Sat May 7 11:33:29 2016 kern.notice kernel: [ 0.000000] Linux version 3.10.20 (daniel@Ayoub) (gcc version 4.7.0 (Cavium Inc. Version: SDK_3_1_0_p2 build 34) ) #165 SMP Mon May 18 23:41:17 PDT 2015 Sat May 7 11:33:29 2016 kern.notice kernel: [ 0.000000] CVMSEG size: 2 cache lines (256 bytes) Sat May 7 11:33:29 2016 kern.info kernel: [ 0.000000] Cavium Inc. SDK-3.1 Sat May 7 11:33:29 2016 kern.info kernel: [ 0.000000] bootconsole [early0] enabled Sat May 7 11:33:29 2016 kern.info kernel: [ 0.000000] CPU revision is: 000d9602 (Cavium Octeon III) Sat May 7 11:33:29 2016 kern.info kernel: [ 0.000000] FPU revision is: 00739600 Sat May 7 11:33:29 2016 kern.debug kernel: [ 0.000000] Checking for the multiply/shift bug... no. Sat May 7 11:33:29 2016 kern.debug kernel: [ 0.000000] Checking for the daddiu bug... no. Sat May 7 11:33:29 2016 kern.info kernel: [ 0.000000] Determined physical RAM map: Sat May 7 11:33:29 2016 kern.info kernel: [ 0.000000] memory: 000000000c800000 @ 0000000002500000 (usable) Sat May 7 11:33:29 2016 kern.info kernel: [ 0.000000] memory: 0000000000c00000 @ 000000000f200000 (usable) Sat May 7 11:33:29 2016 kern.info kernel: [ 0.000000] memory: 000000002f000000 @ 0000000020000000 (usable) Sat May 7 11:33:29 2016 kern.info kernel: [ 0.000000] memory: 0000000000830000 @ 0000000000100000 (usable) Sat May 7 11:33:29 2016 kern.info kernel: [ 0.000000] memory: 0000000001a00000 @ 0000000000930000 (usable after init) Sat May 7 11:33:29 2016 kern.info kernel: [ 0.000000] Wasting 896 bytes for tracking 16 unused pages Sat May 7 11:33:29 2016 kern.info kernel: [ 0.000000] Initrd not found or empty - disabling initrd Sat May 7 11:33:29 2016 kern.info kernel: [ 0.000000] Using passed Device Tree <8000000000080000>. Sat May 7 11:33:29 2016 kern.info kernel: [ 0.000000] software IO TLB [mem 0x02670000-0x026b0000] (0MB) mapped at [8000000002670000-80000000026affff] Sat May 7 11:33:29 2016 kern.debug kernel: [ 0.000000] Zone ranges: Sat May 7 11:33:29 2016 kern.debug kernel: [ 0.000000] DMA32 [mem 0x00100000-0xefffffff] Sat May 7 11:33:29 2016 kern.debug kernel: [ 0.000000] Normal empty Sat May 7 11:33:29 2016 kern.debug kernel: [ 0.000000] Movable zone start for each node Sat May 7 11:33:29 2016 kern.debug kernel: [ 0.000000] Early memory node ranges Sat May 7 11:33:29 2016 kern.debug kernel: [ 0.000000] node 0: [mem 0x00100000-0x0232ffff] Sat May 7 11:33:29 2016 kern.debug kernel: [ 0.000000] node 0: [mem 0x02500000-0x0ecfffff] Sat May 7 11:33:29 2016 kern.debug kernel: [ 0.000000] node 0: [mem 0x0f200000-0x0fdfffff] Sat May 7 11:33:29 2016 kern.debug kernel: [ 0.000000] node 0: [mem 0x20000000-0x4effffff] Sat May 7 11:33:29 2016 kern.debug kernel: [ 0.000000] On node 0 totalpages: 15971 Sat May 7 11:33:29 2016 kern.debug kernel: [ 0.000000] DMA32 zone: 14 pages used for memmap Sat May 7 11:33:29 2016 kern.debug kernel: [ 0.000000] DMA32 zone: 0 pages reserved Sat May 7 11:33:29 2016 kern.debug kernel: [ 0.000000] DMA32 zone: 15971 pages, LIFO batch:1 Sat May 7 11:33:29 2016 kern.info kernel: [ 0.000000] Cavium Hotplug: Available coremask 0x0 Sat May 7 11:33:29 2016 kern.notice kernel: [ 0.000000] Primary instruction cache 78kB, virtually tagged, 39 way, 16 sets, linesize 128 bytes. Sat May 7 11:33:29 2016 kern.notice kernel: [ 0.000000] Primary data cache 32kB, 32-way, 8 sets, linesize 128 bytes. Sat May 7 11:33:29 2016 kern.notice kernel: [ 0.000000] Secondary unified cache 512kB, 4-way, 1024 sets, linesize 128 bytes. Sat May 7 11:33:29 2016 kern.info kernel: [ 0.000000] PERCPU: Embedded 1 pages/cpu @8000000002710000 s12544 r8192 d44800 u65536 Sat May 7 11:33:29 2016 kern.debug kernel: [ 0.000000] pcpu-alloc: s12544 r8192 d44800 u65536 alloc=1*65536 Sat May 7 11:33:29 2016 kern.debug kernel: [ 0.000000] pcpu-alloc: [0] 0 [0] 1 Sat May 7 11:33:29 2016 kern.debug kernel: [ 0.000000] Built 1 zonelists in Zone order, mobility grouping off. Total pages: 15957 Sat May 7 11:33:29 2016 kern.notice kernel: [ 0.000000] Kernel command line: bootoctlinux 0x20000000 numcores=2 serial#=752011191521-36287 console=ttyS0,115200 Sat May 7 11:33:29 2016 kern.info kernel: [ 0.000000] PID hash table entries: 4096 (order: -1, 32768 bytes) Sat May 7 11:33:29 2016 kern.info kernel: [ 0.000000] Dentry cache hash table entries: 131072 (order: 4, 1048576 bytes) Sat May 7 11:33:29 2016 kern.info kernel: [ 0.000000] Inode-cache hash table entries: 65536 (order: 3, 524288 bytes) Sat May 7 11:33:29 2016 kern.info kernel: [ 0.000000] Memory: 983296k/1022144k available (5825k kernel code, 38848k reserved, 2536k data, 26624k init, 0k highmem) Sat May 7 11:33:29 2016 kern.info kernel: [ 0.000000] Hierarchical RCU implementation. Sat May 7 11:33:29 2016 kern.info kernel: [ 0.000000] RCU restricting CPUs from NR_CPUS=32 to nr_cpu_ids=2. Sat May 7 11:33:29 2016 kern.info kernel: [ 0.000000] NR_IRQS:512 Sat May 7 11:33:29 2016 kern.info kernel: [ 0.000000] CIB interrupt controller probed: 800107000000e000 23 bits Sat May 7 11:33:29 2016 kern.info kernel: [ 0.000000] CIB interrupt controller probed: 800107000000e200 12 bits Sat May 7 11:33:29 2016 kern.info kernel: [ 0.000000] CIB interrupt controller probed: 800107000000e400 6 bits Sat May 7 11:33:29 2016 kern.info kernel: [ 0.000000] CIB interrupt controller probed: 800107000000ec00 15 bits Sat May 7 11:33:29 2016 kern.info kernel: [ 0.000000] CIB interrupt controller probed: 800107000000e600 4 bits Sat May 7 11:33:29 2016 kern.info kernel: [ 0.000000] CIB interrupt controller probed: 800107000000e800 11 bits Sat May 7 11:33:29 2016 kern.info kernel: [ 0.000000] CIB interrupt controller probed: 800107000000e900 11 bits Sat May 7 11:33:29 2016 kern.info kernel: [ 22.522486] Calibrating delay loop (skipped) preset value.. 2000.00 BogoMIPS (lpj=10000000) Sat May 7 11:33:29 2016 kern.info kernel: [ 22.530699] pid_max: default: 32768 minimum: 501 Sat May 7 11:33:29 2016 kern.info kernel: [ 22.535415] Security Framework initialized Sat May 7 11:33:29 2016 kern.info kernel: [ 22.539432] Mount-cache hash table entries: 4096 Sat May 7 11:33:29 2016 kern.debug kernel: [ 22.545686] Checking for the daddi bug... no. Sat May 7 11:33:29 2016 kern.info kernel: [ 22.546474] SMP: Booting CPU01 (CoreId 1)... Sat May 7 11:33:29 2016 kern.info kernel: [ 22.550676] CPU revision is: 000d9602 (Cavium Octeon III) Sat May 7 11:33:29 2016 kern.info kernel: [ 22.550680] FPU revision is: 00739600 Sat May 7 11:33:29 2016 kern.info kernel: [ 22.550862] Cpu 1 online Sat May 7 11:33:29 2016 kern.info kernel: [ 22.562278] Brought up 2 CPUs Sat May 7 11:33:29 2016 kern.info kernel: [ 22.565223] Cavium Hotplug: Available coremask 0x0 Sat May 7 11:33:29 2016 kern.info kernel: [ 22.572213] NET: Registered protocol family 16 Sat May 7 11:33:29 2016 kern.notice kernel: [ 22.577626] Installing handlers for error tree at: ffffffff808be430 Sat May 7 11:33:29 2016 kern.notice kernel: [ 22.595144] PCIe: Initializing port 0 Sat May 7 11:33:29 2016 kern.debug kernel: [ 24.657680] PCIe: Link timeout on port 0, probably the slot is empty Sat May 7 11:33:29 2016 kern.notice kernel: [ 24.657685] PCIe: Initializing port 1 Sat May 7 11:33:29 2016 kern.debug kernel: [ 24.661181] PCIe: Port 1 not in PCIe mode, skipping Sat May 7 11:33:29 2016 kern.notice kernel: [ 24.661186] PCIe: Initializing port 2 Sat May 7 11:33:29 2016 kern.debug kernel: [ 24.664828] PCIe: Port 2 not in PCIe mode, skipping Sat May 7 11:33:29 2016 kern.warn kernel: [ 24.671196] [sched_delayed] sched: RT throttling activated Sat May 7 11:33:29 2016 kern.info kernel: [ 24.684516] bio: create slab at 0 Sat May 7 11:33:29 2016 kern.info kernel: [ 24.688934] vgaarb: loaded Sat May 7 11:33:29 2016 kern.notice kernel: [ 24.691864] SCSI subsystem initialized Sat May 7 11:33:29 2016 kern.debug kernel: [ 24.695714] libata version 3.00 loaded. Sat May 7 11:33:29 2016 kern.info kernel: [ 24.696132] usbcore: registered new interface driver usbfs Sat May 7 11:33:29 2016 kern.info kernel: [ 24.701565] usbcore: registered new interface driver hub Sat May 7 11:33:29 2016 kern.info kernel: [ 24.706860] usbcore: registered new device driver usb Sat May 7 11:33:29 2016 kern.info kernel: [ 24.712011] pps_core: LinuxPPS API ver. 1 registered Sat May 7 11:33:29 2016 kern.info kernel: [ 24.716809] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti Sat May 7 11:33:29 2016 kern.info kernel: [ 24.726034] PTP clock support registered Sat May 7 11:33:29 2016 kern.info kernel: [ 24.729911] EDAC MC: Ver: 3.0.0 Sat May 7 11:33:29 2016 kern.info kernel: [ 24.733588] PCI host bridge to bus 0000:00 Sat May 7 11:33:29 2016 kern.info kernel: [ 24.737545] pci_bus 0000:00: root bus resource [mem 0x1000000000000] Sat May 7 11:33:29 2016 kern.info kernel: [ 24.743868] pci_bus 0000:00: root bus resource [io 0x0000] Sat May 7 11:33:29 2016 kern.info kernel: [ 24.749436] pci_bus 0000:00: No busn resource found for root bus, will use [bus 00-ff] Sat May 7 11:33:29 2016 kern.debug kernel: [ 24.757363] pci_bus 0000:00: busn_res: [bus 00-ff] end is updated to 00 Sat May 7 11:33:29 2016 kern.info kernel: [ 24.758311] Switching to clocksource OCTEON_CVMCOUNT Sat May 7 11:33:29 2016 kern.info kernel: [ 24.764583] NET: Registered protocol family 2 Sat May 7 11:33:29 2016 kern.info kernel: [ 24.769227] TCP established hash table entries: 8192 (order: 1, 131072 bytes) Sat May 7 11:33:29 2016 kern.info kernel: [ 24.776344] TCP bind hash table entries: 8192 (order: 1, 131072 bytes) Sat May 7 11:33:29 2016 kern.info kernel: [ 24.782833] TCP: Hash tables configured (established 8192 bind 8192) Sat May 7 11:33:29 2016 kern.info kernel: [ 24.789102] TCP: reno registered Sat May 7 11:33:29 2016 kern.info kernel: [ 24.792283] UDP hash table entries: 2048 (order: 0, 65536 bytes) Sat May 7 11:33:29 2016 kern.info kernel: [ 24.798370] UDP-Lite hash table entries: 2048 (order: 0, 65536 bytes) Sat May 7 11:33:29 2016 kern.info kernel: [ 24.805027] NET: Registered protocol family 1 Sat May 7 11:33:29 2016 kern.debug kernel: [ 24.809232] PCI: CLS 0 bytes, default 128 Sat May 7 11:33:29 2016 kern.notice kernel: [ 26.397740] octeon_pci_console: Console not created. Sat May 7 11:33:29 2016 kern.notice kernel: [ 26.402542] /proc/octeon_perf: Octeon performance counter interface loaded Sat May 7 11:33:29 2016 kern.info kernel: [ 26.411402] HugeTLB registered 512 MB page size, pre-allocated 0 pages Sat May 7 11:33:29 2016 kern.debug kernel: [ 26.419126] sys_fw_version: 0.1.17 Sat May 7 11:33:29 2016 kern.debug kernel: [ 26.419139] sys_revision: 21 Sat May 7 11:33:29 2016 kern.info kernel: [ 26.419489] squashfs: version 4.0 (2009/01/31) Phillip Lougher Sat May 7 11:33:29 2016 kern.info kernel: [ 26.425425] NTFS driver 2.1.30 [Flags: R/W]. Sat May 7 11:33:29 2016 kern.info kernel: [ 26.429554] jffs2: version 2.2. (NAND) © 2001-2006 Red Hat, Inc. Sat May 7 11:33:29 2016 kern.info kernel: [ 26.435687] msgmni has been set to 1920 Sat May 7 11:33:29 2016 kern.notice kernel: [ 26.440427] Key type asymmetric registered Sat May 7 11:33:29 2016 kern.notice kernel: [ 26.444413] Asymmetric key parser 'x509' registered Sat May 7 11:33:29 2016 kern.info kernel: [ 26.449238] io scheduler noop registered Sat May 7 11:33:29 2016 kern.info kernel: [ 26.453136] io scheduler deadline registered Sat May 7 11:33:29 2016 kern.info kernel: [ 26.457431] io scheduler cfq registered (default) Sat May 7 11:33:29 2016 kern.info kernel: [ 26.462343] octeon_gpio 1070000000800.gpio-controller: OCTEON GPIO Sat May 7 11:33:29 2016 kern.info kernel: [ 26.520140] Serial: 8250/16550 driver, 6 ports, IRQ sharing disabled Sat May 7 11:33:29 2016 kern.info kernel: [ 26.527833] 1180000000800.serial: ttyS0 at MMIO 0x1180000000800 (irq = 34) is a OCTEON Sat May 7 11:33:29 2016 kern.info kernel: [ 26.535618] console [ttyS0] enabled, bootconsole disabled Sat May 7 11:33:29 2016 kern.info kernel: [ 26.559151] 1180000000c00.serial: ttyS1 at MMIO 0x1180000000c00 (irq = 35) is a OCTEON Sat May 7 11:33:29 2016 kern.info kernel: [ 26.580931] brd: module loaded Sat May 7 11:33:29 2016 kern.info kernel: [ 26.599418] loop: module loaded Sat May 7 11:33:29 2016 kern.notice kernel: [ 26.616275] slram: not enough parameters. Sat May 7 11:33:29 2016 kern.info kernel: [ 26.640928] IMQ driver loaded successfully. (numdevs = 16, numqueues = 1) Sat May 7 11:33:29 2016 kern.info kernel: [ 26.660019] Hooking IMQ after NAT on PREROUTING. Sat May 7 11:33:29 2016 kern.info kernel: [ 26.676991] Hooking IMQ before NAT on POSTROUTING. Sat May 7 11:33:29 2016 kern.info kernel: [ 26.696363] libphy: mdio-octeon: probed Sat May 7 11:33:29 2016 kern.info kernel: [ 26.713845] mdio-octeon 1180000001800.mdio: Version 1.0 Sat May 7 11:33:29 2016 kern.info kernel: [ 26.731670] spi_ks8995: Micrel KS8995 Ethernet switch SPI driver version 0.1.1 Sat May 7 11:33:29 2016 kern.info kernel: [ 26.751936] e1000e: Intel(R) PRO/1000 Network Driver - 2.3.2-k Sat May 7 11:33:29 2016 kern.info kernel: [ 26.770052] e1000e: Copyright(c) 1999 - 2013 Intel Corporation. Sat May 7 11:33:29 2016 kern.err kernel: [ 26.788546] octeon-pow-ethernet ERROR: You must specify a broadcast group mask. Sat May 7 11:33:29 2016 kern.notice kernel: [ 26.808218] octeon-ethernet 2.0 Sat May 7 11:33:29 2016 kern.debug kernel: [ 26.825219] Interface 0 has 4 ports (QSGMII) Sat May 7 11:33:29 2016 kern.debug kernel: [ 26.825297] Interface 1 has 4 ports (QSGMII) Sat May 7 11:33:29 2016 kern.debug kernel: [ 26.825304] Interface 2 has 4 ports (NPI) Sat May 7 11:33:29 2016 kern.debug kernel: [ 26.825318] Interface 3 has 4 ports (LOOP) Sat May 7 11:33:29 2016 kern.debug kernel: [ 26.825335] Interface 4 has 1 ports (AGL) Sat May 7 11:33:29 2016 kern.info kernel: [ 26.833889] usbcore: registered new interface driver cdc_ether Sat May 7 11:33:29 2016 kern.info kernel: [ 26.851988] usbcore: registered new interface driver plusb Sat May 7 11:33:29 2016 kern.info kernel: [ 26.869730] usbcore: registered new interface driver sierra_net Sat May 7 11:33:29 2016 kern.info kernel: [ 26.888503] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver Sat May 7 11:33:29 2016 kern.info kernel: [ 26.907460] ehci-pci: EHCI PCI platform driver Sat May 7 11:33:29 2016 kern.info kernel: [ 26.924161] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver Sat May 7 11:33:29 2016 kern.info kernel: [ 26.943199] usbcore: registered new interface driver usb-storage Sat May 7 11:33:29 2016 kern.info kernel: [ 26.961658] usbcore: registered new interface driver usbserial Sat May 7 11:33:29 2016 kern.info kernel: [ 26.979733] usbcore: registered new interface driver usbserial_generic Sat May 7 11:33:29 2016 kern.info kernel: [ 26.998487] usbserial: USB Serial support registered for generic Sat May 7 11:33:29 2016 kern.info kernel: [ 27.016783] usbcore: registered new interface driver sierra Sat May 7 11:33:29 2016 kern.info kernel: [ 27.034581] usbserial: USB Serial support registered for Sierra USB modem Sat May 7 11:33:29 2016 kern.info kernel: [ 27.053813] i2c /dev entries driver Sat May 7 11:33:29 2016 kern.info kernel: [ 27.069910] i2c-octeon 1180000001000.i2c: version 2.5 Sat May 7 11:33:29 2016 kern.info kernel: [ 27.087952] octeon_wdt: Initial granularity 5 Sec Sat May 7 11:33:29 2016 kern.info kernel: [ 27.105060] EDAC DEVICE0: Giving out device to module 'octeon-cpu' controller 'cache': DEV 'octeon_pc_edac' (INTERRUPT) Sat May 7 11:33:29 2016 kern.info kernel: [ 27.128198] EDAC DEVICE1: Giving out device to module 'octeon-l2c' controller 'octeon_l2c_err': DEV 'octeon_l2c_edac' (POLLED) Sat May 7 11:33:29 2016 kern.info kernel: [ 27.151856] octeon_lmc_edac octeon_lmc_edac.0: Disabled (ECC not enabled) Sat May 7 11:33:29 2016 kern.info kernel: [ 29.773347] Netfilter messages via NETLINK v0.30. Sat May 7 11:33:29 2016 kern.info kernel: [ 29.790189] nfnl_acct: registering with nfnetlink. Sat May 7 11:33:29 2016 kern.info kernel: [ 29.807152] nf_conntrack version 0.5.0 (7682 buckets, 30728 max) Sat May 7 11:33:29 2016 kern.info kernel: [ 29.825589] ctnetlink v0.93: registering with nfnetlink. Sat May 7 11:33:29 2016 kern.info kernel: [ 29.843418] xt_time: kernel timezone is -0000 Sat May 7 11:33:29 2016 kern.notice kernel: [ 29.859910] ip_set: protocol 6 Sat May 7 11:33:29 2016 kern.info kernel: [ 29.875210] ipip: IPv4 over IPv4 tunneling driver Sat May 7 11:33:29 2016 kern.info kernel: [ 29.892559] gre: GRE over IPv4 demultiplexor driver Sat May 7 11:33:29 2016 kern.info kernel: [ 29.909581] ip_gre: GRE over IPv4 tunneling driver Sat May 7 11:33:29 2016 kern.info kernel: [ 29.927780] ip_tables: (C) 2000-2006 Netfilter Core Team Sat May 7 11:33:29 2016 kern.info kernel: [ 29.945419] ipt_CLUSTERIP: ClusterIP Version 0.8 loaded successfully Sat May 7 11:33:29 2016 kern.info kernel: [ 29.963951] arp_tables: (C) 2002 David S. Miller Sat May 7 11:33:29 2016 kern.info kernel: [ 29.980743] TCP: cubic registered Sat May 7 11:33:29 2016 kern.info kernel: [ 29.996183] Initializing XFRM netlink socket Sat May 7 11:33:29 2016 kern.info kernel: [ 30.012627] NET: Registered protocol family 10 Sat May 7 11:33:29 2016 kern.info kernel: [ 30.032416] mip6: Mobile IPv6 Sat May 7 11:33:29 2016 kern.info kernel: [ 30.047556] ip6_tables: (C) 2000-2006 Netfilter Core Team Sat May 7 11:33:29 2016 kern.info kernel: [ 30.065370] sit: IPv6 over IPv4 tunneling driver Sat May 7 11:33:29 2016 kern.info kernel: [ 30.083451] ip6_gre: GRE over IPv6 tunneling driver Sat May 7 11:33:29 2016 kern.info kernel: [ 30.101128] NET: Registered protocol family 17 Sat May 7 11:33:29 2016 kern.info kernel: [ 30.117742] NET: Registered protocol family 15 Sat May 7 11:33:29 2016 kern.notice kernel: [ 30.134407] Bridge firewalling registered Sat May 7 11:33:29 2016 kern.info kernel: [ 30.150557] Ebtables v2.0 registered Sat May 7 11:33:29 2016 kern.info kernel: [ 30.213187] 8021q: 802.1Q VLAN Support v1.8 Sat May 7 11:33:29 2016 kern.notice kernel: [ 30.229555] Key type dns_resolver registered Sat May 7 11:33:29 2016 kern.info kernel: [ 30.246090] L2 lock: TLB refill 256 bytes Sat May 7 11:33:29 2016 kern.info kernel: [ 30.262224] L2 lock: General exception 128 bytes Sat May 7 11:33:29 2016 kern.info kernel: [ 30.278961] L2 lock: low-level interrupt 128 bytes Sat May 7 11:33:29 2016 kern.info kernel: [ 30.295871] L2 lock: interrupt 640 bytes Sat May 7 11:33:29 2016 kern.info kernel: [ 30.311919] L2 lock: memcpy 1152 bytes Sat May 7 11:33:29 2016 kern.err kernel: [ 30.329812] drivers/rtc/hctosys.c: unable to open rtc device (rtc0) Sat May 7 11:33:29 2016 kern.info kernel: [ 30.354530] Freeing unused kernel memory: 26624K (ffffffff80930000 - ffffffff82330000) Sat May 7 11:33:29 2016 kern.info kernel: [ 46.806798] mmc1: BKOPS_EN bit is not set Sat May 7 11:33:29 2016 kern.info kernel: [ 46.827488] mmc1: new high speed DDR MMC card at address 0001 Sat May 7 11:33:29 2016 kern.info kernel: [ 46.845982] mmcblk0: mmc1:0001 P1XXXX 3.60 GiB Sat May 7 11:33:29 2016 kern.info kernel: [ 46.862961] mmcblk0boot0: mmc1:0001 P1XXXX partition 1 2.00 MiB Sat May 7 11:33:29 2016 kern.info kernel: [ 46.881329] mmcblk0boot1: mmc1:0001 P1XXXX partition 2 2.00 MiB Sat May 7 11:33:29 2016 kern.info kernel: [ 46.899696] mmcblk0rpmb: mmc1:0001 P1XXXX partition 3 128 KiB Sat May 7 11:33:29 2016 kern.info kernel: [ 46.921613] mmcblk0: p1 p2 p3 p4 Sat May 7 11:33:29 2016 kern.info kernel: [ 46.942561] mmcblk0boot1: unknown partition table Sat May 7 11:33:29 2016 kern.info kernel: [ 46.964074] mmcblk0boot0: unknown partition table Sat May 7 11:33:29 2016 kern.info kernel: [ 47.653470] kjournald starting. Commit interval 5 seconds Sat May 7 11:33:29 2016 kern.info kernel: [ 47.673769] EXT3-fs (mmcblk0p4): using internal journal Sat May 7 11:33:29 2016 kern.info kernel: [ 47.692048] EXT3-fs (mmcblk0p4): recovery complete Sat May 7 11:33:29 2016 kern.info kernel: [ 47.709110] EXT3-fs (mmcblk0p4): mounted filesystem with writeback data mode Sat May 7 11:33:29 2016 user.err kernel: [ 47.942577] init: failed to symlink /tmp -> /var Sat May 7 11:33:29 2016 user.info kernel: [ 47.959648] init: Console is alive Sat May 7 11:33:29 2016 user.info kernel: [ 47.975525] init: - watchdog - Sat May 7 11:33:29 2016 user.info kernel: [ 48.991678] init: - preinit - Sat May 7 11:33:29 2016 user.notice kernel: [ 52.193995] mount_root: mounting /dev/root Sat May 7 11:33:29 2016 user.info kernel: [ 52.210970] mount_root: loading kmods from internal overlay Sat May 7 11:33:29 2016 user.info kernel: [ 52.340189] block: attempting to load /etc/config/fstab Sat May 7 11:33:29 2016 user.info kernel: [ 52.359828] block: extroot: not configured Sat May 7 11:33:29 2016 user.info kernel: [ 52.381012] procd: - early - Sat May 7 11:33:29 2016 user.info kernel: [ 52.396351] procd: - watchdog - Sat May 7 11:33:29 2016 user.info kernel: [ 53.141653] procd: - ubus - Sat May 7 11:33:29 2016 user.info kernel: [ 54.157669] procd: - init - Sat May 7 11:33:29 2016 kern.info kernel: [ 55.944925] NET: Registered protocol family 38 Sat May 7 11:33:29 2016 kern.info kernel: [ 55.970167] tun: Universal TUN/TAP device driver, 1.6 Sat May 7 11:33:29 2016 kern.info kernel: [ 55.987523] tun: (C) 1999-2004 Max Krasnyansky Sat May 7 11:33:29 2016 kern.info kernel: [ 56.015620] u32 classifier Sat May 7 11:33:29 2016 kern.info kernel: [ 56.030468] input device check on Sat May 7 11:33:29 2016 kern.info kernel: [ 56.046250] Actions configured Sat May 7 11:33:29 2016 kern.info kernel: [ 56.062922] Mirror/redirect action on Sat May 7 11:33:29 2016 kern.info kernel: [ 56.087471] PPP generic driver version 2.4.2 Sat May 7 11:33:29 2016 kern.info kernel: [ 56.104941] NET: Registered protocol family 24 Sat May 7 11:33:30 2016 user.emerg procd: this file has been obseleted. please call "/sbin/block mount" directly Sat May 7 11:33:30 2016 daemon.warn netifd: You have delegated IPv6-prefixes but haven't assigned them to any interface. Did you forget to set option ip6assign on your lan-interfaces? Sat May 7 11:33:30 2016 kern.debug kernel: [ 58.111127] SGMII0: Port 1 link timeout Sat May 7 11:33:30 2016 kern.notice kernel: [ 58.111373] eth1: 1000 Mbps Full duplex, port 1 Sat May 7 11:33:30 2016 kern.info kernel: [ 58.111451] IPv6: ADDRCONF(NETDEV_UP): eth1: link is not ready Sat May 7 11:33:30 2016 kern.info kernel: [ 58.112259] device eth1 entered promiscuous mode Sat May 7 11:33:30 2016 daemon.notice netifd: Interface 'lan' is enabled Sat May 7 11:33:30 2016 daemon.notice netifd: Interface 'lan' is setting up now Sat May 7 11:33:30 2016 daemon.notice netifd: Interface 'lan' is now up Sat May 7 11:33:30 2016 daemon.notice netifd: Interface 'blockdomain' is enabled Sat May 7 11:33:30 2016 daemon.notice netifd: Interface 'blockdomain' is setting up now Sat May 7 11:33:30 2016 daemon.notice netifd: Interface 'blockdomain' is now up Sat May 7 11:33:30 2016 daemon.notice netifd: Interface 'loopback' is enabled Sat May 7 11:33:30 2016 daemon.notice netifd: Interface 'loopback' is setting up now Sat May 7 11:33:30 2016 daemon.notice netifd: Interface 'loopback' is now up Sat May 7 11:33:30 2016 kern.info kernel: [ 58.113943] IPv6: ADDRCONF(NETDEV_UP): br-lan: link is not ready Sat May 7 11:33:30 2016 daemon.err block: /dev/mmcblk0p4 is already mounted Sat May 7 11:33:30 2016 daemon.notice netifd: Interface 'wan' is enabled Sat May 7 11:33:30 2016 kern.notice kernel: [ 58.144070] eth0: 1000 Mbps Full duplex, port 0 Sat May 7 11:33:30 2016 kern.info kernel: [ 58.144312] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready Sat May 7 11:33:30 2016 daemon.notice netifd: Interface 'wan6' is enabled Sat May 7 11:33:30 2016 daemon.notice netifd: Network device 'lo' link is up Sat May 7 11:33:30 2016 kern.notice kernel: [ 58.165539] eth2: 1000 Mbps Full duplex, port 2 Sat May 7 11:33:30 2016 kern.info kernel: [ 58.165651] IPv6: ADDRCONF(NETDEV_UP): eth2: link is not ready Sat May 7 11:33:30 2016 daemon.notice netifd: Interface 'loopback' has link connectivity Sat May 7 11:33:30 2016 cron.info crond[3180]: crond (busybox 1.23.2) started, log level 5 Sat May 7 11:33:30 2016 user.notice firewall: Reloading firewall due to ifup of lan (br-lan) Sat May 7 11:33:30 2016 authpriv.info dropbear[3213]: Not backgrounding Sat May 7 11:33:30 2016 daemon.crit dnsmasq[3332]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf Sat May 7 11:33:30 2016 daemon.crit dnsmasq[3332]: FAILED to start up Sat May 7 11:33:31 2016 kern.info kernel: [ 58.891380] device eth0 entered promiscuous mode Sat May 7 11:33:31 2016 kern.info kernel: [ 58.894334] device eth2 entered promiscuous mode Sat May 7 11:33:31 2016 daemon.notice netifd: Network device 'eth1' link is up Sat May 7 11:33:31 2016 daemon.notice netifd: Bridge 'br-lan' link is up Sat May 7 11:33:31 2016 daemon.notice netifd: Interface 'lan' has link connectivity Sat May 7 11:33:31 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity Sat May 7 11:33:31 2016 kern.info kernel: [ 59.083345] IPv6: ADDRCONF(NETDEV_CHANGE): eth1: link becomes ready Sat May 7 11:33:31 2016 kern.info kernel: [ 59.083408] br-lan: port 1(eth1) entered forwarding state Sat May 7 11:33:31 2016 kern.info kernel: [ 59.083431] br-lan: port 1(eth1) entered forwarding state Sat May 7 11:33:31 2016 kern.info kernel: [ 59.083481] IPv6: ADDRCONF(NETDEV_CHANGE): br-lan: link becomes ready Sat May 7 11:33:31 2016 daemon.notice netifd: Network device 'eth0' link is up Sat May 7 11:33:31 2016 daemon.notice netifd: Interface 'wan' has link connectivity Sat May 7 11:33:31 2016 daemon.notice netifd: Interface 'wan' is setting up now Sat May 7 11:33:31 2016 kern.info kernel: [ 59.123380] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready Sat May 7 11:33:31 2016 daemon.notice netifd: Interface 'wan' is now up Sat May 7 11:33:31 2016 daemon.notice netifd: Network device 'eth2' link is up Sat May 7 11:33:31 2016 daemon.notice netifd: Interface 'wan6' has link connectivity Sat May 7 11:33:31 2016 daemon.notice netifd: Interface 'wan6' is setting up now Sat May 7 11:33:31 2016 kern.info kernel: [ 59.143525] IPv6: ADDRCONF(NETDEV_CHANGE): eth2: link becomes ready Sat May 7 11:33:31 2016 daemon.notice netifd: Interface 'wan6' is now up Sat May 7 11:33:31 2016 daemon.crit dnsmasq[3491]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf Sat May 7 11:33:31 2016 daemon.crit dnsmasq[3491]: FAILED to start up Sat May 7 11:33:31 2016 daemon.crit dnsmasq[3613]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf Sat May 7 11:33:31 2016 daemon.crit dnsmasq[3613]: FAILED to start up Sat May 7 11:33:32 2016 user.notice firewall: Reloading firewall due to ifup of wan (eth0) Sat May 7 11:33:32 2016 daemon.crit dnsmasq[3743]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf Sat May 7 11:33:32 2016 daemon.crit dnsmasq[3743]: FAILED to start up Sat May 7 11:33:32 2016 user.notice ddns-scripts[3777]: myddns_ipv4: PID '3777' started at 2016-05-07 11:33 Sat May 7 11:33:32 2016 user.notice firewall: Reloading firewall due to ifup of wan6 (eth2) Sat May 7 11:33:32 2016 user.warn ddns-scripts[3777]: myddns_ipv4: Service section disabled! - TERMINATE Sat May 7 11:33:32 2016 user.warn ddns-scripts[3777]: myddns_ipv4: PID '3777' exit WITH ERROR '1' at 2016-05-07 11:33 Sat May 7 11:33:33 2016 daemon.crit dnsmasq[3922]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf Sat May 7 11:33:33 2016 kern.info kernel: [ 61.083182] br-lan: port 1(eth1) entered forwarding state Sat May 7 11:33:33 2016 daemon.crit dnsmasq[3922]: FAILED to start up Sat May 7 11:33:33 2016 user.notice ddns-scripts[3956]: myddns_ipv6: PID '3956' started at 2016-05-07 11:33 Sat May 7 11:33:33 2016 user.warn ddns-scripts[3956]: myddns_ipv6: Service section disabled! - TERMINATE Sat May 7 11:33:33 2016 user.warn ddns-scripts[3956]: myddns_ipv6: PID '3956' exit WITH ERROR '1' at 2016-05-07 11:33 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Enabling inline operation Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Found pid path directive (/var/snort/) Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Running in IDS mode Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Sat May 7 11:33:34 2016 daemon.notice snort[4011]: --== Initializing Snort ==-- Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Initializing Output Plugins! Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Initializing Preprocessors! Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Initializing Plug-ins! Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Parsing Rules file "/etc/snort/snort_bridge.conf" Sat May 7 11:33:34 2016 daemon.notice snort[4011]: PortVar 'HTTP_PORTS' defined : Sat May 7 11:33:34 2016 daemon.notice snort[4011]: [ 36 80:90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 33300 34412 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Sat May 7 11:33:34 2016 daemon.notice snort[4011]: PortVar 'SHELLCODE_PORTS' defined : Sat May 7 11:33:34 2016 daemon.notice snort[4011]: [ 1:65535 ] Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Sat May 7 11:33:34 2016 daemon.notice snort[4011]: PortVar 'ORACLE_PORTS' defined : Sat May 7 11:33:34 2016 daemon.notice snort[4011]: [ 1024:65535 ] Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Sat May 7 11:33:34 2016 daemon.notice snort[4011]: PortVar 'SSH_PORTS' defined : Sat May 7 11:33:34 2016 daemon.notice snort[4011]: [ 22 ] Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Sat May 7 11:33:34 2016 daemon.notice snort[4011]: PortVar 'FTP_PORTS' defined : Sat May 7 11:33:34 2016 daemon.notice snort[4011]: [ 21 2100 3535 ] Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Sat May 7 11:33:34 2016 daemon.notice snort[4011]: PortVar 'SIP_PORTS' defined : Sat May 7 11:33:34 2016 daemon.notice snort[4011]: [ 5060:5061 5600 ] Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Sat May 7 11:33:34 2016 daemon.notice snort[4011]: PortVar 'FILE_DATA_PORTS' defined : Sat May 7 11:33:34 2016 daemon.notice snort[4011]: [ 36 80:90 110 143 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 3330Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Sat May 7 11:33:34 2016 daemon.notice snort[4011]: PortVar 'GTP_PORTS' defined : Sat May 7 11:33:34 2016 daemon.notice snort[4011]: [ 2123 2152 3386 ] Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Detection: Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Search-Method = AC-Full Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Search-Method-Optimizations = enabled Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Maximum pattern length = 20 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Found pid path directive (/var/snort/) Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Tagged Packet Limit: 256 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so... Sat May 7 11:33:34 2016 daemon.notice snort[4011]: done Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/... Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so... Sat May 7 11:33:34 2016 daemon.notice snort[4011]: done Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_reputation_preproc.so... Sat May 7 11:33:34 2016 daemon.notice snort[4011]: done Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_pop_preproc.so... Sat May 7 11:33:34 2016 daemon.notice snort[4011]: done Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so... Sat May 7 11:33:34 2016 daemon.notice snort[4011]: done Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_gtp_preproc.so... Sat May 7 11:33:34 2016 daemon.notice snort[4011]: done Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_imap_preproc.so... Sat May 7 11:33:34 2016 daemon.notice snort[4011]: done Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sip_preproc.so... Sat May 7 11:33:34 2016 daemon.notice snort[4011]: done Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_modbus_preproc.so... Sat May 7 11:33:34 2016 daemon.notice snort[4011]: done Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so... Sat May 7 11:33:34 2016 daemon.notice snort[4011]: done Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so... Sat May 7 11:33:34 2016 daemon.notice snort[4011]: done Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dnp3_preproc.so... Sat May 7 11:33:34 2016 daemon.notice snort[4011]: done Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so... Sat May 7 11:33:34 2016 daemon.notice snort[4011]: done Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so... Sat May 7 11:33:34 2016 daemon.notice snort[4011]: done Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... Sat May 7 11:33:34 2016 daemon.notice snort[4011]: done Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/ Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Log directory = /tmp/snort/ Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Normalizer config: Sat May 7 11:33:34 2016 daemon.notice snort[4011]: ip4: on Sat May 7 11:33:34 2016 daemon.notice snort[4011]: ip4::df: off Sat May 7 11:33:34 2016 daemon.notice snort[4011]: ip4::rf: off Sat May 7 11:33:34 2016 daemon.notice snort[4011]: ip4::tos: off Sat May 7 11:33:34 2016 daemon.notice snort[4011]: ip4::trim: off Sat May 7 11:33:34 2016 daemon.notice snort[4011]: ip4::ttl: on (min=1, new=5) Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Normalizer config: Sat May 7 11:33:34 2016 daemon.notice snort[4011]: tcp: on Sat May 7 11:33:34 2016 daemon.notice snort[4011]: tcp::ecn: stream Sat May 7 11:33:34 2016 daemon.notice snort[4011]: tcp::block: off Sat May 7 11:33:34 2016 daemon.notice snort[4011]: tcp::rsv: off Sat May 7 11:33:34 2016 daemon.notice snort[4011]: tcp::pad: off Sat May 7 11:33:34 2016 daemon.notice snort[4011]: tcp::req_urg: off Sat May 7 11:33:34 2016 daemon.notice snort[4011]: tcp::req_pay: off Sat May 7 11:33:34 2016 daemon.notice snort[4011]: tcp::req_urp: off Sat May 7 11:33:34 2016 daemon.notice snort[4011]: tcp::urp: off Sat May 7 11:33:34 2016 daemon.notice snort[4011]: tcp::opt: off Sat May 7 11:33:34 2016 daemon.notice snort[4011]: tcp::ips: on Sat May 7 11:33:34 2016 daemon.notice snort[4011]: tcp::trim_syn: off Sat May 7 11:33:34 2016 daemon.notice snort[4011]: tcp::trim_rst: off Sat May 7 11:33:34 2016 daemon.notice snort[4011]: tcp::trim_win: off Sat May 7 11:33:34 2016 daemon.notice snort[4011]: tcp::trim_mss: off Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Normalizer config: Sat May 7 11:33:34 2016 daemon.notice snort[4011]: icmp4: on Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Normalizer config: Sat May 7 11:33:34 2016 daemon.notice snort[4011]: ip6: on Sat May 7 11:33:34 2016 daemon.notice snort[4011]: ip6::hops: on (min=1, new=5) Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Normalizer config: Sat May 7 11:33:34 2016 daemon.notice snort[4011]: icmp6: on Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Frag3 global config: Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Max frags: 65536 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Fragment memory cap: 4194304 bytes Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Frag3 engine config: Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Bound Address: default Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Target-based policy: WINDOWS Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Fragment timeout: 180 seconds Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Fragment min_ttl: 1 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Fragment Anomalies: Alert Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Overlap Limit: 10 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Min fragment Length: 100 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Max Expected Streams: 39 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Stream global config: Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Track TCP sessions: ACTIVE Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Max TCP sessions: 10000 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: TCP cache pruning timeout: 30 seconds Sat May 7 11:33:34 2016 daemon.notice snort[4011]: TCP cache nominal timeout: 3600 seconds Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Memcap (for reassembly packet storage): 8388608 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Track UDP sessions: ACTIVE Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Max UDP sessions: 10000 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: UDP cache pruning timeout: 30 seconds Sat May 7 11:33:34 2016 daemon.notice snort[4011]: UDP cache nominal timeout: 180 seconds Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Track ICMP sessions: ACTIVE Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Max ICMP sessions: 65536 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Track IP sessions: INACTIVE Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Log info if session memory consumption exceeds 1048576 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Send up to 2 active responses Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Wait at least 5 seconds between responses Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Protocol Aware Flushing: ACTIVE Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Maximum Flush Point: 16000 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Stream TCP Policy config: Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Bound Address: default Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Reassembly Policy: WINDOWS Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Timeout: 180 seconds Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Limit on TCP Overlaps: 10 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Maximum number of bytes to queue per session: 1048576 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Maximum number of segs to queue per session: 2621 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Options: Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Require 3-Way Handshake: YES Sat May 7 11:33:34 2016 daemon.notice snort[4011]: 3-Way Handshake Timeout: 180 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Detect Anomalies: YES Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Reassembly Ports: Sat May 7 11:33:34 2016 daemon.notice snort[4011]: 21 client (Footprint-IPS) Sat May 7 11:33:34 2016 daemon.notice snort[4011]: 22 client (Footprint-IPS) Sat May 7 11:33:34 2016 daemon.notice snort[4011]: 23 client (Footprint-IPS) Sat May 7 11:33:34 2016 daemon.notice snort[4011]: 25 client (Footprint-IPS) Sat May 7 11:33:34 2016 daemon.notice snort[4011]: 36 client (Footprint-IPS) server (Footprint-IPS) Sat May 7 11:33:34 2016 daemon.notice snort[4011]: 42 client (Footprint-IPS) Sat May 7 11:33:34 2016 daemon.notice snort[4011]: 53 client (Footprint-IPS) Sat May 7 11:33:34 2016 daemon.notice snort[4011]: 70 client (Footprint-IPS) Sat May 7 11:33:34 2016 daemon.notice snort[4011]: 79 client (Footprint-IPS) Sat May 7 11:33:34 2016 daemon.notice snort[4011]: 80 client (Footprint-IPS) server (Footprint-IPS) Sat May 7 11:33:34 2016 daemon.notice snort[4011]: 81 client (Footprint-IPS) server (Footprint-IPS) Sat May 7 11:33:34 2016 daemon.notice snort[4011]: 82 client (Footprint-IPS) server (Footprint-IPS) Sat May 7 11:33:34 2016 daemon.notice snort[4011]: 83 client (Footprint-IPS) server (Footprint-IPS) Sat May 7 11:33:34 2016 daemon.notice snort[4011]: 84 client (Footprint-IPS) server (Footprint-IPS) Sat May 7 11:33:34 2016 daemon.notice snort[4011]: 85 client (Footprint-IPS) server (Footprint-IPS) Sat May 7 11:33:34 2016 daemon.notice snort[4011]: 86 client (Footprint-IPS) server (Footprint-IPS) Sat May 7 11:33:34 2016 daemon.notice snort[4011]: 87 client (Footprint-IPS) server (Footprint-IPS) Sat May 7 11:33:34 2016 daemon.notice snort[4011]: 88 client (Footprint-IPS) server (Footprint-IPS) Sat May 7 11:33:34 2016 daemon.notice snort[4011]: 89 client (Footprint-IPS) server (Footprint-IPS) Sat May 7 11:33:34 2016 daemon.notice snort[4011]: 90 client (Footprint-IPS) server (Footprint-IPS) Sat May 7 11:33:34 2016 daemon.notice snort[4011]: additional ports configured but not printed. Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Stream UDP Policy config: Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Timeout: 180 seconds Sat May 7 11:33:34 2016 daemon.notice snort[4011]: HttpInspect Config: Sat May 7 11:33:34 2016 daemon.notice snort[4011]: GLOBAL CONFIG Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Detect Proxy Usage: NO Sat May 7 11:33:34 2016 daemon.notice snort[4011]: IIS Unicode Map Filename: /etc/snort/unicode.map Sat May 7 11:33:34 2016 daemon.notice snort[4011]: IIS Unicode Map Codepage: 1252 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Memcap used for logging URI and Hostname: 150994944 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Max Gzip Memory: 838860 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Max Gzip Sessions: 1807 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Gzip Compress Depth: 65535 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Gzip Decompress Depth: 65535 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: DEFAULT SERVER CONFIG: Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Server profile: All Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Ports (PAF): 36 80 81 82 83 84 85 86 87 88 89 90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000 7001 7071 7144 7145 7510 7770 7777 7778 7779 8000 8008 8014 8028 8080 8081 8082 8085 8088 8090 8118 8123 8180 8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090 9091 9111 9290 9443 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Server Flow Depth: 0 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Client Flow Depth: 0 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Max Chunk Length: 500000 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Small Chunk Length Evasion: chunk size <= 10, threshold >= 5 times Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Max Header Field Length: 750 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Max Number Header Fields: 100 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Max Number of WhiteSpaces allowed with header folding: 200 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Inspect Pipeline Requests: YES Sat May 7 11:33:34 2016 daemon.notice snort[4011]: URI Discovery Strict Mode: NO Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Allow Proxy Usage: NO Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Disable Alerting: NO Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Oversize Dir Length: 500 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Only inspect URI: NO Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Normalize HTTP Headers: NO Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Inspect HTTP Cookies: YES Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Inspect HTTP Responses: YES Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Extract Gzip from responses: YES Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Decompress response files: Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Unlimited decompression of gzip data from responses: YES Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Normalize Javascripts in HTTP Responses: YES Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Max Number of WhiteSpaces allowed with Javascript Obfuscation in HTTP responses: 200 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Normalize HTTP Cookies: NO Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Enable XFF and True Client IP: NO Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Log HTTP URI data: NO Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Log HTTP Hostname data: NO Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Extended ASCII code support in URI: NO Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Ascii: YES alert: NO Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Double Decoding: YES alert: NO Sat May 7 11:33:34 2016 daemon.notice snort[4011]: %U Encoding: YES alert: YES Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Bare Byte: YES alert: NO Sat May 7 11:33:34 2016 daemon.notice snort[4011]: UTF 8: YES alert: NO Sat May 7 11:33:34 2016 daemon.notice snort[4011]: IIS Unicode: YES alert: NO Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Multiple Slash: YES alert: NO Sat May 7 11:33:34 2016 daemon.notice snort[4011]: IIS Backslash: YES alert: NO Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Directory Traversal: YES alert: NO Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Web Root Traversal: YES alert: NO Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Apache WhiteSpace: YES alert: NO Sat May 7 11:33:34 2016 daemon.notice snort[4011]: IIS Delimiter: YES alert: NO Sat May 7 11:33:34 2016 daemon.notice snort[4011]: IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Whitespace Characters: 0x09 0x0b 0x0c 0x0d Sat May 7 11:33:34 2016 daemon.notice snort[4011]: rpc_decode arguments: Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: alert_fragments: INACTIVE Sat May 7 11:33:34 2016 daemon.notice snort[4011]: alert_large_fragments: INACTIVE Sat May 7 11:33:34 2016 daemon.notice snort[4011]: alert_incomplete: INACTIVE Sat May 7 11:33:34 2016 daemon.notice snort[4011]: alert_multiple_requests: INACTIVE Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Portscan Detection Config: Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Detect Protocols: TCP UDP ICMP IP Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Detect Scan Type: portscan portsweep decoy_portscan distributed_portscan Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Sensitivity Level: Medium Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Memcap (in bytes): 500000 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Number of Nodes: 978 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: FTPTelnet Config: Sat May 7 11:33:34 2016 daemon.notice snort[4011]: GLOBAL CONFIG Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Inspection Type: stateful Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Check for Encrypted Traffic: YES alert: NO Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Continue to check encrypted data: YES Sat May 7 11:33:34 2016 daemon.notice snort[4011]: TELNET CONFIG: Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Ports: 23 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Are You There Threshold: 20 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Normalize: YES Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Detect Anomalies: YES Sat May 7 11:33:34 2016 daemon.notice snort[4011]: FTP CONFIG: Sat May 7 11:33:34 2016 daemon.notice snort[4011]: FTP Server: default Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Ports (PAF): 21 2100 3535 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Check for Telnet Cmds: YES alert: YES Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Ignore Telnet Cmd Operations: YES alert: YES Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Ignore open data channels: NO Sat May 7 11:33:34 2016 daemon.notice snort[4011]: FTP Client: default Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Check for Bounce Attacks: YES alert: YES Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Check for Telnet Cmds: YES alert: YES Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Ignore Telnet Cmd Operations: YES alert: YES Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Max Response Length: 256 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: SSH config: Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Autodetection: ENABLED Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Challenge-Response Overflow Alert: ENABLED Sat May 7 11:33:34 2016 daemon.notice snort[4011]: SSH1 CRC32 Alert: ENABLED Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Server Version String Overflow Alert: ENABLED Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Protocol Mismatch Alert: ENABLED Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Bad Message Direction Alert: DISABLED Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Bad Payload Size Alert: DISABLED Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Unrecognized Version Alert: DISABLED Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Max Encrypted Packets: 20 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Max Server Version String Length: 100 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: MaxClientBytes: 19600 (Default) Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Ports: Sat May 7 11:33:34 2016 daemon.notice snort[4011]: 22 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Sat May 7 11:33:34 2016 daemon.notice snort[4011]: DCE/RPC 2 Preprocessor Configuration Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Global Configuration Sat May 7 11:33:34 2016 daemon.notice snort[4011]: DCE/RPC Defragmentation: Enabled Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Memcap: 102400 KB Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Events: co Sat May 7 11:33:34 2016 daemon.notice snort[4011]: SMB Fingerprint policy: Disabled Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Server Default Configuration Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Policy: WinXP Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Detect ports (PAF) Sat May 7 11:33:34 2016 daemon.notice snort[4011]: SMB: 139 445 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: TCP: 135 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: UDP: 135 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: RPC over HTTP server: 593 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: RPC over HTTP proxy: None Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Autodetect ports (PAF) Sat May 7 11:33:34 2016 daemon.notice snort[4011]: SMB: None Sat May 7 11:33:34 2016 daemon.notice snort[4011]: TCP: 1025-65535 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: UDP: 1025-65535 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: RPC over HTTP server: 1025-65535 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: RPC over HTTP proxy: None Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Invalid SMB shares: C$ D$ ADMIN$ Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Maximum SMB command chaining: 3 commands Sat May 7 11:33:34 2016 daemon.notice snort[4011]: SMB file inspection: Disabled Sat May 7 11:33:34 2016 daemon.notice snort[4011]: DNS config: Sat May 7 11:33:34 2016 daemon.notice snort[4011]: DNS Client rdata txt Overflow Alert: ACTIVE Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Obsolete DNS RR Types Alert: INACTIVE Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Experimental DNS RR Types Alert: INACTIVE Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Ports: Sat May 7 11:33:34 2016 daemon.notice snort[4011]: 53 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Sat May 7 11:33:34 2016 daemon.notice snort[4011]: SSLPP config: Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Encrypted packets: not inspected Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Ports: Sat May 7 11:33:34 2016 daemon.notice snort[4011]: 443 465 563 636 989 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: 992 993 994 995 7801 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: 7802 7900 7901 7902 7903 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: 7904 7905 7906 7907 7908 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: 7909 7910 7911 7912 7913 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: 7914 7915 7916 7917 7918 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: 7919 7920 