): udhcpc (v1.23.2) started Tue Apr 19 19:29:24 2016 daemon.notice netifd: Network device 'eth2' link is up Tue Apr 19 19:29:24 2016 daemon.notice netifd: Interface 'wan6' has link connectivity Tue Apr 19 19:29:24 2016 daemon.notice netifd: Interface 'wan6' is setting up now Tue Apr 19 19:29:24 2016 kern.info kernel: [ 59.305708] IPv6: ADDRCONF(NETDEV_CHANGE): eth2: link becomes ready Tue Apr 19 19:29:24 2016 daemon.notice netifd: Interface 'wan6' is now up Tue Apr 19 19:29:24 2016 daemon.notice netifd: lan (3434): Sending discover... Tue Apr 19 19:29:24 2016 daemon.notice netifd: lan (3434): Sending select for 192.168.1.111... Tue Apr 19 19:29:24 2016 user.notice firewall: Reloading firewall due to ifup of wan (eth0) Tue Apr 19 19:29:24 2016 daemon.notice netifd: lan (3434): Lease of 192.168.1.111 obtained, lease time 86400 Tue Apr 19 19:29:24 2016 daemon.notice netifd: Interface 'lan' is now up Tue Apr 19 19:29:24 2016 daemon.info dnsmasq[3277]: reading /tmp/resolv.conf.auto Tue Apr 19 19:29:24 2016 daemon.info dnsmasq[3277]: using local addresses only for domain lan Tue Apr 19 19:29:24 2016 daemon.info dnsmasq[3277]: using nameserver 208.67.222.222#53 Tue Apr 19 19:29:24 2016 daemon.info dnsmasq[3277]: using nameserver 208.67.220.220#53 Tue Apr 19 19:29:24 2016 daemon.info dnsmasq[3277]: exiting on receipt of SIGTERM Tue Apr 19 19:29:24 2016 daemon.info dnsmasq[3525]: started, version 2.73rc7 cachesize 150 Tue Apr 19 19:29:24 2016 daemon.info dnsmasq[3525]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-DNSSEC loop-detect inotify Tue Apr 19 19:29:24 2016 daemon.info dnsmasq[3525]: DNS service limited to local subnets Tue Apr 19 19:29:24 2016 daemon.info dnsmasq[3525]: using local addresses only for domain lan Tue Apr 19 19:29:24 2016 daemon.info dnsmasq[3525]: reading /tmp/resolv.conf.auto Tue Apr 19 19:29:24 2016 daemon.info dnsmasq[3525]: using local addresses only for domain lan Tue Apr 19 19:29:24 2016 daemon.info dnsmasq[3525]: using nameserver 208.67.222.222#53 Tue Apr 19 19:29:24 2016 daemon.info dnsmasq[3525]: using nameserver 208.67.220.220#53 Tue Apr 19 19:29:24 2016 daemon.info dnsmasq[3525]: read /etc/hosts - 1 addresses Tue Apr 19 19:29:24 2016 daemon.info dnsmasq[3525]: read /tmp/hosts/dhcp - 1 addresses Tue Apr 19 19:29:24 2016 user.notice ddns-scripts[3558]: myddns_ipv4: PID '3558' started at 2016-04-19 19:29 Tue Apr 19 19:29:24 2016 user.notice firewall: Reloading firewall due to ifup of wan6 (eth2) Tue Apr 19 19:29:25 2016 user.warn ddns-scripts[3558]: myddns_ipv4: Service section disabled! - TERMINATE Tue Apr 19 19:29:25 2016 user.warn ddns-scripts[3558]: myddns_ipv4: PID '3558' exit WITH ERROR '1' at 2016-04-19 19:29 Tue Apr 19 19:29:25 2016 user.notice ddns-scripts[3701]: myddns_ipv6: PID '3701' started at 2016-04-19 19:29 Tue Apr 19 19:29:25 2016 user.notice firewall: Reloading firewall due to ifup of lan (br-lan) Tue Apr 19 19:29:25 2016 user.warn ddns-scripts[3701]: myddns_ipv6: Service section disabled! - TERMINATE Tue Apr 19 19:29:25 2016 user.warn ddns-scripts[3701]: myddns_ipv6: PID '3701' exit WITH ERROR '1' at 2016-04-19 19:29 Tue Apr 19 19:29:26 2016 kern.info kernel: [ 61.255165] br-lan: port 1(eth1) entered forwarding state Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Enabling inline operation Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Found pid path directive (/var/snort/) Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Running in IDS mode Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: --== Initializing Snort ==-- Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Initializing Output Plugins! Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Initializing Preprocessors! Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Initializing Plug-ins! Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Parsing Rules file "/etc/snort/snort_bridge.conf" Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: PortVar 'HTTP_PORTS' defined : Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: [ 36 80:90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 33300 34412 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: PortVar 'SHELLCODE_PORTS' defined : Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: [ 1:65535 ] Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: PortVar 'ORACLE_PORTS' defined : Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: [ 1024:65535 ] Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: PortVar 'SSH_PORTS' defined : Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: [ 22 ] Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: PortVar 'FTP_PORTS' defined : Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: [ 21 2100 3535 ] Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: PortVar 'SIP_PORTS' defined : Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: [ 5060:5061 5600 ] Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: PortVar 'FILE_DATA_PORTS' defined : Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: [ 36 80:90 110 143 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 3330Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: PortVar 'GTP_PORTS' defined : Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: [ 2123 2152 3386 ] Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Detection: Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Search-Method = AC-Full Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Search-Method-Optimizations = enabled Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Maximum pattern length = 20 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Found pid path directive (/var/snort/) Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Tagged Packet Limit: 256 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so... Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: done Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/... Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so... Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: done Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sip_preproc.so... Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: done Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: done Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so... Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: done Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so... Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: done Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so... Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: done Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_gtp_preproc.so... Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: done Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dnp3_preproc.so... Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: done Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_imap_preproc.so... Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: done Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_modbus_preproc.so... Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: done Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so... Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: done Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so... Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: done Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_pop_preproc.so... Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: done Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_reputation_preproc.so... Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: done Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/ Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Log directory = /tmp/snort/ Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Normalizer config: Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: ip4: on Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: ip4::df: off Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: ip4::rf: off Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: ip4::tos: off Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: ip4::trim: off Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: ip4::ttl: on (min=1, new=5) Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Normalizer config: Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: tcp: on Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: tcp::ecn: stream Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: tcp::block: off Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: tcp::rsv: off Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: tcp::pad: off Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: tcp::req_urg: off Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: tcp::req_pay: off Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: tcp::req_urp: off Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: tcp::urp: off Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: tcp::opt: off Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: tcp::ips: on Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: tcp::trim_syn: off Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: tcp::trim_rst: off Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: tcp::trim_win: off Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: tcp::trim_mss: off Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Normalizer config: Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: icmp4: on Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Normalizer config: Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: ip6: on Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: ip6::hops: on (min=1, new=5) Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Normalizer config: Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: icmp6: on Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Frag3 global config: Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Max frags: 65536 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Fragment memory cap: 4194304 bytes Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Frag3 engine config: Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Bound Address: default Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Target-based policy: WINDOWS Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Fragment timeout: 180 seconds Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Fragment min_ttl: 1 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Fragment Anomalies: Alert Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Overlap Limit: 10 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Min fragment Length: 100 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Max Expected Streams: 39 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Stream global config: Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Track TCP sessions: ACTIVE Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Max TCP sessions: 10000 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: TCP cache pruning timeout: 30 seconds Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: TCP cache nominal timeout: 3600 seconds Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Memcap (for reassembly packet storage): 8388608 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Track UDP sessions: ACTIVE Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Max UDP sessions: 10000 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: UDP cache pruning timeout: 30 seconds Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: UDP cache nominal timeout: 180 seconds Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Track ICMP sessions: ACTIVE Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Max ICMP sessions: 65536 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Track IP sessions: INACTIVE Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Log info if session memory consumption exceeds 1048576 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Send up to 2 active responses Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Wait at least 5 seconds between responses Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Protocol Aware Flushing: ACTIVE Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Maximum Flush Point: 16000 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Stream TCP Policy config: Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Bound Address: default Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Reassembly Policy: WINDOWS Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Timeout: 180 seconds Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Limit on TCP Overlaps: 10 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Maximum number of bytes to queue per session: 1048576 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Maximum number of segs to queue per session: 2621 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Options: Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Require 3-Way Handshake: YES Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: 3-Way Handshake Timeout: 180 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Detect Anomalies: YES Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Reassembly Ports: Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: 21 client (Footprint-IPS) Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: 22 client (Footprint-IPS) Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: 23 client (Footprint-IPS) Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: 25 client (Footprint-IPS) Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: 36 client (Footprint-IPS) server (Footprint-IPS) Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: 42 client (Footprint-IPS) Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: 53 client (Footprint-IPS) Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: 70 client (Footprint-IPS) Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: 79 client (Footprint-IPS) Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: 80 client (Footprint-IPS) server (Footprint-IPS) Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: 81 client (Footprint-IPS) server (Footprint-IPS) Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: 82 client (Footprint-IPS) server (Footprint-IPS) Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: 83 client (Footprint-IPS) server (Footprint-IPS) Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: 84 client (Footprint-IPS) server (Footprint-IPS) Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: 85 client (Footprint-IPS) server (Footprint-IPS) Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: 86 client (Footprint-IPS) server (Footprint-IPS) Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: 87 client (Footprint-IPS) server (Footprint-IPS) Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: 88 client (Footprint-IPS) server (Footprint-IPS) Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: 89 client (Footprint-IPS) server (Footprint-IPS) Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: 90 client (Footprint-IPS) server (Footprint-IPS) Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: additional ports configured but not printed. Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Stream UDP Policy config: Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Timeout: 180 seconds Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: HttpInspect Config: Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: GLOBAL CONFIG Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Detect Proxy Usage: NO Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: IIS Unicode Map Filename: /etc/snort/unicode.map Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: IIS Unicode Map Codepage: 1252 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Memcap used for logging URI and Hostname: 150994944 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Max Gzip Memory: 838860 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Max Gzip Sessions: 1807 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Gzip Compress Depth: 65535 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Gzip Decompress Depth: 65535 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: DEFAULT SERVER CONFIG: Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Server profile: All Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Ports (PAF): 36 80 81 82 83 84 85 86 87 88 89 90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000 7001 7071 7144 7145 7510 7770 7777 7778 7779 8000 8008 8014 8028 8080 8081 8082 8085 8088 8090 8118 8123 8180 8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090 9091 9111 9290 9443 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Server Flow Depth: 0 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Client Flow Depth: 0 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Max Chunk Length: 500000 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Small Chunk Length Evasion: chunk size <= 10, threshold >= 5 times Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Max Header Field Length: 750 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Max Number Header Fields: 100 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Max Number of WhiteSpaces allowed with header folding: 200 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Inspect Pipeline Requests: YES Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: URI Discovery Strict Mode: NO Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Allow Proxy Usage: NO Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Disable Alerting: NO Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Oversize Dir Length: 500 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Only inspect URI: NO Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Normalize HTTP Headers: NO Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Inspect HTTP Cookies: YES Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Inspect HTTP Responses: YES Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Extract Gzip from responses: YES Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Decompress response files: Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Unlimited decompression of gzip data from responses: YES Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Normalize Javascripts in HTTP Responses: YES Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Max Number of WhiteSpaces allowed with Javascript Obfuscation in HTTP responses: 200 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Normalize HTTP Cookies: NO Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Enable XFF and True Client IP: NO Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Log HTTP URI data: NO Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Log HTTP Hostname data: NO Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Extended ASCII code support in URI: NO Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Ascii: YES alert: NO Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Double Decoding: YES alert: NO Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: %U Encoding: YES alert: YES Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Bare Byte: YES alert: NO Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: UTF 8: YES alert: NO Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: IIS Unicode: YES alert: NO Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Multiple Slash: YES alert: NO Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: IIS Backslash: YES alert: NO Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Directory Traversal: YES alert: NO Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Web Root Traversal: YES alert: NO Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Apache WhiteSpace: YES alert: NO Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: IIS Delimiter: YES alert: NO Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Whitespace Characters: 0x09 0x0b 0x0c 0x0d Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: rpc_decode arguments: Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: alert_fragments: INACTIVE Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: alert_large_fragments: INACTIVE Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: alert_incomplete: INACTIVE Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: alert_multiple_requests: INACTIVE Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Portscan Detection Config: Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Detect Protocols: TCP UDP ICMP IP Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Detect Scan Type: portscan portsweep decoy_portscan distributed_portscan Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Sensitivity Level: Medium Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Memcap (in bytes): 500000 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Number of Nodes: 978 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: FTPTelnet Config: Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: GLOBAL CONFIG Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Inspection Type: stateful Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Check for Encrypted Traffic: YES alert: NO Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Continue to check encrypted data: YES Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: TELNET CONFIG: Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Ports: 23 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Are You There Threshold: 20 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Normalize: YES Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Detect Anomalies: YES Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: FTP CONFIG: Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: FTP Server: default Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Ports (PAF): 21 2100 3535 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Check for Telnet Cmds: YES alert: YES Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Ignore Telnet Cmd Operations: YES alert: YES Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Ignore open data channels: NO Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: FTP Client: default Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Check for Bounce Attacks: YES alert: YES Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Check for Telnet Cmds: YES alert: YES Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Ignore Telnet Cmd Operations: YES alert: YES Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Max Response Length: 256 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: SSH config: Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Autodetection: ENABLED Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Challenge-Response Overflow Alert: ENABLED Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: SSH1 CRC32 Alert: ENABLED Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Server Version String Overflow Alert: ENABLED Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Protocol Mismatch Alert: ENABLED Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Bad Message Direction Alert: DISABLED Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Bad Payload Size Alert: DISABLED Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Unrecognized Version Alert: DISABLED Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Max Encrypted Packets: 20 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Max Server Version String Length: 100 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: MaxClientBytes: 19600 (Default) Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Ports: Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: 22 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: DCE/RPC 2 Preprocessor Configuration Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Global Configuration Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: DCE/RPC Defragmentation: Enabled Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Memcap: 102400 KB Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Events: co Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: SMB Fingerprint policy: Disabled Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Server Default Configuration Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Policy: WinXP Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Detect ports (PAF) Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: SMB: 139 445 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: TCP: 135 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: UDP: 135 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: RPC over HTTP server: 593 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: RPC over HTTP proxy: None Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Autodetect ports (PAF) Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: SMB: None Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: TCP: 1025-65535 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: UDP: 1025-65535 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: RPC over HTTP server: 1025-65535 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: RPC over HTTP proxy: None Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Invalid SMB shares: C$ D$ ADMIN$ Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Maximum SMB command chaining: 3 commands Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: SMB file inspection: Disabled Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: DNS config: Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: DNS Client rdata txt Overflow Alert: ACTIVE Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Obsolete DNS RR Types Alert: INACTIVE Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Experimental DNS RR Types Alert: INACTIVE Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Ports: Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: 53 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: SSLPP config: Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Encrypted packets: not inspected Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Ports: Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: 443 465 563 636 989 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: 992 993 994 995 7801 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: 7802 7900 7901 7902 7903 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: 7904 7905 7906 7907 7908 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: 7909 7910 7911 7912 7913 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: 7914 7915 7916 7917 7918 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: 7919 7920 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Server side data is trusted Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Maximum SSL Heartbeat length: 0 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Sensitive Data preprocessor config: Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Global Alert Threshold: 25 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Masked Output: DISABLED Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: SIP config: Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Max number of sessions: 1024 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Max number of dialogs in a session: 4 (Default) Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Status: ENABLED Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Ignore media channel: DISABLED Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Max URI length: 512 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Max Call ID length: 80 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Max Request name length: 20 (Default) Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Max From length: 256 (Default) Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Max To length: 256 (Default) Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Max Via length: 1024 (Default) Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Max Contact length: 512 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Max Content length: 2048 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Ports: Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: 5060 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: 5061 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: 5600 Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Methods: Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: invite Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: cancel Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: ack Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: bye Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: register Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: options Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: refer Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: subscribe Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: update Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: join Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: info Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: message Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: notify Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: benotify Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: do Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: qauth Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: sprack Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: publish Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: service Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: unsubscribe Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: prack Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: +++++++++++++++++++++++++++++++++++++++++++++++++++ Tue Apr 19 19:29:27 2016 daemon.notice snort[3850]: Initializing rule chains... Tue Apr 19 19:29:28 2016 daemon.notice snort[3850]: WARNING: /etc/snort/rules/snort.rules(1113) threshold (in rule) is deprecated; use detection_filter instead. Tue Apr 19 19:29:31 2016 kern.info kernel: [ 66.553186] nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to attach helpers instead. Tue Apr 19 19:29:31 2016 daemon.notice snort[3850]: 4468 Snort rules read Tue Apr 19 19:29:31 2016 daemon.notice snort[3850]: 4468 detection rules Tue Apr 19 19:29:31 2016 daemon.notice snort[3850]: 0 decoder rules Tue Apr 19 19:29:31 2016 daemon.notice snort[3850]: 0 preprocessor rules Tue Apr 19 19:29:31 2016 daemon.notice snort[3850]: 4468 Option Chains linked into 671 Chain Headers Tue Apr 19 19:29:31 2016 daemon.notice snort[3850]: 0 Dynamic rules Tue Apr 19 19:29:31 2016 daemon.notice snort[3850]: +++++++++++++++++++++++++++++++++++++++++++++++++++ Tue Apr 19 19:29:31 2016 daemon.notice snort[3850]: Tue Apr 19 19:29:32 2016 user.emerg procd: Cannot change large-receive-offload Tue Apr 19 19:29:33 2016 kern.notice kernel: [ 68.304986] eth0: Link down Tue Apr 19 19:29:34 2016 daemon.notice netifd: Network device 'eth0' link is down Tue Apr 19 19:29:34 2016 daemon.notice netifd: Interface 'wan' has link connectivity loss Tue Apr 19 19:29:34 2016 daemon.notice netifd: Interface 'wan' is now down Tue Apr 19 19:29:34 2016 daemon.notice netifd: Interface 'wan' is disabled Tue Apr 19 19:29:34 2016 daemon.notice netifd: Interface 'wan' is enabled Tue Apr 19 19:29:34 2016 kern.info kernel: [ 69.309286] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready Tue Apr 19 19:29:35 2016 user.emerg procd: Cannot change large-receive-offload Tue Apr 19 19:29:36 2016 kern.notice kernel: [ 71.274937] eth1: Link down Tue Apr 19 19:29:37 2016 daemon.notice netifd: Network device 'eth1' link is down Tue Apr 19 19:29:37 2016 kern.info kernel: [ 72.265365] br-lan: port 1(eth1) entered disabled state Tue Apr 19 19:29:37 2016 daemon.notice netifd: Network device 'eth0' link is up Tue Apr 19 19:29:37 2016 daemon.notice netifd: Interface 'wan' has link connectivity Tue Apr 19 19:29:37 2016 daemon.notice netifd: Interface 'wan' is