Itus Networks Owners Forum - bridge mode not working

Itus Networks Owners Forum › Technical Discussion

bridge mode not working

Posted by breda on Feb 25, 2016; 8:56pm
URL: https://itus.accessinnov.com/bridge-mode-not-working-tp178.html

Hi, I can't seem to use the Shield in bridge mode I'm using the 1.51 SP1 From ITUS I have attach the logs any help would be any help any help appreciated

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

FW 151 SP1

[ 0.000000] Linux version 3.10.20 (daniel@Ayoub) (gcc version 4.7.0 (Cavium Inc. Version: SDK_3_1_0_p2 build 34) ) #165 SMP Mon May 18 23:41:17 PDT 2015
[ 0.000000] CVMSEG size: 2 cache lines (256 bytes)
[ 0.000000] Cavium Inc. SDK-3.1
[ 0.000000] bootconsole [early0] enabled
[ 0.000000] CPU revision is: 000d9602 (Cavium Octeon III)
[ 0.000000] FPU revision is: 00739600
[ 0.000000] Checking for the multiply/shift bug... no.
[ 0.000000] Checking for the daddiu bug... no.
[ 0.000000] Determined physical RAM map:
[ 0.000000] memory: 000000000c800000 @ 0000000002500000 (usable)
[ 0.000000] memory: 0000000000c00000 @ 000000000f200000 (usable)
[ 0.000000] memory: 000000002f000000 @ 0000000020000000 (usable)
[ 0.000000] memory: 0000000000830000 @ 0000000000100000 (usable)
[ 0.000000] memory: 0000000001a00000 @ 0000000000930000 (usable after init)
[ 0.000000] Wasting 896 bytes for tracking 16 unused pages
[ 0.000000] Initrd not found or empty - disabling initrd
[ 0.000000] Using passed Device Tree <8000000000080000>.
[ 0.000000] software IO TLB [mem 0x02670000-0x026b0000] (0MB) mapped at [8000000002670000-80000000026affff]
[ 0.000000] Zone ranges:
[ 0.000000] DMA32 [mem 0x00100000-0xefffffff]
[ 0.000000] Normal empty
[ 0.000000] Movable zone start for each node
[ 0.000000] Early memory node ranges
[ 0.000000] node 0: [mem 0x00100000-0x0232ffff]
[ 0.000000] node 0: [mem 0x02500000-0x0ecfffff]
[ 0.000000] node 0: [mem 0x0f200000-0x0fdfffff]
[ 0.000000] node 0: [mem 0x20000000-0x4effffff]
[ 0.000000] On node 0 totalpages: 15971
[ 0.000000] DMA32 zone: 14 pages used for memmap
[ 0.000000] DMA32 zone: 0 pages reserved
[ 0.000000] DMA32 zone: 15971 pages, LIFO batch:1
[ 0.000000] Cavium Hotplug: Available coremask 0x0
[ 0.000000] Primary instruction cache 78kB, virtually tagged, 39 way, 16 sets, linesize 128 bytes.
[ 0.000000] Primary data cache 32kB, 32-way, 8 sets, linesize 128 bytes.
[ 0.000000] Secondary unified cache 512kB, 4-way, 1024 sets, linesize 128 bytes.
[ 0.000000] PERCPU: Embedded 1 pages/cpu @8000000002710000 s12544 r8192 d44800 u65536
[ 0.000000] pcpu-alloc: s12544 r8192 d44800 u65536 alloc=1*65536
[ 0.000000] pcpu-alloc: [0] 0 [0] 1
[ 0.000000] Built 1 zonelists in Zone order, mobility grouping off. Total pages: 15957
[ 0.000000] Kernel command line: bootoctlinux 0x20000000 numcores=2 serial#=752011191521-36287 console=ttyS0,115200
[ 0.000000] PID hash table entries: 4096 (order: -1, 32768 bytes)
[ 0.000000] Dentry cache hash table entries: 131072 (order: 4, 1048576 bytes)
[ 0.000000] Inode-cache hash table entries: 65536 (order: 3, 524288 bytes)
[ 0.000000] Memory: 983296k/1022144k available (5825k kernel code, 38848k reserved, 2536k data, 26624k init, 0k highmem)
[ 0.000000] Hierarchical RCU implementation.
[ 0.000000] RCU restricting CPUs from NR_CPUS=32 to nr_cpu_ids=2.
[ 0.000000] NR_IRQS:512
[ 0.000000] CIB interrupt controller probed: 800107000000e000 23 bits
[ 0.000000] CIB interrupt controller probed: 800107000000e200 12 bits
[ 0.000000] CIB interrupt controller probed: 800107000000e400 6 bits
[ 0.000000] CIB interrupt controller probed: 800107000000ec00 15 bits
[ 0.000000] CIB interrupt controller probed: 800107000000e600 4 bits
[ 0.000000] CIB interrupt controller probed: 800107000000e800 11 bits
[ 0.000000] CIB interrupt controller probed: 800107000000e900 11 bits
[ 22.725144] Calibrating delay loop (skipped) preset value.. 2000.00 BogoMIPS (lpj=10000000)
[ 22.733357] pid_max: default: 32768 minimum: 501
[ 22.738073] Security Framework initialized
[ 22.742090] Mount-cache hash table entries: 4096
[ 22.748345] Checking for the daddi bug... no.
[ 22.749135] SMP: Booting CPU01 (CoreId 1)...
[ 22.753337] CPU revision is: 000d9602 (Cavium Octeon III)
[ 22.753341] FPU revision is: 00739600
[ 22.753523] Cpu 1 online
[ 22.764938] Brought up 2 CPUs
[ 22.767883] Cavium Hotplug: Available coremask 0x0
[ 22.774871] NET: Registered protocol family 16
[ 22.780284] Installing handlers for error tree at: ffffffff808be430
[ 22.797802] PCIe: Initializing port 0
[ 24.860345] PCIe: Link timeout on port 0, probably the slot is empty
[ 24.860351] PCIe: Initializing port 1
[ 24.863847] PCIe: Port 1 not in PCIe mode, skipping
[ 24.863852] PCIe: Initializing port 2
[ 24.867494] PCIe: Port 2 not in PCIe mode, skipping
[ 24.873862] [sched_delayed] sched: RT throttling activated
[ 24.887172] bio: create slab <bio-0> at 0
[ 24.891594] vgaarb: loaded
[ 24.894524] SCSI subsystem initialized
[ 24.898373] libata version 3.00 loaded.
[ 24.898790] usbcore: registered new interface driver usbfs
[ 24.904223] usbcore: registered new interface driver hub
[ 24.909519] usbcore: registered new device driver usb
[ 24.914669] pps_core: LinuxPPS API ver. 1 registered
[ 24.919467] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti <giometti@linux.it>
[ 24.928692] PTP clock support registered
[ 24.932568] EDAC MC: Ver: 3.0.0
[ 24.936245] PCI host bridge to bus 0000:00
[ 24.940202] pci_bus 0000:00: root bus resource [mem 0x1000000000000]
[ 24.946525] pci_bus 0000:00: root bus resource [io 0x0000]
[ 24.952093] pci_bus 0000:00: No busn resource found for root bus, will use [bus 00-ff]
[ 24.960020] pci_bus 0000:00: busn_res: [bus 00-ff] end is updated to 00
[ 24.960969] Switching to clocksource OCTEON_CVMCOUNT
[ 24.967241] NET: Registered protocol family 2
[ 24.971884] TCP established hash table entries: 8192 (order: 1, 131072 bytes)
[ 24.979001] TCP bind hash table entries: 8192 (order: 1, 131072 bytes)
[ 24.985491] TCP: Hash tables configured (established 8192 bind 8192)
[ 24.991760] TCP: reno registered
[ 24.994941] UDP hash table entries: 2048 (order: 0, 65536 bytes)
[ 25.001028] UDP-Lite hash table entries: 2048 (order: 0, 65536 bytes)
[ 25.007685] NET: Registered protocol family 1
[ 25.011890] PCI: CLS 0 bytes, default 128
[ 26.600444] octeon_pci_console: Console not created.
[ 26.605246] /proc/octeon_perf: Octeon performance counter interface loaded
[ 26.614108] HugeTLB registered 512 MB page size, pre-allocated 0 pages
[ 26.621834] sys_fw_version: 0.1.17
[ 26.621847] sys_revision: 21
[ 26.622197] squashfs: version 4.0 (2009/01/31) Phillip Lougher
[ 26.628132] NTFS driver 2.1.30 [Flags: R/W].
[ 26.632261] jffs2: version 2.2. (NAND) © 2001-2006 Red Hat, Inc.
[ 26.638394] msgmni has been set to 1920
[ 26.643138] Key type asymmetric registered
[ 26.647125] Asymmetric key parser 'x509' registered
[ 26.651948] io scheduler noop registered
[ 26.655864] io scheduler deadline registered
[ 26.660125] io scheduler cfq registered (default)
[ 26.665045] octeon_gpio 1070000000800.gpio-controller: OCTEON GPIO
[ 26.720929] Serial: 8250/16550 driver, 6 ports, IRQ sharing disabled
[ 26.730581] 1180000000800.serial: ttyS0 at MMIO 0x1180000000800 (irq = 34) is a OCTEON
[ 26.738370] console [ttyS0] enabled, bootconsole disabled
[ 26.761913] 1180000000c00.serial: ttyS1 at MMIO 0x1180000000c00 (irq = 35) is a OCTEON
[ 26.784064] brd: module loaded
[ 26.802566] loop: module loaded
[ 26.819418] slram: not enough parameters.
[ 26.843748] IMQ driver loaded successfully. (numdevs = 16, numqueues = 1)
[ 26.862833] Hooking IMQ after NAT on PREROUTING.
[ 26.879899] Hooking IMQ before NAT on POSTROUTING.
[ 26.899358] libphy: mdio-octeon: probed
[ 26.916715] mdio-octeon 1180000001800.mdio: Version 1.0
[ 26.934436] spi_ks8995: Micrel KS8995 Ethernet switch SPI driver version 0.1.1
[ 26.954575] e1000e: Intel(R) PRO/1000 Network Driver - 2.3.2-k
[ 26.972715] e1000e: Copyright(c) 1999 - 2013 Intel Corporation.
[ 26.991163] octeon-pow-ethernet ERROR: You must specify a broadcast group mask.
[ 27.010805] octeon-ethernet 2.0
[ 27.027806] Interface 0 has 4 ports (QSGMII)
[ 27.027884] Interface 1 has 4 ports (QSGMII)
[ 27.027891] Interface 2 has 4 ports (NPI)
[ 27.027905] Interface 3 has 4 ports (LOOP)
[ 27.027922] Interface 4 has 1 ports (AGL)
[ 27.036465] usbcore: registered new interface driver cdc_ether
[ 27.054584] usbcore: registered new interface driver plusb
[ 27.072325] usbcore: registered new interface driver sierra_net
[ 27.091093] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[ 27.110068] ehci-pci: EHCI PCI platform driver
[ 27.126770] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
[ 27.145782] usbcore: registered new interface driver usb-storage
[ 27.164236] usbcore: registered new interface driver usbserial
[ 27.182308] usbcore: registered new interface driver usbserial_generic
[ 27.201061] usbserial: USB Serial support registered for generic
[ 27.219355] usbcore: registered new interface driver sierra
[ 27.237156] usbserial: USB Serial support registered for Sierra USB modem
[ 27.256391] i2c /dev entries driver
[ 27.272488] i2c-octeon 1180000001000.i2c: version 2.5
[ 27.290526] octeon_wdt: Initial granularity 5 Sec
[ 27.307634] EDAC DEVICE0: Giving out device to module 'octeon-cpu' controller 'cache': DEV 'octeon_pc_edac' (INTERRUPT)
[ 27.330772] EDAC DEVICE1: Giving out device to module 'octeon-l2c' controller 'octeon_l2c_err': DEV 'octeon_l2c_edac' (POLLED)
[ 27.354433] octeon_lmc_edac octeon_lmc_edac.0: Disabled (ECC not enabled)
[ 29.976006] Netfilter messages via NETLINK v0.30.
[ 29.992848] nfnl_acct: registering with nfnetlink.
[ 30.009813] nf_conntrack version 0.5.0 (7682 buckets, 30728 max)
[ 30.028251] ctnetlink v0.93: registering with nfnetlink.
[ 30.046080] xt_time: kernel timezone is -0000
[ 30.062571] ip_set: protocol 6
[ 30.077871] ipip: IPv4 over IPv4 tunneling driver
[ 30.095219] gre: GRE over IPv4 demultiplexor driver
[ 30.112243] ip_gre: GRE over IPv4 tunneling driver
[ 30.130452] ip_tables: (C) 2000-2006 Netfilter Core Team
[ 30.148092] ipt_CLUSTERIP: ClusterIP Version 0.8 loaded successfully
[ 30.166623] arp_tables: (C) 2002 David S. Miller
[ 30.183415] TCP: cubic registered
[ 30.198855] Initializing XFRM netlink socket
[ 30.215298] NET: Registered protocol family 10
[ 30.235090] mip6: Mobile IPv6
[ 30.250229] ip6_tables: (C) 2000-2006 Netfilter Core Team
[ 30.268046] sit: IPv6 over IPv4 tunneling driver
[ 30.286123] ip6_gre: GRE over IPv6 tunneling driver
[ 30.303797] NET: Registered protocol family 17
[ 30.320410] NET: Registered protocol family 15
[ 30.337075] Bridge firewalling registered
[ 30.353225] Ebtables v2.0 registered
[ 30.415841] 8021q: 802.1Q VLAN Support v1.8
[ 30.432228] Key type dns_resolver registered
[ 30.448762] L2 lock: TLB refill 256 bytes
[ 30.464898] L2 lock: General exception 128 bytes
[ 30.481638] L2 lock: low-level interrupt 128 bytes
[ 30.498549] L2 lock: interrupt 640 bytes
[ 30.514596] L2 lock: memcpy 1152 bytes
[ 30.532485] drivers/rtc/hctosys.c: unable to open rtc device (rtc0)
[ 30.557209] Freeing unused kernel memory: 26624K (ffffffff80930000 - ffffffff82330000)
[ 47.009456] mmc1: BKOPS_EN bit is not set
[ 47.030164] mmc1: new high speed DDR MMC card at address 0001
[ 47.048634] mmcblk0: mmc1:0001 P1XXXX 3.60 GiB
[ 47.065612] mmcblk0boot0: mmc1:0001 P1XXXX partition 1 2.00 MiB
[ 47.083980] mmcblk0boot1: mmc1:0001 P1XXXX partition 2 2.00 MiB
[ 47.102346] mmcblk0rpmb: mmc1:0001 P1XXXX partition 3 128 KiB
[ 47.124261] mmcblk0: p1 p2 p3 p4
[ 47.145115] mmcblk0boot1: unknown partition table
[ 47.166615] mmcblk0boot0: unknown partition table
[ 48.224774] kjournald starting. Commit interval 5 seconds
[ 48.225632] EXT3-fs (mmcblk0p4): using internal journal
[ 48.226361] EXT3-fs (mmcblk0p4): recovery complete
[ 48.226365] EXT3-fs (mmcblk0p4): mounted filesystem with writeback data mode
[ 48.518963] init: failed to symlink /tmp -> /var
[ 48.536017] init: Console is alive
[ 48.551893] init: - watchdog -
[ 49.568034] init: - preinit -
[ 52.767656] mount_root: mounting /dev/root
[ 52.784638] mount_root: loading kmods from internal overlay
[ 52.914476] block: attempting to load /etc/config/fstab
[ 52.933966] block: extroot: not configured
[ 52.954786] procd: - early -
[ 52.970129] procd: - watchdog -
[ 53.686287] procd: - ubus -
[ 54.701879] procd: - init -
[ 56.469127] NET: Registered protocol family 38
[ 56.492458] tun: Universal TUN/TAP device driver, 1.6
[ 56.509808] tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
[ 56.537922] u32 classifier
[ 56.552774] input device check on
[ 56.568557] Actions configured
[ 56.585225] Mirror/redirect action on
[ 56.609841] PPP generic driver version 2.4.2
[ 56.627318] NET: Registered protocol family 24
[ 58.643099] SGMII0: Port 1 link timeout
[ 58.643323] eth1: 1000 Mbps Full duplex, port 1
[ 58.643397] IPv6: ADDRCONF(NETDEV_UP): eth1: link is not ready
[ 58.644131] device eth1 entered promiscuous mode
[ 58.646257] IPv6: ADDRCONF(NETDEV_UP): br-lan: link is not ready
[ 58.653440] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
[ 58.674891] SGMII0: Port 2 link timeout
[ 58.675160] eth2: 1000 Mbps Full duplex, port 2
[ 58.675282] IPv6: ADDRCONF(NETDEV_UP): eth2: link is not ready
[ 59.616006] IPv6: ADDRCONF(NETDEV_CHANGE): eth1: link becomes ready
[ 59.616070] br-lan: port 1(eth1) entered forwarding state
[ 59.616095] br-lan: port 1(eth1) entered forwarding state
[ 59.616145] IPv6: ADDRCONF(NETDEV_CHANGE): br-lan: link becomes ready
[ 59.646194] IPv6: ADDRCONF(NETDEV_CHANGE): eth2: link becomes ready
[ 60.666155] eth0: 1000 Mbps Full duplex, port 0
[ 60.666182] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
[ 60.697447] nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to attach helpers instead.