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Server side data is trusted Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Maximum SSL Heartbeat length: 0 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Sensitive Data preprocessor config: Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Global Alert Threshold: 25 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Masked Output: DISABLED Sat May 7 11:33:34 2016 daemon.notice snort[4011]: SIP config: Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Max number of sessions: 1024 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Max number of dialogs in a session: 4 (Default) Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Status: ENABLED Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Ignore media channel: DISABLED Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Max URI length: 512 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Max Call ID length: 80 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Max Request name length: 20 (Default) Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Max From length: 256 (Default) Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Max To length: 256 (Default) Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Max Via length: 1024 (Default) Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Max Contact length: 512 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Max Content length: 2048 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Ports: Sat May 7 11:33:34 2016 daemon.notice snort[4011]: 5060 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: 5061 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: 5600 Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Methods: Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Sat May 7 11:33:34 2016 daemon.notice snort[4011]: invite Sat May 7 11:33:34 2016 daemon.notice snort[4011]: cancel Sat May 7 11:33:34 2016 daemon.notice snort[4011]: ack Sat May 7 11:33:34 2016 daemon.notice snort[4011]: bye Sat May 7 11:33:34 2016 daemon.notice snort[4011]: register Sat May 7 11:33:34 2016 daemon.notice snort[4011]: options Sat May 7 11:33:34 2016 daemon.notice snort[4011]: refer Sat May 7 11:33:34 2016 daemon.notice snort[4011]: subscribe Sat May 7 11:33:34 2016 daemon.notice snort[4011]: update Sat May 7 11:33:34 2016 daemon.notice snort[4011]: join Sat May 7 11:33:34 2016 daemon.notice snort[4011]: info Sat May 7 11:33:34 2016 daemon.notice snort[4011]: message Sat May 7 11:33:34 2016 daemon.notice snort[4011]: notify Sat May 7 11:33:34 2016 daemon.notice snort[4011]: benotify Sat May 7 11:33:34 2016 daemon.notice snort[4011]: do Sat May 7 11:33:34 2016 daemon.notice snort[4011]: qauth Sat May 7 11:33:34 2016 daemon.notice snort[4011]: sprack Sat May 7 11:33:34 2016 daemon.notice snort[4011]: publish Sat May 7 11:33:34 2016 daemon.notice snort[4011]: service Sat May 7 11:33:34 2016 daemon.notice snort[4011]: unsubscribe Sat May 7 11:33:34 2016 daemon.notice snort[4011]: prack Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Sat May 7 11:33:34 2016 daemon.notice snort[4011]: +++++++++++++++++++++++++++++++++++++++++++++++++++ Sat May 7 11:33:34 2016 daemon.notice snort[4011]: Initializing rule chains... Sat May 7 11:33:35 2016 daemon.notice snort[4011]: WARNING: /etc/snort/rules/snort.rules(1218) threshold (in rule) is deprecated; use detection_filter instead. Sat May 7 11:33:36 2016 kern.info kernel: [ 64.695178] nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to attach helpers instead. Sat May 7 11:33:38 2016 daemon.crit dnsmasq[4020]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf Sat May 7 11:33:38 2016 daemon.crit dnsmasq[4020]: FAILED to start up Sat May 7 11:33:38 2016 daemon.info procd: Instance dnsmasq::instance1 s in a crash loop 6 crashes, 0 seconds since last crash Sat May 7 11:33:39 2016 daemon.emerg procd: Cannot change large-receive-offload Sat May 7 11:33:40 2016 kern.notice kernel: [ 68.143025] eth0: Link down Sat May 7 11:33:41 2016 daemon.notice netifd: Network device 'eth0' link is down Sat May 7 11:33:41 2016 daemon.notice netifd: Interface 'wan' has link connectivity loss Sat May 7 11:33:41 2016 daemon.notice netifd: Interface 'wan' is now down Sat May 7 11:33:41 2016 daemon.notice netifd: Interface 'wan' is disabled Sat May 7 11:33:41 2016 daemon.notice netifd: Interface 'wan' is enabled Sat May 7 11:33:41 2016 kern.info kernel: [ 69.137639] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready Sat May 7 11:33:42 2016 daemon.emerg procd: Cannot change large-receive-offload Sat May 7 11:33:43 2016 kern.notice kernel: [ 71.102931] eth1: Link down Sat May 7 11:33:43 2016 daemon.notice snort[4011]: 13285 Snort rules read Sat May 7 11:33:43 2016 daemon.notice snort[4011]: 13285 detection rules Sat May 7 11:33:43 2016 daemon.notice snort[4011]: 0 decoder rules Sat May 7 11:33:43 2016 daemon.notice snort[4011]: 0 preprocessor rules Sat May 7 11:33:43 2016 daemon.notice snort[4011]: 13285 Option Chains linked into 252 Chain Headers Sat May 7 11:33:43 2016 daemon.notice snort[4011]: 0 Dynamic rules Sat May 7 11:33:43 2016 daemon.notice snort[4011]: +++++++++++++++++++++++++++++++++++++++++++++++++++ Sat May 7 11:33:43 2016 daemon.notice snort[4011]: Sat May 7 11:33:44 2016 daemon.notice netifd: Network device 'eth1' link is down Sat May 7 11:33:44 2016 kern.info kernel: [ 72.093367] br-lan: port 1(eth1) entered disabled state Sat May 7 11:33:44 2016 daemon.notice netifd: Network device 'eth0' link is up Sat May 7 11:33:44 2016 daemon.notice netifd: Interface 'wan' has link connectivity Sat May 7 11:33:44 2016 daemon.notice netifd: Interface 'wan' is setting up now Sat May 7 11:33:44 2016 daemon.notice netifd: Interface 'wan' is now up Sat May 7 11:33:44 2016 kern.notice kernel: [ 72.153341] eth0: 1000 Mbps Full duplex, port 0 Sat May 7 11:33:44 2016 kern.info kernel: [ 72.153364] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready Sat May 7 11:33:44 2016 user.notice firewall: Reloading firewall due to ifup of wan (eth0) Sat May 7 11:33:44 2016 daemon.crit dnsmasq[4169]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf Sat May 7 11:33:44 2016 daemon.crit dnsmasq[4169]: FAILED to start up Sat May 7 11:33:44 2016 user.notice ddns-scripts[4203]: myddns_ipv4: PID '4203' started at 2016-05-07 11:33 Sat May 7 11:33:45 2016 user.warn ddns-scripts[4203]: myddns_ipv4: Service section disabled! - TERMINATE Sat May 7 11:33:45 2016 user.warn ddns-scripts[4203]: myddns_ipv4: PID '4203' exit WITH ERROR '1' at 2016-05-07 11:33 Sat May 7 11:33:45 2016 daemon.emerg procd: Cannot change large-receive-offload Sat May 7 11:33:45 2016 daemon.notice netifd: Bridge 'br-lan' link is down Sat May 7 11:33:45 2016 daemon.notice netifd: Interface 'lan' has link connectivity loss Sat May 7 11:33:45 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity loss Sat May 7 11:33:46 2016 kern.notice kernel: [ 74.173088] eth2: Link down Sat May 7 11:33:47 2016 daemon.notice netifd: Network device 'eth1' link is up Sat May 7 11:33:47 2016 daemon.notice netifd: Bridge 'br-lan' link is up Sat May 7 11:33:47 2016 daemon.notice netifd: Interface 'lan' has link connectivity Sat May 7 11:33:47 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity Sat May 7 11:33:47 2016 kern.notice kernel: [ 75.113282] eth1: 1000 Mbps Full duplex, port 1 Sat May 7 11:33:47 2016 kern.info kernel: [ 75.113316] br-lan: port 1(eth1) entered forwarding state Sat May 7 11:33:47 2016 kern.info kernel: [ 75.113348] br-lan: port 1(eth1) entered forwarding state Sat May 7 11:33:48 2016 daemon.notice netifd: Network device 'eth2' link is down Sat May 7 11:33:48 2016 daemon.notice netifd: Interface 'wan6' has link connectivity loss Sat May 7 11:33:48 2016 daemon.notice netifd: Interface 'wan6' is now down Sat May 7 11:33:48 2016 daemon.notice netifd: Interface 'wan6' is disabled Sat May 7 11:33:48 2016 daemon.notice netifd: Interface 'wan6' is enabled Sat May 7 11:33:48 2016 kern.info kernel: [ 76.127262] IPv6: ADDRCONF(NETDEV_UP): eth2: link is not ready Sat May 7 11:33:49 2016 daemon.emerg procd: /etc/rc.local: line 36: /etc/itus/detect_mode.sh: Permission denied Sat May 7 11:33:49 2016 kern.info kernel: [ 77.113165] br-lan: port 1(eth1) entered forwarding state Sat May 7 11:33:50 2016 daemon.notice netifd: Network device 'eth2' link is up Sat May 7 11:33:50 2016 daemon.notice netifd: Interface 'wan6' has link connectivity Sat May 7 11:33:50 2016 daemon.notice netifd: Interface 'wan6' is setting up now Sat May 7 11:33:50 2016 kern.notice kernel: [ 78.143361] eth2: 1000 Mbps Full duplex, port 2 Sat May 7 11:33:50 2016 kern.info kernel: [ 78.145358] IPv6: ADDRCONF(NETDEV_CHANGE): eth2: link becomes ready Sat May 7 11:33:50 2016 daemon.notice netifd: Interface 'wan6' is now up Sat May 7 11:33:50 2016 daemon.notice vnstatd[4337]: vnStat daemon 1.12 started. (uid:0 gid:0) Sat May 7 11:33:50 2016 daemon.notice vnstatd[4337]: Monitoring: br-lan (100 Mbit) eth0 (100 Mbit) Sat May 7 11:33:50 2016 user.notice firewall: Reloading firewall due to ifup of wan6 (eth2) Sat May 7 11:33:50 2016 daemon.emerg procd: Stopping strongSwan IPsec failed: starter is not running Sat May 7 11:33:50 2016 daemon.crit dnsmasq[4421]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf Sat May 7 11:33:50 2016 daemon.crit dnsmasq[4421]: FAILED to start up Sat May 7 11:33:51 2016 user.notice ddns-scripts[4455]: myddns_ipv6: PID '4455' started at 2016-05-07 11:33 Sat May 7 11:33:51 2016 user.warn ddns-scripts[4455]: myddns_ipv6: Service section disabled! - TERMINATE Sat May 7 11:33:51 2016 user.warn ddns-scripts[4455]: myddns_ipv6: PID '4455' exit WITH ERROR '1' at 2016-05-07 11:33 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: +-------------------[Rule Port Counts]--------------------------------------- Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | tcp udp icmp ip Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | src 1980 40 0 0 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | dst 10553 492 0 0 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | any 206 16 0 0 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | nc 7 1 0 0 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | s+d 46 15 0 0 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: +---------------------------------------------------------------------------- Sat May 7 11:33:52 2016 daemon.notice snort[4011]: Sat May 7 11:33:52 2016 daemon.notice snort[4011]: +-----------------------[detection-filter-config]------------------------------ Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | memory-cap : 1048576 bytes Sat May 7 11:33:52 2016 daemon.notice snort[4011]: +-----------------------[detection-filter-rules]------------------------------- Sat May 7 11:33:52 2016 daemon.notice snort[4011]: ------------------------------------------------------------------------------- Sat May 7 11:33:52 2016 daemon.notice snort[4011]: Sat May 7 11:33:52 2016 daemon.notice snort[4011]: +-----------------------[rate-filter-config]----------------------------------- Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | memory-cap : 1048576 bytes Sat May 7 11:33:52 2016 daemon.notice snort[4011]: +-----------------------[rate-filter-rules]------------------------------------ Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | none Sat May 7 11:33:52 2016 daemon.notice snort[4011]: ------------------------------------------------------------------------------- Sat May 7 11:33:52 2016 daemon.notice snort[4011]: Sat May 7 11:33:52 2016 daemon.notice snort[4011]: +-----------------------[event-filter-config]---------------------------------- Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | memory-cap : 1048576 bytes Sat May 7 11:33:52 2016 daemon.notice snort[4011]: +-----------------------[event-filter-global]---------------------------------- Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | none Sat May 7 11:33:52 2016 daemon.notice snort[4011]: +-----------------------[event-filter-local]----------------------------------- Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2010494 type=Threshold tracking=src count=5 seconds=120 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2010487 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2010486 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2020240 type=Limit tracking=src count=1 seconds=180 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2020338 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2010513 type=Threshold tracking=src count=10 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2010508 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2020323 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2020306 type=Both tracking=dst count=30 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2020305 type=Both tracking=src count=30 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2011887 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2020167 type=Both tracking=src count=1 seconds=10 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008276 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2011766 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2011716 type=Limit tracking=src count=5 seconds=120 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008199 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2011809 type=Limit tracking=src count=1 seconds=30 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2011808 type=Limit tracking=src count=1 seconds=30 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2021575 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2021574 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2021573 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2021572 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008184 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008181 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2017967 type=Both tracking=src count=2 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2021410 type=Both tracking=src count=10 seconds=120 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2017966 type=Both tracking=src count=1 seconds=120 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2021409 type=Both tracking=src count=10 seconds=120 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2017965 type=Both tracking=src count=1 seconds=120 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2011767 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008147 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008266 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008264 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008262 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008259 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008257 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008255 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008253 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2017921 type=Both tracking=src count=2 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2017920 type=Both tracking=src count=2 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008231 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2017919 type=Both tracking=dst count=2 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008228 type=Limit tracking=src count=3 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008216 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008215 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2003397 type=Both tracking=src count=1 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008214 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008211 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008209 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008208 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2003387 type=Limit tracking=src count=5 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2003384 type=Limit tracking=src count=1 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008073 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2021444 type=Both tracking=src count=10 seconds=120 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2021443 type=Both tracking=src count=10 seconds=120 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2013017 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2009547 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2009544 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2009538 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2009537 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2009534 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2003287 type=Both tracking=dst count=1 seconds=900 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2003286 type=Both tracking=dst count=1 seconds=900 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2017918 type=Both tracking=dst count=2 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2003281 type=Both tracking=src count=1 seconds=900 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008098 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2003280 type=Both tracking=src count=1 seconds=900 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008097 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2003279 type=Both tracking=src count=1 seconds=900 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008096 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2003278 type=Both tracking=src count=1 seconds=900 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2003277 type=Both tracking=src count=1 seconds=900 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2003276 type=Both tracking=src count=1 seconds=900 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2003275 type=Both tracking=src count=1 seconds=900 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2003274 type=Both tracking=src count=1 seconds=900 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2003273 type=Both tracking=src count=1 seconds=900 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2003272 type=Both tracking=src count=1 seconds=900 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2003271 type=Both tracking=src count=1 seconds=900 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2003270 type=Both tracking=src count=1 seconds=900 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2003269 type=Both tracking=src count=1 seconds=900 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2003268 type=Both tracking=src count=1 seconds=900 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008085 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2003267 type=Both tracking=src count=1 seconds=900 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008084 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2003266 type=Both tracking=src count=1 seconds=900 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2003263 type=Both tracking=src count=1 seconds=900 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2003262 type=Both tracking=src count=1 seconds=900 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2003261 type=Both tracking=src count=1 seconds=900 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2003260 type=Both tracking=src count=1 seconds=900 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2003259 type=Both tracking=src count=1 seconds=900 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2003258 type=Both tracking=src count=1 seconds=900 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2003257 type=Both tracking=src count=2 seconds=900 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2003256 type=Both tracking=src count=2 seconds=900 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2003255 type=Both tracking=src count=1 seconds=900 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2003254 type=Both tracking=src count=1 seconds=900 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2013036 type=Limit tracking=src count=1 seconds=3 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2019230 type=Both tracking=src count=50 seconds=10 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2019211 type=Both tracking=src count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2009512 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2014372 type=Both tracking=src count=2 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2009481 type=Threshold tracking=dst count=20 seconds=40 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2009480 type=Limit tracking=dst count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2019102 type=Both tracking=src count=2 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2019166 type=Both tracking=src count=5 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2000929 type=Limit tracking=src count=1 seconds=360 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2009356 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2009355 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2010715 type=Limit tracking=src count=1 seconds=180 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2016897 type=Limit tracking=src count=2 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2002402 type=Limit tracking=src count=1 seconds=360 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2002400 type=Limit tracking=src count=2 seconds=360 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2002383 type=Threshold tracking=dst count=5 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2010643 type=Threshold tracking=src count=5 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2010642 type=Threshold tracking=src count=5 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008549 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008544 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008514 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008513 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008512 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008510 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008504 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2015577 type=Limit tracking=src count=1 seconds=30 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2018292 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2011975 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2011974 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2018277 type=Both tracking=src count=5 seconds=90 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008571 type=Threshold tracking=dst count=2 seconds=5 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008564 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008560 type=Threshold tracking=dst count=4 seconds=15 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2016867 type=Limit tracking=src count=1 seconds=600 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008429 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008428 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008427 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008424 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008423 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008422 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008413 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008400 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2003586 type=Limit tracking=src count=3 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2018208 type=Both tracking=src count=100 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008391 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2003585 type=Limit tracking=src count=3 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2003583 type=Limit tracking=src count=3 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2003566 type=Limit tracking=src count=3 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008495 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008494 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008488 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008464 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008463 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2003657 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008460 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008455 type=Threshold tracking=src count=5 seconds=30 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008454 type=Threshold tracking=src count=5 seconds=30 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008453 type=Threshold tracking=src count=5 seconds=30 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008440 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2003622 type=Limit tracking=src count=3 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2000031 type=Limit tracking=dst count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2021691 type=Limit tracking=src count=3 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2011915 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2011914 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2013416 type=Threshold tracking=dst count=10 seconds=20 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2013385 type=Limit tracking=src count=1 seconds=360 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008363 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008361 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008355 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008353 type=Limit tracking=src count=1 seconds=3600 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008352 type=Limit tracking=src count=1 seconds=3600 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008343 