setting up now Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: +-------------------[Rule Port Counts]--------------------------------------- Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | tcp udp icmp ip Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | src 1349 8 0 0 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | dst 2321 109 0 0 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | any 436 245 0 0 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | nc 291 239 0 0 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | s+d 28 0 0 0 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: +---------------------------------------------------------------------------- Tue Apr 19 19:29:37 2016 daemon.notice netifd: Interface 'wan' is now up Tue Apr 19 19:29:37 2016 kern.notice kernel: [ 72.325345] eth0: 1000 Mbps Full duplex, port 0 Tue Apr 19 19:29:37 2016 kern.info kernel: [ 72.325372] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: +-----------------------[detection-filter-config]------------------------------ Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | memory-cap : 1048576 bytes Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: +-----------------------[detection-filter-rules]------------------------------- Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: ------------------------------------------------------------------------------- Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: +-----------------------[rate-filter-config]----------------------------------- Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | memory-cap : 1048576 bytes Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: +-----------------------[rate-filter-rules]------------------------------------ Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | none Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: ------------------------------------------------------------------------------- Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: +-----------------------[event-filter-config]---------------------------------- Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | memory-cap : 1048576 bytes Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: +-----------------------[event-filter-global]---------------------------------- Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | none Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: +-----------------------[event-filter-local]----------------------------------- Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404201 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404200 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404197 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404196 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404195 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404194 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404207 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404206 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404205 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404204 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404203 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404202 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404153 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404152 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404151 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404150 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404161 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404160 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404159 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404158 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404157 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404156 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404155 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404154 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404185 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404184 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404183 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404182 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404181 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404180 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404179 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404178 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404193 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404192 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404191 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404190 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404189 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404188 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404187 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404186 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404169 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404168 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404167 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404166 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404165 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404164 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404163 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404162 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404177 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404176 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404175 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404174 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404173 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404172 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404171 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404170 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404345 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404344 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404343 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404342 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404341 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404340 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404339 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404338 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404349 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404348 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404347 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404346 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404329 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404328 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404327 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404326 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404325 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404324 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404323 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404322 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404337 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404336 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404335 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404334 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404333 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404332 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404331 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404330 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2000031 type=Limit tracking=dst count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2022291 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404313 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404312 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404311 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404310 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404309 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404308 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404307 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404306 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404321 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404320 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404319 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404318 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404317 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404316 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404315 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404314 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2000049 type=Limit tracking=dst count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2000048 type=Limit tracking=dst count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404305 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404304 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404303 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404302 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404301 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404300 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2018430 type=Limit tracking=src count=1 seconds=300 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2018433 type=Limit tracking=src count=1 seconds=300 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2018432 type=Limit tracking=src count=1 seconds=300 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2018431 type=Limit tracking=src count=1 seconds=300 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2018389 type=Limit tracking=src count=1 seconds=120 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2018388 type=Limit tracking=src count=1 seconds=120 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404444 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404443 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404442 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404441 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404440 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2018383 type=Limit tracking=src count=1 seconds=120 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404439 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404438 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404437 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2018374 type=Limit tracking=src count=1 seconds=120 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2018373 type=Limit tracking=src count=1 seconds=120 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404445 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2018372 type=Limit tracking=src count=1 seconds=120 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2018382 type=Limit tracking=dst count=1 seconds=120 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2018378 type=Limit tracking=src count=1 seconds=120 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2018377 type=Limit tracking=src count=1 seconds=120 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404404 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404403 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404402 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404401 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404400 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404428 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404427 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404426 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404425 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404424 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404423 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404422 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404421 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404436 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404435 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404434 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404433 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404432 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404431 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404430 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404429 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404412 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404411 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404410 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404409 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404408 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404407 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404406 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404405 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404420 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404419 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404418 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404417 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404416 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404415 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404414 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404413 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2021333 type=Both tracking=src count=10 seconds=120 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2021332 type=Both tracking=src count=10 seconds=120 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2021331 type=Both tracking=src count=10 seconds=120 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2021330 type=Both tracking=src count=10 seconds=120 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2021329 type=Both tracking=src count=10 seconds=120 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2021328 type=Both tracking=src count=10 seconds=120 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2021327 type=Both tracking=src count=10 seconds=120 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2021326 type=Limit tracking=src count=3 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2001316 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2001315 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2019778 type=Both tracking=dst count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2002402 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2002400 type=Limit tracking=src count=2 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403360 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403359 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403358 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403357 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403356 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403355 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403354 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403353 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403368 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403367 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403366 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403365 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403364 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403363 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403362 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403361 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403344 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403343 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403342 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403341 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403340 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403339 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403338 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403337 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403352 