[ 61.615827] br-lan: port 1(eth1) entered forwarding state
[ 65.749622] eth0: Link down
[ 65.800427] eth2: Link down
[ 65.856773] br-lan: port 1(eth1) entered disabled state
[ 65.857958] device eth1 left promiscuous mode
[ 65.857977] br-lan: port 1(eth1) entered disabled state
[ 65.877858] eth1: Link down
[ 65.881402] IPv6: ADDRCONF(NETDEV_UP): eth1: link is not ready
[ 67.101529] eth1: 1000 Mbps Full duplex, port 1
[ 67.102455] device eth1 entered promiscuous mode
[ 67.107694] br-lan: port 1(eth1) entered forwarding state
[ 67.107723] br-lan: port 1(eth1) entered forwarding state
[ 67.137986] eth0: 1000 Mbps Full duplex, port 0
[ 67.159709] eth2: 1000 Mbps Full duplex, port 2
[ 69.105840] br-lan: port 1(eth1) entered forwarding state
[ 80.135652] eth0: Link down
[ 81.149365] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
[ 83.095606] eth1: Link down
[ 83.176053] eth0: 1000 Mbps Full duplex, port 0
[ 83.195831] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
[ 84.195883] br-lan: port 1(eth1) entered disabled state
[ 86.105975] eth1: 1000 Mbps Full duplex, port 1
[ 86.106033] br-lan: port 1(eth1) entered forwarding state
[ 86.106065] br-lan: port 1(eth1) entered forwarding state
[ 86.165675] eth2: Link down
[ 87.159418] IPv6: ADDRCONF(NETDEV_UP): eth2: link is not ready
[ 88.105824] br-lan: port 1(eth1) entered forwarding state
[ 89.176005] eth2: 1000 Mbps Full duplex, port 2
[ 89.195851] IPv6: ADDRCONF(NETDEV_CHANGE): eth2: link becomes ready
[ 116.245666] eth0: Link down
[ 117.240390] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
[ 118.125582] eth1: Link down
[ 119.116017] br-lan: port 1(eth1) entered disabled state
[ 120.205583] eth2: Link down
[ 120.256063] eth0: 1000 Mbps Full duplex, port 0
[ 120.285867] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
[ 121.224196] IPv6: ADDRCONF(NETDEV_UP): eth2: link is not ready
[ 122.135950] eth1: 1000 Mbps Full duplex, port 1
[ 122.146030] br-lan: port 1(eth1) entered forwarding state
[ 122.146069] br-lan: port 1(eth1) entered forwarding state
[ 124.145833] br-lan: port 1(eth1) entered forwarding state
[ 124.235980] eth2: 1000 Mbps Full duplex, port 2
[ 124.239465] IPv6: ADDRCONF(NETDEV_CHANGE): eth2: link becomes ready
[ 170.755829] device eth2 entered promiscuous mode
[ 170.905826] device eth0 entered promiscuous mode
[ 638.155665] eth1: Link down
[ 638.155726] br-lan: port 1(eth1) entered disabled state
[ 638.255621] eth2: Link down
[ 639.155774] IPv6: ADDRCONF(NETDEV_UP): eth2: link is not ready
[ 639.216238] device eth2 left promiscuous mode
[ 639.346151] device eth0 left promiscuous mode
[ 641.165908] eth1: 1000 Mbps Full duplex, port 1
[ 641.186003] eth2: 1000 Mbps Full duplex, port 2
[ 641.186031] br-lan: port 1(eth1) entered forwarding state
[ 641.186055] br-lan: port 1(eth1) entered forwarding state
[ 641.186106] IPv6: ADDRCONF(NETDEV_CHANGE): eth2: link becomes ready
[ 643.185818] br-lan: port 1(eth1) entered forwarding state
[ 651.185703] eth1: Link down
[ 651.185787] br-lan: port 1(eth1) entered disabled state
[ 651.206057] eth2: Link down
[ 652.199943] IPv6: ADDRCONF(NETDEV_UP): eth2: link is not ready
[ 654.195935] eth1: 1000 Mbps Full duplex, port 1
[ 654.195972] br-lan: port 1(eth1) entered forwarding state
[ 654.196004] br-lan: port 1(eth1) entered forwarding state
[ 654.196687] IPv6: ADDRCONF(NETDEV_CHANGE): eth2: link becomes ready
[ 654.215940] eth2: 1000 Mbps Full duplex, port 2
[ 656.195827] br-lan: port 1(eth1) entered forwarding state
[ 662.215671] eth1: Link down
[ 662.235857] br-lan: port 1(eth1) entered disabled state
[ 663.225953] eth1: 1000 Mbps Full duplex, port 1
[ 663.226073] br-lan: port 1(eth1) entered forwarding state
[ 663.226102] br-lan: port 1(eth1) entered forwarding state
[ 665.225818] br-lan: port 1(eth1) entered forwarding state
[ 737.185840] device eth2 entered promiscuous mode
[ 737.335825] device eth0 entered promiscuous mode
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Fri Feb 19 00:11:06 2016 kern.notice kernel: [ 0.000000] Linux version 3.10.20 (daniel@Ayoub) (gcc version 4.7.0 (Cavium Inc. Version: SDK_3_1_0_p2 build 34) ) #165 SMP Mon May 18 23:41:17 PDT 2015
Fri Feb 19 00:11:06 2016 kern.notice kernel: [ 0.000000] CVMSEG size: 2 cache lines (256 bytes)
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] Cavium Inc. SDK-3.1
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] bootconsole [early0] enabled
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] CPU revision is: 000d9602 (Cavium Octeon III)
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] FPU revision is: 00739600
Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 0.000000] Checking for the multiply/shift bug... no.
Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 0.000000] Checking for the daddiu bug... no.
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] Determined physical RAM map:
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] memory: 000000000c800000 @ 0000000002500000 (usable)
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] memory: 0000000000c00000 @ 000000000f200000 (usable)
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] memory: 000000002f000000 @ 0000000020000000 (usable)
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] memory: 0000000000830000 @ 0000000000100000 (usable)
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] memory: 0000000001a00000 @ 0000000000930000 (usable after init)
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] Wasting 896 bytes for tracking 16 unused pages
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] Initrd not found or empty - disabling initrd
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] Using passed Device Tree <8000000000080000>.
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] software IO TLB [mem 0x02670000-0x026b0000] (0MB) mapped at [8000000002670000-80000000026affff]
Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 0.000000] Zone ranges:
Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 0.000000] DMA32 [mem 0x00100000-0xefffffff]
Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 0.000000] Normal empty
Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 0.000000] Movable zone start for each node
Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 0.000000] Early memory node ranges
Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 0.000000] node 0: [mem 0x00100000-0x0232ffff]
Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 0.000000] node 0: [mem 0x02500000-0x0ecfffff]
Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 0.000000] node 0: [mem 0x0f200000-0x0fdfffff]
Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 0.000000] node 0: [mem 0x20000000-0x4effffff]
Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 0.000000] On node 0 totalpages: 15971
Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 0.000000] DMA32 zone: 14 pages used for memmap
Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 0.000000] DMA32 zone: 0 pages reserved
Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 0.000000] DMA32 zone: 15971 pages, LIFO batch:1
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] Cavium Hotplug: Available coremask 0x0
Fri Feb 19 00:11:06 2016 kern.notice kernel: [ 0.000000] Primary instruction cache 78kB, virtually tagged, 39 way, 16 sets, linesize 128 bytes.
Fri Feb 19 00:11:06 2016 kern.notice kernel: [ 0.000000] Primary data cache 32kB, 32-way, 8 sets, linesize 128 bytes.
Fri Feb 19 00:11:06 2016 kern.notice kernel: [ 0.000000] Secondary unified cache 512kB, 4-way, 1024 sets, linesize 128 bytes.
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] PERCPU: Embedded 1 pages/cpu @8000000002710000 s12544 r8192 d44800 u65536
Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 0.000000] pcpu-alloc: s12544 r8192 d44800 u65536 alloc=1*65536
Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 0.000000] pcpu-alloc: [0] 0 [0] 1
Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 0.000000] Built 1 zonelists in Zone order, mobility grouping off. Total pages: 15957
Fri Feb 19 00:11:06 2016 kern.notice kernel: [ 0.000000] Kernel command line: bootoctlinux 0x20000000 numcores=2 serial#=752011191521-36287 console=ttyS0,115200
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] PID hash table entries: 4096 (order: -1, 32768 bytes)
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] Dentry cache hash table entries: 131072 (order: 4, 1048576 bytes)
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] Inode-cache hash table entries: 65536 (order: 3, 524288 bytes)
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] Memory: 983296k/1022144k available (5825k kernel code, 38848k reserved, 2536k data, 26624k init, 0k highmem)
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] Hierarchical RCU implementation.
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] RCU restricting CPUs from NR_CPUS=32 to nr_cpu_ids=2.
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] NR_IRQS:512
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] CIB interrupt controller probed: 800107000000e000 23 bits
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] CIB interrupt controller probed: 800107000000e200 12 bits
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] CIB interrupt controller probed: 800107000000e400 6 bits
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] CIB interrupt controller probed: 800107000000ec00 15 bits
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] CIB interrupt controller probed: 800107000000e600 4 bits
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] CIB interrupt controller probed: 800107000000e800 11 bits
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 0.000000] CIB interrupt controller probed: 800107000000e900 11 bits
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 22.725144] Calibrating delay loop (skipped) preset value.. 2000.00 BogoMIPS (lpj=10000000)
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 22.733357] pid_max: default: 32768 minimum: 501
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 22.738073] Security Framework initialized
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 22.742090] Mount-cache hash table entries: 4096
Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 22.748345] Checking for the daddi bug... no.
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 22.749135] SMP: Booting CPU01 (CoreId 1)...
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 22.753337] CPU revision is: 000d9602 (Cavium Octeon III)
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 22.753341] FPU revision is: 00739600
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 22.753523] Cpu 1 online
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 22.764938] Brought up 2 CPUs
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 22.767883] Cavium Hotplug: Available coremask 0x0
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 22.774871] NET: Registered protocol family 16
Fri Feb 19 00:11:06 2016 kern.notice kernel: [ 22.780284] Installing handlers for error tree at: ffffffff808be430
Fri Feb 19 00:11:06 2016 kern.notice kernel: [ 22.797802] PCIe: Initializing port 0
Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 24.860345] PCIe: Link timeout on port 0, probably the slot is empty
Fri Feb 19 00:11:06 2016 kern.notice kernel: [ 24.860351] PCIe: Initializing port 1
Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 24.863847] PCIe: Port 1 not in PCIe mode, skipping
Fri Feb 19 00:11:06 2016 kern.notice kernel: [ 24.863852] PCIe: Initializing port 2
Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 24.867494] PCIe: Port 2 not in PCIe mode, skipping
Fri Feb 19 00:11:06 2016 kern.warn kernel: [ 24.873862] [sched_delayed] sched: RT throttling activated
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 24.887172] bio: create slab <bio-0> at 0
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 24.891594] vgaarb: loaded
Fri Feb 19 00:11:06 2016 kern.notice kernel: [ 24.894524] SCSI subsystem initialized
Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 24.898373] libata version 3.00 loaded.
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 24.898790] usbcore: registered new interface driver usbfs
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 24.904223] usbcore: registered new interface driver hub
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 24.909519] usbcore: registered new device driver usb
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 24.914669] pps_core: LinuxPPS API ver. 1 registered
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 24.919467] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti <giometti@linux.it>
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 24.928692] PTP clock support registered
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 24.932568] EDAC MC: Ver: 3.0.0
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 24.936245] PCI host bridge to bus 0000:00
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 24.940202] pci_bus 0000:00: root bus resource [mem 0x1000000000000]
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 24.946525] pci_bus 0000:00: root bus resource [io 0x0000]
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 24.952093] pci_bus 0000:00: No busn resource found for root bus, will use [bus 00-ff]
Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 24.960020] pci_bus 0000:00: busn_res: [bus 00-ff] end is updated to 00
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 24.960969] Switching to clocksource OCTEON_CVMCOUNT
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 24.967241] NET: Registered protocol family 2
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 24.971884] TCP established hash table entries: 8192 (order: 1, 131072 bytes)
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 24.979001] TCP bind hash table entries: 8192 (order: 1, 131072 bytes)
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 24.985491] TCP: Hash tables configured (established 8192 bind 8192)
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 24.991760] TCP: reno registered
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 24.994941] UDP hash table entries: 2048 (order: 0, 65536 bytes)
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 25.001028] UDP-Lite hash table entries: 2048 (order: 0, 65536 bytes)
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 25.007685] NET: Registered protocol family 1
Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 25.011890] PCI: CLS 0 bytes, default 128
Fri Feb 19 00:11:06 2016 kern.notice kernel: [ 26.600444] octeon_pci_console: Console not created.
Fri Feb 19 00:11:06 2016 kern.notice kernel: [ 26.605246] /proc/octeon_perf: Octeon performance counter interface loaded
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 26.614108] HugeTLB registered 512 MB page size, pre-allocated 0 pages
Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 26.621834] sys_fw_version: 0.1.17
Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 26.621847] sys_revision: 21
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 26.622197] squashfs: version 4.0 (2009/01/31) Phillip Lougher
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 26.628132] NTFS driver 2.1.30 [Flags: R/W].
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 26.632261] jffs2: version 2.2. (NAND) © 2001-2006 Red Hat, Inc.
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 26.638394] msgmni has been set to 1920
Fri Feb 19 00:11:06 2016 kern.notice kernel: [ 26.643138] Key type asymmetric registered
Fri Feb 19 00:11:06 2016 kern.notice kernel: [ 26.647125] Asymmetric key parser 'x509' registered
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 26.651948] io scheduler noop registered
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 26.655864] io scheduler deadline registered
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 26.660125] io scheduler cfq registered (default)
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 26.665045] octeon_gpio 1070000000800.gpio-controller: OCTEON GPIO
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 26.720929] Serial: 8250/16550 driver, 6 ports, IRQ sharing disabled
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 26.730581] 1180000000800.serial: ttyS0 at MMIO 0x1180000000800 (irq = 34) is a OCTEON
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 26.738370] console [ttyS0] enabled, bootconsole disabled
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 26.761913] 1180000000c00.serial: ttyS1 at MMIO 0x1180000000c00 (irq = 35) is a OCTEON
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 26.784064] brd: module loaded
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 26.802566] loop: module loaded
Fri Feb 19 00:11:06 2016 kern.notice kernel: [ 26.819418] slram: not enough parameters.
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 26.843748] IMQ driver loaded successfully. (numdevs = 16, numqueues = 1)
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 26.862833] Hooking IMQ after NAT on PREROUTING.
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 26.879899] Hooking IMQ before NAT on POSTROUTING.
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 26.899358] libphy: mdio-octeon: probed
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 26.916715] mdio-octeon 1180000001800.mdio: Version 1.0
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 26.934436] spi_ks8995: Micrel KS8995 Ethernet switch SPI driver version 0.1.1
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 26.954575] e1000e: Intel(R) PRO/1000 Network Driver - 2.3.2-k
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 26.972715] e1000e: Copyright(c) 1999 - 2013 Intel Corporation.
Fri Feb 19 00:11:06 2016 kern.err kernel: [ 26.991163] octeon-pow-ethernet ERROR: You must specify a broadcast group mask.
Fri Feb 19 00:11:06 2016 kern.notice kernel: [ 27.010805] octeon-ethernet 2.0
Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 27.027806] Interface 0 has 4 ports (QSGMII)
Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 27.027884] Interface 1 has 4 ports (QSGMII)
Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 27.027891] Interface 2 has 4 ports (NPI)
Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 27.027905] Interface 3 has 4 ports (LOOP)
Fri Feb 19 00:11:06 2016 kern.debug kernel: [ 27.027922] Interface 4 has 1 ports (AGL)
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 27.036465] usbcore: registered new interface driver cdc_ether
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 27.054584] usbcore: registered new interface driver plusb
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 27.072325] usbcore: registered new interface driver sierra_net
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 27.091093] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 27.110068] ehci-pci: EHCI PCI platform driver
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 27.126770] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 27.145782] usbcore: registered new interface driver usb-storage
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 27.164236] usbcore: registered new interface driver usbserial
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 27.182308] usbcore: registered new interface driver usbserial_generic
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 27.201061] usbserial: USB Serial support registered for generic
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 27.219355] usbcore: registered new interface driver sierra
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 27.237156] usbserial: USB Serial support registered for Sierra USB modem
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 27.256391] i2c /dev entries driver
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 27.272488] i2c-octeon 1180000001000.i2c: version 2.5
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 27.290526] octeon_wdt: Initial granularity 5 Sec
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 27.307634] EDAC DEVICE0: Giving out device to module 'octeon-cpu' controller 'cache': DEV 'octeon_pc_edac' (INTERRUPT)
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 27.330772] EDAC DEVICE1: Giving out device to module 'octeon-l2c' controller 'octeon_l2c_err': DEV 'octeon_l2c_edac' (POLLED)
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 27.354433] octeon_lmc_edac octeon_lmc_edac.0: Disabled (ECC not enabled)
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 29.976006] Netfilter messages via NETLINK v0.30.
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 29.992848] nfnl_acct: registering with nfnetlink.
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.009813] nf_conntrack version 0.5.0 (7682 buckets, 30728 max)
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.028251] ctnetlink v0.93: registering with nfnetlink.
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.046080] xt_time: kernel timezone is -0000
Fri Feb 19 00:11:06 2016 kern.notice kernel: [ 30.062571] ip_set: protocol 6
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.077871] ipip: IPv4 over IPv4 tunneling driver
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.095219] gre: GRE over IPv4 demultiplexor driver
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.112243] ip_gre: GRE over IPv4 tunneling driver
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.130452] ip_tables: (C) 2000-2006 Netfilter Core Team
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.148092] ipt_CLUSTERIP: ClusterIP Version 0.8 loaded successfully
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.166623] arp_tables: (C) 2002 David S. Miller
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.183415] TCP: cubic registered
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.198855] Initializing XFRM netlink socket
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.215298] NET: Registered protocol family 10
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.235090] mip6: Mobile IPv6
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.250229] ip6_tables: (C) 2000-2006 Netfilter Core Team
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.268046] sit: IPv6 over IPv4 tunneling driver
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.286123] ip6_gre: GRE over IPv6 tunneling driver
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.303797] NET: Registered protocol family 17
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.320410] NET: Registered protocol family 15
Fri Feb 19 00:11:06 2016 kern.notice kernel: [ 30.337075] Bridge firewalling registered
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.353225] Ebtables v2.0 registered
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.415841] 8021q: 802.1Q VLAN Support v1.8
Fri Feb 19 00:11:06 2016 kern.notice kernel: [ 30.432228] Key type dns_resolver registered
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.448762] L2 lock: TLB refill 256 bytes
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.464898] L2 lock: General exception 128 bytes
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.481638] L2 lock: low-level interrupt 128 bytes
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.498549] L2 lock: interrupt 640 bytes
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.514596] L2 lock: memcpy 1152 bytes
Fri Feb 19 00:11:06 2016 kern.err kernel: [ 30.532485] drivers/rtc/hctosys.c: unable to open rtc device (rtc0)
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 30.557209] Freeing unused kernel memory: 26624K (ffffffff80930000 - ffffffff82330000)
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 47.009456] mmc1: BKOPS_EN bit is not set
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 47.030164] mmc1: new high speed DDR MMC card at address 0001
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 47.048634] mmcblk0: mmc1:0001 P1XXXX 3.60 GiB
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 47.065612] mmcblk0boot0: mmc1:0001 P1XXXX partition 1 2.00 MiB
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 47.083980] mmcblk0boot1: mmc1:0001 P1XXXX partition 2 2.00 MiB
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 47.102346] mmcblk0rpmb: mmc1:0001 P1XXXX partition 3 128 KiB
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 47.124261] mmcblk0: p1 p2 p3 p4
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 47.145115] mmcblk0boot1: unknown partition table
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 47.166615] mmcblk0boot0: unknown partition table
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 48.224774] kjournald starting. Commit interval 5 seconds
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 48.225632] EXT3-fs (mmcblk0p4): using internal journal
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 48.226361] EXT3-fs (mmcblk0p4): recovery complete
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 48.226365] EXT3-fs (mmcblk0p4): mounted filesystem with writeback data mode
Fri Feb 19 00:11:06 2016 user.err kernel: [ 48.518963] init: failed to symlink /tmp -> /var
Fri Feb 19 00:11:06 2016 user.info kernel: [ 48.536017] init: Console is alive
Fri Feb 19 00:11:06 2016 user.info kernel: [ 48.551893] init: - watchdog -
Fri Feb 19 00:11:06 2016 user.info kernel: [ 49.568034] init: - preinit -
Fri Feb 19 00:11:06 2016 user.notice kernel: [ 52.767656] mount_root: mounting /dev/root
Fri Feb 19 00:11:06 2016 user.info kernel: [ 52.784638] mount_root: loading kmods from internal overlay
Fri Feb 19 00:11:06 2016 user.info kernel: [ 52.914476] block: attempting to load /etc/config/fstab
Fri Feb 19 00:11:06 2016 user.info kernel: [ 52.933966] block: extroot: not configured
Fri Feb 19 00:11:06 2016 user.info kernel: [ 52.954786] procd: - early -
Fri Feb 19 00:11:06 2016 user.info kernel: [ 52.970129] procd: - watchdog -
Fri Feb 19 00:11:06 2016 user.info kernel: [ 53.686287] procd: - ubus -
Fri Feb 19 00:11:06 2016 user.info kernel: [ 54.701879] procd: - init -
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 56.469127] NET: Registered protocol family 38
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 56.492458] tun: Universal TUN/TAP device driver, 1.6
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 56.509808] tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 56.537922] u32 classifier
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 56.552774] input device check on
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 56.568557] Actions configured
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 56.585225] Mirror/redirect action on
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 56.609841] PPP generic driver version 2.4.2
Fri Feb 19 00:11:06 2016 kern.info kernel: [ 56.627318] NET: Registered protocol family 24
Fri Feb 19 00:11:07 2016 user.emerg procd: this file has been obseleted. please call "/sbin/block mount" directly
Fri Feb 19 00:11:07 2016 daemon.warn netifd: You have delegated IPv6-prefixes but haven't assigned them to any interface. Did you forget to set option ip6assign on your lan-interfaces?