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2000049 type=Limit tracking=dst count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2000048 type=Limit tracking=dst count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2003497 type=Limit tracking=src count=3 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2003493 type=Limit tracking=src count=2 seconds=360 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2018094 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2009833 type=Threshold tracking=dst count=2 seconds=30 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2018090 type=Limit tracking=src count=1 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2018088 type=Limit tracking=src count=1 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2009646 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2019418 type=Both tracking=src count=50 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2009703 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2020853 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2011030 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2011029 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2015986 type=Both tracking=src count=100 seconds=1 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2001316 type=Limit tracking=src count=1 seconds=360 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2001315 type=Limit tracking=src count=1 seconds=360 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2010953 type=Limit tracking=src count=10 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2002677 type=Both tracking=src count=5 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2002664 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2019350 type=Both tracking=dst count=500 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2019349 type=Both tracking=dst count=500 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2019348 type=Both tracking=dst count=500 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2019347 type=Both tracking=dst count=500 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2019346 type=Both tracking=dst count=500 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2020712 type=Limit tracking=src count=2 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2020702 type=Both tracking=src count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2020742 type=Both tracking=src count=3 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2020741 type=Both tracking=src count=3 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2017162 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2017161 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2012306 type=Limit tracking=dst count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2012305 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2012304 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2012303 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2020669 type=Limit tracking=dst count=1 seconds=1200 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2020668 type=Limit tracking=dst count=1 seconds=1200 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2020667 type=Limit tracking=dst count=1 seconds=1200 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2020666 type=Limit tracking=dst count=1 seconds=1200 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2020665 type=Limit tracking=dst count=1 seconds=1200 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2020664 type=Limit tracking=dst count=1 seconds=1200 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2020663 type=Limit tracking=dst count=1 seconds=1200 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2020662 type=Limit tracking=dst count=1 seconds=1200 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2020661 type=Limit tracking=dst count=1 seconds=1200 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2020660 type=Limit tracking=dst count=1 seconds=1200 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2020659 type=Limit tracking=dst count=1 seconds=1200 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008756 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2020633 type=Limit tracking=dst count=1 seconds=1200 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2020632 type=Limit tracking=dst count=1 seconds=1200 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2020631 type=Limit tracking=dst count=1 seconds=1200 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2020630 type=Limit tracking=dst count=1 seconds=1200 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008749 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008734 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2012204 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2003930 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2003927 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008797 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008658 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008657 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008643 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2018433 type=Limit tracking=src count=1 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2018432 type=Limit tracking=src count=1 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2018431 type=Limit tracking=src count=1 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2018430 type=Limit tracking=src count=1 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008609 type=Threshold tracking=src count=3 seconds=10 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008603 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2018389 type=Limit tracking=src count=1 seconds=120 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2018388 type=Limit tracking=src count=1 seconds=120 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2018383 type=Limit tracking=src count=1 seconds=120 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2018382 type=Limit tracking=dst count=1 seconds=120 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2018374 type=Limit tracking=src count=1 seconds=120 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2018373 type=Limit tracking=src count=1 seconds=120 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008663 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2018455 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008579 type=Threshold tracking=dst count=20 seconds=15 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008578 type=Limit tracking=src count=1 seconds=10 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008577 type=Threshold tracking=dst count=5 seconds=15 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2018372 type=Limit tracking=src count=1 seconds=120 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2013547 type=Limit tracking=src count=1 seconds=600 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2019778 type=Both tracking=dst count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2018316 type=Both tracking=dst count=12 seconds=120 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2013492 type=Both tracking=src count=2 seconds=120 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2019692 type=Both tracking=src count=12 seconds=120 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2014869 type=Limit tracking=src count=1 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2009867 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2019749 type=Limit tracking=src count=1 seconds=600 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2019748 type=Limit tracking=src count=1 seconds=600 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2016212 type=Limit tracking=src count=1 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2001564 type=Limit tracking=src count=5 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2001562 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2006365 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2019609 type=Both tracking=src count=50 seconds=10 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2011146 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2016101 type=Limit tracking=src count=1 seconds=120 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2021018 type=Both tracking=dst count=10 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2007583 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2002842 type=Both tracking=src count=5 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2016033 type=Limit tracking=src count=1 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2016031 type=Limit tracking=src count=1 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2016030 type=Limit tracking=src count=1 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2016016 type=Both tracking=dst count=5 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2018755 type=Both tracking=src count=5 seconds=120 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008956 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2009040 type=Threshold tracking=src count=20 seconds=10 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008847 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2018607 type=Limit tracking=src count=1 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008941 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008919 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008916 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008914 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008913 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008912 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2018666 type=Both tracking=dst count=12 seconds=120 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2020022 type=Both tracking=src count=2 seconds=10 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2018569 type=Limit tracking=src count=1 seconds=120 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2018568 type=Limit tracking=src count=1 seconds=120 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2005320 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2001872 type=Limit tracking=src count=1 seconds=360 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2020069 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2001864 type=Limit tracking=src count=1 seconds=360 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2001858 type=Limit tracking=src count=1 seconds=360 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2001855 type=Limit tracking=src count=1 seconds=360 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2019922 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2019897 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2019889 type=Both tracking=src count=12 seconds=120 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2019888 type=Both tracking=src count=12 seconds=120 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2019887 type=Both tracking=src count=12 seconds=120 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2019886 type=Both tracking=src count=12 seconds=120 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2019885 type=Both tracking=src count=12 seconds=120 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2019884 type=Both tracking=src count=12 seconds=120 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2019883 type=Both tracking=src count=12 seconds=120 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2019882 type=Both tracking=src count=12 seconds=120 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2019876 type=Limit tracking=src count=1 seconds=30 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2001906 type=Both tracking=src count=5 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2019966 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2019963 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2019950 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2006546 type=Both tracking=src count=5 seconds=30 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008048 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2008043 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2011497 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2011585 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2021260 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2001795 type=Limit tracking=src count=30 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2011403 type=Limit tracking=src count=5 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2011402 type=Limit tracking=src count=5 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2021333 type=Both tracking=src count=10 seconds=120 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2021332 type=Both tracking=src count=10 seconds=120 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2021331 type=Both tracking=src count=10 seconds=120 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2021330 type=Both tracking=src count=10 seconds=120 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2021329 type=Both tracking=src count=10 seconds=120 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2021328 type=Both tracking=src count=10 seconds=120 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2021327 type=Both tracking=src count=10 seconds=120 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2021326 type=Limit tracking=src count=3 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2017722 type=Both tracking=src count=5 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2017721 type=Both tracking=src count=5 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2021172 type=Both tracking=dst count=10 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2021171 type=Both tracking=src count=10 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2021170 type=Both tracking=src count=10 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2003171 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2021125 type=Limit tracking=dst count=1 seconds=1200 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2021124 type=Limit tracking=dst count=1 seconds=1200 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2019018 type=Both tracking=dst count=2 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2019017 type=Both tracking=dst count=2 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2019016 type=Both tracking=dst count=2 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2019015 type=Both tracking=src count=1 seconds=120 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2019014 type=Both tracking=src count=1 seconds=120 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2019013 type=Both tracking=src count=1 seconds=120 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2019012 type=Both tracking=src count=1 seconds=120 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2019011 type=Both tracking=src count=1 seconds=120 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2019010 type=Both tracking=src count=1 seconds=120 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2018984 type=Both tracking=src count=1 seconds=30 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2018978 type=Both tracking=dst count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2018977 type=Both tracking=src count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2014153 type=Both tracking=src count=225 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2014141 type=Both tracking=src count=5 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2014140 type=Both tracking=src count=5 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2019022 type=Both tracking=src count=2 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2019021 type=Both tracking=dst count=2 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2019020 type=Both tracking=dst count=2 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2019019 type=Both tracking=dst count=2 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2004443 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2014020 type=Both tracking=src count=5 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2014002 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2009159 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=1 sig-id=2014103 type=Both tracking=src count=15 seconds=30 Sat May 7 11:33:52 2016 daemon.notice snort[4011]: +-----------------------[suppression]------------------------------------------ Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=129 sig-id=20 tracking=none Sat May 7 11:33:52 2016 daemon.notice snort[4011]: | gen-id=129 sig-id=12 tracking=none Sat May 7 11:33:52 2016 daemon.notice snort[4011]: ------------------------------------------------------------------------------- Sat May 7 11:33:52 2016 daemon.notice snort[4011]: Rule application order: activation->dynamic->pass->drop->sdrop->reject->alert->log Sat May 7 11:33:52 2016 daemon.notice snort[4011]: Verifying Preprocessor Configurations! Sat May 7 11:33:52 2016 daemon.notice snort[4011]: WARNING: flowbits key 'et.MS.XMLHTTP.no.exe.request' is checked but not ever set. Sat May 7 11:33:52 2016 daemon.notice snort[4011]: WARNING: flowbits key 'ET.MSSQL' is checked but not ever set. Sat May 7 11:33:52 2016 daemon.notice snort[4011]: WARNING: flowbits key 'ET.Fareit.chk' is set but not ever checked. Sat May 7 11:33:52 2016 daemon.notice snort[4011]: WARNING: flowbits key 'ET.invalid.cab' is checked but not ever set. Sat May 7 11:33:52 2016 daemon.notice snort[4011]: WARNING: flowbits key 'NuclearEK' is set but not ever checked. Sat May 7 11:33:52 2016 daemon.notice snort[4011]: WARNING: flowbits key 'ET.lizkebab' is checked but not ever set. Sat May 7 11:33:52 2016 daemon.notice snort[4011]: WARNING: flowbits key 'ms.rdp.established' is checked but not ever set. Sat May 7 11:33:52 2016 daemon.notice snort[4011]: WARNING: flowbits key 'ET.Onelouder.bin' is set but not ever checked. Sat May 7 11:33:52 2016 daemon.notice snort[4011]: WARNING: flowbits key 'EXE2' is set but not ever checked. Sat May 7 11:33:52 2016 daemon.notice snort[4011]: WARNING: flowbits key 'ET.http.rtf.download' is set but not ever checked. Sat May 7 11:33:52 2016 daemon.notice snort[4011]: WARNING: flowbits key 'ET.autoit.ua' is checked but not ever set. Sat May 7 11:33:52 2016 daemon.notice snort[4011]: WARNING: flowbits key 'ET.gadu.loggedin' is checked but not ever set. Sat May 7 11:33:52 2016 daemon.notice snort[4011]: WARNING: flowbits key 'et.http.PK' is checked but not ever set. Sat May 7 11:33:52 2016 daemon.notice snort[4011]: WARNING: flowbits key 'ET.http.binary' is checked but not ever set. Sat May 7 11:33:52 2016 daemon.notice snort[4011]: WARNING: flowbits key 'ET.RDP.Morto' is set but not ever checked. Sat May 7 11:33:52 2016 daemon.notice snort[4011]: WARNING: flowbits key 'ET.http.javaclient' is checked but not ever set. Sat May 7 11:33:52 2016 daemon.notice snort[4011]: WARNING: flowbits key 'et.WinHttpRequest' is checked but not ever set. Sat May 7 11:33:52 2016 daemon.notice snort[4011]: WARNING: flowbits key 'et.MS.XMLHTTP.ip.request' is checked but not ever set. Sat May 7 11:33:52 2016 daemon.notice snort[4011]: WARNING: flowbits key 'ET.http.javaclient.SakuraPorts' is checked but not ever set. Sat May 7 11:33:52 2016 daemon.notice snort[4011]: WARNING: flowbits key 'ET.pdf.in.http' is checked but not ever set. Sat May 7 11:33:52 2016 daemon.notice snort[4011]: WARNING: flowbits key 'ET.http.javaclient.vulnerable' is checked but not ever set. Sat May 7 11:33:52 2016 daemon.notice snort[4011]: WARNING: flowbits key 'et.JavaArchiveOrClass' is checked but not ever set. Sat May 7 11:33:52 2016 daemon.notice snort[4011]: WARNING: flowbits key 'et.MCOFF' is checked but not ever set. Sat May 7 11:33:52 2016 daemon.notice snort[4011]: WARNING: flowbits key 'AnglerEK' is set but not ever checked. Sat May 7 11:33:52 2016 daemon.notice snort[4011]: WARNING: flowbits key 'ET.webc2ugx' is set but not ever checked. Sat May 7 11:33:52 2016 daemon.notice snort[4011]: WARNING: flowbits key 'FlimKit.SWF.Redirect' is checked but not ever set. Sat May 7 11:33:52 2016 daemon.notice snort[4011]: WARNING: flowbits key 'ET.JS.Obfus.Func' is checked but not ever set. Sat May 7 11:33:52 2016 daemon.notice snort[4011]: WARNING: flowbits key 'ET.Adobe.Site.Download' is checked but not ever set. Sat May 7 11:33:52 2016 daemon.notice snort[4011]: WARNING: flowbits key 'ET.wininet.UA' is checked but not ever set. Sat May 7 11:33:52 2016 daemon.notice snort[4011]: WARNING: flowbits key 'ET.lethic.established' is set but not ever checked. Sat May 7 11:33:52 2016 daemon.notice snort[4011]: WARNING: flowbits key 'ET.ButterflyJoin' is set but not ever checked. Sat May 7 11:33:52 2016 daemon.notice snort[4011]: WARNING: flowbits key 'SunDown.EK' is set but not ever checked. Sat May 7 11:33:52 2016 daemon.notice snort[4011]: 131 out of 1024 flowbits in use. Sat May 7 11:33:52 2016 daemon.emerg procd: yes mounted Sat May 7 11:33:52 2016 daemon.emerg procd: cat: can't open '/mnt/ramdisk/ads': No such file or directory Sat May 7 11:33:52 2016 daemon.emerg procd: cat: can't open '/mnt/ramdisk/illegal': No such file or directory Sat May 7 11:33:52 2016 daemon.emerg procd: cat: can't open '/mnt/ramdisk/malicious': No such file or directory Sat May 7 11:33:52 2016 daemon.crit dnsmasq[4573]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf Sat May 7 11:33:52 2016 daemon.crit dnsmasq[4573]: FAILED to start up Sat May 7 11:33:55 2016 daemon.notice netifd: Interface 'blockdomain' is now down Sat May 7 11:33:55 2016 daemon.notice netifd: Interface 'blockdomain' is setting up now Sat May 7 11:33:55 2016 daemon.notice netifd: Interface 'blockdomain' is now up Sat May 7 11:33:56 2016 daemon.crit dnsmasq[4832]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf Sat May 7 11:33:56 2016 daemon.crit dnsmasq[4832]: FAILED to start up Sat May 7 11:33:56 2016 daemon.crit dnsmasq[4942]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf Sat May 7 11:33:56 2016 daemon.crit dnsmasq[4942]: FAILED to start up Sat May 7 11:33:56 2016 user.notice update_webfilter: updated dnsmasq blacklist Sat May 7 11:33:56 2016 user.notice update_webfilter: updated network.interface.blockdomain: 192.168.1.112 Sat May 7 11:33:56 2016 user.notice update_webfilter: updated firewall.@redirect[0].Itusfilter: 192.168.1.112 Sat May 7 11:33:56 2016 user.notice update_webfilter: updated firewall.