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403351 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403350 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403349 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403348 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403347 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403346 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403345 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403392 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403391 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403390 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403389 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403388 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403387 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403386 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403385 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2021444 type=Both tracking=src count=10 seconds=120 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2021443 type=Both tracking=src count=10 seconds=120 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403400 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403399 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403398 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403397 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403396 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403395 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403394 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403393 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403376 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403375 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403374 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403373 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403372 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403371 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403370 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403369 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403384 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403383 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403382 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403381 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403380 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403379 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403378 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403377 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2021410 type=Both tracking=src count=10 seconds=120 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2021409 type=Both tracking=src count=10 seconds=120 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403328 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403336 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403335 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403334 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403333 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403332 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403331 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403330 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403329 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500009 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500008 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500007 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500006 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500005 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500004 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500003 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500002 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500017 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500016 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500015 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500014 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500013 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500012 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500011 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500010 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500001 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500000 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403424 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500041 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403423 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500040 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403422 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500039 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403421 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500038 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403420 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500037 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403419 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500036 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403418 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500035 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403417 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500034 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403432 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500049 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403431 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500048 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403430 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500047 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403429 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500046 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403428 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500045 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403427 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500044 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403426 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500043 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403425 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500042 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403408 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500025 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403407 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500024 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403406 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500023 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403405 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500022 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403404 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500021 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403403 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500020 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403402 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500019 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403401 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500018 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403416 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500033 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403415 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500032 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403414 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500031 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403413 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500030 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403412 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500029 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403411 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500028 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403410 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500027 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403409 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403456 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500026 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403455 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403454 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403453 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403452 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403451 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403450 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403449 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403463 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403462 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403461 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403460 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403459 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403458 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403457 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403440 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403439 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403438 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403437 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403436 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403435 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403434 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403433 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403448 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403447 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403446 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403445 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403444 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403443 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403442 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403441 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2022618 type=Limit tracking=src count=1 seconds=30 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2022617 type=Limit tracking=src count=1 seconds=30 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2022616 type=Limit tracking=src count=1 seconds=30 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2022615 type=Limit tracking=src count=1 seconds=30 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2011146 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2021575 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2021574 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2021573 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2021572 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2018569 type=Limit tracking=src count=1 seconds=120 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2018568 type=Limit tracking=src count=1 seconds=120 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2001564 type=Limit tracking=src count=5 seconds=300 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2001562 type=Limit tracking=src count=2 seconds=300 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2003261 type=Both tracking=src count=1 seconds=900 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2003260 type=Both tracking=src count=1 seconds=900 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2003259 type=Both tracking=src count=1 seconds=900 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2003258 type=Both tracking=src count=1 seconds=900 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2003257 type=Both tracking=src count=2 seconds=900 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2003256 type=Both tracking=src count=2 seconds=900 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2003255 type=Both tracking=src count=1 seconds=900 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2003254 type=Both tracking=src count=1 seconds=900 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2003281 type=Both tracking=src count=1 seconds=900 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2003280 type=Both tracking=src count=1 seconds=900 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2003279 type=Both tracking=src count=1 seconds=900 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2003278 type=Both tracking=src count=1 seconds=900 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2003269 type=Both tracking=src count=1 seconds=900 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2003268 type=Both tracking=src count=1 seconds=900 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2003267 type=Both tracking=src count=1 seconds=900 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2003266 type=Both tracking=src count=1 seconds=900 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2003263 type=Both tracking=src count=1 seconds=900 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2003262 type=Both tracking=src count=1 seconds=900 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2003277 type=Both tracking=src count=1 seconds=900 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2003276 type=Both tracking=src count=1 seconds=900 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2003275 type=Both tracking=src count=1 seconds=900 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2003274 type=Both tracking=src count=1 seconds=900 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2003273 type=Both tracking=src count=1 seconds=900 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2003272 type=Both tracking=src count=1 seconds=900 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2003271 type=Both tracking=src count=1 seconds=900 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2003270 type=Both tracking=src count=1 seconds=900 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2021691 type=Limit tracking=src count=3 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2019897 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2019950 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2019922 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2003387 type=Limit tracking=src count=5 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2003384 type=Limit tracking=src count=1 seconds=300 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2402001 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2020661 type=Limit tracking=dst count=1 seconds=1200 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2402000 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2020712 type=Limit tracking=src count=2 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2405010 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2405009 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2405008 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2405007 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2405006 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2405005 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2405004 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2405003 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2405018 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2405017 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2405016 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2405015 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2405014 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2405013 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2405012 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2405011 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2003397 type=Both tracking=src count=1 seconds=300 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2405002 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2405001 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2405000 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2405042 