Fri Feb 19 00:11:07 2016 kern.debug kernel: [ 58.643099] SGMII0: Port 1 link timeout
Fri Feb 19 00:11:07 2016 kern.notice kernel: [ 58.643323] eth1: 1000 Mbps Full duplex, port 1
Fri Feb 19 00:11:07 2016 kern.info kernel: [ 58.643397] IPv6: ADDRCONF(NETDEV_UP): eth1: link is not ready
Fri Feb 19 00:11:07 2016 kern.info kernel: [ 58.644131] device eth1 entered promiscuous mode
Fri Feb 19 00:11:07 2016 daemon.notice netifd: Interface 'lan' is enabled
Fri Feb 19 00:11:07 2016 daemon.notice netifd: Interface 'blockdomain' is enabled
Fri Feb 19 00:11:07 2016 daemon.notice netifd: Interface 'blockdomain' is setting up now
Fri Feb 19 00:11:07 2016 daemon.notice netifd: Interface 'blockdomain' is now up
Fri Feb 19 00:11:07 2016 daemon.notice netifd: Interface 'loopback' is enabled
Fri Feb 19 00:11:07 2016 daemon.notice netifd: Interface 'loopback' is setting up now
Fri Feb 19 00:11:07 2016 daemon.notice netifd: Interface 'loopback' is now up
Fri Feb 19 00:11:07 2016 daemon.notice netifd: Interface 'wan' is enabled
Fri Feb 19 00:11:07 2016 daemon.err block: /dev/mmcblk0p4 is already mounted
Fri Feb 19 00:11:07 2016 kern.info kernel: [ 58.646257] IPv6: ADDRCONF(NETDEV_UP): br-lan: link is not ready
Fri Feb 19 00:11:07 2016 kern.info kernel: [ 58.653440] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
Fri Feb 19 00:11:07 2016 kern.debug kernel: [ 58.674891] SGMII0: Port 2 link timeout
Fri Feb 19 00:11:07 2016 kern.notice kernel: [ 58.675160] eth2: 1000 Mbps Full duplex, port 2
Fri Feb 19 00:11:07 2016 kern.info kernel: [ 58.675282] IPv6: ADDRCONF(NETDEV_UP): eth2: link is not ready
Fri Feb 19 00:11:07 2016 daemon.notice netifd: Interface 'wan6' is enabled
Fri Feb 19 00:11:07 2016 daemon.notice netifd: Network device 'lo' link is up
Fri Feb 19 00:11:07 2016 daemon.notice netifd: Interface 'loopback' has link connectivity
Fri Feb 19 00:11:07 2016 cron.info crond[3190]: crond (busybox 1.23.2) started, log level 5
Fri Feb 19 00:11:08 2016 daemon.notice netifd: Network device 'eth1' link is up
Fri Feb 19 00:11:08 2016 daemon.notice netifd: Bridge 'br-lan' link is up
Fri Feb 19 00:11:08 2016 daemon.notice netifd: Interface 'lan' has link connectivity
Fri Feb 19 00:11:08 2016 daemon.notice netifd: Interface 'lan' is setting up now
Fri Feb 19 00:11:08 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity
Fri Feb 19 00:11:08 2016 kern.info kernel: [ 59.616006] IPv6: ADDRCONF(NETDEV_CHANGE): eth1: link becomes ready
Fri Feb 19 00:11:08 2016 kern.info kernel: [ 59.616070] br-lan: port 1(eth1) entered forwarding state
Fri Feb 19 00:11:08 2016 kern.info kernel: [ 59.616095] br-lan: port 1(eth1) entered forwarding state
Fri Feb 19 00:11:08 2016 kern.info kernel: [ 59.616145] IPv6: ADDRCONF(NETDEV_CHANGE): br-lan: link becomes ready
Fri Feb 19 00:11:08 2016 daemon.notice netifd: Network device 'eth2' link is up
Fri Feb 19 00:11:08 2016 daemon.notice netifd: Interface 'wan6' has link connectivity
Fri Feb 19 00:11:08 2016 daemon.notice netifd: Interface 'wan6' is setting up now
Fri Feb 19 00:11:08 2016 daemon.notice netifd: Interface 'wan6' is now up
Fri Feb 19 00:11:08 2016 kern.info kernel: [ 59.646194] IPv6: ADDRCONF(NETDEV_CHANGE): eth2: link becomes ready
Fri Feb 19 00:11:08 2016 daemon.notice netifd: lan (3344): udhcpc (v1.23.2) started
Fri Feb 19 00:11:08 2016 daemon.notice netifd: lan (3344): Sending discover...
Fri Feb 19 00:11:09 2016 daemon.notice netifd: Network device 'eth0' link is up
Fri Feb 19 00:11:09 2016 daemon.notice netifd: Interface 'wan' has link connectivity
Fri Feb 19 00:11:09 2016 daemon.notice netifd: Interface 'wan' is setting up now
Fri Feb 19 00:11:09 2016 daemon.notice netifd: Interface 'wan' is now up
Fri Feb 19 00:11:09 2016 kern.notice kernel: [ 60.666155] eth0: 1000 Mbps Full duplex, port 0
Fri Feb 19 00:11:09 2016 kern.info kernel: [ 60.666182] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
Fri Feb 19 00:11:09 2016 kern.info kernel: [ 60.697447] nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to attach helpers instead.
Fri Feb 19 00:11:10 2016 kern.info kernel: [ 61.615827] br-lan: port 1(eth1) entered forwarding state
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Enabling inline operation
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Found pid path directive (/var/snort/)
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Running in IDS mode
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]:
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: --== Initializing Snort ==--
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Initializing Output Plugins!
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Initializing Preprocessors!
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Initializing Plug-ins!
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Parsing Rules file "/etc/snort/snort_bridge.conf"
Fri Feb 19 00:11:11 2016 daemon.info dnsmasq[3364]: started, version 2.73rc7 cachesize 150
Fri Feb 19 00:11:11 2016 daemon.info dnsmasq[3364]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-DNSSEC loop-detect inotify
Fri Feb 19 00:11:11 2016 daemon.info dnsmasq[3364]: DNS service limited to local subnets
Fri Feb 19 00:11:11 2016 daemon.info dnsmasq[3364]: using local addresses only for domain lan
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: PortVar 'HTTP_PORTS' defined :
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: [ 36 80:90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 33300 34412 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]:
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: PortVar 'SHELLCODE_PORTS' defined :
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: [ 1:65535 ]
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]:
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: PortVar 'ORACLE_PORTS' defined :
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: [ 1024:65535 ]
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]:
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: PortVar 'SSH_PORTS' defined :
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: [ 22 ]
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]:
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: PortVar 'FTP_PORTS' defined :
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: [ 21 2100 3535 ]
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]:
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: PortVar 'SIP_PORTS' defined :
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: [ 5060:5061 5600 ]
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]:
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: PortVar 'FILE_DATA_PORTS' defined :
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: [ 36 80:90 110 143 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 3330Fri Feb 19 00:11:11 2016 daemon.warn dnsmasq[3364]: no servers found in /tmp/resolv.conf.auto, will retry
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]:
Fri Feb 19 00:11:11 2016 daemon.info dnsmasq[3364]: read /etc/hosts - 1 addresses
Fri Feb 19 00:11:11 2016 daemon.info dnsmasq[3364]: read /tmp/hosts/dhcp - 0 addresses
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: PortVar 'GTP_PORTS' defined :
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: [ 2123 2152 3386 ]
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]:
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Detection:
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Search-Method = AC-Full
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Search-Method-Optimizations = enabled
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Maximum pattern length = 20
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Found pid path directive (/var/snort/)
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Tagged Packet Limit: 256
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so...
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: done
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/...
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_gtp_preproc.so...
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: done
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so...
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: done
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so...
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: done
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_reputation_preproc.so...
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: done
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_modbus_preproc.so...
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: done
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_imap_preproc.so...
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: done
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so...
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: done
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dnp3_preproc.so...
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: done
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_pop_preproc.so...
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: done
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sip_preproc.so...
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: done
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so...
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: done
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so...
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: done
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so...
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: done
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so...
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: done
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Log directory = /tmp/snort/
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Normalizer config:
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: ip4: on
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: ip4::df: off
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: ip4::rf: off
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: ip4::tos: off
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: ip4::trim: off
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: ip4::ttl: on (min=1, new=5)
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Normalizer config:
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: tcp: on
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: tcp::ecn: stream
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: tcp::block: off
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: tcp::rsv: off
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: tcp::pad: off
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: tcp::req_urg: off
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: tcp::req_pay: off
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: tcp::req_urp: off
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: tcp::urp: off
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: tcp::opt: off
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: tcp::ips: on
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: tcp::trim_syn: off
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: tcp::trim_rst: off
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: tcp::trim_win: off
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: tcp::trim_mss: off
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Normalizer config:
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: icmp4: on
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Normalizer config:
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: ip6: on
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: ip6::hops: on (min=1, new=5)
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Normalizer config:
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: icmp6: on
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Frag3 global config:
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max frags: 65536
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Fragment memory cap: 4194304 bytes
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Frag3 engine config:
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Bound Address: default
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Target-based policy: WINDOWS
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Fragment timeout: 180 seconds
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Fragment min_ttl: 1
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Fragment Anomalies: Alert
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Overlap Limit: 10
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Min fragment Length: 100
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max Expected Streams: 39
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Stream global config:
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Track TCP sessions: ACTIVE
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max TCP sessions: 10000
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: TCP cache pruning timeout: 30 seconds
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: TCP cache nominal timeout: 3600 seconds
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Memcap (for reassembly packet storage): 8388608
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Track UDP sessions: ACTIVE
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max UDP sessions: 10000
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: UDP cache pruning timeout: 30 seconds
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: UDP cache nominal timeout: 180 seconds
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Track ICMP sessions: ACTIVE
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max ICMP sessions: 65536
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Track IP sessions: INACTIVE
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Log info if session memory consumption exceeds 1048576
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Send up to 2 active responses
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Wait at least 5 seconds between responses
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Protocol Aware Flushing: ACTIVE
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Maximum Flush Point: 16000
Fri Feb 19 00:11:11 2016 daemon.notice netifd: lan (3344): Sending discover...
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Stream TCP Policy config:
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Bound Address: default
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Reassembly Policy: WINDOWS
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Timeout: 180 seconds
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Limit on TCP Overlaps: 10
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Maximum number of bytes to queue per session: 1048576
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Maximum number of segs to queue per session: 2621
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Options:
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Require 3-Way Handshake: YES
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 3-Way Handshake Timeout: 180
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Detect Anomalies: YES
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Reassembly Ports:
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 21 client (Footprint-IPS)
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 22 client (Footprint-IPS)
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 23 client (Footprint-IPS)
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 25 client (Footprint-IPS)
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 36 client (Footprint-IPS) server (Footprint-IPS)
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 42 client (Footprint-IPS)
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 53 client (Footprint-IPS)
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 70 client (Footprint-IPS)
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 79 client (Footprint-IPS)
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 80 client (Footprint-IPS) server (Footprint-IPS)
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 81 client (Footprint-IPS) server (Footprint-IPS)
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 82 client (Footprint-IPS) server (Footprint-IPS)
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 83 client (Footprint-IPS) server (Footprint-IPS)
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 84 client (Footprint-IPS) server (Footprint-IPS)
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 85 client (Footprint-IPS) server (Footprint-IPS)
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 86 client (Footprint-IPS) server (Footprint-IPS)
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 87 client (Footprint-IPS) server (Footprint-IPS)
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 88 client (Footprint-IPS) server (Footprint-IPS)
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 89 client (Footprint-IPS) server (Footprint-IPS)
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 90 client (Footprint-IPS) server (Footprint-IPS)
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: additional ports configured but not printed.
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Stream UDP Policy config:
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Timeout: 180 seconds
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: HttpInspect Config:
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: GLOBAL CONFIG
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Detect Proxy Usage: NO
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: IIS Unicode Map Filename: /etc/snort/unicode.map
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: IIS Unicode Map Codepage: 1252
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Memcap used for logging URI and Hostname: 150994944
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max Gzip Memory: 838860
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max Gzip Sessions: 1807
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Gzip Compress Depth: 65535
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Gzip Decompress Depth: 65535
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: DEFAULT SERVER CONFIG:
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Server profile: All
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Ports (PAF): 36 80 81 82 83 84 85 86 87 88 89 90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000 7001 7071 7144 7145 7510 7770 7777 7778 7779 8000 8008 8014 8028 8080 8081 8082 8085 8088 8090 8118 8123 8180 8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090 9091 9111 9290 9443 Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Server Flow Depth: 0
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Client Flow Depth: 0
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max Chunk Length: 500000
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Small Chunk Length Evasion: chunk size <= 10, threshold >= 5 times
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max Header Field Length: 750
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max Number Header Fields: 100
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max Number of WhiteSpaces allowed with header folding: 200
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Inspect Pipeline Requests: YES
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: URI Discovery Strict Mode: NO
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Allow Proxy Usage: NO
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Disable Alerting: NO
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Oversize Dir Length: 500
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Only inspect URI: NO
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Normalize HTTP Headers: NO
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Inspect HTTP Cookies: YES
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Inspect HTTP Responses: YES
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Extract Gzip from responses: YES
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Decompress response files:
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Unlimited decompression of gzip data from responses: YES
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Normalize Javascripts in HTTP Responses: YES
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max Number of WhiteSpaces allowed with Javascript Obfuscation in HTTP responses: 200
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Normalize HTTP Cookies: NO
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Enable XFF and True Client IP: NO
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Log HTTP URI data: NO
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Log HTTP Hostname data: NO
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Extended ASCII code support in URI: NO
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Ascii: YES alert: NO
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Double Decoding: YES alert: NO
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: %U Encoding: YES alert: YES
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Bare Byte: YES alert: NO
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: UTF 8: YES alert: NO
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: IIS Unicode: YES alert: NO
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Multiple Slash: YES alert: NO
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: IIS Backslash: YES alert: NO
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Directory Traversal: YES alert: NO
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Web Root Traversal: YES alert: NO
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Apache WhiteSpace: YES alert: NO
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: IIS Delimiter: YES alert: NO
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Whitespace Characters: 0x09 0x0b 0x0c 0x0d
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: rpc_decode arguments:
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: alert_fragments: INACTIVE
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: alert_large_fragments: INACTIVE
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: alert_incomplete: INACTIVE
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: alert_multiple_requests: INACTIVE
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Portscan Detection Config:
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Detect Protocols: TCP UDP ICMP IP
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Detect Scan Type: portscan portsweep decoy_portscan distributed_portscan
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Sensitivity Level: Medium
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Memcap (in bytes): 500000
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Number of Nodes: 978
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: FTPTelnet Config:
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: GLOBAL CONFIG
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Inspection Type: stateful
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Check for Encrypted Traffic: YES alert: NO
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Continue to check encrypted data: YES
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: TELNET CONFIG:
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Ports: 23
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Are You There Threshold: 20
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Normalize: YES
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Detect Anomalies: YES
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: FTP CONFIG:
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: FTP Server: default
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Ports (PAF): 21 2100 3535
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Check for Telnet Cmds: YES alert: YES
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Ignore Telnet Cmd Operations: YES alert: YES
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Ignore open data channels: NO
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: FTP Client: default
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Check for Bounce Attacks: YES alert: YES
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Check for Telnet Cmds: YES alert: YES
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Ignore Telnet Cmd Operations: YES alert: YES
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max Response Length: 256
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: SSH config:
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Autodetection: ENABLED
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Challenge-Response Overflow Alert: ENABLED
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: SSH1 CRC32 Alert: ENABLED
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Server Version String Overflow Alert: ENABLED
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Protocol Mismatch Alert: ENABLED
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Bad Message Direction Alert: DISABLED
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Bad Payload Size Alert: DISABLED
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Unrecognized Version Alert: DISABLED
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max Encrypted Packets: 20
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max Server Version String Length: 100
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: MaxClientBytes: 19600 (Default)
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Ports:
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 22
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]:
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: DCE/RPC 2 Preprocessor Configuration
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Global Configuration
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: DCE/RPC Defragmentation: Enabled
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Memcap: 102400 KB
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Events: co
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: SMB Fingerprint policy: Disabled
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Server Default Configuration
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Policy: WinXP
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Detect ports (PAF)
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: SMB: 139 445
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: TCP: 135
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: UDP: 135
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: RPC over HTTP server: 593
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: RPC over HTTP proxy: None
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Autodetect ports (PAF)
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: SMB: None
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: TCP: 1025-65535
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: UDP: 1025-65535
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: RPC over HTTP server: 1025-65535
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: RPC over HTTP proxy: None
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Invalid SMB shares: C$ D$ ADMIN$
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Maximum SMB command chaining: 3 commands
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: SMB file inspection: Disabled
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: DNS config:
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: DNS Client rdata txt Overflow Alert: ACTIVE
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Obsolete DNS RR Types Alert: INACTIVE
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Experimental DNS RR Types Alert: INACTIVE
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Ports:
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 53
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]:
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: SSLPP config:
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Encrypted packets: not inspected
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Ports:
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 443 465 563 636 989
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 992 993 994 995 7801
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 7802 7900 7901 7902 7903
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 7904 7905 7906 7907 7908
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 7909 7910 7911 7912 7913
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 7914 7915 7916 7917 7918
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 7919 7920
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Server side data is trusted
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Maximum SSL Heartbeat length: 0
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Sensitive Data preprocessor config:
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Global Alert Threshold: 25
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Masked Output: DISABLED
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: SIP config:
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max number of sessions: 1024
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max number of dialogs in a session: 4 (Default)
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Status: ENABLED
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Ignore media channel: DISABLED
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max URI length: 512
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max Call ID length: 80
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max Request name length: 20 (Default)
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max From length: 256 (Default)
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max To length: 256 (Default)
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max Via length: 1024 (Default)
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max Contact length: 512
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Max Content length: 2048
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Ports:
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 5060
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 5061
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: 5600
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]:
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Methods:
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]:
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: invite
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: cancel
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: ack
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: bye
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: register
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: options
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: refer
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: subscribe
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: update
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: join
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: info
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: message
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: notify
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: benotify
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: do
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: qauth
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: sprack
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: publish
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: service
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: unsubscribe
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: prack
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]:
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]:
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: +++++++++++++++++++++++++++++++++++++++++++++++++++
Fri Feb 19 00:11:11 2016 daemon.notice snort[3432]: Initializing rule chains...
Fri Feb 19 00:11:12 2016 daemon.notice snort[3432]: WARNING: /etc/snort/rules/snort.rules(1218) threshold (in rule) is deprecated; use detection_filter instead.

Fri Feb 19 00:11:14 2016 daemon.notice netifd: lan (3344): Sending discover...
Fri Feb 19 00:11:14 2016 daemon.notice netifd: lan (3344): Sending select for 192.168.1.59...