@redirect[1]dns-traffic-to-shield: 192.168.1.112 Sat May 7 11:33:56 2016 user.notice update_webfilter: updated uhttpd.Itusfilter Sat May 7 11:34:01 2016 daemon.crit dnsmasq[4951]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf Sat May 7 11:34:01 2016 daemon.crit dnsmasq[4951]: FAILED to start up Sat May 7 11:34:06 2016 daemon.crit dnsmasq[4952]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf Sat May 7 11:34:06 2016 daemon.crit dnsmasq[4952]: FAILED to start up Sat May 7 11:34:08 2016 kern.notice kernel: [ 96.173008] eth0: Link down Sat May 7 11:34:09 2016 daemon.notice netifd: Network device 'eth0' link is down Sat May 7 11:34:09 2016 daemon.notice netifd: Interface 'wan' has link connectivity loss Sat May 7 11:34:09 2016 daemon.notice netifd: Interface 'wan' is now down Sat May 7 11:34:09 2016 daemon.notice netifd: Interface 'wan' is disabled Sat May 7 11:34:09 2016 daemon.notice netifd: Interface 'wan' is enabled Sat May 7 11:34:09 2016 kern.info kernel: [ 97.177266] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready Sat May 7 11:34:10 2016 kern.notice kernel: [ 98.132926] eth1: Link down Sat May 7 11:34:11 2016 daemon.notice netifd: Network device 'eth1' link is down Sat May 7 11:34:11 2016 kern.info kernel: [ 99.123355] br-lan: port 1(eth1) entered disabled state Sat May 7 11:34:11 2016 daemon.crit dnsmasq[5005]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf Sat May 7 11:34:11 2016 daemon.crit dnsmasq[5005]: FAILED to start up Sat May 7 11:34:12 2016 daemon.notice netifd: Bridge 'br-lan' link is down Sat May 7 11:34:12 2016 daemon.notice netifd: Interface 'lan' has link connectivity loss Sat May 7 11:34:12 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity loss Sat May 7 11:34:12 2016 kern.notice kernel: [ 100.162909] eth2: Link down Sat May 7 11:34:12 2016 daemon.notice netifd: Network device 'eth0' link is up Sat May 7 11:34:12 2016 daemon.notice netifd: Interface 'wan' has link connectivity Sat May 7 11:34:12 2016 daemon.notice netifd: Interface 'wan' is setting up now Sat May 7 11:34:12 2016 kern.notice kernel: [ 100.193280] eth0: 1000 Mbps Full duplex, port 0 Sat May 7 11:34:12 2016 kern.info kernel: [ 100.193302] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready Sat May 7 11:34:12 2016 daemon.notice netifd: Interface 'wan' is now up Sat May 7 11:34:12 2016 user.notice firewall: Reloading firewall due to ifup of wan (eth0) Sat May 7 11:34:12 2016 daemon.crit dnsmasq[5105]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf Sat May 7 11:34:12 2016 daemon.crit dnsmasq[5105]: FAILED to start up Sat May 7 11:34:13 2016 user.notice ddns-scripts[5140]: myddns_ipv4: PID '5140' started at 2016-05-07 11:34 Sat May 7 11:34:13 2016 user.warn ddns-scripts[5140]: myddns_ipv4: Service section disabled! - TERMINATE Sat May 7 11:34:13 2016 user.warn ddns-scripts[5140]: myddns_ipv4: PID '5140' exit WITH ERROR '1' at 2016-05-07 11:34 Sat May 7 11:34:13 2016 daemon.notice netifd: Network device 'eth2' link is down Sat May 7 11:34:13 2016 daemon.notice netifd: Interface 'wan6' has link connectivity loss Sat May 7 11:34:13 2016 daemon.notice netifd: Interface 'wan6' is now down Sat May 7 11:34:13 2016 daemon.notice netifd: Interface 'wan6' is disabled Sat May 7 11:34:13 2016 daemon.notice netifd: Interface 'wan6' is enabled Sat May 7 11:34:13 2016 kern.info kernel: [ 101.157088] IPv6: ADDRCONF(NETDEV_UP): eth2: link is not ready Sat May 7 11:34:14 2016 daemon.notice netifd: Network device 'eth1' link is up Sat May 7 11:34:14 2016 daemon.notice netifd: Bridge 'br-lan' link is up Sat May 7 11:34:14 2016 daemon.notice netifd: Interface 'lan' has link connectivity Sat May 7 11:34:14 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity Sat May 7 11:34:14 2016 kern.notice kernel: [ 102.143240] eth1: 1000 Mbps Full duplex, port 1 Sat May 7 11:34:14 2016 kern.info kernel: [ 102.143278] br-lan: port 1(eth1) entered forwarding state Sat May 7 11:34:14 2016 kern.info kernel: [ 102.143316] br-lan: port 1(eth1) entered forwarding state Sat May 7 11:34:16 2016 kern.info kernel: [ 104.143157] br-lan: port 1(eth1) entered forwarding state Sat May 7 11:34:16 2016 daemon.notice netifd: Network device 'eth2' link is up Sat May 7 11:34:16 2016 daemon.notice netifd: Interface 'wan6' has link connectivity Sat May 7 11:34:16 2016 daemon.notice netifd: Interface 'wan6' is setting up now Sat May 7 11:34:16 2016 daemon.notice netifd: Interface 'wan6' is now up Sat May 7 11:34:16 2016 kern.notice kernel: [ 104.173456] eth2: 1000 Mbps Full duplex, port 2 Sat May 7 11:34:16 2016 kern.info kernel: [ 104.173487] IPv6: ADDRCONF(NETDEV_CHANGE): eth2: link becomes ready Sat May 7 11:34:16 2016 user.notice firewall: Reloading firewall due to ifup of wan6 (eth2) Sat May 7 11:34:16 2016 daemon.crit dnsmasq[5321]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf Sat May 7 11:34:16 2016 daemon.crit dnsmasq[5321]: FAILED to start up Sat May 7 11:34:16 2016 daemon.info procd: Instance dnsmasq::instance1 s in a crash loop 6 crashes, 0 seconds since last crash Sat May 7 11:34:17 2016 user.notice ddns-scripts[5355]: myddns_ipv6: PID '5355' started at 2016-05-07 11:34 Sat May 7 11:34:17 2016 user.warn ddns-scripts[5355]: myddns_ipv6: Service section disabled! - TERMINATE Sat May 7 11:34:17 2016 user.warn ddns-scripts[5355]: myddns_ipv6: PID '5355' exit WITH ERROR '1' at 2016-05-07 11:34 Sat May 7 11:34:43 2016 authpriv.info dropbear[3213]: Early exit: Terminated by signal Sat May 7 11:34:43 2016 authpriv.info dropbear[5421]: Not backgrounding Sat May 7 11:34:50 2016 daemon.err uhttpd[4840]: cut: standard output: Broken pipe Sat May 7 11:34:50 2016 daemon.err uhttpd[4840]: cat: can't open '/.shield_mode': No such file or directory Sat May 7 11:34:53 2016 daemon.emerg procd: 0.us.pool.ntp.org: Unknown host Sat May 7 11:34:54 2016 user.notice root: NTP 0.us.pool.ntp.org failed. Sat May 7 11:34:54 2016 user.notice root: NTP 0.us.pool.ntp.org failed. Sat May 7 11:34:54 2016 user.notice root: NTP 0.us.pool.ntp.org failed. Sat May 7 11:34:54 2016 user.notice root: NTP 0.us.pool.ntp.org failed. Sat May 7 11:34:54 2016 user.notice root: NTP 0.us.pool.ntp.org failed. Sat May 7 11:34:54 2016 user.notice root: NTP eager clock adjust failed. Sat May 7 11:34:54 2016 user.notice root: Restarted ntpclient. NTP server #1 of 4. Sat May 7 11:34:54 2016 user.notice root: NTP 0.us.pool.ntp.org failed. Sat May 7 11:34:54 2016 user.notice root: NTP 0.us.pool.ntp.org failed. Sat May 7 11:34:54 2016 user.notice root: NTP 0.us.pool.ntp.org failed. Sat May 7 11:34:54 2016 user.notice root: NTP 0.us.pool.ntp.org failed. Sat May 7 11:34:54 2016 user.notice root: NTP 0.us.pool.ntp.org failed. Sat May 7 11:34:54 2016 user.notice root: NTP eager clock adjust failed. Sat May 7 11:34:54 2016 daemon.info procd: - init complete - Sat May 7 11:35:06 2016 daemon.notice snort[4011]: Sat May 7 11:35:06 2016 daemon.notice snort[4011]: [ Port Based Pattern Matching Memory ] Sat May 7 11:35:06 2016 daemon.notice snort[4011]: +- [ Aho-Corasick Summary ] ------------------------------------- Sat May 7 11:35:06 2016 daemon.notice snort[4011]: | Storage Format : Full Sat May 7 11:35:06 2016 daemon.notice snort[4011]: | Finite Automaton : DFA Sat May 7 11:35:06 2016 daemon.notice snort[4011]: | Alphabet Size : 256 Chars Sat May 7 11:35:06 2016 daemon.notice snort[4011]: | Sizeof State : Variable (1,2,4 bytes) Sat May 7 11:35:06 2016 daemon.notice snort[4011]: | Instances : 335 Sat May 7 11:35:06 2016 daemon.notice snort[4011]: | 1 byte states : 228 Sat May 7 11:35:06 2016 daemon.notice snort[4011]: | 2 byte states : 107 Sat May 7 11:35:06 2016 daemon.notice snort[4011]: | 4 byte states : 0 Sat May 7 11:35:06 2016 daemon.notice snort[4011]: | Characters : 408795 Sat May 7 11:35:06 2016 daemon.notice snort[4011]: | States : 252270 Sat May 7 11:35:06 2016 daemon.notice snort[4011]: | Transitions : 13611564 Sat May 7 11:35:06 2016 daemon.notice snort[4011]: | State Density : 21.1% Sat May 7 11:35:06 2016 daemon.notice snort[4011]: | Patterns : 34402 Sat May 7 11:35:06 2016 daemon.notice snort[4011]: | Match States : 30013 Sat May 7 11:35:06 2016 daemon.notice snort[4011]: | Memory (MB) : 134.67 Sat May 7 11:35:06 2016 daemon.notice snort[4011]: | Patterns : 3.40 Sat May 7 11:35:06 2016 daemon.notice snort[4011]: | Match Lists : 8.23 Sat May 7 11:35:06 2016 daemon.notice snort[4011]: | DFA Sat May 7 11:35:06 2016 daemon.notice snort[4011]: | 1 byte states : 3.38 Sat May 7 11:35:06 2016 daemon.notice snort[4011]: | 2 byte states : 119.41 Sat May 7 11:35:06 2016 daemon.notice snort[4011]: | 4 byte states : 0.00 Sat May 7 11:35:06 2016 daemon.notice snort[4011]: +---------------------------------------------------------------- Sat May 7 11:35:06 2016 daemon.notice snort[4011]: [ Number of patterns truncated to 20 bytes: 5427 ] Sat May 7 11:35:06 2016 daemon.notice snort[4011]: afpacket DAQ configured to inline. Sat May 7 11:35:06 2016 daemon.notice snort[4011]: Acquiring network traffic from "eth0:eth2". Sat May 7 11:35:06 2016 daemon.notice snort[4011]: Initializing daemon mode Sat May 7 11:35:06 2016 daemon.notice snort[4011]: Daemon initialized, signaled parent pid: 1 Sat May 7 11:35:06 2016 daemon.notice snort[4011]: Reload thread starting... Sat May 7 11:35:06 2016 daemon.notice snort[4011]: Reload thread started, thread 0xfff189f210 (5681) Sat May 7 11:35:06 2016 daemon.notice snort[4011]: Checking PID path... Sat May 7 11:35:06 2016 daemon.notice snort[4011]: PID path stat checked out ok, PID path set to /var/snort/ Sat May 7 11:35:06 2016 daemon.notice snort[4011]: Writing PID "4011" to file "/var/snort//snort_eth0:eth2.pid" Sat May 7 11:35:06 2016 daemon.notice snort[4011]: Sat May 7 11:35:06 2016 daemon.notice snort[4011]: --== Initialization Complete ==-- Sat May 7 11:35:06 2016 daemon.notice snort[4011]: Sat May 7 11:35:06 2016 daemon.notice snort[4011]: ,,_ -*> Snort! <*- Sat May 7 11:35:06 2016 daemon.notice snort[4011]: o" )~ Version 2.9.7.2 GRE (Build 177) Sat May 7 11:35:06 2016 daemon.notice snort[4011]: '''' By Martin Roesch & The Snort Team: http://www.snort.org/contact#team Sat May 7 11:35:06 2016 daemon.notice snort[4011]: Copyright (C) 2014 Cisco and/or its affiliates. All rights reserved. Sat May 7 11:35:06 2016 daemon.notice snort[4011]: Copyright (C) 1998-2013 Sourcefire, Inc., et al. Sat May 7 11:35:06 2016 daemon.notice snort[4011]: Using libpcap version 1.5.3 Sat May 7 11:35:06 2016 daemon.notice snort[4011]: Using PCRE version: 8.36 2014-09-26 Sat May 7 11:35:06 2016 daemon.notice snort[4011]: Using ZLIB version: 1.2.8 Sat May 7 11:35:06 2016 daemon.notice snort[4011]: Sat May 7 11:35:06 2016 daemon.notice snort[4011]: Rules Engine: SF_SNORT_DETECTION_ENGINE Version 2.4 Sat May 7 11:35:06 2016 daemon.notice snort[4011]: Preprocessor Object: SF_SSLPP Version 1.1 Sat May 7 11:35:06 2016 daemon.notice snort[4011]: Preprocessor Object: SF_DNS Version 1.1 Sat May 7 11:35:06 2016 daemon.notice snort[4011]: Preprocessor Object: SF_SDF Version 1.1 Sat May 7 11:35:06 2016 daemon.notice snort[4011]: Preprocessor Object: SF_DNP3 Version 1.1 Sat May 7 11:35:06 2016 daemon.notice snort[4011]: Preprocessor Object: SF_SMTP Version 1.1 Sat May 7 11:35:06 2016 daemon.notice snort[4011]: Preprocessor Object: SF_SSH Version 1.1 Sat May 7 11:35:06 2016 daemon.notice snort[4011]: Preprocessor Object: SF_MODBUS Version 1.1 Sat May 7 11:35:06 2016 daemon.notice snort[4011]: Preprocessor Object: SF_SIP Version 1.1 Sat May 7 11:35:06 2016 daemon.notice snort[4011]: Preprocessor Object: SF_IMAP Version 1.0 Sat May 7 11:35:06 2016 daemon.notice snort[4011]: Preprocessor Object: SF_GTP Version 1.1 Sat May 7 11:35:06 2016 daemon.notice snort[4011]: Preprocessor Object: SF_DCERPC2 Version 1.0 Sat May 7 11:35:06 2016 daemon.notice snort[4011]: Preprocessor Object: SF_POP Version 1.0 Sat May 7 11:35:06 2016 daemon.notice snort[4011]: Preprocessor Object: SF_REPUTATION Version 1.1 Sat May 7 11:35:06 2016 daemon.notice snort[4011]: Preprocessor Object: SF_FTPTELNET Version 1.2 Sat May 7 11:35:06 2016 daemon.notice snort[4011]: Commencing packet processing (pid=4011) Sat May 7 11:35:06 2016 daemon.notice snort[4011]: Decoding Ethernet Sat May 7 11:35:57 2016 daemon.err uhttpd[4840]: cat: can't open '/.shield_mode': No such file or directory Sat May 7 11:37:46 2016 daemon.err uhttpd[4840]: cat: can't open '/.shield_mode': No such file or directory Sat May 7 11:37:59 2016 daemon.err uhttpd[4840]: rm: can't remove '/var/run/ddns/lucihelper.dat': No such file or directory Sat May 7 11:37:59 2016 daemon.err uhttpd[4840]: rm: can't remove '/var/run/ddns/lucihelper.err': No such file or directory Sat May 7 11:38:00 2016 daemon.err uhttpd[4840]: cat: can't open '/var/run/ddns/lucihelper.err': No such file or directory Sat May 7 11:38:00 2016 daemon.err uhttpd[4840]: cat: can't open '/var/run/ddns/lucihelper.err': No such file or directory Sat May 7 11:38:09 2016 daemon.err uhttpd[4840]: cat: can't open '/.shield_mode': No such file or directory Sat May 7 11:38:44 2016 daemon.err uhttpd[4840]: cat: can't open '/.shield_mode': No such file or directory Sat May 7 11:38:58 2016 kern.notice kernel: [ 386.163008] eth1: Link down Sat May 7 11:38:58 2016 kern.info kernel: [ 386.163069] br-lan: port 1(eth1) entered disabled state Sat May 7 11:38:58 2016 daemon.notice netifd: Network device 'eth1' link is down Sat May 7 11:38:58 2016 kern.notice kernel: [ 386.193000] eth2: Link down Sat May 7 11:38:59 2016 daemon.notice netifd: Bridge 'br-lan' link is down Sat May 7 11:38:59 2016 daemon.notice netifd: Interface 'lan' has link connectivity loss Sat May 7 11:38:59 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity loss Sat May 7 11:38:59 2016 daemon.notice netifd: Network device 'eth2' link is down Sat May 7 11:38:59 2016 daemon.notice netifd: Interface 'wan6' has link connectivity loss Sat May 7 11:38:59 2016 daemon.notice netifd: Interface 'wan6' is now down Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Can't acquire (-1) - afpacket_daq_acquire: Encountered error condition on a packet socket! Sat May 7 11:38:59 2016 daemon.notice netifd: Interface 'wan6' is disabled Sat May 7 11:38:59 2016 daemon.notice netifd: Interface 'wan6' is enabled Sat May 7 11:38:59 2016 kern.info kernel: [ 387.169765] IPv6: ADDRCONF(NETDEV_UP): eth2: link is not ready Sat May 7 11:38:59 2016 daemon.notice snort[4011]: =============================================================================== Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Memory usage summary: Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Total non-mmapped bytes (arena): 242837536 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Bytes in mapped regions (hblkhd): 15597568 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Total allocated space (uordblks): 232742688 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Total free space (fordblks): 10094848 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Topmost releasable block (keepcost): 84400 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: =============================================================================== Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Packet I/O Totals: Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Received: 324 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Analyzed: 324 (100.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Dropped: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Filtered: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Outstanding: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Injected: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: =============================================================================== Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Breakdown by protocol (includes rebuilt packets): Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Eth: 324 (100.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: VLAN: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: IP4: 25 ( 7.716%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Frag: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: ICMP: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: UDP: 23 ( 7.099%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: TCP: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: IP6: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: IP6 Ext: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: IP6 Opts: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Frag6: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: ICMP6: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: UDP6: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: TCP6: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Teredo: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: ICMP-IP: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: IP4/IP4: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: IP4/IP6: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: IP6/IP4: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: IP6/IP6: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: GRE: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: GRE Eth: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: GRE VLAN: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: GRE IP4: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: GRE IP6: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: GRE IP6 Ext: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: GRE PPTP: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: GRE ARP: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: GRE IPX: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: GRE Loop: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: MPLS: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: ARP: 299 ( 92.284%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: IPX: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Eth Loop: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Eth Disc: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: IP4 Disc: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: IP6 Disc: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: TCP Disc: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: UDP Disc: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: ICMP Disc: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: All Discard: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Other: 2 ( 0.617%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Bad Chk Sum: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Bad TTL: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: S5 G 1: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: S5 G 2: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Total: 324 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: =============================================================================== Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Action Stats: Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Alerts: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Logged: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Passed: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Limits: Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Match: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Queue: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Log: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Event: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Alert: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Verdicts: Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Allow: 322 ( 99.383%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Block: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Replace: 2 ( 0.617%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Whitelist: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Blacklist: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Ignore: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Retry: 0 ( 0.000%) Sat May 7 11:38:59 2016 daemon.notice snort[4011]: =============================================================================== Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Normalizer statistics: Sat May 7 11:38:59 2016 daemon.notice snort[4011]: ip4::trim: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Would ip4::trim: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: ip4::tos: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Would ip4::tos: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: ip4::df: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Would ip4::df: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: ip4::rf: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Would ip4::rf: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: ip4::ttl: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Would ip4::ttl: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: ip4::opts: 2 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Would ip4::opts: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: icmp4::echo: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Would icmp4::echo: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: ip6::ttl: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Would ip6::ttl: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: ip6::opts: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Would ip6::opts: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: icmp6::echo: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Would icmp6::echo: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: tcp::syn_opt: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Would tcp::syn_opt: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: tcp::opt: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Would tcp::opt: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: tcp::pad: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Would tcp::pad: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: tcp::rsv: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Would tcp::rsv: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: tcp::ns: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Would tcp::ns: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: tcp::urp: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Would tcp::urp: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: tcp::ecn_pkt: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Would tcp::ecn_pkt: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: tcp::ts_ecr: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Would tcp::ts_ecr: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: tcp::req_urg: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Would tcp::req_urg: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: tcp::req_pay: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Would tcp::req_pay: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: tcp::req_urp: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Would tcp::req_urp: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: tcp::ecn_ssn: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Would tcp::ecn_ssn: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: tcp::ts_nop: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Would tcp::ts_nop: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: tcp::ips_data: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Would tcp::ips_data: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: tcp::block: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Would tcp::block: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: tcp::trim_syn: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Would tcp::trim_syn: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: tcp::trim_rst: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Would tcp::trim_rst: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: tcp::trim_win: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Would tcp::trim_win: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: tcp::trim_mss: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Would tcp::trim_mss: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: =============================================================================== Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Frag3 statistics: Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Total Fragments: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Frags Reassembled: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Discards: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Memory Faults: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Timeouts: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Overlaps: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Anomalies: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Alerts: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Drops: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: FragTrackers Added: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: FragTrackers Dumped: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: FragTrackers Auto Freed: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Frag Nodes Inserted: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Frag Nodes Deleted: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: =============================================================================== Sat May 7 11:38:59 2016 daemon.notice snort[4011]: =============================================================================== Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Stream statistics: Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Total sessions: 1 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: TCP sessions: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: UDP sessions: 1 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: ICMP sessions: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: IP sessions: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: TCP Prunes: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: UDP Prunes: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: ICMP Prunes: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: IP Prunes: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: TCP StreamTrackers Created: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: TCP StreamTrackers Deleted: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: TCP Timeouts: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: TCP Overlaps: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: TCP Segments Queued: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: TCP Segments Released: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: TCP Rebuilt Packets: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: TCP Segments Used: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: TCP Discards: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: TCP Gaps: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: UDP Sessions Created: 1 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: UDP Sessions Deleted: 1 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: UDP Timeouts: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: UDP Discards: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Events: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Internal Events: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: TCP Port Filter Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Filtered: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Inspected: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Tracked: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: UDP Port Filter Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Filtered: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Inspected: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Tracked: 1 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: =============================================================================== Sat May 7 11:38:59 2016 daemon.notice snort[4011]: =============================================================================== Sat May 7 11:38:59 2016 daemon.notice snort[4011]: dcerpc2 Preprocessor Statistics Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Total sessions: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: =============================================================================== Sat May 7 11:38:59 2016 daemon.notice snort[4011]: =============================================================================== Sat May 7 11:38:59 2016 daemon.notice snort[4011]: SIP Preprocessor Statistics Sat May 7 11:38:59 2016 daemon.notice snort[4011]: Total sessions: 0 Sat May 7 11:38:59 2016 daemon.notice snort[4011]: =============================================================================== Sat May 7 11:39:00 2016 daemon.notice snort[4011]: Snort exiting Sat May 7 11:39:01 2016 daemon.notice netifd: Network device 'eth1' link is up Sat May 7 11:39:01 2016 kern.notice kernel: [ 389.173268] eth1: 1000 Mbps Full duplex, port 1 Sat May 7 11:39:01 2016 kern.info kernel: [ 389.173302] br-lan: port 1(eth1) entered forwarding state Sat May 7 11:39:01 2016 kern.info kernel: [ 389.173331] br-lan: port 1(eth1) entered forwarding state Sat May 7 11:39:01 2016 daemon.notice netifd: Bridge 'br-lan' link is up Sat May 7 11:39:01 2016 daemon.notice netifd: Interface 'lan' has link connectivity Sat May 7 11:39:01 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity Sat May 7 11:39:01 2016 daemon.notice netifd: Network device 'eth2' link is up Sat May 7 11:39:01 2016 daemon.notice netifd: Interface 'wan6' has link connectivity Sat May 7 11:39:01 2016 daemon.notice netifd: Interface 'wan6' is setting up now Sat May 7 11:39:01 2016 daemon.notice netifd: Interface 'wan6' is now up Sat May 7 11:39:01 2016 kern.notice kernel: [ 389.193984] eth2: 1000 Mbps Full duplex, port 2 Sat May 7 11:39:01 2016 kern.info kernel: [ 389.194039] IPv6: ADDRCONF(NETDEV_CHANGE): eth2: link becomes ready Sat May 7 11:39:01 2016 user.notice firewall: Reloading firewall due to ifup of wan6 (eth2) Sat May 7 11:39:01 2016 daemon.crit dnsmasq[6744]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf Sat May 7 11:39:01 2016 daemon.crit dnsmasq[6744]: FAILED to start up Sat May 7 11:39:01 2016 user.notice ddns-scripts[6778]: myddns_ipv6: PID '6778' started at 2016-05-07 11:39 Sat May 7 11:39:02 2016 user.warn ddns-scripts[6778]: myddns_ipv6: Service section disabled! - TERMINATE Sat May 7 11:39:02 2016 user.warn ddns-scripts[6778]: myddns_ipv6: PID '6778' exit WITH ERROR '1' at 2016-05-07 11:39 Sat May 7 11:39:03 2016 kern.info kernel: [ 391.173156] br-lan: port 1(eth1) entered forwarding state Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Enabling inline operation Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Found pid path directive (/var/snort/) Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Running in IDS mode Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Sat May 7 11:39:05 2016 daemon.notice snort[6827]: --== Initializing Snort ==-- Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Initializing Output Plugins! Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Initializing Preprocessors! Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Initializing Plug-ins! Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Parsing Rules file "/etc/snort/snort_bridge.conf" Sat May 7 11:39:05 2016 daemon.notice snort[6827]: PortVar 'HTTP_PORTS' defined : Sat May 7 11:39:05 2016 daemon.notice snort[6827]: [ 36 80:90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 33300 34412 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Sat May 7 11:39:05 2016 daemon.notice snort[6827]: PortVar 'SHELLCODE_PORTS' defined : Sat May 7 11:39:05 2016 daemon.notice snort[6827]: [ 1:65535 ] Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Sat May 7 11:39:05 2016 daemon.notice snort[6827]: PortVar 'ORACLE_PORTS' defined : Sat May 7 11:39:05 2016 daemon.notice snort[6827]: [ 1024:65535 ] Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Sat May 7 11:39:05 2016 daemon.notice snort[6827]: PortVar 'SSH_PORTS' defined : Sat May 7 11:39:05 2016 daemon.notice snort[6827]: [ 22 ] Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Sat May 7 11:39:05 2016 daemon.notice snort[6827]: PortVar 'FTP_PORTS' defined : Sat May 7 11:39:05 2016 daemon.notice snort[6827]: [ 21 2100 3535 ] Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Sat May 7 11:39:05 2016 daemon.notice snort[6827]: PortVar 'SIP_PORTS' defined : Sat May 7 11:39:05 2016 daemon.notice snort[6827]: [ 5060:5061 5600 ] Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Sat May 7 11:39:05 2016 daemon.notice snort[6827]: PortVar 'FILE_DATA_PORTS' defined : Sat May 7 11:39:05 2016 daemon.notice snort[6827]: [ 36 80:90 110 143 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 3330Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Sat May 7 11:39:05 2016 daemon.notice snort[6827]: PortVar 'GTP_PORTS' defined : Sat May 7 11:39:05 2016 daemon.notice snort[6827]: [ 2123 2152 3386 ] Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Detection: Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Search-Method = AC-Full Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Search-Method-Optimizations = enabled Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Maximum pattern length = 20 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Found pid path directive (/var/snort/) Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Tagged Packet Limit: 256 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so... Sat May 7 11:39:05 2016 daemon.notice snort[6827]: done Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/... Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so... Sat May 7 11:39:05 2016 daemon.notice snort[6827]: done Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_reputation_preproc.so... Sat May 7 11:39:05 2016 daemon.notice snort[6827]: done Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_pop_preproc.so... Sat May 7 11:39:05 2016 daemon.notice snort[6827]: done Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so... Sat May 7 11:39:05 2016 daemon.notice snort[6827]: done Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_gtp_preproc.so... Sat May 7 11:39:05 2016 daemon.notice snort[6827]: done Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_imap_preproc.so... Sat May 7 11:39:05 2016 daemon.notice snort[6827]: done Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sip_preproc.so... Sat May 7 11:39:05 2016 daemon.notice snort[6827]: done Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_modbus_preproc.so... Sat May 7 11:39:05 2016 daemon.notice snort[6827]: done Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so... Sat May 7 11:39:05 2016 daemon.notice snort[6827]: done Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so... Sat May 7 11:39:05 2016 daemon.notice snort[6827]: done Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dnp3_preproc.so... Sat May 7 11:39:05 2016 daemon.notice snort[6827]: done Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so... Sat May 7 11:39:05 2016 daemon.notice snort[6827]: done Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so... Sat May 7 11:39:05 2016 daemon.notice snort[6827]: done Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... Sat May 7 11:39:05 2016 daemon.notice snort[6827]: done Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/ Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Log directory = /tmp/snort/ Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Normalizer config: Sat May 7 11:39:05 2016 daemon.notice snort[6827]: ip4: on Sat May 7 11:39:05 2016 daemon.notice snort[6827]: ip4::df: off Sat May 7 11:39:05 2016 daemon.notice snort[6827]: ip4::rf: off Sat May 7 11:39:05 2016 daemon.notice snort[6827]: ip4::tos: off Sat May 7 11:39:05 2016 daemon.notice snort[6827]: ip4::trim: off Sat May 7 11:39:05 2016 daemon.notice snort[6827]: ip4::ttl: on (min=1, new=5) Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Normalizer config: Sat May 7 11:39:05 2016 daemon.notice snort[6827]: tcp: on Sat May 7 11:39:05 2016 daemon.notice snort[6827]: tcp::ecn: stream Sat May 7 11:39:05 2016 daemon.notice snort[6827]: tcp::block: off Sat May 7 11:39:05 2016 daemon.notice snort[6827]: tcp::rsv: off Sat May 7 11:39:05 2016 daemon.notice snort[6827]: tcp::pad: off Sat May 7 11:39:05 2016 daemon.notice snort[6827]: tcp::req_urg: off Sat May 7 11:39:05 2016 daemon.notice snort[6827]: tcp::req_pay: off Sat May 7 11:39:05 2016 daemon.notice snort[6827]: tcp::req_urp: off Sat May 7 11:39:05 2016 daemon.notice snort[6827]: tcp::urp: off Sat May 7 11:39:05 2016 daemon.notice snort[6827]: tcp::opt: off Sat May 7 11:39:05 2016 daemon.notice snort[6827]: tcp::ips: on Sat May 7 11:39:05 2016 daemon.notice snort[6827]: tcp::trim_syn: off Sat May 7 11:39:05 2016 daemon.notice snort[6827]: tcp::trim_rst: off Sat May 7 11:39:05 2016 daemon.notice snort[6827]: tcp::trim_win: off Sat May 7 11:39:05 2016 daemon.notice snort[6827]: tcp::trim_mss: off Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Normalizer config: Sat May 7 11:39:05 2016 daemon.notice snort[6827]: icmp4: on Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Normalizer config: Sat May 7 11:39:05 2016 daemon.notice snort[6827]: ip6: on Sat May 7 11:39:05 2016 daemon.notice snort[6827]: ip6::hops: on (min=1, new=5) Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Normalizer config: Sat May 7 11:39:05 2016 daemon.notice snort[6827]: icmp6: on Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Frag3 global config: Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Max frags: 65536 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Fragment memory cap: 4194304 bytes Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Frag3 engine config: Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Bound Address: default Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Target-based policy: WINDOWS Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Fragment timeout: 180 seconds Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Fragment min_ttl: 1 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Fragment Anomalies: Alert Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Overlap Limit: 10 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Min fragment Length: 100 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Max Expected Streams: 39 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Stream global config: Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Track TCP sessions: ACTIVE Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Max TCP sessions: 10000 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: TCP cache pruning timeout: 30 seconds Sat May 7 11:39:05 2016 daemon.notice snort[6827]: TCP cache nominal timeout: 3600 seconds Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Memcap (for reassembly packet storage): 8388608 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Track UDP sessions: ACTIVE Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Max UDP sessions: 10000 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: UDP cache pruning timeout: 30 seconds Sat May 7 11:39:05 2016 daemon.notice snort[6827]: UDP cache nominal timeout: 180 seconds Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Track ICMP sessions: ACTIVE Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Max ICMP sessions: 65536 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Track IP sessions: INACTIVE Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Log info if session memory consumption exceeds 1048576 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Send up to 2 active responses Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Wait at least 5 seconds between responses Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Protocol Aware Flushing: ACTIVE Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Maximum Flush Point: 16000 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Stream TCP Policy config: Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Bound Address: default Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Reassembly Policy: WINDOWS Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Timeout: 180 seconds Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Limit on TCP Overlaps: 10 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Maximum number of bytes to queue per session: 1048576 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Maximum number of segs to queue per session: 2621 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Options: Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Require 3-Way Handshake: YES Sat May 7 11:39:05 2016 daemon.notice snort[6827]: 3-Way Handshake Timeout: 180 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Detect Anomalies: YES Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Reassembly Ports: Sat May 7 11:39:05 2016 daemon.notice snort[6827]: 21 client (Footprint-IPS) Sat May 7 11:39:05 2016 daemon.notice snort[6827]: 22 client (Footprint-IPS) Sat May 7 11:39:05 2016 daemon.notice snort[6827]: 23 client (Footprint-IPS) Sat May 7 11:39:05 2016 daemon.notice snort[6827]: 25 client (Footprint-IPS) Sat May 7 11:39:05 2016 daemon.notice snort[6827]: 36 client (Footprint-IPS) server (Footprint-IPS) Sat May 7 11:39:05 2016 daemon.notice snort[6827]: 42 client (Footprint-IPS) Sat May 7 11:39:05 2016 daemon.notice snort[6827]: 53 client (Footprint-IPS) Sat May 7 11:39:05 2016 daemon.notice snort[6827]: 70 client (Footprint-IPS) Sat May 7 11:39:05 2016 daemon.notice snort[6827]: 79 client (Footprint-IPS) Sat May 7 11:39:05 2016 daemon.notice snort[6827]: 80 client (Footprint-IPS) server (Footprint-IPS) Sat May 7 11:39:05 2016 daemon.notice snort[6827]: 81 client (Footprint-IPS) server (Footprint-IPS) Sat May 7 11:39:05 2016 daemon.notice snort[6827]: 82 client (Footprint-IPS) server (Footprint-IPS) Sat May 7 11:39:05 2016 daemon.notice snort[6827]: 83 client (Footprint-IPS) server (Footprint-IPS) Sat May 7 11:39:05 2016 daemon.notice snort[6827]: 84 client (Footprint-IPS) server (Footprint-IPS) Sat May 7 11:39:05 2016 daemon.notice snort[6827]: 85 client (Footprint-IPS) server (Footprint-IPS) Sat May 7 11:39:05 2016 daemon.notice snort[6827]: 86 client (Footprint-IPS) server (Footprint-IPS) Sat May 7 11:39:05 2016 daemon.notice snort[6827]: 87 client (Footprint-IPS) server (Footprint-IPS) Sat May 7 11:39:05 2016 daemon.notice snort[6827]: 88 client (Footprint-IPS) server (Footprint-IPS) Sat May 7 11:39:05 2016 daemon.notice snort[6827]: 89 client (Footprint-IPS) server (Footprint-IPS) Sat May 7 11:39:05 2016 daemon.notice snort[6827]: 90 client (Footprint-IPS) server (Footprint-IPS) Sat May 7 11:39:05 2016 daemon.notice snort[6827]: additional ports configured but not printed. Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Stream UDP Policy config: Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Timeout: 180 seconds Sat May 7 11:39:05 2016 daemon.notice snort[6827]: HttpInspect Config: Sat May 7 11:39:05 2016 daemon.notice snort[6827]: GLOBAL CONFIG Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Detect Proxy Usage: NO Sat May 7 11:39:05 2016 daemon.notice snort[6827]: IIS Unicode Map Filename: /etc/snort/unicode.map Sat May 7 11:39:05 2016 daemon.notice snort[6827]: IIS Unicode Map Codepage: 1252 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Memcap used for logging URI and Hostname: 150994944 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Max Gzip Memory: 838860 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Max Gzip Sessions: 1807 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Gzip Compress Depth: 65535 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Gzip Decompress Depth: 65535 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: DEFAULT SERVER CONFIG: Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Server profile: All Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Ports (PAF): 36 80 81 82 83 84 85 86 87 88 89 90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000 7001 7071 7144 7145 7510 7770 7777 7778 7779 8000 8008 8014 8028 8080 8081 8082 8085 8088 8090 8118 8123 8180 8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090 9091 9111 9290 9443 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Server Flow Depth: 0 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Client Flow Depth: 0 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Max Chunk Length: 500000 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Small Chunk Length Evasion: chunk size <= 10, threshold >= 5 times Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Max Header Field Length: 750 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Max Number Header Fields: 100 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Max Number of WhiteSpaces allowed with header folding: 200 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Inspect Pipeline Requests: YES Sat May 7 11:39:05 2016 daemon.notice snort[6827]: URI Discovery Strict Mode: NO Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Allow Proxy Usage: NO Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Disable Alerting: NO Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Oversize Dir Length: 500 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Only inspect URI: NO Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Normalize HTTP Headers: NO Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Inspect HTTP Cookies: YES Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Inspect HTTP Responses: YES Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Extract Gzip from responses: YES Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Decompress response files: Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Unlimited decompression of gzip data from responses: YES Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Normalize Javascripts in HTTP Responses: YES Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Max Number of WhiteSpaces allowed with Javascript Obfuscation in HTTP responses: 200 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Normalize HTTP Cookies: NO Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Enable XFF and True Client IP: NO Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Log HTTP URI data: NO Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Log HTTP Hostname data: NO Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Extended ASCII code support in URI: NO Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Ascii: YES alert: NO Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Double Decoding: YES alert: NO Sat May 7 11:39:05 2016 daemon.notice snort[6827]: %U Encoding: YES alert: YES Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Bare Byte: YES alert: NO Sat May 7 11:39:05 2016 daemon.notice snort[6827]: UTF 8: YES alert: NO Sat May 7 11:39:05 2016 daemon.notice snort[6827]: IIS Unicode: YES alert: NO Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Multiple Slash: YES alert: NO Sat May 7 11:39:05 2016 daemon.notice snort[6827]: IIS Backslash: YES alert: NO Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Directory Traversal: YES alert: NO Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Web Root Traversal: YES alert: NO Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Apache WhiteSpace: YES alert: NO Sat May 7 11:39:05 2016 daemon.notice snort[6827]: IIS Delimiter: YES alert: NO Sat May 7 11:39:05 2016 daemon.notice snort[6827]: IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Whitespace Characters: 0x09 0x0b 0x0c 0x0d Sat May 7 11:39:05 2016 daemon.notice snort[6827]: rpc_decode arguments: Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: alert_fragments: INACTIVE Sat May 7 11:39:05 2016 daemon.notice snort[6827]: alert_large_fragments: INACTIVE Sat May 7 11:39:05 2016 daemon.notice snort[6827]: alert_incomplete: INACTIVE Sat May 7 11:39:05 2016 daemon.notice snort[6827]: alert_multiple_requests: INACTIVE Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Portscan Detection Config: Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Detect Protocols: TCP UDP ICMP IP Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Detect Scan Type: portscan portsweep decoy_portscan distributed_portscan Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Sensitivity Level: Medium Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Memcap (in bytes): 500000 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Number of Nodes: 978 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: FTPTelnet Config: Sat May 7 11:39:05 2016 daemon.notice snort[6827]: GLOBAL CONFIG Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Inspection Type: stateful Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Check for Encrypted Traffic: YES alert: NO Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Continue to check encrypted data: YES Sat May 7 11:39:05 2016 daemon.notice snort[6827]: TELNET CONFIG: Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Ports: 23 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Are You There Threshold: 20 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Normalize: YES Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Detect Anomalies: YES Sat May 7 11:39:05 2016 daemon.notice snort[6827]: FTP CONFIG: Sat May 7 11:39:05 2016 daemon.notice snort[6827]: FTP Server: default Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Ports (PAF): 21 2100 3535 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Check for Telnet Cmds: YES alert: YES Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Ignore Telnet Cmd Operations: YES alert: YES Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Ignore open data channels: NO Sat May 7 11:39:05 2016 daemon.notice snort[6827]: FTP Client: default Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Check for Bounce Attacks: YES alert: YES Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Check for Telnet Cmds: YES alert: YES Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Ignore Telnet Cmd Operations: YES alert: YES Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Max Response Length: 256 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: SSH config: Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Autodetection: ENABLED Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Challenge-Response Overflow Alert: ENABLED Sat May 7 11:39:05 2016 daemon.notice snort[6827]: SSH1 CRC32 Alert: ENABLED Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Server Version String Overflow Alert: ENABLED Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Protocol Mismatch Alert: ENABLED Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Bad Message Direction Alert: DISABLED Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Bad Payload Size Alert: DISABLED Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Unrecognized Version Alert: DISABLED Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Max Encrypted Packets: 20 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Max Server Version String Length: 100 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: MaxClientBytes: 19600 (Default) Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Ports: Sat May 7 11:39:05 2016 daemon.notice snort[6827]: 22 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Sat May 7 11:39:05 2016 daemon.notice snort[6827]: DCE/RPC 2 Preprocessor Configuration Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Global Configuration Sat May 7 11:39:05 2016 daemon.notice snort[6827]: DCE/RPC Defragmentation: Enabled Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Memcap: 102400 KB Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Events: co Sat May 7 11:39:05 2016 daemon.notice snort[6827]: SMB Fingerprint policy: Disabled Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Server Default Configuration Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Policy: WinXP Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Detect ports (PAF) Sat May 7 11:39:05 2016 daemon.notice snort[6827]: SMB: 139 445 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: TCP: 135 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: UDP: 135 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: RPC over HTTP server: 593 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: RPC over HTTP proxy: None Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Autodetect ports (PAF) Sat May 7 11:39:05 2016 daemon.notice snort[6827]: SMB: None Sat May 7 11:39:05 2016 daemon.notice snort[6827]: TCP: 1025-65535 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: UDP: 1025-65535 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: RPC over HTTP server: 1025-65535 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: RPC over HTTP proxy: None Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Invalid SMB shares: C$ D$ ADMIN$ Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Maximum SMB command chaining: 3 commands Sat May 7 11:39:05 2016 daemon.notice snort[6827]: SMB file inspection: Disabled Sat May 7 11:39:05 2016 daemon.notice snort[6827]: DNS config: Sat May 7 11:39:05 2016 daemon.notice snort[6827]: DNS Client rdata txt Overflow Alert: ACTIVE Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Obsolete DNS RR Types Alert: INACTIVE Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Experimental DNS RR Types Alert: INACTIVE Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Ports: Sat May 7 11:39:05 2016 daemon.notice snort[6827]: 53 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Sat May 7 11:39:05 2016 daemon.notice snort[6827]: SSLPP config: Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Encrypted packets: not inspected Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Ports: Sat May 7 11:39:05 2016 daemon.notice snort[6827]: 443 465 563 636 989 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: 992 993 994 995 7801 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: 7802 7900 7901 7902 7903 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: 7904 7905 7906 7907 7908 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: 7909 7910 7911 7912 7913 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: 7914 7915 7916 7917 7918 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: 7919 7920 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Server