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2405041 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2405040 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2405039 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2405038 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2405037 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2405036 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2405035 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2405046 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2405045 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2405044 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2405043 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2405026 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2405025 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2405024 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2405023 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2405022 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2405021 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2405020 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2405019 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2405034 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2405033 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2405032 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2405031 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2405030 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2405029 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2405028 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2405027 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2003566 type=Limit tracking=src count=3 seconds=300 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2003585 type=Limit tracking=src count=3 seconds=300 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2003583 type=Limit tracking=src count=3 seconds=300 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2003493 type=Limit tracking=src count=2 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2003497 type=Limit tracking=src count=3 seconds=300 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404086 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404085 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404084 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404083 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404082 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404081 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404080 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404079 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403309 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404091 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403308 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403307 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404090 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404089 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403306 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403305 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404088 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404087 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403304 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403303 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403302 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403317 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403316 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403315 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403314 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403313 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403312 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403311 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403310 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403301 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403300 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404038 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404037 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404036 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404035 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 user.notice firewall: Reloading firewall due to ifup of wan (eth0) Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404034 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404033 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404032 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404031 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404046 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404045 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403325 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404044 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404043 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403324 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403323 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404042 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404041 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403322 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403321 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404040 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404039 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403320 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403319 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404022 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404021 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403318 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404020 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404019 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404018 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404017 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404016 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404015 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403327 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404030 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404029 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2403326 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404028 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404027 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404026 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404025 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404024 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404023 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404070 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404069 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404068 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404067 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404066 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404065 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404064 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404063 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404078 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404077 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404076 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404075 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404074 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404073 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404072 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404071 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404054 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404053 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404052 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404051 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404050 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404049 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404048 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404047 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404062 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404061 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404060 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404059 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404058 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404057 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404056 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404055 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2001858 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2001855 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2001864 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2001872 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2020240 type=Limit tracking=src count=1 seconds=180 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404006 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404005 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404004 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404003 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404002 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404001 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404000 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404014 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404013 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404012 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404011 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404010 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404009 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404008 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2404007 type=Limit tracking=src count=1 seconds=3600 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2008085 type=Limit tracking=src count=2 seconds=300 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2018090 type=Limit tracking=src count=1 seconds=300 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2018088 type=Limit tracking=src count=1 seconds=300 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2021018 type=Both tracking=dst count=10 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500067 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500066 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500057 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500056 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500055 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500054 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500053 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500052 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500051 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500050 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500065 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500064 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500063 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500062 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500061 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500060 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500059 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2500058 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2019418 type=Both tracking=src count=50 seconds=300 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2000929 type=Limit tracking=src count=1 seconds=360 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=1 sig-id=2008549 type=Limit tracking=src count=1 seconds=60 Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: +-----------------------[suppression]------------------------------------------ Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=129 sig-id=20 tracking=none Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: | gen-id=129 sig-id=12 tracking=none Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: ------------------------------------------------------------------------------- Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: Rule application order: activation->dynamic->pass->drop->sdrop->reject->alert->log Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: Verifying Preprocessor Configurations! Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: WARNING: flowbits key 'ET.http.binary' is checked but not ever set. Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: WARNING: flowbits key 'et.JavaArchiveOrClass' is checked but not ever set. Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: WARNING: flowbits key 'ET.Evil' is set but not ever checked. Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: WARNING: flowbits key 'AnglerEK' is set but not ever checked. Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: WARNING: flowbits key 'et.http.PK' is checked but not ever set. Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: WARNING: flowbits key 'SunDown.EK' is set but not ever checked. Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: WARNING: flowbits key 'et.MS.XMLHTTP.ip.request' is checked but not ever set. Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: WARNING: flowbits key 'ET.pdf.in.http' is checked but not ever set. Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: WARNING: flowbits key 'ET.BotccIP' is set but not ever checked. Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: WARNING: flowbits key 'EXE2' is set but not ever checked. Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: WARNING: flowbits key 'ET.http.rtf.download' is set but not ever checked. Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: WARNING: flowbits key 'et.DocVBAProject' is set but not ever checked. Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: WARNING: flowbits key 'et.MS.WinHttpRequest.no.exe.request' is checked but not ever set. Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: WARNING: flowbits key 'FlimKit.SWF.Redirect' is checked but not ever set. Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: WARNING: flowbits key 'ET.http.javaclient.SakuraPorts' is checked but not ever set. Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: WARNING: flowbits key 'ET.RIGEKExploit' is set but not ever checked. Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: WARNING: flowbits key 'et.MS.XMLHTTP.no.exe.request' is checked but not ever set. Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: WARNING: flowbits key 'et.WinHttpRequest' is checked but not ever set. Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: WARNING: flowbits key 'et.MCOFF' is checked but not ever set. Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: WARNING: flowbits key 'ET.DshieldIP' is set but not ever checked. Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: WARNING: flowbits key 'ET.Adobe.Site.Download' is checked but not ever set. Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: WARNING: flowbits key 'ET.CottonCastle.Exploit' is set but not ever checked. Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: WARNING: flowbits key 'ETPRO.RTF' is set but not ever checked. Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: WARNING: flowbits key 'ET.wininet.UA' is checked but not ever set. Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: WARNING: flowbits key 'ET.ZoneAlarm.Site.Download' is checked but not ever set. Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: WARNING: flowbits key 'NuclearEK' is set but not ever checked. Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: WARNING: flowbits key 'ET.CompIP' is set but not ever checked. Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: WARNING: flowbits key 'ET.http.javaclient' is checked but not ever set. Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: WARNING: flowbits key 'ET.http.javaclient.vulnerable' is checked but not ever set. Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: WARNING: flowbits key 'ET.JS.Obfus.Func' is checked but not ever set. Tue Apr 19 19:29:37 2016 daemon.notice snort[3850]: 79 out of 1024 flowbits in use. Tue Apr 19 19:29:37 2016 user.notice ddns-scripts[4005]: myddns_ipv4: PID '4005' started at 2016-04-19 19:29 Tue Apr 19 19:29:37 2016 user.warn ddns-scripts[4005]: myddns_ipv4: Service section disabled! - TERMINATE Tue Apr 19 19:29:37 2016 user.warn ddns-scripts[4005]: myddns_ipv4: PID '4005' exit WITH ERROR '1' at 2016-04-19 19:29 Tue Apr 19 19:29:38 2016 user.emerg procd: Cannot change large-receive-offload Tue Apr 19 19:29:38 2016 daemon.notice netifd: Bridge 'br-lan' link is down Tue Apr 19 19:29:38 2016 daemon.notice netifd: Interface 'lan' has link connectivity loss Tue Apr 19 19:29:38 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity loss Tue Apr 19 19:29:38 2016 daemon.notice netifd: lan (3434): Received SIGTERM Tue Apr 19 19:29:39 2016 kern.notice kernel: [ 74.324945] eth2: Link down Tue Apr 19 19:29:40 2016 daemon.notice netifd: Network device 'eth1' link is up Tue Apr 19 19:29:40 2016 daemon.notice netifd: Bridge 'br-lan' link is up Tue Apr 19 19:29:40 2016 daemon.notice netifd: Interface 'lan' has link connectivity Tue Apr 19 19:29:40 2016 daemon.notice netifd: Interface 'lan' is setting up now Tue Apr 19 19:29:40 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity Tue Apr 19 19:29:40 2016 kern.notice kernel: [ 75.285292] eth1: 1000 Mbps Full duplex, port 1 Tue Apr 19 19:29:40 2016 kern.info kernel: [ 75.285339] br-lan: port 1(eth1) entered forwarding state Tue Apr 19 19:29:40 2016 kern.info kernel: [ 75.285372] br-lan: port 1(eth1) entered forwarding state Tue Apr 19 19:29:40 2016 daemon.notice netifd: lan (4107): udhcpc (v1.23.2) started Tue Apr 19 19:29:40 2016 daemon.notice netifd: lan (4107): Sending discover... Tue Apr 19 19:29:40 2016 daemon.notice netifd: lan (4107): Sending select for 192.168.1.111... Tue Apr 19 19:29:40 2016 daemon.notice netifd: lan (4107): Lease of 192.168.1.111 obtained, lease time 86400 Tue Apr 19 19:29:40 2016 daemon.warn dnsmasq[3525]: no servers found in /tmp/resolv.conf.auto, will retry Tue Apr 19 19:29:40 2016 daemon.notice netifd: Interface 'lan' is now up Tue Apr 19 19:29:40 2016 daemon.info dnsmasq[3525]: reading /tmp/resolv.conf.auto Tue Apr 19 19:29:40 2016 daemon.info dnsmasq[3525]: using local addresses only for domain lan Tue Apr 19 19:29:40 2016 daemon.info dnsmasq[3525]: using nameserver 208.67.222.222#53 Tue Apr 19 19:29:40 2016 daemon.info dnsmasq[3525]: using nameserver 208.67.220.220#53 Tue Apr 19 19:29:40 2016 user.notice firewall: Reloading firewall due to ifup of lan (br-lan) Tue Apr 19 19:29:41 2016 daemon.notice netifd: Network device 'eth2' link is down Tue Apr 19 19:29:41 2016 daemon.notice netifd: Interface 'wan6' has link connectivity loss Tue Apr 19 19:29:41 2016 daemon.notice netifd: Interface 'wan6' is now down Tue Apr 19 19:29:41 2016 daemon.notice netifd: Interface 'wan6' is disabled Tue Apr 19 19:29:41 2016 daemon.notice netifd: Interface 'wan6' is enabled Tue Apr 19 19:29:41 2016 kern.info kernel: [ 76.299222] IPv6: ADDRCONF(NETDEV_UP): eth2: link is not ready Tue Apr 19 19:29:42 2016 user.emerg procd: /etc/rc.local: line 36: /etc/itus/detect_mode.sh: Permission denied Tue Apr 19 19:29:42 2016 kern.info kernel: [ 77.285166] br-lan: port 1(eth1) entered forwarding state Tue Apr 19 19:29:43 2016 daemon.notice netifd: Network device 'eth2' link is up Tue Apr 19 19:29:43 2016 daemon.notice netifd: Interface 'wan6' has link connectivity Tue Apr 19 19:29:43 2016 daemon.notice netifd: Interface 'wan6' is setting up now Tue Apr 19 19:29:43 2016 kern.notice kernel: [ 78.315328] eth2: 1000 Mbps Full duplex, port 2 Tue Apr 19 19:29:43 2016 kern.info kernel: [ 78.315388] IPv6: ADDRCONF(NETDEV_CHANGE): eth2: link becomes ready Tue Apr 19 19:29:43 2016 daemon.notice netifd: Interface 'wan6' is now up Tue Apr 19 19:29:43 2016 daemon.notice vnstatd[4269]: vnStat daemon 1.12 started. (uid:0 gid:0) Tue Apr 19 19:29:43 2016 daemon.notice vnstatd[4269]: Monitoring: br-lan (100 Mbit) eth0 (100 Mbit) Tue Apr 19 19:29:43 2016 user.emerg procd: Stopping strongSwan IPsec failed: starter is not running Tue Apr 19 19:29:43 2016 user.notice firewall: Reloading firewall due to ifup of wan6 (eth2) Tue Apr 19 19:29:43 2016 user.notice ddns-scripts[4368]: myddns_ipv6: PID '4368' started at 2016-04-19 19:29 Tue Apr 19 19:29:43 2016 user.warn ddns-scripts[4368]: myddns_ipv6: Service section disabled! - TERMINATE Tue Apr 19 19:29:44 2016 user.warn ddns-scripts[4368]: myddns_ipv6: PID '4368' exit WITH ERROR '1' at 2016-04-19 19:29 Tue Apr 19 19:29:45 2016 daemon.info dnsmasq[3525]: exiting on receipt of SIGTERM Tue Apr 19 19:29:45 2016 daemon.info dnsmasq[4451]: started, version 2.73rc7 cachesize 150 Tue Apr 19 19:29:45 2016 daemon.info dnsmasq[4451]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-DNSSEC loop-detect inotify Tue Apr 19 19:29:45 2016 daemon.info dnsmasq[4451]: DNS service limited to local subnets Tue Apr 19 19:29:45 2016 daemon.info dnsmasq[4451]: using local addresses only for domain lan Tue Apr 19 19:29:45 2016 daemon.info dnsmasq[4451]: reading /tmp/resolv.conf.auto Tue Apr 19 19:29:45 2016 daemon.info dnsmasq[4451]: using local addresses only for domain lan Tue Apr 19 19:29:45 2016 daemon.info dnsmasq[4451]: using nameserver 208.67.222.222#53 Tue Apr 19 19:29:45 2016 daemon.info dnsmasq[4451]: using nameserver 208.67.220.220#53 Tue Apr 19 19:29:45 2016 daemon.info dnsmasq[4451]: read /etc/hosts - 1 addresses Tue Apr 19 19:29:45 2016 daemon.info dnsmasq[4451]: read /tmp/hosts/dhcp - 1 addresses Tue Apr 19 19:29:48 2016 daemon.notice netifd: Interface 'blockdomain' is now down Tue Apr 19 19:29:48 2016 daemon.notice netifd: Interface 'blockdomain' is setting up now Tue Apr 19 19:29:48 2016 daemon.notice netifd: Interface 'blockdomain' is now up Tue Apr 19 19:29:49 2016 daemon.info dnsmasq[4451]: exiting on receipt of SIGTERM Tue Apr 19 19:29:49 2016 daemon.info dnsmasq[4770]: started, version 2.73rc7 cachesize 150 Tue Apr 19 19:29:49 2016 daemon.info dnsmasq[4770]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-DNSSEC loop-detect inotify Tue Apr 19 19:29:49 2016 daemon.info dnsmasq[4770]: DNS service limited to local subnets Tue Apr 19 19:29:49 2016 daemon.info dnsmasq[4770]: using local addresses only for domain lan Tue Apr 19 19:29:49 2016 daemon.info dnsmasq[4770]: reading /tmp/resolv.conf.auto Tue Apr 19 19:29:49 2016 daemon.info dnsmasq[4770]: using local addresses only for domain lan Tue Apr 19 19:29:49 2016 daemon.info dnsmasq[4770]: using nameserver 208.67.222.222#53 Tue Apr 19 19:29:49 2016 daemon.info dnsmasq[4770]: using nameserver 208.67.220.220#53 Tue Apr 19 19:29:49 2016 daemon.info dnsmasq[4770]: read /etc/hosts - 1 addresses Tue Apr 19 19:29:49 2016 daemon.info dnsmasq[4770]: read /tmp/hosts/dhcp - 1 addresses Tue Apr 19 19:29:49 2016 user.notice update_webfilter: updated dnsmasq blacklist Tue Apr 19 19:29:49 2016 user.notice update_webfilter: updated network.interface.blockdomain: 192.168.1.112 Tue Apr 19 19:29:49 2016 user.notice update_webfilter: updated firewall.@redirect[0].Itusfilter: 192.168.1.112 Tue Apr 19 19:29:49 2016 user.notice update_webfilter: updated firewall.@redirect[1]dns-traffic-to-shield: 192.168.1.112 Tue Apr 19 19:29:49 2016 user.notice update_webfilter: updated uhttpd.Itusfilter Tue Apr 19 19:30:01 2016 kern.notice kernel: [ 96.355016] eth0: Link down Tue Apr 19 19:30:02 2016 daemon.notice netifd: Network device 'eth0' link is down Tue Apr 19 19:30:02 2016 daemon.notice netifd: Interface 'wan' has link connectivity loss Tue Apr 19 19:30:02 2016 daemon.notice netifd: Interface 'wan' is now down Tue Apr 19 19:30:02 2016 daemon.notice netifd: Interface 'wan' is disabled Tue Apr 19 19:30:02 2016 daemon.notice netifd: Interface 'wan' is enabled Tue Apr 19 19:30:02 2016 kern.info kernel: [ 97.359885] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready Tue Apr 19 19:30:03 2016 kern.notice kernel: [ 98.304937] eth1: Link down Tue Apr 19 19:30:04 2016 daemon.notice netifd: Network device 'eth1' link is down Tue Apr 19 19:30:04 2016 kern.info kernel: [ 99.295359] br-lan: port 1(eth1) entered disabled state Tue Apr 19 19:30:04 2016 daemon.notice netifd: Network device 'eth0' link is up Tue Apr 19 19:30:04 2016 daemon.notice netifd: Interface 'wan' has link connectivity Tue Apr 19 19:30:04 2016 daemon.notice netifd: Interface 'wan' is setting up now Tue Apr 19 19:30:04 2016 kern.notice kernel: [ 99.375365] eth0: 1000 Mbps Full duplex, port 0 Tue Apr 19 19:30:04 2016 kern.info kernel: [ 99.375395] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready Tue Apr 19 19:30:04 2016 daemon.notice netifd: Interface 'wan' is now up Tue Apr 19 19:30:04 2016 user.notice firewall: Reloading firewall due to ifup of wan (eth0) Tue Apr 19 19:30:04 2016 user.notice ddns-scripts[4933]: myddns_ipv4: PID '4933' started at 2016-04-19 19:30 Tue Apr 19 19:30:05 2016 user.warn ddns-scripts[4933]: myddns_ipv4: Service section disabled! - TERMINATE Tue Apr 19 19:30:05 2016 user.warn ddns-scripts[4933]: myddns_ipv4: PID '4933' exit WITH ERROR '1' at 2016-04-19 19:30 Tue Apr 19 19:30:05 2016 daemon.notice netifd: Bridge 'br-lan' link is down Tue Apr 19 19:30:05 2016 daemon.notice netifd: Interface 'lan' has link connectivity loss Tue Apr 19 19:30:05 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity loss Tue Apr 19 19:30:05 2016 daemon.notice netifd: lan (4107): Received SIGTERM Tue Apr 19 19:30:05 2016 kern.notice kernel: [ 100.334969] eth2: Link down Tue Apr 19 19:30:06 2016 daemon.notice netifd: Network device 'eth1' link is up Tue Apr 19 19:30:06 2016 daemon.notice netifd: Bridge 'br-lan' link is up Tue Apr 19 19:30:06 2016 daemon.notice netifd: Interface 'lan' has link connectivity Tue Apr 19 19:30:06 2016 daemon.notice netifd: Interface 'lan' is setting up now Tue Apr 19 19:30:06 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity Tue Apr 19 19:30:06 2016 kern.notice kernel: [ 101.315288] eth1: 1000 Mbps Full duplex, port 1 Tue Apr 19 19:30:06 2016 kern.info kernel: [ 101.315327] br-lan: port 1(eth1) entered forwarding state Tue Apr 19 19:30:06 2016 kern.info kernel: [ 101.315361] br-lan: port 1(eth1) entered forwarding state Tue Apr 19 19:30:06 2016 daemon.notice netifd: lan (5028): udhcpc (v1.23.2) started Tue Apr 19 19:30:06 2016 daemon.notice netifd: lan (5028): Sending discover... Tue Apr 19 19:30:06 2016 daemon.notice netifd: lan (5028): Sending select for 192.168.1.111... Tue Apr 19 19:30:06 2016 daemon.notice netifd: lan (5028): Lease of 192.168.1.111 obtained, lease time 86400 Tue Apr 19 19:30:06 2016 daemon.warn dnsmasq[4770]: no servers found in /tmp/resolv.conf.auto, will retry Tue Apr 19 19:30:06 2016 daemon.notice netifd: Interface 'lan' is now up Tue Apr 19 19:30:06 2016 daemon.info dnsmasq[4770]: reading /tmp/resolv.conf.auto Tue Apr 19 19:30:06 2016 daemon.info dnsmasq[4770]: using local addresses only for domain lan Tue Apr 19 19:30:06 2016 daemon.info dnsmasq[4770]: using nameserver 208.67.222.222#53 Tue Apr 19 19:30:06 2016 daemon.info dnsmasq[4770]: using nameserver 208.67.220.220#53 Tue Apr 19 19:30:06 2016 user.notice firewall: Reloading firewall due to ifup of lan (br-lan) Tue Apr 19 19:30:07 2016 daemon.notice netifd: Network device 'eth2' link is down Tue Apr 19 19:30:07 2016 daemon.notice netifd: Interface 'wan6' has link connectivity loss Tue Apr 19 19:30:07 2016 daemon.notice netifd: Interface 'wan6' is now down Tue Apr 19 19:30:07 2016 daemon.notice netifd: Interface 'wan6' is disabled Tue Apr 19 19:30:07 2016 daemon.notice netifd: Interface 'wan6' is enabled Tue Apr 19 19:30:07 2016 kern.info kernel: [ 102.328725] IPv6: ADDRCONF(NETDEV_UP): eth2: link is not ready Tue Apr 19 19:30:08 2016 kern.info kernel: [ 103.315163] br-lan: port 1(eth1) entered forwarding state Tue Apr 19 19:30:08 2016 daemon.notice netifd: Network device 'eth2' link is up Tue Apr 19 19:30:08 2016 daemon.notice netifd: Interface 'wan6' has link connectivity Tue Apr 19 19:30:08 2016 daemon.notice netifd: Interface 'wan6' is setting up now Tue Apr 19 19:30:08 2016 kern.notice kernel: [ 103.345513] eth2: 1000 Mbps Full duplex, port 2 Tue Apr 19 19:30:08 2016 kern.info kernel: [ 103.345547] IPv6: ADDRCONF(NETDEV_CHANGE): eth2: link becomes ready Tue Apr 19 19:30:08 2016 daemon.notice netifd: Interface 'wan6' is now up Tue Apr 19 19:30:08 2016 user.notice firewall: Reloading firewall due to ifup of wan6 (eth2) Tue Apr 19 19:30:08 2016 user.notice ddns-scripts[5260]: myddns_ipv6: PID '5260' started at 2016-04-19 19:30 Tue Apr 19 19:30:08 2016 user.warn ddns-scripts[5260]: myddns_ipv6: Service section disabled! - TERMINATE Tue Apr 19 19:30:08 2016 user.warn ddns-scripts[5260]: myddns_ipv6: PID '5260' exit WITH ERROR '1' at 2016-04-19 19:30 Tue Apr 19 19:30:18 2016 daemon.info dnsmasq[4770]: query[A] openapi.meshare.com from 192.168.1.118 Tue Apr 19 19:30:18 2016 daemon.info dnsmasq[4770]: forwarded openapi.meshare.com to 208.67.222.222 Tue Apr 19 19:30:18 2016 daemon.info dnsmasq[4770]: forwarded openapi.meshare.com to 208.67.220.220 Tue Apr 19 19:30:18 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: openapi.meshare.com Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: [ Port Based Pattern Matching Memory ] Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: +- [ Aho-Corasick Summary ] ------------------------------------- Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: | Storage Format : Full Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: | Finite Automaton : DFA Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: | Alphabet Size : 256 Chars Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: | Sizeof State : Variable (1,2,4 bytes) Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: | Instances : 399 Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: | 1 byte states : 299 Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: | 2 byte states : 100 Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: | 4 byte states : 0 Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: | Characters : 261080 Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: | States : 198098 Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: | Transitions : 9623950 Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: | State Density : 19.0% Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: | Patterns : 22595 Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: | Match States : 18774 Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: | Memory (MB) : 101.42 Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: | Patterns : 2.22 Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: | Match Lists : 4.04 Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: | DFA Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: | 1 byte states : 4.17 Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: | 2 byte states : 90.78 Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: | 4 byte states : 0.00 Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: +---------------------------------------------------------------- Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: [ Number of patterns truncated to 20 bytes: 3423 ] Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: afpacket DAQ configured to inline. Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: Acquiring network traffic from "eth0:eth2". Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: Initializing daemon mode Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: Daemon initialized, signaled parent pid: 1 Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: Reload thread starting... Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: Reload thread started, thread 0xffe6a5f210 (5309) Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: Checking PID path... Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: PID path stat checked out ok, PID path set to /var/snort/ Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: Writing PID "3850" to file "/var/snort//snort_eth0:eth2.pid" Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: --== Initialization Complete ==-- Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: ,,_ -*> Snort! <*- Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: o" )~ Version 2.9.7.2 GRE (Build 177) Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: '''' By Martin Roesch & The Snort Team: http://www.snort.org/contact#team Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: Copyright (C) 2014 Cisco and/or its affiliates. All rights reserved. Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: Copyright (C) 1998-2013 Sourcefire, Inc., et al. Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: Using libpcap version 1.5.3 Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: Using PCRE version: 8.36 2014-09-26 Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: Using ZLIB version: 1.2.8 Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: Rules Engine: SF_SNORT_DETECTION_ENGINE Version 2.4 Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: Preprocessor Object: SF_REPUTATION Version 1.1 Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: Preprocessor Object: SF_POP Version 1.0 Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: Preprocessor Object: SF_DCERPC2 Version 1.0 Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: Preprocessor Object: SF_SDF Version 1.1 Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: Preprocessor Object: SF_MODBUS Version 1.1 Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: Preprocessor Object: SF_IMAP Version 1.0 Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: Preprocessor Object: SF_DNP3 Version 1.1 Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: Preprocessor Object: SF_GTP Version 1.1 Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: Preprocessor Object: SF_FTPTELNET Version 1.2 Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: Preprocessor Object: SF_SSH Version 1.1 Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: Preprocessor Object: SF_SMTP Version 1.1 Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: Preprocessor Object: SF_SSLPP Version 1.1 Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: Preprocessor Object: SF_SIP Version 1.1 Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: Preprocessor Object: SF_DNS Version 1.1 Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: Commencing packet processing (pid=3850) Tue Apr 19 19:30:26 2016 daemon.notice snort[3850]: Decoding Ethernet Tue Apr 19 19:30:26 2016 kern.info kernel: [ 122.045174] device eth2 entered promiscuous mode Tue Apr 19 19:30:27 2016 kern.info kernel: [ 122.185175] device eth0 entered promiscuous mode Tue Apr 19 19:30:36 2016 daemon.info dnsmasq[4770]: query[A] openapi.meshare.com from 192.168.1.118 Tue Apr 19 19:30:36 2016 daemon.info dnsmasq[4770]: forwarded openapi.meshare.com to 208.67.222.222 Tue Apr 19 19:30:36 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: openapi.meshare.com Tue Apr 19 19:30:36 2016 authpriv.info dropbear[3225]: Early exit: Terminated by signal Tue Apr 19 19:30:36 2016 authpriv.info dropbear[5328]: Not backgrounding Tue Apr 19 19:30:36 2016 authpriv.info dropbear[5329]: Not backgrounding Tue Apr 19 19:30:44 2016 daemon.info dnsmasq[4770]: query[A] openapi.meshare.com from 192.168.1.118 Tue Apr 19 19:30:44 2016 daemon.info dnsmasq[4770]: forwarded openapi.meshare.com to 208.67.222.222 Tue Apr 19 19:30:44 2016 daemon.info dnsmasq[4770]: forwarded openapi.meshare.com to 208.67.220.220 Tue Apr 19 19:30:44 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: openapi.meshare.com Tue Apr 19 19:30:46 2016 daemon.info dnsmasq[4770]: query[A] 0.us.pool.ntp.org from 127.0.0.1 Tue Apr 19 19:30:46 2016 daemon.info dnsmasq[4770]: forwarded 0.us.pool.ntp.org to 208.67.222.222 Tue Apr 19 19:30:46 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: 0.us.pool.ntp.org Tue Apr 19 19:30:46 2016 daemon.info dnsmasq[4770]: query[A] 0.us.pool.ntp.org.lan from 127.0.0.1 Tue Apr 19 19:30:46 2016 daemon.info dnsmasq[4770]: config 0.us.pool.ntp.org.lan is NXDOMAIN Tue Apr 19 19:30:46 2016 user.emerg procd: 0.us.pool.ntp.org: No address associated with name Tue Apr 19 19:30:46 2016 daemon.info dnsmasq[4770]: query[A] 0.us.pool.ntp.org from 127.0.0.1 Tue Apr 19 19:30:46 2016 daemon.info dnsmasq[4770]: forwarded 0.us.pool.ntp.org to 208.67.222.222 Tue Apr 19 19:30:46 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: 0.us.pool.ntp.org Tue Apr 19 19:30:46 2016 daemon.info dnsmasq[4770]: query[A] 0.us.pool.ntp.org.lan from 127.0.0.1 Tue Apr 19 19:30:46 2016 daemon.info dnsmasq[4770]: config 0.us.pool.ntp.org.lan is NXDOMAIN Tue Apr 19 19:30:46 2016 user.notice root: NTP 0.us.pool.ntp.org failed. Tue Apr 19 19:30:46 2016 daemon.info dnsmasq[4770]: query[A] 0.us.pool.ntp.org from 127.0.0.1 Tue Apr 19 19:30:46 2016 daemon.info dnsmasq[4770]: forwarded 0.us.pool.ntp.org to 208.67.222.222 Tue Apr 19 19:30:46 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: 0.us.pool.ntp.org Tue Apr 19 19:30:46 2016 daemon.info dnsmasq[4770]: query[A] 0.us.pool.ntp.org.lan from 127.0.0.1 Tue Apr 19 19:30:46 2016 daemon.info dnsmasq[4770]: config 0.us.pool.ntp.org.lan is NXDOMAIN Tue Apr 19 19:30:46 2016 user.notice root: NTP 0.us.pool.ntp.org failed. Tue Apr 19 19:30:46 2016 daemon.info dnsmasq[4770]: query[A] 0.us.pool.ntp.org from 127.0.0.1 Tue Apr 19 19:30:46 2016 daemon.info dnsmasq[4770]: forwarded 0.us.pool.ntp.org to 208.67.222.222 Tue Apr 19 19:30:46 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: 0.us.pool.ntp.org Tue Apr 19 19:30:46 2016 daemon.info dnsmasq[4770]: query[A] 0.us.pool.ntp.org.lan from 127.0.0.1 Tue Apr 19 19:30:46 2016 daemon.info dnsmasq[4770]: config 0.us.pool.ntp.org.lan is NXDOMAIN Tue Apr 19 19:30:46 2016 user.notice root: NTP 0.us.pool.ntp.org failed. Tue Apr 19 19:30:46 2016 daemon.info dnsmasq[4770]: query[A] 0.us.pool.ntp.org from 127.0.0.1 Tue Apr 19 19:30:46 2016 daemon.info dnsmasq[4770]: forwarded 0.us.pool.ntp.org to 208.67.222.222 Tue Apr 19 19:30:46 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: 0.us.pool.ntp.org Tue Apr 19 19:30:46 2016 daemon.info dnsmasq[4770]: query[A] 0.us.pool.ntp.org.lan from 127.0.0.1 Tue Apr 19 19:30:46 2016 daemon.info dnsmasq[4770]: config 0.us.pool.ntp.org.lan is NXDOMAIN Tue Apr 19 19:30:46 2016 user.notice root: NTP 0.us.pool.ntp.org failed. Tue Apr 19 19:30:46 2016 daemon.info dnsmasq[4770]: query[A] 0.us.pool.ntp.org from 127.0.0.1 Tue Apr 19 19:30:46 2016 daemon.info dnsmasq[4770]: forwarded 0.us.pool.ntp.org to 208.67.222.222 Tue Apr 19 19:30:46 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: 0.us.pool.ntp.org Tue Apr 19 19:30:46 2016 daemon.info dnsmasq[4770]: query[A] 0.us.pool.ntp.org.lan from 127.0.0.1 Tue Apr 19 19:30:46 2016 daemon.info dnsmasq[4770]: config 0.us.pool.ntp.org.lan is NXDOMAIN Tue Apr 19 19:30:46 2016 user.notice root: NTP 0.us.pool.ntp.org failed. Tue Apr 19 19:30:46 2016 user.notice root: NTP eager clock adjust failed. Tue Apr 19 19:30:46 2016 user.notice root: Restarted ntpclient. NTP server #1 of 4. Tue Apr 19 19:30:46 2016 daemon.info dnsmasq[4770]: query[A] 0.us.pool.ntp.org from 127.0.0.1 Tue Apr 19 19:30:46 2016 daemon.info dnsmasq[4770]: forwarded 0.us.pool.ntp.org to 208.67.222.222 Tue Apr 19 19:30:46 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: 0.us.pool.ntp.org Tue Apr 19 19:30:46 2016 daemon.info dnsmasq[4770]: query[A] 0.us.pool.ntp.org.lan from 127.0.0.1 Tue Apr 19 19:30:46 2016 daemon.info dnsmasq[4770]: config 0.us.pool.ntp.org.lan is NXDOMAIN Tue Apr 19 19:30:46 2016 user.notice root: NTP 0.us.pool.ntp.org failed. Tue Apr 19 19:30:46 2016 daemon.info dnsmasq[4770]: query[A] 0.us.pool.ntp.org from 127.0.0.1 Tue Apr 19 19:30:46 2016 daemon.info dnsmasq[4770]: forwarded 0.us.pool.ntp.org to 208.67.222.222 Tue Apr 19 19:30:46 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: 0.us.pool.ntp.org Tue Apr 19 19:30:46 2016 daemon.info dnsmasq[4770]: query[A] 0.us.pool.ntp.org.lan from 127.0.0.1 Tue Apr 19 19:30:46 2016 daemon.info dnsmasq[4770]: config 0.us.pool.ntp.org.lan is NXDOMAIN Tue Apr 19 19:30:46 2016 user.notice root: NTP 0.us.pool.ntp.org failed. Tue Apr 19 19:30:46 2016 daemon.info dnsmasq[4770]: query[A] 0.us.pool.ntp.org from 127.0.0.1 Tue Apr 19 19:30:46 2016 daemon.info dnsmasq[4770]: forwarded 0.us.pool.ntp.org to 208.67.222.222 Tue Apr 19 19:30:46 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: 0.us.pool.ntp.org Tue Apr 19 19:30:46 2016 daemon.info dnsmasq[4770]: query[A] 0.us.pool.ntp.org.lan from 127.0.0.1 Tue Apr 19 19:30:46 2016 daemon.info dnsmasq[4770]: config 0.us.pool.ntp.org.lan is NXDOMAIN Tue Apr 19 19:30:46 2016 user.notice root: NTP 0.us.pool.ntp.org failed. Tue Apr 19 19:30:46 2016 daemon.info dnsmasq[4770]: query[A] 0.us.pool.ntp.org from 127.0.0.1 Tue Apr 19 19:30:46 2016 daemon.info dnsmasq[4770]: forwarded 0.us.pool.ntp.org to 208.67.222.222 Tue Apr 19 19:30:46 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: 0.us.pool.ntp.org Tue Apr 19 19:30:46 2016 daemon.info dnsmasq[4770]: query[A] 0.us.pool.ntp.org.lan from 127.0.0.1 Tue Apr 19 19:30:46 2016 daemon.info dnsmasq[4770]: config 0.us.pool.ntp.org.lan is NXDOMAIN Tue Apr 19 19:30:46 2016 user.notice root: NTP 0.us.pool.ntp.org failed. Tue Apr 19 19:30:46 2016 daemon.info dnsmasq[4770]: query[A] 0.us.pool.ntp.org from 127.0.0.1 Tue Apr 19 19:30:46 2016 daemon.info dnsmasq[4770]: forwarded 0.us.pool.ntp.org to 208.67.222.222 Tue Apr 19 19:30:46 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: 0.us.pool.ntp.org Tue Apr 19 19:30:46 2016 daemon.info dnsmasq[4770]: query[A] 0.us.pool.ntp.org.lan from 127.0.0.1 Tue Apr 19 19:30:46 2016 daemon.info dnsmasq[4770]: config 0.us.pool.ntp.org.lan is NXDOMAIN Tue Apr 19 19:30:46 2016 user.notice root: NTP 0.us.pool.ntp.org failed. Tue Apr 19 19:30:47 2016 user.notice root: NTP eager clock adjust failed. Tue Apr 19 19:30:47 2016 daemon.info procd: - init complete - Tue Apr 19 19:30:53 2016 daemon.info dnsmasq[4770]: query[A] openapi.meshare.com from 192.168.1.118 Tue Apr 19 19:30:53 2016 daemon.info dnsmasq[4770]: forwarded openapi.meshare.com to 208.67.222.222 Tue Apr 19 19:30:53 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: openapi.meshare.com Tue Apr 19 19:31:09 2016 daemon.info dnsmasq[4770]: query[A] openapi.meshare.com from 192.168.1.118 Tue Apr 19 19:31:09 2016 daemon.info dnsmasq[4770]: forwarded openapi.meshare.com to 208.67.222.222 Tue Apr 19 19:31:09 2016 daemon.info dnsmasq[4770]: forwarded openapi.meshare.com to 208.67.220.220 Tue Apr 19 19:31:09 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: openapi.meshare.com Tue Apr 19 19:31:18 2016 daemon.info dnsmasq[4770]: query[A] openapi.meshare.com from 192.168.1.118 Tue Apr 19 19:31:18 2016 daemon.info dnsmasq[4770]: forwarded openapi.meshare.com to 208.67.222.222 Tue Apr 19 19:31:18 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: openapi.meshare.com Tue Apr 19 19:31:33 2016 daemon.info dnsmasq[4770]: query[A] openapi.meshare.com from 192.168.1.118 Tue Apr 19 19:31:33 2016 daemon.info dnsmasq[4770]: forwarded openapi.meshare.com to 208.67.222.222 Tue Apr 19 19:31:33 2016 daemon.info dnsmasq[4770]: forwarded openapi.meshare.com to 208.67.220.220 Tue Apr 19 19:31:33 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: openapi.meshare.com Tue Apr 19 19:31:45 2016 daemon.info dnsmasq[4770]: query[A] openapi.meshare.com from 192.168.1.118 Tue Apr 19 19:31:45 2016 daemon.info dnsmasq[4770]: forwarded openapi.meshare.com to 208.67.222.222 Tue Apr 19 19:31:45 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: openapi.meshare.com Tue Apr 19 19:31:52 2016 daemon.err uhttpd[4717]: cut: standard output: Broken pipe Tue Apr 19 19:31:53 2016 daemon.err uhttpd[4717]: cat: can't open '/.shield_mode': No such file or directory Tue Apr 19 19:31:53 2016 daemon.info dnsmasq[4770]: query[A] openapi.meshare.com from 192.168.1.118 Tue Apr 19 19:31:53 2016 daemon.info dnsmasq[4770]: forwarded openapi.meshare.com to 208.67.222.222 Tue Apr 19 19:31:53 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: openapi.meshare.com Tue Apr 19 19:31:53 2016 daemon.info dnsmasq[4770]: query[A] yourhost.example.com from 127.0.0.1 Tue Apr 19 19:31:53 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Tue Apr 19 19:31:53 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: yourhost.example.com Tue Apr 19 19:31:53 2016 daemon.info dnsmasq[4770]: query[AAAA] yourhost.example.com from 127.0.0.1 Tue Apr 19 19:31:53 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Tue Apr 19 19:31:58 2016 daemon.info dnsmasq[4770]: query[A] yourhost.example.com from 127.0.0.1 Tue Apr 19 19:31:58 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Tue Apr 19 19:31:58 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.220.220 Tue Apr 19 19:31:58 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: yourhost.example.com Tue Apr 19 19:31:58 2016 daemon.info dnsmasq[4770]: query[AAAA] yourhost.example.com from 127.0.0.1 Tue Apr 19 19:31:58 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Tue Apr 19 19:32:00 2016 daemon.info dnsmasq[4770]: query[A] openapi.meshare.com from 192.168.1.118 Tue Apr 19 19:32:00 2016 daemon.info dnsmasq[4770]: forwarded openapi.meshare.com to 208.67.222.222 Tue Apr 19 19:32:00 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: openapi.meshare.com Tue Apr 19 19:32:03 2016 daemon.info dnsmasq[4770]: query[A] yourhost.example.com from 127.0.0.1 Tue Apr 19 19:32:03 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Tue Apr 19 19:32:03 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: yourhost.example.com Tue Apr 19 19:32:03 2016 daemon.info dnsmasq[4770]: query[AAAA] yourhost.example.com from 127.0.0.1 Tue Apr 19 19:32:03 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Tue Apr 19 19:32:08 2016 daemon.info dnsmasq[4770]: query[A] yourhost.example.com from 127.0.0.1 Tue Apr 19 19:32:08 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Tue Apr 19 19:32:08 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: yourhost.example.com Tue Apr 19 19:32:08 2016 daemon.info dnsmasq[4770]: query[AAAA] yourhost.example.com from 127.0.0.1 Tue Apr 19 19:32:08 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Tue Apr 19 19:32:12 2016 daemon.info dnsmasq[4770]: query[A] openapi.meshare.com from 192.168.1.118 Tue Apr 19 19:32:12 2016 daemon.info dnsmasq[4770]: forwarded openapi.meshare.com to 208.67.222.222 Tue Apr 19 19:32:12 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: openapi.meshare.com Tue Apr 19 19:32:18 2016 daemon.info dnsmasq[4770]: query[A] yourhost.example.com from 127.0.0.1 Tue Apr 19 19:32:18 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Tue Apr 19 19:32:18 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: yourhost.example.com Tue Apr 19 19:32:18 2016 daemon.info dnsmasq[4770]: query[AAAA] yourhost.example.com from 127.0.0.1 Tue Apr 19 19:32:18 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Tue Apr 19 19:32:21 2016 daemon.info dnsmasq[4770]: query[A] openapi.meshare.com from 192.168.1.118 Tue Apr 19 19:32:21 2016 daemon.info dnsmasq[4770]: forwarded openapi.meshare.com to 208.67.222.222 Tue Apr 19 19:32:21 2016 daemon.info dnsmasq[4770]: forwarded openapi.meshare.com to 208.67.220.220 Tue Apr 19 19:32:21 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: openapi.meshare.com Tue Apr 19 19:32:23 2016 daemon.info dnsmasq[4770]: query[A] yourhost.example.com from 127.0.0.1 Tue Apr 19 19:32:23 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Tue Apr 19 19:32:23 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: yourhost.example.com Tue Apr 19 19:32:23 2016 daemon.info dnsmasq[4770]: query[AAAA] yourhost.example.com from 127.0.0.1 Tue Apr 19 19:32:23 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Tue Apr 19 19:32:28 2016 daemon.info dnsmasq[4770]: query[A] yourhost.example.com from 127.0.0.1 Tue Apr 19 19:32:28 