Fri Feb 19 00:11:14 2016 daemon.notice netifd: Interface 'blockdomain' is now down
Fri Feb 19 00:11:14 2016 daemon.notice netifd: Interface 'loopback' is now down
Fri Feb 19 00:11:14 2016 daemon.notice netifd: Interface 'loopback' is disabled
Fri Feb 19 00:11:14 2016 daemon.notice netifd: Network device 'lo' link is down
Fri Feb 19 00:11:14 2016 daemon.notice netifd: Interface 'loopback' has link connectivity loss
Fri Feb 19 00:11:14 2016 daemon.notice netifd: Interface 'wan' is now down
Fri Feb 19 00:11:14 2016 kern.notice kernel: [ 65.749622] eth0: Link down
Fri Feb 19 00:11:14 2016 daemon.notice netifd: Interface 'wan' is disabled
Fri Feb 19 00:11:14 2016 daemon.notice netifd: Network device 'eth0' link is down
Fri Feb 19 00:11:14 2016 daemon.notice netifd: Interface 'wan' has link connectivity loss
Fri Feb 19 00:11:14 2016 daemon.notice netifd: lan (3344): Lease of 192.168.1.59 obtained, lease time 86400
Fri Feb 19 00:11:14 2016 daemon.notice netifd: Interface 'wan6' is now down
Fri Feb 19 00:11:14 2016 kern.notice kernel: [ 65.800427] eth2: Link down
Fri Feb 19 00:11:14 2016 daemon.notice netifd: Interface 'wan6' is disabled
Fri Feb 19 00:11:14 2016 daemon.notice netifd: Network device 'eth2' link is down
Fri Feb 19 00:11:14 2016 daemon.notice netifd: Interface 'wan6' has link connectivity loss
Fri Feb 19 00:11:14 2016 daemon.notice netifd: lan (3344): Command failed: Permission denied
Fri Feb 19 00:11:14 2016 daemon.notice netifd: lan (3344): Received SIGTERM
Fri Feb 19 00:11:14 2016 daemon.notice netifd: Interface 'lan' is now down
Fri Feb 19 00:11:14 2016 kern.info kernel: [ 65.856773] br-lan: port 1(eth1) entered disabled state
Fri Feb 19 00:11:14 2016 kern.info kernel: [ 65.857958] device eth1 left promiscuous mode
Fri Feb 19 00:11:14 2016 kern.info kernel: [ 65.857977] br-lan: port 1(eth1) entered disabled state
Fri Feb 19 00:11:14 2016 kern.notice kernel: [ 65.877858] eth1: Link down
Fri Feb 19 00:11:14 2016 kern.info kernel: [ 65.881402] IPv6: ADDRCONF(NETDEV_UP): eth1: link is not ready
Fri Feb 19 00:11:14 2016 daemon.notice netifd: Interface 'lan' is disabled
Fri Feb 19 00:11:14 2016 daemon.notice netifd: Interface 'blockdomain' is disabled
Fri Feb 19 00:11:14 2016 daemon.notice netifd: Network device 'eth1' link is down
Fri Feb 19 00:11:14 2016 daemon.notice netifd: Bridge 'br-lan' link is down
Fri Feb 19 00:11:14 2016 daemon.notice netifd: Interface 'lan' has link connectivity loss
Fri Feb 19 00:11:14 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity loss
Fri Feb 19 00:11:15 2016 daemon.warn netifd: You have delegated IPv6-prefixes but haven't assigned them to any interface. Did you forget to set option ip6assign on your lan-interfaces?
Fri Feb 19 00:11:15 2016 kern.notice kernel: [ 67.101529] eth1: 1000 Mbps Full duplex, port 1
Fri Feb 19 00:11:15 2016 kern.info kernel: [ 67.102455] device eth1 entered promiscuous mode
Fri Feb 19 00:11:15 2016 daemon.notice netifd: Interface 'lan' is enabled
Fri Feb 19 00:11:15 2016 daemon.notice netifd: Interface 'loopback' is enabled
Fri Feb 19 00:11:15 2016 daemon.notice netifd: Interface 'loopback' is setting up now
Fri Feb 19 00:11:15 2016 kern.info kernel: [ 67.107694] br-lan: port 1(eth1) entered forwarding state
Fri Feb 19 00:11:15 2016 kern.info kernel: [ 67.107723] br-lan: port 1(eth1) entered forwarding state
Fri Feb 19 00:11:15 2016 daemon.notice netifd: Interface 'loopback' is now up
Fri Feb 19 00:11:15 2016 daemon.notice netifd: Interface 'wan' is enabled
Fri Feb 19 00:11:15 2016 kern.notice kernel: [ 67.137986] eth0: 1000 Mbps Full duplex, port 0
Fri Feb 19 00:11:15 2016 kern.notice kernel: [ 67.159709] eth2: 1000 Mbps Full duplex, port 2
Fri Feb 19 00:11:15 2016 daemon.notice netifd: Interface 'wan6' is enabled
Fri Feb 19 00:11:15 2016 daemon.notice netifd: Bridge 'br-lan' link is up
Fri Feb 19 00:11:15 2016 daemon.notice netifd: Interface 'lan' has link connectivity
Fri Feb 19 00:11:15 2016 daemon.notice netifd: Interface 'lan' is setting up now
Fri Feb 19 00:11:15 2016 daemon.notice netifd: Network device 'eth1' link is up
Fri Feb 19 00:11:15 2016 daemon.notice netifd: Network device 'lo' link is up
Fri Feb 19 00:11:15 2016 daemon.notice netifd: Interface 'loopback' has link connectivity
Fri Feb 19 00:11:15 2016 daemon.notice netifd: Network device 'eth0' link is up
Fri Feb 19 00:11:15 2016 daemon.notice netifd: Interface 'wan' has link connectivity
Fri Feb 19 00:11:15 2016 daemon.notice netifd: Interface 'wan' is setting up now
Fri Feb 19 00:11:15 2016 daemon.notice netifd: Interface 'wan' is now up
Fri Feb 19 00:11:15 2016 daemon.notice netifd: Network device 'eth2' link is up
Fri Feb 19 00:11:15 2016 daemon.notice netifd: Interface 'wan6' has link connectivity
Fri Feb 19 00:11:15 2016 daemon.notice netifd: Interface 'wan6' is setting up now
Fri Feb 19 00:11:15 2016 daemon.notice netifd: Interface 'wan6' is now up
Fri Feb 19 00:11:15 2016 daemon.notice netifd: lan (3760): udhcpc (v1.23.2) started
Fri Feb 19 00:11:15 2016 daemon.notice netifd: lan (3760): Sending discover...
Fri Feb 19 00:11:15 2016 daemon.notice netifd: lan (3760): Performing a DHCP renew
Fri Feb 19 00:11:15 2016 daemon.notice netifd: lan (3760): Sending discover...
Fri Feb 19 00:11:16 2016 daemon.notice netifd: lan (3760): Sending select for 192.168.1.59...
Fri Feb 19 00:11:16 2016 daemon.notice netifd: lan (3760): Lease of 192.168.1.59 obtained, lease time 86400
Fri Feb 19 00:11:16 2016 daemon.notice netifd: Interface 'lan' is now up
Fri Feb 19 00:11:16 2016 daemon.info dnsmasq[3364]: reading /tmp/resolv.conf.auto
Fri Feb 19 00:11:16 2016 daemon.info dnsmasq[3364]: using local addresses only for domain lan
Fri Feb 19 00:11:16 2016 daemon.info dnsmasq[3364]: using nameserver 192.168.1.1#53
Fri Feb 19 00:11:17 2016 kern.info kernel: [ 69.105840] br-lan: port 1(eth1) entered forwarding state
Fri Feb 19 00:11:19 2016 user.notice firewall: Reloading firewall due to ifup of wan (eth0)
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Enabling inline operation
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Found pid path directive (/var/snort/)
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Running in IDS mode
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]:
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: --== Initializing Snort ==--
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Initializing Output Plugins!
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Initializing Preprocessors!
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Initializing Plug-ins!
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Parsing Rules file "/etc/snort/snort_bridge.conf"
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: PortVar 'HTTP_PORTS' defined :
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: [ 36 80:90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 33300 34412 Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]:
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: PortVar 'SHELLCODE_PORTS' defined :
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: [ 1:65535 ]
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]:
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: PortVar 'ORACLE_PORTS' defined :
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: [ 1024:65535 ]
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]:
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: PortVar 'SSH_PORTS' defined :
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: [ 22 ]
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]:
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: PortVar 'FTP_PORTS' defined :
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: [ 21 2100 3535 ]
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]:
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: PortVar 'SIP_PORTS' defined :
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: [ 5060:5061 5600 ]
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]:
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: PortVar 'FILE_DATA_PORTS' defined :
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: [ 36 80:90 110 143 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 3330Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]:
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: PortVar 'GTP_PORTS' defined :
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: [ 2123 2152 3386 ]
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]:
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Detection:
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Search-Method = AC-Full
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Search-Method-Optimizations = enabled
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Maximum pattern length = 20
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Found pid path directive (/var/snort/)
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Tagged Packet Limit: 256
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so...
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: done
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/...
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_gtp_preproc.so...
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: done
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so...
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: done
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so...
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: done
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_reputation_preproc.so...
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: done
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_modbus_preproc.so...
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: done
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_imap_preproc.so...
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: done
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so...
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: done
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dnp3_preproc.so...
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: done
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_pop_preproc.so...
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: done
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sip_preproc.so...
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: done
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so...
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: done
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so...
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: done
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so...
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: done
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so...
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: done
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Log directory = /tmp/snort/
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Normalizer config:
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: ip4: on
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: ip4::df: off
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: ip4::rf: off
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: ip4::tos: off
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: ip4::trim: off
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: ip4::ttl: on (min=1, new=5)
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: Normalizer config:
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: tcp: on
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: tcp::ecn: stream
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: tcp::block: off
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: tcp::rsv: off
Fri Feb 19 00:11:21 2016 daemon.notice snort[4001]: tcp::pad: off
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: tcp::req_urg: off
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: tcp::req_pay: off
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: tcp::req_urp: off
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: tcp::urp: off
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: tcp::opt: off
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: tcp::ips: on
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: tcp::trim_syn: off
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: tcp::trim_rst: off
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: tcp::trim_win: off
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: tcp::trim_mss: off
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Normalizer config:
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: icmp4: on
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Normalizer config:
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: ip6: on
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: ip6::hops: on (min=1, new=5)
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Normalizer config:
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: icmp6: on
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Frag3 global config:
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max frags: 65536
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Fragment memory cap: 4194304 bytes
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Frag3 engine config:
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Bound Address: default
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Target-based policy: WINDOWS
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Fragment timeout: 180 seconds
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Fragment min_ttl: 1
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Fragment Anomalies: Alert
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Overlap Limit: 10
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Min fragment Length: 100
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max Expected Streams: 39
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Stream global config:
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Track TCP sessions: ACTIVE
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max TCP sessions: 10000
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: TCP cache pruning timeout: 30 seconds
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: TCP cache nominal timeout: 3600 seconds
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Memcap (for reassembly packet storage): 8388608
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Track UDP sessions: ACTIVE
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max UDP sessions: 10000
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: UDP cache pruning timeout: 30 seconds
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: UDP cache nominal timeout: 180 seconds
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Track ICMP sessions: ACTIVE
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max ICMP sessions: 65536
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Track IP sessions: INACTIVE
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Log info if session memory consumption exceeds 1048576
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Send up to 2 active responses
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Wait at least 5 seconds between responses
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Protocol Aware Flushing: ACTIVE
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Maximum Flush Point: 16000
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Stream TCP Policy config:
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Bound Address: default
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Reassembly Policy: WINDOWS
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Timeout: 180 seconds
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Limit on TCP Overlaps: 10
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Maximum number of bytes to queue per session: 1048576
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Maximum number of segs to queue per session: 2621
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Options:
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Require 3-Way Handshake: YES
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 3-Way Handshake Timeout: 180
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Detect Anomalies: YES
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Reassembly Ports:
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 21 client (Footprint-IPS)
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 22 client (Footprint-IPS)
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 23 client (Footprint-IPS)
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 25 client (Footprint-IPS)
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 36 client (Footprint-IPS) server (Footprint-IPS)
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 42 client (Footprint-IPS)
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 53 client (Footprint-IPS)
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 70 client (Footprint-IPS)
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 79 client (Footprint-IPS)
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 80 client (Footprint-IPS) server (Footprint-IPS)
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 81 client (Footprint-IPS) server (Footprint-IPS)
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 82 client (Footprint-IPS) server (Footprint-IPS)
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 83 client (Footprint-IPS) server (Footprint-IPS)
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 84 client (Footprint-IPS) server (Footprint-IPS)
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 85 client (Footprint-IPS) server (Footprint-IPS)
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 86 client (Footprint-IPS) server (Footprint-IPS)
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 87 client (Footprint-IPS) server (Footprint-IPS)
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 88 client (Footprint-IPS) server (Footprint-IPS)
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 89 client (Footprint-IPS) server (Footprint-IPS)
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 90 client (Footprint-IPS) server (Footprint-IPS)
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: additional ports configured but not printed.
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Stream UDP Policy config:
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Timeout: 180 seconds
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: HttpInspect Config:
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: GLOBAL CONFIG
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Detect Proxy Usage: NO
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: IIS Unicode Map Filename: /etc/snort/unicode.map
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: IIS Unicode Map Codepage: 1252
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Memcap used for logging URI and Hostname: 150994944
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max Gzip Memory: 838860
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max Gzip Sessions: 1807
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Gzip Compress Depth: 65535
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Gzip Decompress Depth: 65535
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: DEFAULT SERVER CONFIG:
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Server profile: All
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Ports (PAF): 36 80 81 82 83 84 85 86 87 88 89 90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000 7001 7071 7144 7145 7510 7770 7777 7778 7779 8000 8008 8014 8028 8080 8081 8082 8085 8088 8090 8118 8123 8180 8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090 9091 9111 9290 9443 Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Server Flow Depth: 0
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Client Flow Depth: 0
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max Chunk Length: 500000
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Small Chunk Length Evasion: chunk size <= 10, threshold >= 5 times
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max Header Field Length: 750
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max Number Header Fields: 100
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max Number of WhiteSpaces allowed with header folding: 200
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Inspect Pipeline Requests: YES
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: URI Discovery Strict Mode: NO
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Allow Proxy Usage: NO
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Disable Alerting: NO
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Oversize Dir Length: 500
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Only inspect URI: NO
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Normalize HTTP Headers: NO
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Inspect HTTP Cookies: YES
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Inspect HTTP Responses: YES
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Extract Gzip from responses: YES
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Decompress response files:
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Unlimited decompression of gzip data from responses: YES
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Normalize Javascripts in HTTP Responses: YES
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max Number of WhiteSpaces allowed with Javascript Obfuscation in HTTP responses: 200
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Normalize HTTP Cookies: NO
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Enable XFF and True Client IP: NO
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Log HTTP URI data: NO
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Log HTTP Hostname data: NO
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Extended ASCII code support in URI: NO
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Ascii: YES alert: NO
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Double Decoding: YES alert: NO
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: %U Encoding: YES alert: YES
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Bare Byte: YES alert: NO
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: UTF 8: YES alert: NO
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: IIS Unicode: YES alert: NO
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Multiple Slash: YES alert: NO
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: IIS Backslash: YES alert: NO
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Directory Traversal: YES alert: NO
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Web Root Traversal: YES alert: NO
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Apache WhiteSpace: YES alert: NO
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: IIS Delimiter: YES alert: NO
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Whitespace Characters: 0x09 0x0b 0x0c 0x0d
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: rpc_decode arguments:
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: alert_fragments: INACTIVE
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: alert_large_fragments: INACTIVE
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: alert_incomplete: INACTIVE
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: alert_multiple_requests: INACTIVE
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Portscan Detection Config:
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Detect Protocols: TCP UDP ICMP IP
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Detect Scan Type: portscan portsweep decoy_portscan distributed_portscan
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Sensitivity Level: Medium
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Memcap (in bytes): 500000
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Number of Nodes: 978
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: FTPTelnet Config:
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: GLOBAL CONFIG
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Inspection Type: stateful
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Check for Encrypted Traffic: YES alert: NO
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Continue to check encrypted data: YES
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: TELNET CONFIG:
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Ports: 23
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Are You There Threshold: 20
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Normalize: YES
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Detect Anomalies: YES
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: FTP CONFIG:
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: FTP Server: default
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Ports (PAF): 21 2100 3535
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Check for Telnet Cmds: YES alert: YES
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Ignore Telnet Cmd Operations: YES alert: YES
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Ignore open data channels: NO
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: FTP Client: default
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Check for Bounce Attacks: YES alert: YES
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Check for Telnet Cmds: YES alert: YES
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Ignore Telnet Cmd Operations: YES alert: YES
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max Response Length: 256
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: SSH config:
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Autodetection: ENABLED
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Challenge-Response Overflow Alert: ENABLED
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: SSH1 CRC32 Alert: ENABLED
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Server Version String Overflow Alert: ENABLED
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Protocol Mismatch Alert: ENABLED
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Bad Message Direction Alert: DISABLED
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Bad Payload Size Alert: DISABLED
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Unrecognized Version Alert: DISABLED
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max Encrypted Packets: 20
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max Server Version String Length: 100
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: MaxClientBytes: 19600 (Default)
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Ports:
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 22
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]:
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: DCE/RPC 2 Preprocessor Configuration
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Global Configuration
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: DCE/RPC Defragmentation: Enabled
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Memcap: 102400 KB
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Events: co
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: SMB Fingerprint policy: Disabled
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Server Default Configuration
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Policy: WinXP
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Detect ports (PAF)
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: SMB: 139 445
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: TCP: 135
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: UDP: 135
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: RPC over HTTP server: 593
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: RPC over HTTP proxy: None
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Autodetect ports (PAF)
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: SMB: None
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: TCP: 1025-65535
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: UDP: 1025-65535
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: RPC over HTTP server: 1025-65535
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: RPC over HTTP proxy: None
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Invalid SMB shares: C$ D$ ADMIN$
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Maximum SMB command chaining: 3 commands
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: SMB file inspection: Disabled
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: DNS config:
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: DNS Client rdata txt Overflow Alert: ACTIVE
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Obsolete DNS RR Types Alert: INACTIVE
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Experimental DNS RR Types Alert: INACTIVE
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Ports:
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 53
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]:
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: SSLPP config:
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Encrypted packets: not inspected
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Ports:
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 443 465 563 636 989
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 992 993 994 995 7801
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 7802 7900 7901 7902 7903
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 7904 7905 7906 7907 7908
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 7909 7910 7911 7912 7913
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 7914 7915 7916 7917 7918
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 7919 7920
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Server side data is trusted
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Maximum SSL Heartbeat length: 0
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Sensitive Data preprocessor config:
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Global Alert Threshold: 25
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Masked Output: DISABLED
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: SIP config:
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max number of sessions: 1024
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max number of dialogs in a session: 4 (Default)
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Status: ENABLED
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Ignore media channel: DISABLED
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max URI length: 512
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max Call ID length: 80
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max Request name length: 20 (Default)
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max From length: 256 (Default)
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max To length: 256 (Default)
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max Via length: 1024 (Default)
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max Contact length: 512
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Max Content length: 2048
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Ports:
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 5060
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 5061
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: 5600
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]:
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Methods:
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]:
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: invite
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: cancel
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: ack
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: bye
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: register
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: options
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: refer
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: subscribe
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: update
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: join
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: info
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: message
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: notify
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: benotify
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: do
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: qauth
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: sprack
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: publish
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: service
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: unsubscribe
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: prack
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]:
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]:
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: +++++++++++++++++++++++++++++++++++++++++++++++++++
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: Initializing rule chains...
Fri Feb 19 00:11:22 2016 user.notice firewall: Reloading firewall due to ifup of wan6 (eth2)
Fri Feb 19 00:11:22 2016 user.notice ddns-scripts[4047]: myddns_ipv4: PID '4047' started at 2016-02-19 00:11
Fri Feb 19 00:11:22 2016 daemon.notice snort[4001]: WARNING: /etc/snort/rules/snort.rules(1218) threshold (in rule) is deprecated; use detection_filter instead.