side data is trusted Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Maximum SSL Heartbeat length: 0 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Sensitive Data preprocessor config: Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Global Alert Threshold: 25 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Masked Output: DISABLED Sat May 7 11:39:05 2016 daemon.notice snort[6827]: SIP config: Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Max number of sessions: 1024 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Max number of dialogs in a session: 4 (Default) Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Status: ENABLED Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Ignore media channel: DISABLED Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Max URI length: 512 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Max Call ID length: 80 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Max Request name length: 20 (Default) Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Max From length: 256 (Default) Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Max To length: 256 (Default) Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Max Via length: 1024 (Default) Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Max Contact length: 512 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Max Content length: 2048 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Ports: Sat May 7 11:39:05 2016 daemon.notice snort[6827]: 5060 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: 5061 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: 5600 Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Methods: Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Sat May 7 11:39:05 2016 daemon.notice snort[6827]: invite Sat May 7 11:39:05 2016 daemon.notice snort[6827]: cancel Sat May 7 11:39:05 2016 daemon.notice snort[6827]: ack Sat May 7 11:39:05 2016 daemon.notice snort[6827]: bye Sat May 7 11:39:05 2016 daemon.notice snort[6827]: register Sat May 7 11:39:05 2016 daemon.notice snort[6827]: options Sat May 7 11:39:05 2016 daemon.notice snort[6827]: refer Sat May 7 11:39:05 2016 daemon.notice snort[6827]: subscribe Sat May 7 11:39:05 2016 daemon.notice snort[6827]: update Sat May 7 11:39:05 2016 daemon.notice snort[6827]: join Sat May 7 11:39:05 2016 daemon.notice snort[6827]: info Sat May 7 11:39:05 2016 daemon.notice snort[6827]: message Sat May 7 11:39:05 2016 daemon.notice snort[6827]: notify Sat May 7 11:39:05 2016 daemon.notice snort[6827]: benotify Sat May 7 11:39:05 2016 daemon.notice snort[6827]: do Sat May 7 11:39:05 2016 daemon.notice snort[6827]: qauth Sat May 7 11:39:05 2016 daemon.notice snort[6827]: sprack Sat May 7 11:39:05 2016 daemon.notice snort[6827]: publish Sat May 7 11:39:05 2016 daemon.notice snort[6827]: service Sat May 7 11:39:05 2016 daemon.notice snort[6827]: unsubscribe Sat May 7 11:39:05 2016 daemon.notice snort[6827]: prack Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Sat May 7 11:39:05 2016 daemon.notice snort[6827]: +++++++++++++++++++++++++++++++++++++++++++++++++++ Sat May 7 11:39:05 2016 daemon.notice snort[6827]: Initializing rule chains... Sat May 7 11:39:06 2016 daemon.notice snort[6827]: WARNING: /etc/snort/rules/snort.rules(1218) threshold (in rule) is deprecated; use detection_filter instead. Sat May 7 11:39:13 2016 kern.notice kernel: [ 401.193036] eth1: Link down Sat May 7 11:39:13 2016 kern.info kernel: [ 401.193113] br-lan: port 1(eth1) entered disabled state Sat May 7 11:39:13 2016 daemon.notice netifd: Network device 'eth1' link is down Sat May 7 11:39:13 2016 kern.notice kernel: [ 401.213457] eth2: Link down Sat May 7 11:39:14 2016 daemon.notice netifd: Bridge 'br-lan' link is down Sat May 7 11:39:14 2016 daemon.notice netifd: Interface 'lan' has link connectivity loss Sat May 7 11:39:14 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity loss Sat May 7 11:39:14 2016 daemon.notice netifd: Network device 'eth2' link is down Sat May 7 11:39:14 2016 daemon.notice netifd: Interface 'wan6' has link connectivity loss Sat May 7 11:39:14 2016 daemon.notice netifd: Interface 'wan6' is now down Sat May 7 11:39:14 2016 daemon.notice netifd: Interface 'wan6' is disabled Sat May 7 11:39:14 2016 kern.notice kernel: [ 402.203204] eth1: 1000 Mbps Full duplex, port 1 Sat May 7 11:39:14 2016 kern.info kernel: [ 402.203970] br-lan: port 1(eth1) entered forwarding state Sat May 7 11:39:14 2016 kern.info kernel: [ 402.203992] br-lan: port 1(eth1) entered forwarding state Sat May 7 11:39:14 2016 daemon.notice netifd: Interface 'wan6' is enabled Sat May 7 11:39:14 2016 daemon.notice netifd: Network device 'eth1' link is up Sat May 7 11:39:14 2016 daemon.notice netifd: Bridge 'br-lan' link is up Sat May 7 11:39:14 2016 daemon.notice netifd: Interface 'lan' has link connectivity Sat May 7 11:39:14 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity Sat May 7 11:39:14 2016 kern.notice kernel: [ 402.227817] eth2: 1000 Mbps Full duplex, port 2 Sat May 7 11:39:14 2016 kern.info kernel: [ 402.227897] IPv6: ADDRCONF(NETDEV_UP): eth2: link is not ready Sat May 7 11:39:14 2016 daemon.notice snort[6827]: 13285 Snort rules read Sat May 7 11:39:14 2016 daemon.notice snort[6827]: 13285 detection rules Sat May 7 11:39:14 2016 daemon.notice snort[6827]: 0 decoder rules Sat May 7 11:39:14 2016 daemon.notice snort[6827]: 0 preprocessor rules Sat May 7 11:39:14 2016 daemon.notice snort[6827]: 13285 Option Chains linked into 252 Chain Headers Sat May 7 11:39:14 2016 daemon.notice snort[6827]: 0 Dynamic rules Sat May 7 11:39:14 2016 daemon.notice snort[6827]: +++++++++++++++++++++++++++++++++++++++++++++++++++ Sat May 7 11:39:14 2016 daemon.notice snort[6827]: Sat May 7 11:39:15 2016 daemon.notice netifd: Network device 'eth2' link is up Sat May 7 11:39:15 2016 daemon.notice netifd: Interface 'wan6' has link connectivity Sat May 7 11:39:15 2016 daemon.notice netifd: Interface 'wan6' is setting up now Sat May 7 11:39:15 2016 daemon.notice netifd: Interface 'wan6' is now up Sat May 7 11:39:15 2016 kern.info kernel: [ 403.203375] IPv6: ADDRCONF(NETDEV_CHANGE): eth2: link becomes ready Sat May 7 11:39:15 2016 user.notice firewall: Reloading firewall due to ifup of wan6 (eth2) Sat May 7 11:39:15 2016 daemon.crit dnsmasq[6993]: illegal repeated keyword at line 13 of /var/etc/dnsmasq.conf Sat May 7 11:39:15 2016 daemon.crit dnsmasq[6993]: FAILED to start up Sat May 7 11:39:16 2016 user.notice ddns-scripts[7027]: myddns_ipv6: PID '7027' started at 2016-05-07 11:39 Sat May 7 11:39:16 2016 user.warn ddns-scripts[7027]: myddns_ipv6: Service section disabled! - TERMINATE Sat May 7 11:39:16 2016 user.warn ddns-scripts[7027]: myddns_ipv6: PID '7027' exit WITH ERROR '1' at 2016-05-07 11:39 Sat May 7 11:39:16 2016 kern.info kernel: [ 404.203155] br-lan: port 1(eth1) entered forwarding state Sat May 7 11:39:22 2016 kern.notice kernel: [ 410.223013] eth1: Link down Sat May 7 11:39:22 2016 kern.info kernel: [ 410.223139] br-lan: port 1(eth1) entered disabled state Sat May 7 11:39:22 2016 daemon.notice netifd: Network device 'eth1' link is down Sat May 7 11:39:22 2016 daemon.notice snort[6827]: +-------------------[Rule Port Counts]--------------------------------------- Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | tcp udp icmp ip Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | src 1980 40 0 0 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | dst 10553 492 0 0 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | any 206 16 0 0 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | nc 7 1 0 0 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | s+d 46 15 0 0 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: +---------------------------------------------------------------------------- Sat May 7 11:39:22 2016 daemon.notice snort[6827]: Sat May 7 11:39:22 2016 daemon.notice snort[6827]: +-----------------------[detection-filter-config]------------------------------ Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | memory-cap : 1048576 bytes Sat May 7 11:39:22 2016 daemon.notice snort[6827]: +-----------------------[detection-filter-rules]------------------------------- Sat May 7 11:39:22 2016 daemon.notice snort[6827]: ------------------------------------------------------------------------------- Sat May 7 11:39:22 2016 daemon.notice snort[6827]: Sat May 7 11:39:22 2016 daemon.notice snort[6827]: +-----------------------[rate-filter-config]----------------------------------- Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | memory-cap : 1048576 bytes Sat May 7 11:39:22 2016 daemon.notice snort[6827]: +-----------------------[rate-filter-rules]------------------------------------ Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | none Sat May 7 11:39:22 2016 daemon.notice snort[6827]: ------------------------------------------------------------------------------- Sat May 7 11:39:22 2016 daemon.notice snort[6827]: Sat May 7 11:39:22 2016 daemon.notice snort[6827]: +-----------------------[event-filter-config]---------------------------------- Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | memory-cap : 1048576 bytes Sat May 7 11:39:22 2016 daemon.notice snort[6827]: +-----------------------[event-filter-global]---------------------------------- Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | none Sat May 7 11:39:22 2016 daemon.notice snort[6827]: +-----------------------[event-filter-local]----------------------------------- Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2019692 type=Both tracking=src count=12 seconds=120 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2003657 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2003622 type=Limit tracking=src count=3 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008797 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2003585 type=Limit tracking=src count=3 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2003586 type=Limit tracking=src count=3 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2003583 type=Limit tracking=src count=3 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2003566 type=Limit tracking=src count=3 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2011974 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2011975 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2009355 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2009356 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2009544 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2009547 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2009534 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2009537 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2009538 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2009512 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2017921 type=Both tracking=src count=2 seconds=60 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2017918 type=Both tracking=dst count=2 seconds=60 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2017919 type=Both tracking=dst count=2 seconds=60 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2017920 type=Both tracking=src count=2 seconds=60 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2009480 type=Limit tracking=dst count=1 seconds=60 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2009481 type=Threshold tracking=dst count=20 seconds=40 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2001795 type=Limit tracking=src count=30 seconds=60 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2017965 type=Both tracking=src count=1 seconds=120 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2017966 type=Both tracking=src count=1 seconds=120 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2017967 type=Both tracking=src count=2 seconds=60 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2021170 type=Both tracking=src count=10 seconds=60 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2021171 type=Both tracking=src count=10 seconds=60 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2021172 type=Both tracking=dst count=10 seconds=60 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2021124 type=Limit tracking=dst count=1 seconds=1200 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2021125 type=Limit tracking=dst count=1 seconds=1200 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2001906 type=Both tracking=src count=5 seconds=60 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2001872 type=Limit tracking=src count=1 seconds=360 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2001864 type=Limit tracking=src count=1 seconds=360 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2001855 type=Limit tracking=src count=1 seconds=360 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2001858 type=Limit tracking=src count=1 seconds=360 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2004443 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2018666 type=Both tracking=dst count=12 seconds=120 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2021260 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2016030 type=Limit tracking=src count=1 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2016031 type=Limit tracking=src count=1 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2016033 type=Limit tracking=src count=1 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2016016 type=Both tracking=dst count=5 seconds=60 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2007583 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2018607 type=Limit tracking=src count=1 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2018568 type=Limit tracking=src count=1 seconds=120 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2018569 type=Limit tracking=src count=1 seconds=120 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2018755 type=Both tracking=src count=5 seconds=120 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2013547 type=Limit tracking=src count=1 seconds=600 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2021328 type=Both tracking=src count=10 seconds=120 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2021329 type=Both tracking=src count=10 seconds=120 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2021330 type=Both tracking=src count=10 seconds=120 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2021331 type=Both tracking=src count=10 seconds=120 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2021332 type=Both tracking=src count=10 seconds=120 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2021333 type=Both tracking=src count=10 seconds=120 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2021326 type=Limit tracking=src count=3 seconds=60 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2021327 type=Both tracking=src count=10 seconds=120 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2016101 type=Limit tracking=src count=1 seconds=120 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2013492 type=Both tracking=src count=2 seconds=120 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2002677 type=Both tracking=src count=5 seconds=60 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2002664 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2000048 type=Limit tracking=dst count=1 seconds=60 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2000049 type=Limit tracking=dst count=1 seconds=60 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2000031 type=Limit tracking=dst count=1 seconds=60 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008453 type=Threshold tracking=src count=5 seconds=30 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008454 type=Threshold tracking=src count=5 seconds=30 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008455 type=Threshold tracking=src count=5 seconds=30 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008440 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008427 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008428 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008429 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2011029 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2011030 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008422 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008423 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008424 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2016212 type=Limit tracking=src count=1 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008413 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008400 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008391 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2019418 type=Both tracking=src count=50 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008363 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008355 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2010953 type=Limit tracking=src count=10 seconds=60 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008361 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008352 type=Limit tracking=src count=1 seconds=3600 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008353 type=Limit tracking=src count=1 seconds=3600 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008343 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2019347 type=Both tracking=dst count=500 seconds=60 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2019348 type=Both tracking=dst count=500 seconds=60 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2019349 type=Both tracking=dst count=500 seconds=60 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008571 type=Threshold tracking=dst count=2 seconds=5 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2019350 type=Both tracking=dst count=500 seconds=60 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008564 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2019346 type=Both tracking=dst count=500 seconds=60 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008560 type=Threshold tracking=dst count=4 seconds=15 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008549 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008544 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008514 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008510 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008512 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008513 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008504 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2003286 type=Both tracking=dst count=1 seconds=900 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2003287 type=Both tracking=dst count=1 seconds=900 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008494 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008495 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2003278 type=Both tracking=src count=1 seconds=900 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2003279 type=Both tracking=src count=1 seconds=900 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2003280 type=Both tracking=src count=1 seconds=900 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2003281 type=Both tracking=src count=1 seconds=900 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008488 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2003270 type=Both tracking=src count=1 seconds=900 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2003271 type=Both tracking=src count=1 seconds=900 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2003272 type=Both tracking=src count=1 seconds=900 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2003273 type=Both tracking=src count=1 seconds=900 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2003274 type=Both tracking=src count=1 seconds=900 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2003275 type=Both tracking=src count=1 seconds=900 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2003276 type=Both tracking=src count=1 seconds=900 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2003277 type=Both tracking=src count=1 seconds=900 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2003262 type=Both tracking=src count=1 seconds=900 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2003263 type=Both tracking=src count=1 seconds=900 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2003266 type=Both tracking=src count=1 seconds=900 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2016897 type=Limit tracking=src count=2 seconds=60 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2003267 type=Both tracking=src count=1 seconds=900 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2003268 type=Both tracking=src count=1 seconds=900 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2003269 type=Both tracking=src count=1 seconds=900 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008460 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2003254 type=Both tracking=src count=1 seconds=900 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2003255 type=Both tracking=src count=1 seconds=900 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2003256 type=Both tracking=src count=2 seconds=900 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008463 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2003257 type=Both tracking=src count=2 seconds=900 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008464 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2003258 type=Both tracking=src count=1 seconds=900 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2003259 type=Both tracking=src count=1 seconds=900 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2003260 type=Both tracking=src count=1 seconds=900 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2003261 type=Both tracking=src count=1 seconds=900 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2016867 type=Limit tracking=src count=1 seconds=600 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2003397 type=Both tracking=src count=1 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2003384 type=Limit tracking=src count=1 seconds=300 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2011809 type=Limit tracking=src count=1 seconds=30 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2003387 type=Limit tracking=src count=5 seconds=60 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2011808 type=Limit tracking=src count=1 seconds=30 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2014372 type=Both tracking=src count=2 seconds=60 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2011766 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2011767 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2009159 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2006546 type=Both tracking=src count=5 seconds=30 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2020167 type=Both tracking=src count=1 seconds=10 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2011716 type=Limit tracking=src count=5 seconds=120 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2020338 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:39:22 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2020323 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2011887 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2020305 type=Both tracking=src count=30 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2020306 type=Both tracking=dst count=30 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2020240 type=Limit tracking=src count=1 seconds=180 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2001562 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2001564 type=Limit tracking=src count=5 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2017721 type=Both tracking=src count=5 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2017722 type=Both tracking=src count=5 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2018316 type=Both tracking=dst count=12 seconds=120 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2009867 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2018455 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2018431 type=Limit tracking=src count=1 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2018432 type=Limit tracking=src count=1 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2018433 type=Limit tracking=src count=1 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2018430 type=Limit tracking=src count=1 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2021018 type=Both tracking=dst count=10 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2018383 type=Limit tracking=src count=1 seconds=120 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2018388 type=Limit tracking=src count=1 seconds=120 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2018389 type=Limit tracking=src count=1 seconds=120 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2018382 type=Limit tracking=dst count=1 seconds=120 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2018372 type=Limit tracking=src count=1 seconds=120 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2018373 type=Limit tracking=src count=1 seconds=120 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2018374 type=Limit tracking=src count=1 seconds=120 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2010715 type=Limit tracking=src count=1 seconds=180 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008096 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008097 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008098 