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Tue Apr 19 19:32:28 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: yourhost.example.com Tue Apr 19 19:32:28 2016 daemon.info dnsmasq[4770]: query[AAAA] yourhost.example.com from 127.0.0.1 Tue Apr 19 19:32:28 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Tue Apr 19 19:32:28 2016 daemon.info dnsmasq[4770]: query[A] openapi.meshare.com from 192.168.1.118 Tue Apr 19 19:32:28 2016 daemon.info dnsmasq[4770]: forwarded openapi.meshare.com to 208.67.222.222 Tue Apr 19 19:32:28 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: openapi.meshare.com Tue Apr 19 19:32:33 2016 daemon.info dnsmasq[4770]: query[A] yourhost.example.com from 127.0.0.1 Tue Apr 19 19:32:33 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Tue Apr 19 19:32:33 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: yourhost.example.com Tue Apr 19 19:32:33 2016 daemon.info dnsmasq[4770]: query[AAAA] yourhost.example.com from 127.0.0.1 Tue Apr 19 19:32:33 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Tue Apr 19 19:32:38 2016 daemon.info dnsmasq[4770]: query[A] yourhost.example.com from 127.0.0.1 Tue Apr 19 19:32:38 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Tue Apr 19 19:32:38 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: yourhost.example.com Tue Apr 19 19:32:38 2016 daemon.info dnsmasq[4770]: query[AAAA] yourhost.example.com from 127.0.0.1 Tue Apr 19 19:32:38 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Tue Apr 19 19:32:43 2016 daemon.info dnsmasq[4770]: query[A] yourhost.example.com from 127.0.0.1 Tue Apr 19 19:32:43 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Tue Apr 19 19:32:43 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.220.220 Tue Apr 19 19:32:43 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: yourhost.example.com Tue Apr 19 19:32:43 2016 daemon.info dnsmasq[4770]: query[AAAA] yourhost.example.com from 127.0.0.1 Tue Apr 19 19:32:43 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Tue Apr 19 19:32:46 2016 daemon.info dnsmasq[4770]: query[A] openapi.meshare.com from 192.168.1.118 Tue Apr 19 19:32:46 2016 daemon.info dnsmasq[4770]: forwarded openapi.meshare.com to 208.67.222.222 Tue Apr 19 19:32:46 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: openapi.meshare.com Tue Apr 19 19:32:53 2016 daemon.info dnsmasq[4770]: query[A] openapi.meshare.com from 192.168.1.118 Tue Apr 19 19:32:53 2016 daemon.info dnsmasq[4770]: forwarded openapi.meshare.com to 208.67.222.222 Tue Apr 19 19:32:53 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: openapi.meshare.com Tue Apr 19 19:33:03 2016 daemon.info dnsmasq[4770]: query[A] openapi.meshare.com from 192.168.1.118 Tue Apr 19 19:33:03 2016 daemon.info dnsmasq[4770]: forwarded openapi.meshare.com to 208.67.222.222 Tue Apr 19 19:33:03 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: openapi.meshare.com Tue Apr 19 19:33:04 2016 authpriv.info dropbear[5970]: Child connection from 192.168.1.100:64636 Tue Apr 19 19:33:05 2016 authpriv.notice dropbear[5970]: Password auth succeeded for 'root' from 192.168.1.100:64636 Wed Apr 20 13:56:30 2016 daemon.info dnsmasq[4770]: query[A] openapi.meshare.com from 192.168.1.118 Wed Apr 20 13:56:30 2016 daemon.info dnsmasq[4770]: forwarded openapi.meshare.com to 208.67.222.222 Wed Apr 20 13:56:30 2016 daemon.info dnsmasq[4770]: forwarded openapi.meshare.com to 208.67.220.220 Wed Apr 20 13:56:30 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: openapi.meshare.com Wed Apr 20 13:56:47 2016 daemon.info dnsmasq[4770]: query[A] openapi.meshare.com from 192.168.1.118 Wed Apr 20 13:56:47 2016 daemon.info dnsmasq[4770]: forwarded openapi.meshare.com to 208.67.222.222 Wed Apr 20 13:56:47 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: openapi.meshare.com Wed Apr 20 13:56:53 2016 daemon.info dnsmasq[4770]: query[A] openapi.meshare.com from 192.168.1.118 Wed Apr 20 13:56:53 2016 daemon.info dnsmasq[4770]: forwarded openapi.meshare.com to 208.67.222.222 Wed Apr 20 13:56:53 2016 daemon.info dnsmasq[4770]: forwarded openapi.meshare.com to 208.67.220.220 Wed Apr 20 13:56:53 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: openapi.meshare.com Wed Apr 20 13:57:02 2016 daemon.info dnsmasq[4770]: query[A] openapi.meshare.com from 192.168.1.118 Wed Apr 20 13:57:02 2016 daemon.info dnsmasq[4770]: forwarded openapi.meshare.com to 208.67.222.222 Wed Apr 20 13:57:02 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: openapi.meshare.com Wed Apr 20 13:57:09 2016 daemon.info dnsmasq[4770]: query[A] openapi.meshare.com from 192.168.1.118 Wed Apr 20 13:57:09 2016 daemon.info dnsmasq[4770]: forwarded openapi.meshare.com to 208.67.222.222 Wed Apr 20 13:57:09 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: openapi.meshare.com Wed Apr 20 13:57:09 2016 cron.err crond[3195]: time disparity of 1104 minutes detected Wed Apr 20 13:57:15 2016 daemon.info dnsmasq[4770]: query[A] openapi.meshare.com from 192.168.1.118 Wed Apr 20 13:57:15 2016 daemon.info dnsmasq[4770]: forwarded openapi.meshare.com to 208.67.222.222 Wed Apr 20 13:57:15 2016 daemon.info dnsmasq[4770]: forwarded openapi.meshare.com to 208.67.220.220 Wed Apr 20 13:57:15 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: openapi.meshare.com Wed Apr 20 13:57:22 2016 daemon.err uhttpd[4717]: cat: can't open '/.shield_mode': No such file or directory Wed Apr 20 13:57:23 2016 daemon.info dnsmasq[4770]: query[A] yourhost.example.com from 127.0.0.1 Wed Apr 20 13:57:23 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Wed Apr 20 13:57:23 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: yourhost.example.com Wed Apr 20 13:57:23 2016 daemon.info dnsmasq[4770]: query[AAAA] yourhost.example.com from 127.0.0.1 Wed Apr 20 13:57:23 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Wed Apr 20 13:57:28 2016 daemon.info dnsmasq[4770]: query[A] yourhost.example.com from 127.0.0.1 Wed Apr 20 13:57:28 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Wed Apr 20 13:57:28 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: yourhost.example.com Wed Apr 20 13:57:28 2016 daemon.info dnsmasq[4770]: query[AAAA] yourhost.example.com from 127.0.0.1 Wed Apr 20 13:57:28 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Wed Apr 20 13:57:31 2016 daemon.info dnsmasq[4770]: query[A] openapi.meshare.com from 192.168.1.118 Wed Apr 20 13:57:31 2016 daemon.info dnsmasq[4770]: forwarded openapi.meshare.com to 208.67.222.222 Wed Apr 20 13:57:31 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: openapi.meshare.com Wed Apr 20 13:57:33 2016 daemon.info dnsmasq[4770]: query[A] yourhost.example.com from 127.0.0.1 Wed Apr 20 13:57:33 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Wed Apr 20 13:57:33 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: yourhost.example.com Wed Apr 20 13:57:33 2016 daemon.info dnsmasq[4770]: query[AAAA] yourhost.example.com from 127.0.0.1 Wed Apr 20 13:57:33 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Wed Apr 20 13:57:33 2016 daemon.err uhttpd[4717]: sh: write error: Broken pipe Wed Apr 20 13:57:35 2016 daemon.err uhttpd[4717]: cat: can't open '/.shield_mode': No such file or directory Wed Apr 20 13:57:35 2016 daemon.info dnsmasq[4770]: query[A] yourhost.example.com from 127.0.0.1 Wed Apr 20 13:57:35 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Wed Apr 20 13:57:35 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: yourhost.example.com Wed Apr 20 13:57:35 2016 daemon.info dnsmasq[4770]: query[AAAA] yourhost.example.com from 127.0.0.1 Wed Apr 20 13:57:35 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Wed Apr 20 13:57:40 2016 daemon.info dnsmasq[4770]: query[A] yourhost.example.com from 127.0.0.1 Wed Apr 20 13:57:40 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Wed Apr 20 13:57:40 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.220.220 Wed Apr 20 13:57:40 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: yourhost.example.com Wed Apr 20 13:57:40 2016 daemon.info dnsmasq[4770]: query[AAAA] yourhost.example.com from 127.0.0.1 Wed Apr 20 13:57:40 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Wed Apr 20 13:57:47 2016 daemon.info dnsmasq[4770]: query[A] openapi.meshare.com from 192.168.1.118 Wed Apr 20 13:57:47 2016 daemon.info dnsmasq[4770]: forwarded openapi.meshare.com to 208.67.222.222 Wed Apr 20 13:57:47 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: openapi.meshare.com Wed Apr 20 13:57:50 2016 daemon.info dnsmasq[4770]: query[A] yourhost.example.com from 127.0.0.1 Wed Apr 20 13:57:50 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Wed Apr 20 13:57:50 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: yourhost.example.com Wed Apr 20 13:57:50 2016 daemon.info dnsmasq[4770]: query[AAAA] yourhost.example.com from 127.0.0.1 Wed Apr 20 13:57:50 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Wed Apr 20 13:57:53 2016 daemon.info dnsmasq[4770]: query[A] openapi.meshare.com from 192.168.1.118 Wed Apr 20 13:57:53 2016 daemon.info dnsmasq[4770]: forwarded openapi.meshare.com to 208.67.222.222 Wed Apr 20 13:57:53 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: openapi.meshare.com Wed Apr 20 13:57:55 2016 daemon.info dnsmasq[4770]: query[A] yourhost.example.com from 127.0.0.1 Wed Apr 20 13:57:55 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Wed Apr 20 13:57:55 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: yourhost.example.com Wed Apr 20 13:57:55 2016 daemon.info dnsmasq[4770]: query[AAAA] yourhost.example.com from 127.0.0.1 Wed Apr 20 13:57:55 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Wed Apr 20 13:57:57 2016 daemon.info dnsmasq[4770]: query[A] upgrade.meshare.com from 192.168.1.118 Wed Apr 20 13:57:57 2016 daemon.info dnsmasq[4770]: forwarded upgrade.meshare.com to 208.67.222.222 Wed Apr 20 13:57:57 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: upgrade.meshare.com Wed Apr 20 13:58:00 2016 daemon.info dnsmasq[4770]: query[A] yourhost.example.com from 127.0.0.1 Wed Apr 20 13:58:00 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Wed Apr 20 13:58:00 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: yourhost.example.com Wed Apr 20 13:58:00 2016 daemon.info dnsmasq[4770]: query[AAAA] yourhost.example.com from 127.0.0.1 Wed Apr 20 13:58:00 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Wed Apr 20 13:58:05 2016 daemon.info dnsmasq[4770]: query[A] yourhost.example.com from 127.0.0.1 Wed Apr 20 13:58:05 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Wed Apr 20 13:58:05 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.220.220 Wed Apr 20 13:58:05 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: yourhost.example.com Wed Apr 20 13:58:05 2016 daemon.info dnsmasq[4770]: query[AAAA] yourhost.example.com from 127.0.0.1 Wed Apr 20 13:58:05 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Wed Apr 20 13:58:12 2016 daemon.info dnsmasq[4770]: query[A] openapi.meshare.com from 192.168.1.118 Wed Apr 20 13:58:12 2016 daemon.info dnsmasq[4770]: forwarded openapi.meshare.com to 208.67.222.222 Wed Apr 20 13:58:12 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: openapi.meshare.com Wed Apr 20 13:58:15 2016 daemon.info dnsmasq[4770]: query[A] yourhost.example.com from 127.0.0.1 Wed Apr 20 13:58:15 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Wed Apr 20 13:58:15 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: yourhost.example.com Wed Apr 20 13:58:15 2016 daemon.info dnsmasq[4770]: query[AAAA] yourhost.example.com from 127.0.0.1 Wed Apr 20 13:58:15 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Wed Apr 20 13:58:20 2016 daemon.info dnsmasq[4770]: query[A] yourhost.example.com from 127.0.0.1 Wed Apr 20 13:58:20 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Wed Apr 20 13:58:20 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: yourhost.example.com Wed Apr 20 13:58:20 2016 daemon.info dnsmasq[4770]: query[AAAA] yourhost.example.com from 127.0.0.1 Wed Apr 20 13:58:20 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Wed Apr 20 13:58:25 2016 daemon.info dnsmasq[4770]: query[A] yourhost.example.com from 127.0.0.1 Wed Apr 20 13:58:25 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Wed Apr 20 13:58:25 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: yourhost.example.com Wed Apr 20 13:58:25 2016 daemon.info dnsmasq[4770]: query[AAAA] yourhost.example.com from 127.0.0.1 Wed Apr 20 13:58:25 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Wed Apr 20 13:58:26 2016 daemon.info dnsmasq[4770]: query[A] openapi.meshare.com from 192.168.1.118 Wed Apr 20 13:58:26 2016 daemon.info dnsmasq[4770]: forwarded openapi.meshare.com to 208.67.222.222 Wed Apr 20 13:58:26 2016 daemon.info dnsmasq[4770]: forwarded openapi.meshare.com to 208.67.220.220 Wed Apr 20 13:58:26 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: openapi.meshare.com Wed Apr 20 13:58:30 2016 daemon.info dnsmasq[4770]: query[A] yourhost.example.com from 127.0.0.1 Wed Apr 20 13:58:30 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Wed Apr 20 13:58:30 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: yourhost.example.com Wed Apr 20 13:58:30 2016 daemon.info dnsmasq[4770]: query[AAAA] yourhost.example.com from 127.0.0.1 Wed Apr 20 13:58:30 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Wed Apr 20 13:58:36 2016 daemon.info dnsmasq[4770]: query[A] yourhost.example.com from 127.0.0.1 Wed Apr 20 13:58:36 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Wed Apr 20 13:58:36 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: yourhost.example.com Wed Apr 20 13:58:36 2016 daemon.info dnsmasq[4770]: query[AAAA] yourhost.example.com from 127.0.0.1 Wed Apr 20 13:58:36 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Wed Apr 20 13:58:37 2016 daemon.info dnsmasq[4770]: query[A] openapi.meshare.com from 192.168.1.118 Wed Apr 20 13:58:37 2016 daemon.info dnsmasq[4770]: forwarded openapi.meshare.com to 208.67.222.222 Wed Apr 20 13:58:37 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: openapi.meshare.com Wed Apr 20 13:58:41 2016 daemon.info dnsmasq[4770]: query[A] yourhost.example.com from 127.0.0.1 Wed Apr 20 13:58:41 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Wed Apr 20 13:58:41 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: yourhost.example.com Wed Apr 20 13:58:41 2016 daemon.info dnsmasq[4770]: query[AAAA] yourhost.example.com from 127.0.0.1 Wed Apr 20 13:58:41 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Wed Apr 20 13:58:46 2016 daemon.info dnsmasq[4770]: query[A] yourhost.example.com from 127.0.0.1 Wed Apr 20 13:58:46 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Wed Apr 20 13:58:46 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: yourhost.example.com Wed Apr 20 13:58:46 2016 daemon.info dnsmasq[4770]: query[AAAA] yourhost.example.com from 127.0.0.1 Wed Apr 20 13:58:46 2016 daemon.info dnsmasq[4770]: forwarded yourhost.example.com to 208.67.222.222 Wed Apr 20 13:58:49 2016 daemon.info dnsmasq[4770]: query[A] openapi.meshare.com from 192.168.1.118 Wed Apr 20 13:58:49 2016 daemon.info dnsmasq[4770]: forwarded openapi.meshare.com to 208.67.222.222 Wed Apr 20 13:58:49 2016 daemon.info dnsmasq[4770]: forwarded openapi.meshare.com to 208.67.220.220 Wed Apr 20 13:58:49 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: openapi.meshare.com Wed Apr 20 13:58:57 2016 daemon.info dnsmasq[4770]: query[A] openapi.meshare.com from 192.168.1.118 Wed Apr 20 13:58:57 2016 daemon.info dnsmasq[4770]: forwarded openapi.meshare.com to 208.67.222.222 Wed Apr 20 13:58:57 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: openapi.meshare.com Wed Apr 20 13:59:16 2016 daemon.info dnsmasq[4770]: query[A] openapi.meshare.com from 192.168.1.118 Wed Apr 20 13:59:16 2016 daemon.info dnsmasq[4770]: forwarded openapi.meshare.com to 208.67.222.222 Wed Apr 20 13:59:16 2016 daemon.info dnsmasq[4770]: forwarded openapi.meshare.com to 208.67.220.220 Wed Apr 20 13:59:16 2016 daemon.warn dnsmasq[4770]: possible DNS-rebind attack detected: openapi.meshare.com