Fri Feb 19 00:11:22 2016 user.warn ddns-scripts[4047]: myddns_ipv4: Service section disabled! - TERMINATE
Fri Feb 19 00:11:22 2016 user.warn ddns-scripts[4047]: myddns_ipv4: PID '4047' exit WITH ERROR '1' at 2016-02-19 00:11
Fri Feb 19 00:11:26 2016 user.notice firewall: Reloading firewall due to ifup of lan (br-lan)
Fri Feb 19 00:11:26 2016 user.notice ddns-scripts[4223]: myddns_ipv6: PID '4223' started at 2016-02-19 00:11
Fri Feb 19 00:11:26 2016 user.warn ddns-scripts[4223]: myddns_ipv6: Service section disabled! - TERMINATE
Fri Feb 19 00:11:26 2016 user.warn ddns-scripts[4223]: myddns_ipv6: PID '4223' exit WITH ERROR '1' at 2016-02-19 00:11
Fri Feb 19 00:11:26 2016 user.emerg procd: Cannot change large-receive-offload
Fri Feb 19 00:11:28 2016 kern.notice kernel: [ 80.135652] eth0: Link down
Fri Feb 19 00:11:29 2016 daemon.notice netifd: Network device 'eth0' link is down
Fri Feb 19 00:11:29 2016 daemon.notice netifd: Interface 'wan' has link connectivity loss
Fri Feb 19 00:11:29 2016 daemon.notice netifd: Interface 'wan' is now down
Fri Feb 19 00:11:29 2016 daemon.notice netifd: Interface 'wan' is disabled
Fri Feb 19 00:11:29 2016 daemon.notice netifd: Interface 'wan' is enabled
Fri Feb 19 00:11:29 2016 kern.info kernel: [ 81.149365] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
Fri Feb 19 00:11:29 2016 user.emerg procd: Cannot change large-receive-offload
Fri Feb 19 00:11:31 2016 kern.notice kernel: [ 83.095606] eth1: Link down
Fri Feb 19 00:11:31 2016 daemon.notice snort[4001]: 13285 Snort rules read
Fri Feb 19 00:11:31 2016 daemon.notice snort[4001]: 13285 detection rules
Fri Feb 19 00:11:31 2016 daemon.notice snort[4001]: 0 decoder rules
Fri Feb 19 00:11:31 2016 daemon.notice snort[4001]: 0 preprocessor rules
Fri Feb 19 00:11:31 2016 daemon.notice snort[4001]: 13285 Option Chains linked into 252 Chain Headers
Fri Feb 19 00:11:31 2016 daemon.notice snort[4001]: 0 Dynamic rules
Fri Feb 19 00:11:31 2016 daemon.notice snort[4001]: +++++++++++++++++++++++++++++++++++++++++++++++++++
Fri Feb 19 00:11:31 2016 daemon.notice snort[4001]:
Fri Feb 19 00:11:31 2016 kern.notice kernel: [ 83.176053] eth0: 1000 Mbps Full duplex, port 0
Fri Feb 19 00:11:31 2016 daemon.notice netifd: Network device 'eth0' link is up
Fri Feb 19 00:11:31 2016 daemon.notice netifd: Interface 'wan' has link connectivity
Fri Feb 19 00:11:31 2016 daemon.notice netifd: Interface 'wan' is setting up now
Fri Feb 19 00:11:31 2016 kern.info kernel: [ 83.195831] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
Fri Feb 19 00:11:31 2016 daemon.notice netifd: Interface 'wan' is now up
Fri Feb 19 00:11:31 2016 user.notice firewall: Reloading firewall due to ifup of wan (eth0)
Fri Feb 19 00:11:32 2016 daemon.notice netifd: Network device 'eth1' link is down
Fri Feb 19 00:11:32 2016 kern.info kernel: [ 84.195883] br-lan: port 1(eth1) entered disabled state
Fri Feb 19 00:11:32 2016 user.emerg procd: Cannot change large-receive-offload
Fri Feb 19 00:11:33 2016 daemon.notice netifd: Bridge 'br-lan' link is down
Fri Feb 19 00:11:33 2016 daemon.notice netifd: Interface 'lan' has link connectivity loss
Fri Feb 19 00:11:33 2016 daemon.notice netifd: lan (3760): Received SIGTERM
Fri Feb 19 00:11:34 2016 daemon.notice netifd: Network device 'eth1' link is up
Fri Feb 19 00:11:34 2016 daemon.notice netifd: Bridge 'br-lan' link is up
Fri Feb 19 00:11:34 2016 daemon.notice netifd: Interface 'lan' has link connectivity
Fri Feb 19 00:11:34 2016 daemon.notice netifd: Interface 'lan' is setting up now
Fri Feb 19 00:11:34 2016 kern.notice kernel: [ 86.105975] eth1: 1000 Mbps Full duplex, port 1
Fri Feb 19 00:11:34 2016 kern.info kernel: [ 86.106033] br-lan: port 1(eth1) entered forwarding state
Fri Feb 19 00:11:34 2016 kern.info kernel: [ 86.106065] br-lan: port 1(eth1) entered forwarding state
Fri Feb 19 00:11:34 2016 daemon.notice netifd: lan (4556): udhcpc (v1.23.2) started
Fri Feb 19 00:11:34 2016 kern.notice kernel: [ 86.165675] eth2: Link down
Fri Feb 19 00:11:34 2016 daemon.notice netifd: lan (4556): Sending discover...
Fri Feb 19 00:11:34 2016 daemon.notice netifd: lan (4556): Sending select for 192.168.1.59...
Fri Feb 19 00:11:35 2016 daemon.notice netifd: lan (4556): Lease of 192.168.1.59 obtained, lease time 86400
Fri Feb 19 00:11:35 2016 daemon.notice netifd: Interface 'lan' is now up
Fri Feb 19 00:11:35 2016 daemon.warn dnsmasq[3364]: no servers found in /tmp/resolv.conf.auto, will retry
Fri Feb 19 00:11:35 2016 daemon.info dnsmasq[3364]: reading /tmp/resolv.conf.auto
Fri Feb 19 00:11:35 2016 daemon.info dnsmasq[3364]: using local addresses only for domain lan
Fri Feb 19 00:11:35 2016 daemon.info dnsmasq[3364]: using nameserver 192.168.1.1#53
Fri Feb 19 00:11:35 2016 user.notice ddns-scripts[4606]: myddns_ipv4: PID '4606' started at 2016-02-19 00:11
Fri Feb 19 00:11:35 2016 user.notice firewall: Reloading firewall due to ifup of lan (br-lan)
Fri Feb 19 00:11:35 2016 user.warn ddns-scripts[4606]: myddns_ipv4: Service section disabled! - TERMINATE
Fri Feb 19 00:11:35 2016 user.warn ddns-scripts[4606]: myddns_ipv4: PID '4606' exit WITH ERROR '1' at 2016-02-19 00:11
Fri Feb 19 00:11:35 2016 daemon.notice netifd: Network device 'eth2' link is down
Fri Feb 19 00:11:35 2016 daemon.notice netifd: Interface 'wan6' has link connectivity loss
Fri Feb 19 00:11:35 2016 daemon.notice netifd: Interface 'wan6' is now down
Fri Feb 19 00:11:35 2016 daemon.notice netifd: Interface 'wan6' is disabled
Fri Feb 19 00:11:35 2016 daemon.notice netifd: Interface 'wan6' is enabled
Fri Feb 19 00:11:35 2016 kern.info kernel: [ 87.159418] IPv6: ADDRCONF(NETDEV_UP): eth2: link is not ready
Fri Feb 19 00:11:36 2016 kern.info kernel: [ 88.105824] br-lan: port 1(eth1) entered forwarding state
Fri Feb 19 00:11:37 2016 daemon.notice vnstatd[4757]: vnStat daemon 1.12 started. (uid:0 gid:0)
Fri Feb 19 00:11:37 2016 daemon.notice vnstatd[4757]: Monitoring: br-lan (100 Mbit) eth0 (100 Mbit)
Fri Feb 19 00:11:37 2016 user.emerg procd: Stopping strongSwan IPsec failed: starter is not running
Fri Feb 19 00:11:37 2016 kern.notice kernel: [ 89.176005] eth2: 1000 Mbps Full duplex, port 2
Fri Feb 19 00:11:37 2016 daemon.notice netifd: Network device 'eth2' link is up
Fri Feb 19 00:11:37 2016 daemon.notice netifd: Interface 'wan6' has link connectivity
Fri Feb 19 00:11:37 2016 daemon.notice netifd: Interface 'wan6' is setting up now
Fri Feb 19 00:11:37 2016 kern.info kernel: [ 89.195851] IPv6: ADDRCONF(NETDEV_CHANGE): eth2: link becomes ready
Fri Feb 19 00:11:37 2016 daemon.notice netifd: Interface 'wan6' is now up
Fri Feb 19 00:11:39 2016 user.notice firewall: Reloading firewall due to ifup of wan6 (eth2)
Fri Feb 19 00:11:39 2016 daemon.info dnsmasq[3364]: exiting on receipt of SIGTERM
Fri Feb 19 00:11:39 2016 user.emerg procd: uci: Entry not found
Fri Feb 19 00:11:39 2016 user.emerg procd: sh: 192.168.1.112: unknown operand
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: +-------------------[Rule Port Counts]---------------------------------------
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | tcp udp icmp ip
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | src 1980 40 0 0
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | dst 10553 492 0 0
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | any 206 16 0 0
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | nc 7 1 0 0
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | s+d 46 15 0 0
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: +----------------------------------------------------------------------------
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]:
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: +-----------------------[detection-filter-config]------------------------------
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | memory-cap : 1048576 bytes
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: +-----------------------[detection-filter-rules]-------------------------------
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: -------------------------------------------------------------------------------
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]:
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: +-----------------------[rate-filter-config]-----------------------------------
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | memory-cap : 1048576 bytes
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: +-----------------------[rate-filter-rules]------------------------------------
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | none
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: -------------------------------------------------------------------------------
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]:
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: +-----------------------[event-filter-config]----------------------------------
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | memory-cap : 1048576 bytes
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: +-----------------------[event-filter-global]----------------------------------
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | none
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: +-----------------------[event-filter-local]-----------------------------------
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008663 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008658 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008657 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008643 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008609 type=Threshold tracking=src count=3 seconds=10
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008603 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008578 type=Limit tracking=src count=1 seconds=10
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008577 type=Threshold tracking=dst count=5 seconds=15
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021172 type=Both tracking=dst count=10 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021171 type=Both tracking=src count=10 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021170 type=Both tracking=src count=10 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2009833 type=Threshold tracking=dst count=2 seconds=30
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021125 type=Limit tracking=dst count=1 seconds=1200
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021124 type=Limit tracking=dst count=1 seconds=1200
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008579 type=Threshold tracking=dst count=20 seconds=15
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2013547 type=Limit tracking=src count=1 seconds=600
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2000929 type=Limit tracking=src count=1 seconds=360
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2013492 type=Both tracking=src count=2 seconds=120
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2009703 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018433 type=Limit tracking=src count=1 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018455 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2009646 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018432 type=Limit tracking=src count=1 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018431 type=Limit tracking=src count=1 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018430 type=Limit tracking=src count=1 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018383 type=Limit tracking=src count=1 seconds=120
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018382 type=Limit tracking=dst count=1 seconds=120
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018374 type=Limit tracking=src count=1 seconds=120
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018373 type=Limit tracking=src count=1 seconds=120
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018372 type=Limit tracking=src count=1 seconds=120
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018389 type=Limit tracking=src count=1 seconds=120
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018388 type=Limit tracking=src count=1 seconds=120
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018316 type=Both tracking=dst count=12 seconds=120
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2002842 type=Both tracking=src count=5 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019166 type=Both tracking=src count=5 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2006546 type=Both tracking=src count=5 seconds=30
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019102 type=Both tracking=src count=2 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2011585 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020338 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2011497 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020306 type=Both tracking=dst count=30 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020305 type=Both tracking=src count=30 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020323 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003930 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003927 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020240 type=Limit tracking=src count=1 seconds=180
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2011403 type=Limit tracking=src count=5 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2011402 type=Limit tracking=src count=5 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2007583 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2000031 type=Limit tracking=dst count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020167 type=Both tracking=src count=1 seconds=10
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2000049 type=Limit tracking=dst count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2000048 type=Limit tracking=dst count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008797 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008413 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008429 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008428 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008427 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008424 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008423 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008422 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021327 type=Both tracking=src count=10 seconds=120
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021326 type=Limit tracking=src count=3 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008756 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008400 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2013416 type=Threshold tracking=dst count=10 seconds=20
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008391 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008355 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008353 type=Limit tracking=src count=1 seconds=3600
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008352 type=Limit tracking=src count=1 seconds=3600
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021333 type=Both tracking=src count=10 seconds=120
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021332 type=Both tracking=src count=10 seconds=120
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021331 type=Both tracking=src count=10 seconds=120
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021330 type=Both tracking=src count=10 seconds=120
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021329 type=Both tracking=src count=10 seconds=120
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021328 type=Both tracking=src count=10 seconds=120
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008343 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2013385 type=Limit tracking=src count=1 seconds=360
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008363 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008361 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2017162 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2017161 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021260 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2009547 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018277 type=Both tracking=src count=5 seconds=90
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2009544 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2009538 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2009537 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018292 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2009534 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2009512 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2001906 type=Both tracking=src count=5 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2009481 type=Threshold tracking=dst count=20 seconds=40
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2009480 type=Limit tracking=dst count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2001872 type=Limit tracking=src count=1 seconds=360
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2001864 type=Limit tracking=src count=1 seconds=360
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018208 type=Both tracking=src count=100 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2001858 type=Limit tracking=src count=1 seconds=360
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2001855 type=Limit tracking=src count=1 seconds=360
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2009356 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2009355 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018094 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018090 type=Limit tracking=src count=1 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018088 type=Limit tracking=src count=1 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2001795 type=Limit tracking=src count=30 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2014372 type=Both tracking=src count=2 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2002664 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2002677 type=Both tracking=src count=5 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2010508 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2006365 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2010494 type=Threshold tracking=src count=5 seconds=120
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019230 type=Both tracking=src count=50 seconds=10
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2010513 type=Threshold tracking=src count=10 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2010487 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2010486 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019211 type=Both tracking=src count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020069 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020022 type=Both tracking=src count=2 seconds=10
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019966 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019963 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003657 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2016212 type=Limit tracking=src count=1 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2011146 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003622 type=Limit tracking=src count=3 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008571 type=Threshold tracking=dst count=2 seconds=5
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019922 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019950 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008549 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019897 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008544 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2012306 type=Limit tracking=dst count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2012305 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2012304 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2012303 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019889 type=Both tracking=src count=12 seconds=120
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019888 type=Both tracking=src count=12 seconds=120
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019887 type=Both tracking=src count=12 seconds=120
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003586 type=Limit tracking=src count=3 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003585 type=Limit tracking=src count=3 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008564 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003583 type=Limit tracking=src count=3 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008560 type=Threshold tracking=dst count=4 seconds=15
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003566 type=Limit tracking=src count=3 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008514 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2016101 type=Limit tracking=src count=1 seconds=120
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008513 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008512 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008510 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008504 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019886 type=Both tracking=src count=12 seconds=120
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019885 type=Both tracking=src count=12 seconds=120
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019884 type=Both tracking=src count=12 seconds=120
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019883 type=Both tracking=src count=12 seconds=120
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019882 type=Both tracking=src count=12 seconds=120
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019876 type=Limit tracking=src count=1 seconds=30
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008495 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008494 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008488 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008453 type=Threshold tracking=src count=5 seconds=30
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003497 type=Limit tracking=src count=3 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2016033 type=Limit tracking=src count=1 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2016031 type=Limit tracking=src count=1 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003493 type=Limit tracking=src count=2 seconds=360
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2016030 type=Limit tracking=src count=1 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008440 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2012204 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008464 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008463 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008460 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008455 type=Threshold tracking=src count=5 seconds=30
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008454 type=Threshold tracking=src count=5 seconds=30
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008098 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008097 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008096 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2016016 type=Both tracking=dst count=5 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008085 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008084 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021018 type=Both tracking=dst count=10 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008073 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2013036 type=Limit tracking=src count=1 seconds=3
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2013017 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2017967 type=Both tracking=src count=2 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2017966 type=Both tracking=src count=1 seconds=120
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2017965 type=Both tracking=src count=1 seconds=120
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2014141 type=Both tracking=src count=5 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2014140 type=Both tracking=src count=5 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2017921 type=Both tracking=src count=2 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2017920 type=Both tracking=src count=2 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2017919 type=Both tracking=dst count=2 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2017918 type=Both tracking=dst count=2 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2014153 type=Both tracking=src count=225 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2009159 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2014103 type=Both tracking=src count=15 seconds=30
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021691 type=Limit tracking=src count=3 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2001564 type=Limit tracking=src count=5 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2001562 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2005320 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2014020 type=Both tracking=src count=5 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2014002 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019018 type=Both tracking=dst count=2 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019017 type=Both tracking=dst count=2 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019016 type=Both tracking=dst count=2 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019015 type=Both tracking=src count=1 seconds=120
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019014 type=Both tracking=src count=1 seconds=120
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019013 type=Both tracking=src count=1 seconds=120
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019012 type=Both tracking=src count=1 seconds=120
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019011 type=Both tracking=src count=1 seconds=120
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019010 type=Both tracking=src count=1 seconds=120
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019022 type=Both tracking=src count=2 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019021 type=Both tracking=dst count=2 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019020 type=Both tracking=dst count=2 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019019 type=Both tracking=dst count=2 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018984 type=Both tracking=src count=1 seconds=30
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018978 type=Both tracking=dst count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018977 type=Both tracking=src count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2011030 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2011029 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019778 type=Both tracking=dst count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2010953 type=Limit tracking=src count=10 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003387 type=Limit tracking=src count=5 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2015986 type=Both tracking=src count=100 seconds=1
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019749 type=Limit tracking=src count=1 seconds=600
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003384 type=Limit tracking=src count=1 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019748 type=Limit tracking=src count=1 seconds=600
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003397 type=Both tracking=src count=1 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019692 type=Both tracking=src count=12 seconds=120
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003287 type=Both tracking=dst count=1 seconds=900
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003286 type=Both tracking=dst count=1 seconds=900
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008264 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008262 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008259 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019609 type=Both tracking=src count=50 seconds=10
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008257 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008255 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008253 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008276 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003263 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003262 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003261 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003260 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003259 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003258 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003257 type=Both tracking=src count=2 seconds=900
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003256 type=Both tracking=src count=2 seconds=900
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020853 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003255 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003254 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008266 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008231 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003281 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003280 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008228 type=Limit tracking=src count=3 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003279 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003278 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003277 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003276 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003275 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003274 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003273 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003272 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003271 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003270 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003269 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003268 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003267 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003266 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008199 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008216 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008215 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008214 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008211 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2011975 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2011974 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008209 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008208 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008184 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008181 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020742 type=Both tracking=src count=3 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2011915 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2011914 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008147 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2004443 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020712 type=Limit tracking=src count=2 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020741 type=Both tracking=src count=3 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2016897 type=Limit tracking=src count=2 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020702 type=Both tracking=src count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020661 type=Limit tracking=dst count=1 seconds=1200
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020660 type=Limit tracking=dst count=1 seconds=1200
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020659 type=Limit tracking=dst count=1 seconds=1200
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2009040 type=Threshold tracking=src count=20 seconds=10
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020669 type=Limit tracking=dst count=1 seconds=1200
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020668 type=Limit tracking=dst count=1 seconds=1200
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2016867 type=Limit tracking=src count=1 seconds=600
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020667 type=Limit tracking=dst count=1 seconds=1200
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020666 type=Limit tracking=dst count=1 seconds=1200
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020665 type=Limit tracking=dst count=1 seconds=1200
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020664 type=Limit tracking=dst count=1 seconds=1200
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020663 type=Limit tracking=dst count=1 seconds=1200
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020662 type=Limit tracking=dst count=1 seconds=1200
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020633 type=Limit tracking=dst count=1 seconds=1200
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020632 type=Limit tracking=dst count=1 seconds=1200
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020631 type=Limit tracking=dst count=1 seconds=1200
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2020630 type=Limit tracking=dst count=1 seconds=1200
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2017721 type=Both tracking=src count=5 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008956 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2017722 type=Both tracking=src count=5 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008919 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008916 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008914 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008913 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008912 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008941 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021444 type=Both tracking=src count=10 seconds=120
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021443 type=Both tracking=src count=10 seconds=120
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2001316 type=Limit tracking=src count=1 seconds=360
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2001315 type=Limit tracking=src count=1 seconds=360
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021410 type=Both tracking=src count=10 seconds=120
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021409 type=Both tracking=src count=10 seconds=120
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008847 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018755 type=Both tracking=src count=5 seconds=120
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2002402 type=Limit tracking=src count=1 seconds=360
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2002400 type=Limit tracking=src count=2 seconds=360
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2002383 type=Threshold tracking=dst count=5 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018666 type=Both tracking=dst count=12 seconds=120
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2009867 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2014869 type=Limit tracking=src count=1 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018607 type=Limit tracking=src count=1 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018569 type=Limit tracking=src count=1 seconds=120
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2018568 type=Limit tracking=src count=1 seconds=120
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2010715 type=Limit tracking=src count=1 seconds=180
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2003171 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019418 type=Both tracking=src count=50 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2011887 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2010643 type=Threshold tracking=src count=5 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2010642 type=Threshold tracking=src count=5 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019350 type=Both tracking=dst count=500 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019349 type=Both tracking=dst count=500 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008043 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019348 type=Both tracking=dst count=500 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019347 type=Both tracking=dst count=500 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2019346 type=Both tracking=dst count=500 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008048 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2011809 type=Limit tracking=src count=1 seconds=30
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2011808 type=Limit tracking=src count=1 seconds=30
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2011767 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2011766 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2015577 type=Limit tracking=src count=1 seconds=30
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2011716 type=Limit tracking=src count=5 seconds=120
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008734 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2008749 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021575 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021574 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021573 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=1 sig-id=2021572 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: +-----------------------[suppression]------------------------------------------
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=129 sig-id=12 tracking=none
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: | gen-id=129 sig-id=20 tracking=none
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: -------------------------------------------------------------------------------
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: Rule application order: activation->dynamic->pass->drop->sdrop->reject->alert->log
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: Verifying Preprocessor Configurations!