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008084 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008085 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008073 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2019102 type=Both tracking=src count=2 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2021691 type=Limit tracking=src count=3 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2010642 type=Threshold tracking=src count=5 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2010643 type=Threshold tracking=src count=5 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008231 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2002402 type=Limit tracking=src count=1 seconds=360 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008228 type=Limit tracking=src count=3 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2002400 type=Limit tracking=src count=2 seconds=360 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008215 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008216 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008208 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008209 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2013416 type=Threshold tracking=dst count=10 seconds=20 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008211 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2002383 type=Threshold tracking=dst count=5 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008214 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008199 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2019230 type=Both tracking=src count=50 seconds=10 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008184 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2015986 type=Both tracking=src count=100 seconds=1 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2019211 type=Both tracking=src count=1 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2013385 type=Limit tracking=src count=1 seconds=360 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008181 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008147 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2019166 type=Both tracking=src count=5 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2014103 type=Both tracking=src count=15 seconds=30 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008276 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2011497 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008264 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008266 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008255 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008257 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008259 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008262 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008253 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008847 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2014020 type=Both tracking=src count=5 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2011402 type=Limit tracking=src count=5 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2011403 type=Limit tracking=src count=5 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2014002 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2003171 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2011585 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2006365 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008956 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2014153 type=Both tracking=src count=225 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2014140 type=Both tracking=src count=5 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2014141 type=Both tracking=src count=5 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008941 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2019963 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2019966 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008912 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008913 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008914 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2019950 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008916 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008919 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2019922 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2019897 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2019889 type=Both tracking=src count=12 seconds=120 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2019882 type=Both tracking=src count=12 seconds=120 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2019883 type=Both tracking=src count=12 seconds=120 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2019884 type=Both tracking=src count=12 seconds=120 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2019885 type=Both tracking=src count=12 seconds=120 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2019886 type=Both tracking=src count=12 seconds=120 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2019887 type=Both tracking=src count=12 seconds=120 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2019888 type=Both tracking=src count=12 seconds=120 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2019876 type=Limit tracking=src count=1 seconds=30 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2014869 type=Limit tracking=src count=1 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2009040 type=Threshold tracking=src count=20 seconds=10 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2020069 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2020022 type=Both tracking=src count=2 seconds=10 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2012204 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2020630 type=Limit tracking=dst count=1 seconds=1200 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2020631 type=Limit tracking=dst count=1 seconds=1200 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2020632 type=Limit tracking=dst count=1 seconds=1200 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2020633 type=Limit tracking=dst count=1 seconds=1200 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2003927 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2003930 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2001315 type=Limit tracking=src count=1 seconds=360 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2001316 type=Limit tracking=src count=1 seconds=360 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2020741 type=Both tracking=src count=3 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2020742 type=Both tracking=src count=3 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2012303 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2012304 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2012305 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2012306 type=Limit tracking=dst count=1 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2009703 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2020712 type=Limit tracking=src count=2 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2020702 type=Both tracking=src count=1 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2018094 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2018088 type=Limit tracking=src count=1 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2018090 type=Limit tracking=src count=1 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2009646 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2020666 type=Limit tracking=dst count=1 seconds=1200 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2020667 type=Limit tracking=dst count=1 seconds=1200 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2020668 type=Limit tracking=dst count=1 seconds=1200 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2020669 type=Limit tracking=dst count=1 seconds=1200 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2020659 type=Limit tracking=dst count=1 seconds=1200 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2020660 type=Limit tracking=dst count=1 seconds=1200 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2020661 type=Limit tracking=dst count=1 seconds=1200 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2020662 type=Limit tracking=dst count=1 seconds=1200 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2020663 type=Limit tracking=dst count=1 seconds=1200 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2020664 type=Limit tracking=dst count=1 seconds=1200 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2020665 type=Limit tracking=dst count=1 seconds=1200 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2009833 type=Threshold tracking=dst count=2 seconds=30 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2020853 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2013017 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2018208 type=Both tracking=src count=100 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2015577 type=Limit tracking=src count=1 seconds=30 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2010508 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2010513 type=Threshold tracking=src count=10 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2018292 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2010494 type=Threshold tracking=src count=5 seconds=120 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2010486 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2010487 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2018277 type=Both tracking=src count=5 seconds=90 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2013036 type=Limit tracking=src count=1 seconds=3 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2021443 type=Both tracking=src count=10 seconds=120 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2021444 type=Both tracking=src count=10 seconds=120 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2021409 type=Both tracking=src count=10 seconds=120 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2021410 type=Both tracking=src count=10 seconds=120 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2019021 type=Both tracking=dst count=2 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2019022 type=Both tracking=src count=2 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2019013 type=Both tracking=src count=1 seconds=120 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2019014 type=Both tracking=src count=1 seconds=120 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2019015 type=Both tracking=src count=1 seconds=120 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2019016 type=Both tracking=dst count=2 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2019017 type=Both tracking=dst count=2 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2019018 type=Both tracking=dst count=2 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2019019 type=Both tracking=dst count=2 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2019020 type=Both tracking=dst count=2 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2019010 type=Both tracking=src count=1 seconds=120 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2019011 type=Both tracking=src count=1 seconds=120 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2019012 type=Both tracking=src count=1 seconds=120 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2018984 type=Both tracking=src count=1 seconds=30 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2021572 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2018977 type=Both tracking=src count=1 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2021573 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2018978 type=Both tracking=dst count=1 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2021574 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2021575 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2005320 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2011146 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008048 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2002842 type=Both tracking=src count=5 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008663 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008043 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008657 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008658 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008643 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008609 type=Threshold tracking=src count=3 seconds=10 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008603 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2019609 type=Both tracking=src count=50 seconds=10 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008577 type=Threshold tracking=dst count=5 seconds=15 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008578 type=Limit tracking=src count=1 seconds=10 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008579 type=Threshold tracking=dst count=20 seconds=15 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008749 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008756 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2019778 type=Both tracking=dst count=1 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2008734 type=Limit tracking=src count=2 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2017161 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2017162 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2000929 type=Limit tracking=src count=1 seconds=360 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2019748 type=Limit tracking=src count=1 seconds=600 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2019749 type=Limit tracking=src count=1 seconds=600 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2003497 type=Limit tracking=src count=3 seconds=300 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2003493 type=Limit tracking=src count=2 seconds=360 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2011914 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=1 sig-id=2011915 type=Limit tracking=src count=1 seconds=60 Sat May 7 11:39:23 2016 daemon.notice snort[6827]: +-----------------------[suppression]------------------------------------------ Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=129 sig-id=20 tracking=none Sat May 7 11:39:23 2016 daemon.notice snort[6827]: | gen-id=129 sig-id=12 tracking=none Sat May 7 11:39:23 2016 daemon.notice snort[6827]: ------------------------------------------------------------------------------- Sat May 7 11:39:23 2016 daemon.notice snort[6827]: Rule application order: activation->dynamic->pass->drop->sdrop->reject->alert->log Sat May 7 11:39:23 2016 daemon.notice snort[6827]: Verifying Preprocessor Configurations! Sat May 7 11:39:23 2016 daemon.notice snort[6827]: WARNING: flowbits key 'et.JavaArchiveOrClass' is checked but not ever set. Sat May 7 11:39:23 2016 daemon.notice snort[6827]: WARNING: flowbits key 'SunDown.EK' is set but not ever checked. Sat May 7 11:39:23 2016 daemon.notice snort[6827]: WARNING: flowbits key 'ET.JS.Obfus.Func' is checked but not ever set. Sat May 7 11:39:23 2016 daemon.notice snort[6827]: WARNING: flowbits key 'et.MS.XMLHTTP.ip.request' is checked but not ever set. Sat May 7 11:39:23 2016 daemon.notice snort[6827]: WARNING: flowbits key 'ET.http.rtf.download' is set but not ever checked. Sat May 7 11:39:23 2016 daemon.notice snort[6827]: WARNING: flowbits key 'ET.webc2ugx' is set but not ever checked. Sat May 7 11:39:23 2016 daemon.notice snort[6827]: WARNING: flowbits key 'ET.MSSQL' is checked but not ever set. Sat May 7 11:39:23 2016 daemon.notice snort[6827]: WARNING: flowbits key 'ET.lizkebab' is checked but not ever set. Sat May 7 11:39:23 2016 daemon.notice snort[6827]: WARNING: flowbits key 'AnglerEK' is set but not ever checked. Sat May 7 11:39:23 2016 daemon.notice snort[6827]: WARNING: flowbits key 'NuclearEK' is set but not ever checked. Sat May 7 11:39:23 2016 daemon.notice snort[6827]: WARNING: flowbits key 'et.MS.XMLHTTP.no.exe.request' is checked but not ever set. Sat May 7 11:39:23 2016 daemon.notice snort[6827]: WARNING: flowbits key 'ms.rdp.established' is checked but not ever set. Sat May 7 11:39:23 2016 daemon.notice snort[6827]: WARNING: flowbits key 'ET.wininet.UA' is checked but not ever set. Sat May 7 11:39:23 2016 daemon.notice snort[6827]: WARNING: flowbits key 'ET.gadu.loggedin' is checked but not ever set. Sat May 7 11:39:23 2016 daemon.notice snort[6827]: WARNING: flowbits key 'ET.Onelouder.bin' is set but not ever checked. Sat May 7 11:39:23 2016 daemon.notice snort[6827]: WARNING: flowbits key 'ET.Fareit.chk' is set but not ever checked. Sat May 7 11:39:23 2016 daemon.notice snort[6827]: WARNING: flowbits key 'ET.Adobe.Site.Download' is checked but not ever set. Sat May 7 11:39:23 2016 daemon.notice snort[6827]: WARNING: flowbits key 'ET.http.javaclient' is checked but not ever set. Sat May 7 11:39:23 2016 daemon.notice snort[6827]: WARNING: flowbits key 'et.http.PK' is checked but not ever set. Sat May 7 11:39:23 2016 daemon.notice snort[6827]: WARNING: flowbits key 'EXE2' is set but not ever checked. Sat May 7 11:39:23 2016 daemon.notice snort[6827]: WARNING: flowbits key 'ET.http.javaclient.vulnerable' is checked but not ever set. Sat May 7 11:39:23 2016 daemon.notice snort[6827]: WARNING: flowbits key 'FlimKit.SWF.Redirect' is checked but not ever set. Sat May 7 11:39:23 2016 daemon.notice snort[6827]: WARNING: flowbits key 'ET.RDP.Morto' is set but not ever checked. Sat May 7 11:39:23 2016 daemon.notice snort[6827]: WARNING: flowbits key 'ET.http.javaclient.SakuraPorts' is checked but not ever set. Sat May 7 11:39:23 2016 daemon.notice snort[6827]: WARNING: flowbits key 'et.MCOFF' is checked but not ever set. Sat May 7 11:39:23 2016 daemon.notice snort[6827]: WARNING: flowbits key 'ET.autoit.ua' is checked but not ever set. Sat May 7 11:39:23 2016 daemon.notice snort[6827]: WARNING: flowbits key 'ET.http.binary' is checked but not ever set. Sat May 7 11:39:23 2016 daemon.notice snort[6827]: WARNING: flowbits key 'et.WinHttpRequest' is checked but not ever set. Sat May 7 11:39:23 2016 daemon.notice snort[6827]: WARNING: flowbits key 'ET.ButterflyJoin' is set but not ever checked. Sat May 7 11:39:23 2016 daemon.notice snort[6827]: WARNING: flowbits key 'ET.pdf.in.http' is checked but not ever set. Sat May 7 11:39:23 2016 daemon.notice snort[6827]: WARNING: flowbits key 'ET.invalid.cab' is checked but not ever set. Sat May 7 11:39:23 2016 daemon.notice snort[6827]: WARNING: flowbits key 'ET.lethic.established' is set but not ever checked. Sat May 7 11:39:23 2016 daemon.notice snort[6827]: 131 out of 1024 flowbits in use. Sat May 7 11:39:23 2016 daemon.notice netifd: Bridge 'br-lan' link is down Sat May 7 11:39:23 2016 daemon.notice netifd: Interface 'lan' has link connectivity loss Sat May 7 11:39:23 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity loss Sat May 7 11:39:24 2016 daemon.notice netifd: Network device 'eth1' link is up Sat May 7 11:39:24 2016 daemon.notice netifd: Bridge 'br-lan' link is up Sat May 7 11:39:24 2016 daemon.notice netifd: Interface 'lan' has link connectivity Sat May 7 11:39:24 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity Sat May 7 11:39:24 2016 kern.notice kernel: [ 412.233254] eth1: 1000 Mbps Full duplex, port 1 Sat May 7 11:39:24 2016 kern.info kernel: [ 412.233290] br-lan: port 1(eth1) entered forwarding state Sat May 7 11:39:24 2016 kern.info kernel: [ 412.233323] br-lan: port 1(eth1) entered forwarding state Sat May 7 11:39:26 2016 kern.info kernel: [ 414.233157] br-lan: port 1(eth1) entered forwarding state Sat May 7 11:40:25 2016 daemon.err uhttpd[4840]: sh: write error: Broken pipe Sat May 7 11:40:37 2016 daemon.notice snort[6827]: Sat May 7 11:40:37 2016 daemon.notice snort[6827]: [ Port Based Pattern Matching Memory ] Sat May 7 11:40:37 2016 daemon.notice snort[6827]: +- [ Aho-Corasick Summary ] ------------------------------------- Sat May 7 11:40:37 2016 daemon.notice snort[6827]: | Storage Format : Full Sat May 7 11:40:37 2016 daemon.notice snort[6827]: | Finite Automaton : DFA Sat May 7 11:40:37 2016 daemon.notice snort[6827]: | Alphabet Size : 256 Chars Sat May 7 11:40:37 2016 daemon.notice snort[6827]: | Sizeof State : Variable (1,2,4 bytes) Sat May 7 11:40:37 2016 daemon.notice snort[6827]: | Instances : 335 Sat May 7 11:40:37 2016 daemon.notice snort[6827]: | 1 byte states : 228 Sat May 7 11:40:37 2016 daemon.notice snort[6827]: | 2 byte states : 107 Sat May 7 11:40:37 2016 daemon.notice snort[6827]: | 4 byte states : 0 Sat May 7 11:40:37 2016 daemon.notice snort[6827]: | Characters : 408795 Sat May 7 11:40:37 2016 daemon.notice snort[6827]: | States : 252270 Sat May 7 11:40:37 2016 daemon.notice snort[6827]: | Transitions : 13611564 Sat May 7 11:40:37 2016 daemon.notice snort[6827]: | State Density : 21.1% Sat May 7 11:40:37 2016 daemon.notice snort[6827]: | Patterns : 34402 Sat May 7 11:40:37 2016 daemon.notice snort[6827]: | Match States : 30013 Sat May 7 11:40:37 2016 daemon.notice snort[6827]: | Memory (MB) : 134.67 Sat May 7 11:40:37 2016 daemon.notice snort[6827]: | Patterns : 3.40 Sat May 7 11:40:37 2016 daemon.notice snort[6827]: | Match Lists : 8.23 Sat May 7 11:40:37 2016 daemon.notice snort[6827]: | DFA Sat May 7 11:40:37 2016 daemon.notice snort[6827]: | 1 byte states : 3.38 Sat May 7 11:40:37 2016 daemon.notice snort[6827]: | 2 byte states : 119.41 Sat May 7 11:40:37 2016 daemon.notice snort[6827]: | 4 byte states : 0.00 Sat May 7 11:40:37 2016 daemon.notice snort[6827]: +---------------------------------------------------------------- Sat May 7 11:40:37 2016 daemon.notice snort[6827]: [ Number of patterns truncated to 20 bytes: 5427 ] Sat May 7 11:40:37 2016 daemon.notice snort[6827]: afpacket DAQ configured to inline. Sat May 7 11:40:37 2016 daemon.notice snort[6827]: Acquiring network traffic from "eth0:eth2". Sat May 7 11:40:37 2016 daemon.notice snort[6827]: Initializing daemon mode Sat May 7 11:40:37 2016 daemon.notice snort[6827]: Daemon initialized, signaled parent pid: 1 Sat May 7 11:40:37 2016 daemon.notice snort[6827]: Reload thread starting... Sat May 7 11:40:37 2016 daemon.notice snort[6827]: Reload thread started, thread 0xfff004f210 (7611) Sat May 7 11:40:37 2016 daemon.notice snort[6827]: Checking PID path... Sat May 7 11:40:37 2016 daemon.notice snort[6827]: PID path stat checked out ok, PID path set to /var/snort/ Sat May 7 11:40:37 2016 daemon.notice snort[6827]: Writing PID "6827" to file "/var/snort//snort_eth0:eth2.pid" Sat May 7 11:40:37 2016 daemon.notice snort[6827]: Sat May 7 11:40:37 2016 daemon.notice snort[6827]: --== Initialization Complete ==-- Sat May 7 11:40:37 2016 daemon.notice snort[6827]: Sat May 7 11:40:37 2016 daemon.notice snort[6827]: ,,_ -*> Snort! <*- Sat May 7 11:40:37 2016 daemon.notice snort[6827]: o" )~ Version 2.9.7.2 GRE (Build 177) Sat May 7 11:40:37 2016 daemon.notice snort[6827]: '''' By Martin Roesch & The Snort Team: http://www.snort.org/contact#team Sat May 7 11:40:37 2016 daemon.notice snort[6827]: Copyright (C) 2014 Cisco and/or its affiliates. All rights reserved. Sat May 7 11:40:37 2016 daemon.notice snort[6827]: Copyright (C) 1998-2013 Sourcefire, Inc., et al. Sat May 7 11:40:37 2016 daemon.notice snort[6827]: Using libpcap version 1.5.3 Sat May 7 11:40:37 2016 daemon.notice snort[6827]: Using PCRE version: 8.36 2014-09-26 Sat May 7 11:40:37 2016 daemon.notice snort[6827]: Using ZLIB version: 1.2.8 Sat May 7 11:40:37 2016 daemon.notice snort[6827]: Sat May 7 11:40:37 2016 daemon.notice snort[6827]: Rules Engine: SF_SNORT_DETECTION_ENGINE Version 2.4 Sat May 7 11:40:37 2016 daemon.notice snort[6827]: Preprocessor Object: SF_SSLPP Version 1.1 Sat May 7 11:40:37 2016 daemon.notice snort[6827]: Preprocessor Object: SF_DNS Version 1.1 Sat May 7 11:40:37 2016 daemon.notice snort[6827]: Preprocessor Object: SF_SDF Version 1.1 Sat May 7 11:40:37 2016 daemon.notice snort[6827]: Preprocessor Object: SF_DNP3 Version 1.1 Sat May 7 11:40:37 2016 daemon.notice snort[6827]: Preprocessor Object: SF_SMTP Version 1.1 Sat May 7 11:40:37 2016 daemon.notice snort[6827]: Preprocessor Object: SF_SSH Version 1.1 Sat May 7 11:40:37 2016 daemon.notice snort[6827]: Preprocessor Object: SF_MODBUS Version 1.1 Sat May 7 11:40:37 2016 daemon.notice snort[6827]: Preprocessor Object: SF_SIP Version 1.1 Sat May 7 11:40:37 2016 daemon.notice snort[6827]: Preprocessor Object: SF_IMAP Version 1.0 Sat May 7 11:40:37 2016 daemon.notice snort[6827]: Preprocessor Object: SF_GTP Version 1.1 Sat May 7 11:40:37 2016 daemon.notice snort[6827]: Preprocessor Object: SF_DCERPC2 Version 1.0 Sat May 7 11:40:37 2016 daemon.notice snort[6827]: Preprocessor Object: SF_POP Version 1.0 Sat May 7 11:40:37 2016 daemon.notice snort[6827]: Preprocessor Object: SF_REPUTATION Version 1.1 Sat May 7 11:40:37 2016 daemon.notice snort[6827]: Preprocessor Object: SF_FTPTELNET Version 1.2 Sat May 7 11:40:37 2016 daemon.notice snort[6827]: Commencing packet processing (pid=6827) Sat May 7 11:40:37 2016 daemon.notice snort[6827]: Decoding Ethernet Sat May 7 11:42:40 2016 daemon.err uhttpd[4840]: cat: can't open '/.shield_mode': No such file or directory Sat May 7 11:42:51 2016 daemon.err uhttpd[4840]: sh: write error: Broken pipe Sat May 7 11:44:46 2016 daemon.err uhttpd[4840]: cat: can't open '/.shield_mode': No such file or directory Sat May 7 11:44:57 2016 daemon.err uhttpd[4840]: sh: write error: Broken pipe