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'ET.pdf.in.http' is checked but not ever set.
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'ET.Fareit.chk' is set but not ever checked.
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'AnglerEK' is set but not ever checked.
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'EXE2' is set but not ever checked.
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'ET.http.javaclient.SakuraPorts' is checked but not ever set.
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'NuclearEK' is set but not ever checked.
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'et.WinHttpRequest' is checked but not ever set.
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'et.JavaArchiveOrClass' is checked but not ever set.
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'et.MCOFF' is checked but not ever set.
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'ET.ButterflyJoin' is set but not ever checked.
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'ET.lizkebab' is checked but not ever set.
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'SunDown.EK' is set but not ever checked.
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'ET.MSSQL' is checked but not ever set.
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'ET.Adobe.Site.Download' is checked but not ever set.
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'ms.rdp.established' is checked but not ever set.
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'ET.autoit.ua' is checked but not ever set.
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'ET.gadu.loggedin' is checked but not ever set.
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'ET.http.javaclient' is checked but not ever set.
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'ET.RDP.Morto' is set but not ever checked.
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'ET.JS.Obfus.Func' is checked but not ever set.
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'FlimKit.SWF.Redirect' is checked but not ever set.
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'et.MS.XMLHTTP.ip.request' is checked but not ever set.
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'ET.invalid.cab' is checked but not ever set.
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'ET.http.binary' is checked but not ever set.
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'ET.lethic.established' is set but not ever checked.
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'ET.http.rtf.download' is set but not ever checked.
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'et.MS.XMLHTTP.no.exe.request' is checked but not ever set.
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'ET.Onelouder.bin' is set but not ever checked.
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'et.http.PK' is checked but not ever set.
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'ET.wininet.UA' is checked but not ever set.
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'ET.webc2ugx' is set but not ever checked.
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: WARNING: flowbits key 'ET.http.javaclient.vulnerable' is checked but not ever set.
Fri Feb 19 00:11:40 2016 daemon.notice snort[4001]: 131 out of 1024 flowbits in use.
Fri Feb 19 00:11:44 2016 user.emerg procd: uci: Entry not found
Fri Feb 19 00:11:45 2016 user.notice ddns-scripts[5032]: myddns_ipv6: PID '5032' started at 2016-02-19 00:11
Fri Feb 19 00:11:46 2016 user.warn ddns-scripts[5032]: myddns_ipv6: Service section disabled! - TERMINATE
Fri Feb 19 00:11:46 2016 daemon.info dnsmasq[4965]: started, version 2.73rc7 cachesize 150
Fri Feb 19 00:11:46 2016 daemon.info dnsmasq[4965]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-DNSSEC loop-detect inotify
Fri Feb 19 00:11:46 2016 daemon.info dnsmasq[4965]: DNS service limited to local subnets
Fri Feb 19 00:11:46 2016 daemon.info dnsmasq[4965]: using local addresses only for domain lan
Fri Feb 19 00:11:46 2016 user.warn ddns-scripts[5032]: myddns_ipv6: PID '5032' exit WITH ERROR '1' at 2016-02-19 00:11
Fri Feb 19 00:11:46 2016 daemon.info dnsmasq[4965]: reading /tmp/resolv.conf.auto
Fri Feb 19 00:11:46 2016 daemon.info dnsmasq[4965]: using local addresses only for domain lan
Fri Feb 19 00:11:46 2016 daemon.info dnsmasq[4965]: using nameserver 192.168.1.1#53
Fri Feb 19 00:11:46 2016 daemon.info dnsmasq[4965]: read /etc/hosts - 1 addresses
Fri Feb 19 00:11:46 2016 daemon.info dnsmasq[4965]: read /tmp/hosts/dhcp - 1 addresses
Fri Feb 19 00:11:47 2016 daemon.notice netifd: Interface 'blockdomain' is enabled
Fri Feb 19 00:11:47 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity
Fri Feb 19 00:11:47 2016 daemon.notice netifd: Interface 'blockdomain' is setting up now
Fri Feb 19 00:11:47 2016 daemon.notice netifd: Interface 'blockdomain' is now up
Fri Feb 19 00:11:47 2016 daemon.notice netifd: Interface 'blockdomain' is now down
Fri Feb 19 00:11:47 2016 daemon.notice netifd: Interface 'blockdomain' is setting up now
Fri Feb 19 00:11:47 2016 daemon.notice netifd: Interface 'blockdomain' is now up
Fri Feb 19 00:11:48 2016 daemon.info dnsmasq[4965]: exiting on receipt of SIGTERM
Fri Feb 19 00:11:53 2016 daemon.crit dnsmasq[5365]: bad option at line 69 of /etc/ITUS_DNS.txt
Fri Feb 19 00:11:53 2016 daemon.crit dnsmasq[5365]: FAILED to start up
Fri Feb 19 00:11:53 2016 user.notice update_webfilter: updated dnsmasq blacklist
Fri Feb 19 00:11:53 2016 user.notice update_webfilter: updated network.interface.blockdomain: 192.168.1.112
Fri Feb 19 00:11:53 2016 user.notice update_webfilter: updated firewall.@redirect[0].Itusfilter: 192.168.1.112
Fri Feb 19 00:11:53 2016 user.notice update_webfilter: updated firewall.@redirect[1]dns-traffic-to-shield: 192.168.1.112
Fri Feb 19 00:11:53 2016 user.notice update_webfilter: updated uhttpd.Itusfilter
Fri Feb 19 00:11:53 2016 daemon.crit dnsmasq[5380]: bad option at line 69 of /etc/ITUS_DNS.txt
Fri Feb 19 00:11:53 2016 daemon.crit dnsmasq[5380]: FAILED to start up
Fri Feb 19 00:11:58 2016 daemon.info dnsmasq[5500]: started, version 2.73rc7 cachesize 150
Fri Feb 19 00:11:58 2016 daemon.info dnsmasq[5500]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-DNSSEC loop-detect inotify
Fri Feb 19 00:11:58 2016 daemon.info dnsmasq[5500]: DNS service limited to local subnets
Fri Feb 19 00:11:58 2016 daemon.info dnsmasq[5500]: using local addresses only for domain lan
Fri Feb 19 00:11:58 2016 daemon.info dnsmasq[5500]: reading /tmp/resolv.conf.auto
Fri Feb 19 00:11:58 2016 daemon.info dnsmasq[5500]: using local addresses only for domain lan
Fri Feb 19 00:11:58 2016 daemon.info dnsmasq[5500]: using nameserver 192.168.1.1#53
Fri Feb 19 00:11:58 2016 daemon.info dnsmasq[5500]: read /etc/hosts - 1 addresses
Fri Feb 19 00:11:58 2016 daemon.info dnsmasq[5500]: read /tmp/hosts/dhcp - 1 addresses
Fri Feb 19 00:12:04 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:12:04 2016 kern.notice kernel: [ 116.245666] eth0: Link down
Fri Feb 19 00:12:04 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:12:04 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:12:05 2016 daemon.notice netifd: Network device 'eth0' link is down
Fri Feb 19 00:12:05 2016 daemon.notice netifd: Interface 'wan' has link connectivity loss
Fri Feb 19 00:12:05 2016 daemon.notice netifd: Interface 'wan' is now down
Fri Feb 19 00:12:05 2016 daemon.notice netifd: Interface 'wan' is disabled
Fri Feb 19 00:12:05 2016 daemon.notice netifd: Interface 'wan' is enabled
Fri Feb 19 00:12:05 2016 kern.info kernel: [ 117.240390] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
Fri Feb 19 00:12:06 2016 kern.notice kernel: [ 118.125582] eth1: Link down
Fri Feb 19 00:12:07 2016 daemon.notice netifd: Network device 'eth1' link is down
Fri Feb 19 00:12:07 2016 kern.info kernel: [ 119.116017] br-lan: port 1(eth1) entered disabled state
Fri Feb 19 00:12:08 2016 daemon.notice netifd: Bridge 'br-lan' link is down
Fri Feb 19 00:12:08 2016 daemon.notice netifd: Interface 'lan' has link connectivity loss
Fri Feb 19 00:12:08 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity loss
Fri Feb 19 00:12:08 2016 daemon.notice netifd: lan (4556): Received SIGTERM
Fri Feb 19 00:12:08 2016 kern.notice kernel: [ 120.205583] eth2: Link down
Fri Feb 19 00:12:08 2016 kern.notice kernel: [ 120.256063] eth0: 1000 Mbps Full duplex, port 0
Fri Feb 19 00:12:08 2016 daemon.notice netifd: Network device 'eth0' link is up
Fri Feb 19 00:12:08 2016 daemon.notice netifd: Interface 'wan' has link connectivity
Fri Feb 19 00:12:08 2016 daemon.notice netifd: Interface 'wan' is setting up now
Fri Feb 19 00:12:08 2016 kern.info kernel: [ 120.285867] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
Fri Feb 19 00:12:08 2016 daemon.notice netifd: Interface 'wan' is now up
Fri Feb 19 00:12:08 2016 daemon.warn dnsmasq[5500]: no servers found in /tmp/resolv.conf.auto, will retry
Fri Feb 19 00:12:09 2016 user.notice firewall: Reloading firewall due to ifup of wan (eth0)
Fri Feb 19 00:12:09 2016 daemon.notice netifd: Network device 'eth2' link is down
Fri Feb 19 00:12:09 2016 daemon.notice netifd: Interface 'wan6' has link connectivity loss
Fri Feb 19 00:12:09 2016 daemon.notice netifd: Interface 'wan6' is now down
Fri Feb 19 00:12:09 2016 daemon.notice netifd: Interface 'wan6' is disabled
Fri Feb 19 00:12:09 2016 daemon.notice netifd: Interface 'wan6' is enabled
Fri Feb 19 00:12:09 2016 kern.info kernel: [ 121.224196] IPv6: ADDRCONF(NETDEV_UP): eth2: link is not ready
Fri Feb 19 00:12:10 2016 kern.notice kernel: [ 122.135950] eth1: 1000 Mbps Full duplex, port 1
Fri Feb 19 00:12:10 2016 daemon.notice netifd: Network device 'eth1' link is up
Fri Feb 19 00:12:10 2016 daemon.notice netifd: Bridge 'br-lan' link is up
Fri Feb 19 00:12:10 2016 daemon.notice netifd: Interface 'lan' has link connectivity
Fri Feb 19 00:12:10 2016 daemon.notice netifd: Interface 'lan' is setting up now
Fri Feb 19 00:12:10 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity
Fri Feb 19 00:12:10 2016 kern.info kernel: [ 122.146030] br-lan: port 1(eth1) entered forwarding state
Fri Feb 19 00:12:10 2016 kern.info kernel: [ 122.146069] br-lan: port 1(eth1) entered forwarding state
Fri Feb 19 00:12:10 2016 daemon.info dnsmasq[5500]: query[A] 0.us.pool.ntp.org from 127.0.0.1
Fri Feb 19 00:12:10 2016 daemon.notice netifd: lan (5719): udhcpc (v1.23.2) started
Fri Feb 19 00:12:10 2016 daemon.notice netifd: lan (5719): Sending discover...
Fri Feb 19 00:12:11 2016 daemon.notice netifd: lan (5719): Sending select for 192.168.1.59...
Fri Feb 19 00:12:11 2016 daemon.notice netifd: lan (5719): Lease of 192.168.1.59 obtained, lease time 86400
Fri Feb 19 00:12:11 2016 daemon.notice netifd: Interface 'lan' is now up
Fri Feb 19 00:12:11 2016 daemon.info dnsmasq[5500]: reading /tmp/resolv.conf.auto
Fri Feb 19 00:12:11 2016 daemon.info dnsmasq[5500]: using local addresses only for domain lan
Fri Feb 19 00:12:11 2016 daemon.info dnsmasq[5500]: using nameserver 192.168.1.1#53
Fri Feb 19 00:12:12 2016 user.notice ddns-scripts[5771]: myddns_ipv4: PID '5771' started at 2016-02-19 00:12
Fri Feb 19 00:12:12 2016 kern.info kernel: [ 124.145833] br-lan: port 1(eth1) entered forwarding state
Fri Feb 19 00:12:12 2016 user.warn ddns-scripts[5771]: myddns_ipv4: Service section disabled! - TERMINATE
Fri Feb 19 00:12:12 2016 user.warn ddns-scripts[5771]: myddns_ipv4: PID '5771' exit WITH ERROR '1' at 2016-02-19 00:12
Fri Feb 19 00:12:12 2016 daemon.notice netifd: Network device 'eth2' link is up
Fri Feb 19 00:12:12 2016 daemon.notice netifd: Interface 'wan6' has link connectivity
Fri Feb 19 00:12:12 2016 daemon.notice netifd: Interface 'wan6' is setting up now
Fri Feb 19 00:12:12 2016 kern.notice kernel: [ 124.235980] eth2: 1000 Mbps Full duplex, port 2
Fri Feb 19 00:12:12 2016 kern.info kernel: [ 124.239465] IPv6: ADDRCONF(NETDEV_CHANGE): eth2: link becomes ready
Fri Feb 19 00:12:12 2016 daemon.notice netifd: Interface 'wan6' is now up
Fri Feb 19 00:12:12 2016 user.notice firewall: Reloading firewall due to ifup of lan (br-lan)
Fri Feb 19 00:12:13 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:12:13 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:12:13 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:12:16 2016 user.notice firewall: Reloading firewall due to ifup of wan6 (eth2)
Fri Feb 19 00:12:19 2016 user.notice ddns-scripts[6108]: myddns_ipv6: PID '6108' started at 2016-02-19 00:12
Fri Feb 19 00:12:19 2016 user.warn ddns-scripts[6108]: myddns_ipv6: Service section disabled! - TERMINATE
Fri Feb 19 00:12:19 2016 user.warn ddns-scripts[6108]: myddns_ipv6: PID '6108' exit WITH ERROR '1' at 2016-02-19 00:12
Fri Feb 19 00:12:27 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:12:27 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:12:27 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:12:40 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:12:40 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:12:40 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:12:56 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:12:57 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:12:57 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]:
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: [ Port Based Pattern Matching Memory ]
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: +- [ Aho-Corasick Summary ] -------------------------------------
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: | Storage Format : Full
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: | Finite Automaton : DFA
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: | Alphabet Size : 256 Chars
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: | Sizeof State : Variable (1,2,4 bytes)
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: | Instances : 335
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: | 1 byte states : 228
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: | 2 byte states : 107
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: | 4 byte states : 0
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: | Characters : 408795
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: | States : 252270
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: | Transitions : 13611564
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: | State Density : 21.1%
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: | Patterns : 34402
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: | Match States : 30013
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: | Memory (MB) : 134.67
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: | Patterns : 3.40
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: | Match Lists : 8.23
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: | DFA
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: | 1 byte states : 3.38
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: | 2 byte states : 119.41
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: | 4 byte states : 0.00
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: +----------------------------------------------------------------
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: [ Number of patterns truncated to 20 bytes: 5427 ]
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: afpacket DAQ configured to inline.
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Acquiring network traffic from "eth0:eth2".
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Initializing daemon mode
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Daemon initialized, signaled parent pid: 1
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Reload thread starting...
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Reload thread started, thread 0xffe93af210 (6157)
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Checking PID path...
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: PID path stat checked out ok, PID path set to /var/snort/
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Writing PID "4001" to file "/var/snort//snort_eth0:eth2.pid"
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]:
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: --== Initialization Complete ==--
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]:
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: ,,_ -*> Snort! <*-
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: o" )~ Version 2.9.7.2 GRE (Build 177)
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: '''' By Martin Roesch & The Snort Team: http://www.snort.org/contact#team
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Copyright (C) 2014 Cisco and/or its affiliates. All rights reserved.
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Using libpcap version 1.5.3
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Using PCRE version: 8.36 2014-09-26
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Using ZLIB version: 1.2.8
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]:
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Rules Engine: SF_SNORT_DETECTION_ENGINE Version 2.4 <Build 1>
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Preprocessor Object: SF_DCERPC2 Version 1.0 <Build 3>
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Preprocessor Object: SF_DNS Version 1.1 <Build 4>
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Preprocessor Object: SF_FTPTELNET Version 1.2 <Build 13>
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Preprocessor Object: SF_SDF Version 1.1 <Build 1>
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Preprocessor Object: SF_SIP Version 1.1 <Build 1>
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Preprocessor Object: SF_POP Version 1.0 <Build 1>
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Preprocessor Object: SF_DNP3 Version 1.1 <Build 1>
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Preprocessor Object: SF_SSLPP Version 1.1 <Build 4>
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Preprocessor Object: SF_IMAP Version 1.0 <Build 1>
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Preprocessor Object: SF_MODBUS Version 1.1 <Build 1>
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Preprocessor Object: SF_REPUTATION Version 1.1 <Build 1>
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Preprocessor Object: SF_SMTP Version 1.1 <Build 9>
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Preprocessor Object: SF_SSH Version 1.1 <Build 3>
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Preprocessor Object: SF_GTP Version 1.1 <Build 1>
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Commencing packet processing (pid=4001)
Fri Feb 19 00:12:59 2016 daemon.notice snort[4001]: Decoding Ethernet
Fri Feb 19 00:12:59 2016 kern.info kernel: [ 170.755829] device eth2 entered promiscuous mode
Fri Feb 19 00:12:59 2016 kern.info kernel: [ 170.905826] device eth0 entered promiscuous mode
Fri Feb 19 00:13:06 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:13:06 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:13:06 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:13:17 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:13:17 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:13:17 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:13:32 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:13:32 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:13:33 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:13:46 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:13:46 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:13:46 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:13:56 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:13:56 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:13:56 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:14:12 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:14:12 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:14:12 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:14:31 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:14:31 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:14:31 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:14:37 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:14:37 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:14:37 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:14:49 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:14:49 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:14:49 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:14:57 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:14:57 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:14:57 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:15:03 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:15:03 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:15:03 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:15:08 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:15:08 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:15:09 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:15:19 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:15:19 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:15:19 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:15:29 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:15:29 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:15:29 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:15:38 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:15:38 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:15:38 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:15:54 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:15:54 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:15:54 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:16:11 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:16:11 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:16:11 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:16:19 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:16:19 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:16:19 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:16:32 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:16:32 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:16:32 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:16:51 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:16:51 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:16:52 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:17:01 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:17:01 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:17:01 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:17:14 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:17:14 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:17:14 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:17:24 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:17:24 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:17:24 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:17:34 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:17:34 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:17:34 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:17:46 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:17:46 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:17:46 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:17:53 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:17:53 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:17:53 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:18:04 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:18:04 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:18:04 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:18:13 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:18:13 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:18:13 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:18:30 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:18:30 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:18:31 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:18:44 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:18:44 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:18:44 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:18:52 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:18:52 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:18:52 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:19:02 2016 daemon.info dnsmasq[5500]: query[A] upgrade.meshare.com from 192.168.1.118
Fri Feb 19 00:19:02 2016 daemon.info dnsmasq[5500]: forwarded upgrade.meshare.com to 192.168.1.1
Fri Feb 19 00:19:02 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: upgrade.meshare.com
Fri Feb 19 00:19:05 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:19:05 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:19:05 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:19:20 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:19:20 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:19:21 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:19:33 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:19:33 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:19:33 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:19:51 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:19:51 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:19:51 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:20:00 2016 cron.info crond[3190]: USER root pid 6164 cmd /usr/sbin/ntpclient -s -p 123 -h 0.us.pool.ntp.org || /etc/init.d/ntpclient restart
Fri Feb 19 00:20:00 2016 user.notice root: NTP 0.us.pool.ntp.org failed.
Fri Feb 19 00:20:00 2016 user.notice root: NTP 0.us.pool.ntp.org failed.
Fri Feb 19 00:20:00 2016 user.notice root: NTP 0.us.pool.ntp.org failed.
Fri Feb 19 00:20:00 2016 user.notice root: NTP 0.us.pool.ntp.org failed.
Fri Feb 19 00:20:00 2016 user.notice root: NTP 0.us.pool.ntp.org failed.
Fri Feb 19 00:20:00 2016 user.notice root: NTP eager clock adjust failed.
Fri Feb 19 00:20:00 2016 user.notice root: Restarted ntpclient. NTP server #1 of 4.
Fri Feb 19 00:20:08 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:20:08 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:20:09 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:20:16 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:20:16 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:20:16 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:20:26 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:20:26 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:20:26 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:20:44 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:20:44 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:20:46 2016 kern.notice kernel: [ 638.155665] eth1: Link down
Fri Feb 19 00:20:46 2016 kern.info kernel: [ 638.155726] br-lan: port 1(eth1) entered disabled state
Fri Feb 19 00:20:46 2016 daemon.notice netifd: Network device 'eth1' link is down
Fri Feb 19 00:20:46 2016 kern.notice kernel: [ 638.255621] eth2: Link down
Fri Feb 19 00:20:47 2016 daemon.notice netifd: Bridge 'br-lan' link is down
Fri Feb 19 00:20:47 2016 daemon.notice netifd: Interface 'lan' has link connectivity loss
Fri Feb 19 00:20:47 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity loss
Fri Feb 19 00:20:47 2016 daemon.notice netifd: Network device 'eth2' link is down
Fri Feb 19 00:20:47 2016 daemon.notice netifd: Interface 'wan6' has link connectivity loss
Fri Feb 19 00:20:47 2016 daemon.notice netifd: Interface 'wan6' is now down
Fri Feb 19 00:20:47 2016 daemon.notice snort[4001]: Can't acquire (-1) - afpacket_daq_acquire: Encountered error condition on a packet socket!
Fri Feb 19 00:20:47 2016 daemon.notice netifd: Interface 'wan6' is disabled
Fri Feb 19 00:20:47 2016 kern.info kernel: [ 639.155774] IPv6: ADDRCONF(NETDEV_UP): eth2: link is not ready
Fri Feb 19 00:20:47 2016 daemon.notice netifd: Interface 'wan6' is enabled
Fri Feb 19 00:20:47 2016 daemon.notice netifd: lan (5719): Received SIGTERM
Fri Feb 19 00:20:47 2016 daemon.warn dnsmasq[5500]: no servers found in /tmp/resolv.conf.auto, will retry
Fri Feb 19 00:20:47 2016 kern.info kernel: [ 639.216238] device eth2 left promiscuous mode
Fri Feb 19 00:20:47 2016 kern.info kernel: [ 639.346151] device eth0 left promiscuous mode
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: ===============================================================================
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Memory usage summary:
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Total non-mmapped bytes (arena): 243034144
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Bytes in mapped regions (hblkhd): 18939904
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Total allocated space (uordblks): 229600432
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Total free space (fordblks): 13433712
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Topmost releasable block (keepcost): 153360
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: ===============================================================================
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Packet I/O Totals:
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Received: 737
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Analyzed: 737 (100.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Dropped: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Filtered: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Outstanding: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Injected: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: ===============================================================================
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Breakdown by protocol (includes rebuilt packets):
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Eth: 737 (100.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: VLAN: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: IP4: 51 ( 6.920%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Frag: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: ICMP: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: UDP: 47 ( 6.377%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: TCP: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: IP6: 1 ( 0.136%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: IP6 Ext: 1 ( 0.136%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: IP6 Opts: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Frag6: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: ICMP6: 1 ( 0.136%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: UDP6: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: TCP6: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Teredo: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: ICMP-IP: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: IP4/IP4: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: IP4/IP6: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: IP6/IP4: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: IP6/IP6: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: GRE: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: GRE Eth: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: GRE VLAN: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: GRE IP4: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: GRE IP6: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: GRE IP6 Ext: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: GRE PPTP: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: GRE ARP: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: GRE IPX: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: GRE Loop: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: MPLS: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: ARP: 685 ( 92.944%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: IPX: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Eth Loop: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Eth Disc: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: IP4 Disc: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: IP6 Disc: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: TCP Disc: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: UDP Disc: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: ICMP Disc: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: All Discard: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Other: 4 ( 0.543%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Bad Chk Sum: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Bad TTL: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: S5 G 1: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: S5 G 2: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Total: 737
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: ===============================================================================
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Action Stats:
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Alerts: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Logged: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Passed: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Limits:
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Match: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Queue: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Log: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Event: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Alert: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Verdicts:
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Allow: 733 ( 99.457%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Block: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Replace: 4 ( 0.543%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Whitelist: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Blacklist: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Ignore: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Retry: 0 ( 0.000%)
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: ===============================================================================
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Normalizer statistics:
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: ip4::trim: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would ip4::trim: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: ip4::tos: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would ip4::tos: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: ip4::df: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would ip4::df: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: ip4::rf: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would ip4::rf: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: ip4::ttl: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would ip4::ttl: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: ip4::opts: 4
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would ip4::opts: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: icmp4::echo: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would icmp4::echo: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: ip6::ttl: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would ip6::ttl: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: ip6::opts: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would ip6::opts: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: icmp6::echo: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would icmp6::echo: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: tcp::syn_opt: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would tcp::syn_opt: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: tcp::opt: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would tcp::opt: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: tcp::pad: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would tcp::pad: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: tcp::rsv: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would tcp::rsv: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: tcp::ns: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would tcp::ns: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: tcp::urp: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would tcp::urp: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: tcp::ecn_pkt: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would tcp::ecn_pkt: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: tcp::ts_ecr: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would tcp::ts_ecr: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: tcp::req_urg: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would tcp::req_urg: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: tcp::req_pay: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would tcp::req_pay: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: tcp::req_urp: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would tcp::req_urp: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: tcp::ecn_ssn: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would tcp::ecn_ssn: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: tcp::ts_nop: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would tcp::ts_nop: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: tcp::ips_data: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would tcp::ips_data: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: tcp::block: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would tcp::block: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: tcp::trim_syn: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would tcp::trim_syn: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: tcp::trim_rst: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would tcp::trim_rst: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: tcp::trim_win: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would tcp::trim_win: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: tcp::trim_mss: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Would tcp::trim_mss: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: ===============================================================================
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Frag3 statistics:
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Total Fragments: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Frags Reassembled: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Discards: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Memory Faults: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Timeouts: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Overlaps: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Anomalies: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Alerts: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Drops: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: FragTrackers Added: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: FragTrackers Dumped: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: FragTrackers Auto Freed: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Frag Nodes Inserted: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Frag Nodes Deleted: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: ===============================================================================
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: ===============================================================================
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Stream statistics:
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Total sessions: 1
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: TCP sessions: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: UDP sessions: 1
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: ICMP sessions: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: IP sessions: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: TCP Prunes: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: UDP Prunes: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: ICMP Prunes: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: IP Prunes: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: TCP StreamTrackers Created: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: TCP StreamTrackers Deleted: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: TCP Timeouts: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: TCP Overlaps: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: TCP Segments Queued: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: TCP Segments Released: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: TCP Rebuilt Packets: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: TCP Segments Used: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: TCP Discards: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: TCP Gaps: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: UDP Sessions Created: 1
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: UDP Sessions Deleted: 1
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: UDP Timeouts: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: UDP Discards: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Events: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Internal Events: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: TCP Port Filter
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Filtered: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Inspected: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Tracked: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: UDP Port Filter
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Filtered: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Inspected: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Tracked: 1
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: ===============================================================================
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: ===============================================================================
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: dcerpc2 Preprocessor Statistics
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Total sessions: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: ===============================================================================
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: ===============================================================================
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: SIP Preprocessor Statistics
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: Total sessions: 0
Fri Feb 19 00:20:48 2016 daemon.notice snort[4001]: ===============================================================================
Fri Feb 19 00:20:49 2016 daemon.notice snort[4001]: Snort exiting
Fri Feb 19 00:20:49 2016 kern.notice kernel: [ 641.165908] eth1: 1000 Mbps Full duplex, port 1
Fri Feb 19 00:20:49 2016 daemon.notice netifd: Network device 'eth1' link is up
Fri Feb 19 00:20:49 2016 daemon.notice netifd: Network device 'eth2' link is up
Fri Feb 19 00:20:49 2016 daemon.notice netifd: Interface 'wan6' has link connectivity
Fri Feb 19 00:20:49 2016 daemon.notice netifd: Interface 'wan6' is setting up now
Fri Feb 19 00:20:49 2016 kern.notice kernel: [ 641.186003] eth2: 1000 Mbps Full duplex, port 2
Fri Feb 19 00:20:49 2016 kern.info kernel: [ 641.186031] br-lan: port 1(eth1) entered forwarding state
Fri Feb 19 00:20:49 2016 kern.info kernel: [ 641.186055] br-lan: port 1(eth1) entered forwarding state
Fri Feb 19 00:20:49 2016 kern.info kernel: [ 641.186106] IPv6: ADDRCONF(NETDEV_CHANGE): eth2: link becomes ready
Fri Feb 19 00:20:49 2016 daemon.notice netifd: Interface 'wan6' is now up
Fri Feb 19 00:20:49 2016 daemon.notice netifd: Bridge 'br-lan' link is up
Fri Feb 19 00:20:49 2016 daemon.notice netifd: Interface 'lan' has link connectivity
Fri Feb 19 00:20:49 2016 daemon.notice netifd: Interface 'lan' is setting up now
Fri Feb 19 00:20:49 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity
Fri Feb 19 00:20:49 2016 daemon.notice netifd: lan (6287): udhcpc (v1.23.2) started
Fri Feb 19 00:20:49 2016 daemon.notice netifd: lan (6287): Sending discover...
Fri Feb 19 00:20:49 2016 user.notice firewall: Reloading firewall due to ifup of wan6 (eth2)
Fri Feb 19 00:20:51 2016 kern.info kernel: [ 643.185818] br-lan: port 1(eth1) entered forwarding state
Fri Feb 19 00:20:52 2016 daemon.notice netifd: lan (6287): Sending discover...
Fri Feb 19 00:20:53 2016 user.notice ddns-scripts[6407]: myddns_ipv6: PID '6407' started at 2016-02-19 00:20
Fri Feb 19 00:20:53 2016 user.warn ddns-scripts[6407]: myddns_ipv6: Service section disabled! - TERMINATE
Fri Feb 19 00:20:53 2016 user.warn ddns-scripts[6407]: myddns_ipv6: PID '6407' exit WITH ERROR '1' at 2016-02-19 00:20
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Enabling inline operation
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Found pid path directive (/var/snort/)
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Running in IDS mode
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]:
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: --== Initializing Snort ==--
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Initializing Output Plugins!
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Initializing Preprocessors!
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Initializing Plug-ins!
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Parsing Rules file "/etc/snort/snort_bridge.conf"
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: PortVar 'HTTP_PORTS' defined :
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: [ 36 80:90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 33300 34412 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]:
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: PortVar 'SHELLCODE_PORTS' defined :
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: [ 1:65535 ]
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]:
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: PortVar 'ORACLE_PORTS' defined :
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: [ 1024:65535 ]
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]:
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: PortVar 'SSH_PORTS' defined :
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: [ 22 ]
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]:
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: PortVar 'FTP_PORTS' defined :
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: [ 21 2100 3535 ]
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]:
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: PortVar 'SIP_PORTS' defined :
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: [ 5060:5061 5600 ]
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]:
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: PortVar 'FILE_DATA_PORTS' defined :
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: [ 36 80:90 110 143 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000:7001 7071 7144:7145 7510 7770 7777:7779 8000 8008 8014 8028 8080:8082 8085 8088 8090 8118 8123 8180:8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090:9091 9111 9290 9443 9999:10000 11371 12601 13014 15489 29991 3330Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]:
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: PortVar 'GTP_PORTS' defined :
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: [ 2123 2152 3386 ]
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]:
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Detection:
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Search-Method = AC-Full
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Search-Method-Optimizations = enabled
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Maximum pattern length = 20
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Found pid path directive (/var/snort/)
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Tagged Packet Limit: 256
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so...
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: done
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/...
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_gtp_preproc.so...
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: done
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so...
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: done
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so...
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: done
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_reputation_preproc.so...
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: done
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_modbus_preproc.so...
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: done
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_imap_preproc.so...
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: done
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so...
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: done
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dnp3_preproc.so...
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: done
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_pop_preproc.so...
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: done
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sip_preproc.so...
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: done
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so...
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: done
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so...
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: done
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so...
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: done
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Loading dynamic preprocessor library /usr/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so...
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: done
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Finished Loading all dynamic preprocessor libs from /usr/lib/snort_dynamicpreprocessor/
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Log directory = /tmp/snort/
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Normalizer config:
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: ip4: on
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: ip4::df: off
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: ip4::rf: off
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: ip4::tos: off
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: ip4::trim: off
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: ip4::ttl: on (min=1, new=5)
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Normalizer config:
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: tcp: on
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: tcp::ecn: stream
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: tcp::block: off
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: tcp::rsv: off
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: tcp::pad: off
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: tcp::req_urg: off
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: tcp::req_pay: off
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: tcp::req_urp: off
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: tcp::urp: off
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: tcp::opt: off
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: tcp::ips: on
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: tcp::trim_syn: off
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: tcp::trim_rst: off
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: tcp::trim_win: off
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: tcp::trim_mss: off
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Normalizer config:
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: icmp4: on
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Normalizer config:
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: ip6: on
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: ip6::hops: on (min=1, new=5)
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Normalizer config:
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: icmp6: on
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Frag3 global config:
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max frags: 65536
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Fragment memory cap: 4194304 bytes
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Frag3 engine config:
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Bound Address: default
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Target-based policy: WINDOWS
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Fragment timeout: 180 seconds
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Fragment min_ttl: 1
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Fragment Anomalies: Alert
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Overlap Limit: 10
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Min fragment Length: 100
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max Expected Streams: 39
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Stream global config:
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Track TCP sessions: ACTIVE
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max TCP sessions: 10000
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: TCP cache pruning timeout: 30 seconds
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: TCP cache nominal timeout: 3600 seconds
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Memcap (for reassembly packet storage): 8388608
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Track UDP sessions: ACTIVE
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max UDP sessions: 10000
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: UDP cache pruning timeout: 30 seconds
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: UDP cache nominal timeout: 180 seconds
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Track ICMP sessions: ACTIVE
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max ICMP sessions: 65536
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Track IP sessions: INACTIVE
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Log info if session memory consumption exceeds 1048576
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Send up to 2 active responses
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Wait at least 5 seconds between responses
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Protocol Aware Flushing: ACTIVE
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Maximum Flush Point: 16000
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Stream TCP Policy config:
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Bound Address: default
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Reassembly Policy: WINDOWS
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Timeout: 180 seconds
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Limit on TCP Overlaps: 10
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Maximum number of bytes to queue per session: 1048576
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Maximum number of segs to queue per session: 2621
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Options:
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Require 3-Way Handshake: YES
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 3-Way Handshake Timeout: 180
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Detect Anomalies: YES
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Reassembly Ports:
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 21 client (Footprint-IPS)
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 22 client (Footprint-IPS)
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 23 client (Footprint-IPS)
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 25 client (Footprint-IPS)
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 36 client (Footprint-IPS) server (Footprint-IPS)
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 42 client (Footprint-IPS)
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 53 client (Footprint-IPS)
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 70 client (Footprint-IPS)
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 79 client (Footprint-IPS)
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 80 client (Footprint-IPS) server (Footprint-IPS)
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 81 client (Footprint-IPS) server (Footprint-IPS)
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 82 client (Footprint-IPS) server (Footprint-IPS)
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 83 client (Footprint-IPS) server (Footprint-IPS)
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 84 client (Footprint-IPS) server (Footprint-IPS)
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 85 client (Footprint-IPS) server (Footprint-IPS)
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 86 client (Footprint-IPS) server (Footprint-IPS)
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 87 client (Footprint-IPS) server (Footprint-IPS)
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 88 client (Footprint-IPS) server (Footprint-IPS)
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 89 client (Footprint-IPS) server (Footprint-IPS)
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 90 client (Footprint-IPS) server (Footprint-IPS)
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: additional ports configured but not printed.
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Stream UDP Policy config:
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Timeout: 180 seconds
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: HttpInspect Config:
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: GLOBAL CONFIG
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Detect Proxy Usage: NO
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: IIS Unicode Map Filename: /etc/snort/unicode.map
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: IIS Unicode Map Codepage: 1252
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Memcap used for logging URI and Hostname: 150994944
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max Gzip Memory: 838860
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max Gzip Sessions: 1807
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Gzip Compress Depth: 65535
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Gzip Decompress Depth: 65535
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: DEFAULT SERVER CONFIG:
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Server profile: All
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Ports (PAF): 36 80 81 82 83 84 85 86 87 88 89 90 311 383 555 591 593 631 801 808 818 901 972 1158 1220 1414 1533 1741 1830 1942 2231 2301 2381 2809 2980 3029 3037 3057 3128 3443 3702 4000 4343 4848 5000 5117 5250 5600 6080 6173 6988 7000 7001 7071 7144 7145 7510 7770 7777 7778 7779 8000 8008 8014 8028 8080 8081 8082 8085 8088 8090 8118 8123 8180 8181 8222 8243 8280 8300 8333 8344 8500 8509 8800 8888 8899 8983 9000 9060 9080 9090 9091 9111 9290 9443 Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Server Flow Depth: 0
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Client Flow Depth: 0
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max Chunk Length: 500000
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Small Chunk Length Evasion: chunk size <= 10, threshold >= 5 times
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max Header Field Length: 750
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max Number Header Fields: 100
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max Number of WhiteSpaces allowed with header folding: 200
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Inspect Pipeline Requests: YES
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: URI Discovery Strict Mode: NO
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Allow Proxy Usage: NO
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Disable Alerting: NO
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Oversize Dir Length: 500
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Only inspect URI: NO
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Normalize HTTP Headers: NO
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Inspect HTTP Cookies: YES
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Inspect HTTP Responses: YES
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Extract Gzip from responses: YES
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Decompress response files:
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Unlimited decompression of gzip data from responses: YES
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Normalize Javascripts in HTTP Responses: YES
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max Number of WhiteSpaces allowed with Javascript Obfuscation in HTTP responses: 200
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Normalize HTTP Cookies: NO
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Enable XFF and True Client IP: NO
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Log HTTP URI data: NO
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Log HTTP Hostname data: NO
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Extended ASCII code support in URI: NO
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Ascii: YES alert: NO
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Double Decoding: YES alert: NO
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: %U Encoding: YES alert: YES
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Bare Byte: YES alert: NO
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: UTF 8: YES alert: NO
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: IIS Unicode: YES alert: NO
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Multiple Slash: YES alert: NO
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: IIS Backslash: YES alert: NO
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Directory Traversal: YES alert: NO
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Web Root Traversal: YES alert: NO
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Apache WhiteSpace: YES alert: NO
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: IIS Delimiter: YES alert: NO
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Whitespace Characters: 0x09 0x0b 0x0c 0x0d
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: rpc_decode arguments:
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: alert_fragments: INACTIVE
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: alert_large_fragments: INACTIVE
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: alert_incomplete: INACTIVE
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: alert_multiple_requests: INACTIVE
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Portscan Detection Config:
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Detect Protocols: TCP UDP ICMP IP
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Detect Scan Type: portscan portsweep decoy_portscan distributed_portscan
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Sensitivity Level: Medium
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Memcap (in bytes): 500000
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Number of Nodes: 978
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: FTPTelnet Config:
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: GLOBAL CONFIG
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Inspection Type: stateful
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Check for Encrypted Traffic: YES alert: NO
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Continue to check encrypted data: YES
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: TELNET CONFIG:
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Ports: 23
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Are You There Threshold: 20
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Normalize: YES
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Detect Anomalies: YES
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: FTP CONFIG:
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: FTP Server: default
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Ports (PAF): 21 2100 3535
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Check for Telnet Cmds: YES alert: YES
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Ignore Telnet Cmd Operations: YES alert: YES
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Ignore open data channels: NO
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: FTP Client: default
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Check for Bounce Attacks: YES alert: YES
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Check for Telnet Cmds: YES alert: YES
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Ignore Telnet Cmd Operations: YES alert: YES
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max Response Length: 256
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: SSH config:
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Autodetection: ENABLED
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Challenge-Response Overflow Alert: ENABLED
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: SSH1 CRC32 Alert: ENABLED
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Server Version String Overflow Alert: ENABLED
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Protocol Mismatch Alert: ENABLED
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Bad Message Direction Alert: DISABLED
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Bad Payload Size Alert: DISABLED
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Unrecognized Version Alert: DISABLED
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max Encrypted Packets: 20
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max Server Version String Length: 100
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: MaxClientBytes: 19600 (Default)
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Ports:
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 22
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]:
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: DCE/RPC 2 Preprocessor Configuration
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Global Configuration
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: DCE/RPC Defragmentation: Enabled
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Memcap: 102400 KB
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Events: co
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: SMB Fingerprint policy: Disabled
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Server Default Configuration
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Policy: WinXP
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Detect ports (PAF)
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: SMB: 139 445
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: TCP: 135
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: UDP: 135
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: RPC over HTTP server: 593
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: RPC over HTTP proxy: None
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Autodetect ports (PAF)
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: SMB: None
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: TCP: 1025-65535
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: UDP: 1025-65535
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: RPC over HTTP server: 1025-65535
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: RPC over HTTP proxy: None
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Invalid SMB shares: C$ D$ ADMIN$
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Maximum SMB command chaining: 3 commands
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: SMB file inspection: Disabled
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: DNS config:
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: DNS Client rdata txt Overflow Alert: ACTIVE
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Obsolete DNS RR Types Alert: INACTIVE
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Experimental DNS RR Types Alert: INACTIVE
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Ports:
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 53
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]:
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: SSLPP config:
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Encrypted packets: not inspected
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Ports:
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 443 465 563 636 989
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 992 993 994 995 7801
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 7802 7900 7901 7902 7903
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 7904 7905 7906 7907 7908
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 7909 7910 7911 7912 7913
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 7914 7915 7916 7917 7918
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 7919 7920
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Server side data is trusted
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Maximum SSL Heartbeat length: 0
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Sensitive Data preprocessor config:
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Global Alert Threshold: 25
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Masked Output: DISABLED
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: SIP config:
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max number of sessions: 1024
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max number of dialogs in a session: 4 (Default)
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Status: ENABLED
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Ignore media channel: DISABLED
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max URI length: 512
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max Call ID length: 80
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max Request name length: 20 (Default)
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max From length: 256 (Default)
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max To length: 256 (Default)
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max Via length: 1024 (Default)
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max Contact length: 512
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Max Content length: 2048
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Ports:
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 5060
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 5061
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: 5600
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]:
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Methods:
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]:
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: invite
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: cancel
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: ack
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: bye
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: register
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: options
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: refer
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: subscribe
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: update
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: join
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: info
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: message
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: notify
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: benotify
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: do
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: qauth
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: sprack
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: publish
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: service
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: unsubscribe
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: prack
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]:
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]:
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: +++++++++++++++++++++++++++++++++++++++++++++++++++
Fri Feb 19 00:20:54 2016 daemon.notice snort[6456]: Initializing rule chains...
Fri Feb 19 00:20:55 2016 daemon.notice netifd: lan (6287): Sending discover...
Fri Feb 19 00:20:55 2016 daemon.notice snort[6456]: WARNING: /etc/snort/rules/snort.rules(1218) threshold (in rule) is deprecated; use detection_filter instead.

Fri Feb 19 00:20:58 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:20:59 2016 kern.notice kernel: [ 651.185703] eth1: Link down
Fri Feb 19 00:20:59 2016 kern.info kernel: [ 651.185787] br-lan: port 1(eth1) entered disabled state
Fri Feb 19 00:20:59 2016 daemon.notice netifd: Network device 'eth1' link is down
Fri Feb 19 00:20:59 2016 kern.notice kernel: [ 651.206057] eth2: Link down
Fri Feb 19 00:21:00 2016 daemon.notice netifd: Bridge 'br-lan' link is down
Fri Feb 19 00:21:00 2016 daemon.notice netifd: Interface 'lan' has link connectivity loss
Fri Feb 19 00:21:00 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity loss
Fri Feb 19 00:21:00 2016 daemon.notice netifd: Network device 'eth2' link is down
Fri Feb 19 00:21:00 2016 daemon.notice netifd: Interface 'wan6' has link connectivity loss
Fri Feb 19 00:21:00 2016 daemon.notice netifd: Interface 'wan6' is now down
Fri Feb 19 00:21:00 2016 daemon.notice netifd: Interface 'wan6' is disabled
Fri Feb 19 00:21:00 2016 daemon.notice netifd: Interface 'wan6' is enabled
Fri Feb 19 00:21:00 2016 kern.info kernel: [ 652.199943] IPv6: ADDRCONF(NETDEV_UP): eth2: link is not ready
Fri Feb 19 00:21:00 2016 daemon.notice netifd: lan (6287): Received SIGTERM
Fri Feb 19 00:21:02 2016 daemon.notice netifd: Network device 'eth1' link is up
Fri Feb 19 00:21:02 2016 daemon.notice netifd: Network device 'eth2' link is up
Fri Feb 19 00:21:02 2016 daemon.notice netifd: Interface 'wan6' has link connectivity
Fri Feb 19 00:21:02 2016 daemon.notice netifd: Interface 'wan6' is setting up now
Fri Feb 19 00:21:02 2016 kern.notice kernel: [ 654.195935] eth1: 1000 Mbps Full duplex, port 1
Fri Feb 19 00:21:02 2016 kern.info kernel: [ 654.195972] br-lan: port 1(eth1) entered forwarding state
Fri Feb 19 00:21:02 2016 kern.info kernel: [ 654.196004] br-lan: port 1(eth1) entered forwarding state
Fri Feb 19 00:21:02 2016 kern.info kernel: [ 654.196687] IPv6: ADDRCONF(NETDEV_CHANGE): eth2: link becomes ready
Fri Feb 19 00:21:02 2016 daemon.notice netifd: Interface 'wan6' is now up
Fri Feb 19 00:21:02 2016 daemon.notice netifd: Bridge 'br-lan' link is up
Fri Feb 19 00:21:02 2016 daemon.notice netifd: Interface 'lan' has link connectivity
Fri Feb 19 00:21:02 2016 daemon.notice netifd: Interface 'lan' is setting up now
Fri Feb 19 00:21:02 2016 daemon.notice netifd: Interface 'blockdomain' has link connectivity
Fri Feb 19 00:21:02 2016 kern.notice kernel: [ 654.215940] eth2: 1000 Mbps Full duplex, port 2
Fri Feb 19 00:21:02 2016 daemon.notice netifd: lan (6509): udhcpc (v1.23.2) started
Fri Feb 19 00:21:02 2016 daemon.notice netifd: lan (6509): Sending discover...
Fri Feb 19 00:21:02 2016 user.notice firewall: Reloading firewall due to ifup of wan6 (eth2)
Fri Feb 19 00:21:03 2016 daemon.notice snort[6456]: 13285 Snort rules read
Fri Feb 19 00:21:03 2016 daemon.notice snort[6456]: 13285 detection rules
Fri Feb 19 00:21:03 2016 daemon.notice snort[6456]: 0 decoder rules
Fri Feb 19 00:21:03 2016 daemon.notice snort[6456]: 0 preprocessor rules
Fri Feb 19 00:21:03 2016 daemon.notice snort[6456]: 13285 Option Chains linked into 252 Chain Headers
Fri Feb 19 00:21:03 2016 daemon.notice snort[6456]: 0 Dynamic rules
Fri Feb 19 00:21:03 2016 daemon.notice snort[6456]: +++++++++++++++++++++++++++++++++++++++++++++++++++
Fri Feb 19 00:21:03 2016 daemon.notice snort[6456]:
Fri Feb 19 00:21:04 2016 kern.info kernel: [ 656.195827] br-lan: port 1(eth1) entered forwarding state
Fri Feb 19 00:21:05 2016 daemon.notice netifd: lan (6509): Sending discover...
Fri Feb 19 00:21:06 2016 user.notice ddns-scripts[6629]: myddns_ipv6: PID '6629' started at 2016-02-19 00:21
Fri Feb 19 00:21:06 2016 user.warn ddns-scripts[6629]: myddns_ipv6: Service section disabled! - TERMINATE
Fri Feb 19 00:21:06 2016 user.warn ddns-scripts[6629]: myddns_ipv6: PID '6629' exit WITH ERROR '1' at 2016-02-19 00:21
Fri Feb 19 00:21:08 2016 daemon.notice netifd: lan (6509): Sending discover...
Fri Feb 19 00:21:10 2016 kern.notice kernel: [ 662.215671] eth1: Link down
Fri Feb 19 00:21:10 2016 daemon.notice netifd: Network device 'eth1' link is down
Fri Feb 19 00:21:10 2016 kern.info kernel: [ 662.235857] br-lan: port 1(eth1) entered disabled state
Fri Feb 19 00:21:11 2016 daemon.notice netifd: Network device 'eth1' link is up
Fri Feb 19 00:21:11 2016 kern.notice kernel: [ 663.225953] eth1: 1000 Mbps Full duplex, port 1
Fri Feb 19 00:21:11 2016 kern.info kernel: [ 663.226073] br-lan: port 1(eth1) entered forwarding state
Fri Feb 19 00:21:11 2016 kern.info kernel: [ 663.226102] br-lan: port 1(eth1) entered forwarding state
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: +-------------------[Rule Port Counts]---------------------------------------
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | tcp udp icmp ip
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | src 1980 40 0 0
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | dst 10553 492 0 0
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | any 206 16 0 0
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | nc 7 1 0 0
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | s+d 46 15 0 0
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: +----------------------------------------------------------------------------
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]:
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: +-----------------------[detection-filter-config]------------------------------
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | memory-cap : 1048576 bytes
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: +-----------------------[detection-filter-rules]-------------------------------
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: -------------------------------------------------------------------------------
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]:
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: +-----------------------[rate-filter-config]-----------------------------------
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | memory-cap : 1048576 bytes
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: +-----------------------[rate-filter-rules]------------------------------------
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | none
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: -------------------------------------------------------------------------------
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]:
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: +-----------------------[event-filter-config]----------------------------------
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | memory-cap : 1048576 bytes
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: +-----------------------[event-filter-global]----------------------------------
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | none
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: +-----------------------[event-filter-local]-----------------------------------
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2011808 type=Limit tracking=src count=1 seconds=30
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2011809 type=Limit tracking=src count=1 seconds=30
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2011767 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2011766 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019211 type=Both tracking=src count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019230 type=Both tracking=src count=50 seconds=10
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2004443 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2011887 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003384 type=Limit tracking=src count=1 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003387 type=Limit tracking=src count=5 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003397 type=Both tracking=src count=1 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2013547 type=Limit tracking=src count=1 seconds=600
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018292 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021018 type=Both tracking=dst count=10 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008847 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008919 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008914 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008916 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008912 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008913 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008941 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008956 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019102 type=Both tracking=src count=2 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018088 type=Limit tracking=src count=1 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2010643 type=Threshold tracking=src count=5 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2010642 type=Threshold tracking=src count=5 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003286 type=Both tracking=dst count=1 seconds=900
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003287 type=Both tracking=dst count=1 seconds=900
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018094 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018090 type=Limit tracking=src count=1 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003266 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003267 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003260 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003261 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003262 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003263 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003256 type=Both tracking=src count=2 seconds=900
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003257 type=Both tracking=src count=2 seconds=900
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003258 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003259 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003254 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003255 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003280 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003281 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003276 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003277 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003278 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003279 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2010715 type=Limit tracking=src count=1 seconds=180
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003272 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003273 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003274 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003275 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003268 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003269 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003270 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003271 type=Both tracking=src count=1 seconds=900
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008048 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008043 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018208 type=Both tracking=src count=100 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2013492 type=Both tracking=src count=2 seconds=120
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018277 type=Both tracking=src count=5 seconds=90
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019897 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019887 type=Both tracking=src count=12 seconds=120
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019888 type=Both tracking=src count=12 seconds=120
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019889 type=Both tracking=src count=12 seconds=120
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019883 type=Both tracking=src count=12 seconds=120
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019884 type=Both tracking=src count=12 seconds=120
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019885 type=Both tracking=src count=12 seconds=120
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019886 type=Both tracking=src count=12 seconds=120
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2002383 type=Threshold tracking=dst count=5 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019882 type=Both tracking=src count=12 seconds=120
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019876 type=Limit tracking=src count=1 seconds=30
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2009833 type=Threshold tracking=dst count=2 seconds=30
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019950 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019963 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019966 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2002400 type=Limit tracking=src count=2 seconds=360
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019922 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2002402 type=Limit tracking=src count=1 seconds=360
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020022 type=Both tracking=src count=2 seconds=10
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020069 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2009159 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019349 type=Both tracking=dst count=500 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019350 type=Both tracking=dst count=500 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019346 type=Both tracking=dst count=500 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019347 type=Both tracking=dst count=500 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019348 type=Both tracking=dst count=500 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2001795 type=Limit tracking=src count=30 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2011914 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2011915 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2001872 type=Limit tracking=src count=1 seconds=360
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019418 type=Both tracking=src count=50 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2001864 type=Limit tracking=src count=1 seconds=360
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2001858 type=Limit tracking=src count=1 seconds=360
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2001855 type=Limit tracking=src count=1 seconds=360
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2011974 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2011975 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2001906 type=Both tracking=src count=5 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003566 type=Limit tracking=src count=3 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003583 type=Limit tracking=src count=3 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003585 type=Limit tracking=src count=3 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003586 type=Limit tracking=src count=3 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2011029 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2011030 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021170 type=Both tracking=src count=10 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003657 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021171 type=Both tracking=src count=10 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021172 type=Both tracking=dst count=10 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018433 type=Limit tracking=src count=1 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021124 type=Limit tracking=dst count=1 seconds=1200
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021125 type=Limit tracking=dst count=1 seconds=1200
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018455 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003622 type=Limit tracking=src count=3 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2006365 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021260 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008085 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008084 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008073 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008097 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008098 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2002677 type=Both tracking=src count=5 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008096 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021330 type=Both tracking=src count=10 seconds=120
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021331 type=Both tracking=src count=10 seconds=120
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021332 type=Both tracking=src count=10 seconds=120
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021333 type=Both tracking=src count=10 seconds=120
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021326 type=Limit tracking=src count=3 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021327 type=Both tracking=src count=10 seconds=120
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021328 type=Both tracking=src count=10 seconds=120
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021329 type=Both tracking=src count=10 seconds=120
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020305 type=Both tracking=src count=30 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020306 type=Both tracking=dst count=30 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008147 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008214 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008215 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008216 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008209 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008211 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008208 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2015577 type=Limit tracking=src count=1 seconds=30
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008231 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020323 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008228 type=Limit tracking=src count=3 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008181 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020338 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008184 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008199 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008276 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018316 type=Both tracking=dst count=12 seconds=120
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008266 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2010953 type=Limit tracking=src count=10 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003497 type=Limit tracking=src count=3 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003493 type=Limit tracking=src count=2 seconds=360
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008262 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018430 type=Limit tracking=src count=1 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018431 type=Limit tracking=src count=1 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008264 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018432 type=Limit tracking=src count=1 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008257 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008259 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008253 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008255 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018382 type=Limit tracking=dst count=1 seconds=120
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018383 type=Limit tracking=src count=1 seconds=120
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018373 type=Limit tracking=src count=1 seconds=120
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018374 type=Limit tracking=src count=1 seconds=120
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018372 type=Limit tracking=src count=1 seconds=120
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018389 type=Limit tracking=src count=1 seconds=120
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018388 type=Limit tracking=src count=1 seconds=120
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2009867 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020167 type=Both tracking=src count=1 seconds=10
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2002664 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2005320 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020240 type=Limit tracking=src count=1 seconds=180
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2009355 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2009356 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021572 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2014103 type=Both tracking=src count=15 seconds=30
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021573 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021574 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021575 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2016867 type=Limit tracking=src count=1 seconds=600
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2014153 type=Both tracking=src count=225 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2014140 type=Both tracking=src count=5 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2014141 type=Both tracking=src count=5 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2009480 type=Limit tracking=dst count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2009481 type=Threshold tracking=dst count=20 seconds=40
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019609 type=Both tracking=src count=50 seconds=10
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2016897 type=Limit tracking=src count=2 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2009544 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2009547 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2009537 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2009538 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2009534 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2009512 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019692 type=Both tracking=src count=12 seconds=120
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008494 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008495 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008488 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2012204 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008510 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008504 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008460 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008463 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008453 type=Threshold tracking=src count=5 seconds=30
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008454 type=Threshold tracking=src count=5 seconds=30
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2011146 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008455 type=Threshold tracking=src count=5 seconds=30
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008464 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008549 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008544 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008571 type=Threshold tracking=dst count=2 seconds=5
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008564 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018607 type=Limit tracking=src count=1 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008560 type=Threshold tracking=dst count=4 seconds=15
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008512 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008513 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008514 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2015986 type=Both tracking=src count=100 seconds=1
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2006546 type=Both tracking=src count=5 seconds=30
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018666 type=Both tracking=dst count=12 seconds=120
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2014002 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018755 type=Both tracking=src count=5 seconds=120
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021443 type=Both tracking=src count=10 seconds=120
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021444 type=Both tracking=src count=10 seconds=120
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003930 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003927 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021409 type=Both tracking=src count=10 seconds=120
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021410 type=Both tracking=src count=10 seconds=120
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2014020 type=Both tracking=src count=5 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2013017 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2002842 type=Both tracking=src count=5 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2013036 type=Limit tracking=src count=1 seconds=3
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2000929 type=Limit tracking=src count=1 seconds=360
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008361 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008363 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008352 type=Limit tracking=src count=1 seconds=3600
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008353 type=Limit tracking=src count=1 seconds=3600
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008355 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008343 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008428 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008429 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008424 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008427 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008422 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008423 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008440 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008391 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008413 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008400 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018568 type=Limit tracking=src count=1 seconds=120
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018569 type=Limit tracking=src count=1 seconds=120
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2000049 type=Limit tracking=dst count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2000048 type=Limit tracking=dst count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2014869 type=Limit tracking=src count=1 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2000031 type=Limit tracking=dst count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2017721 type=Both tracking=src count=5 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2017722 type=Both tracking=src count=5 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2011585 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2021691 type=Limit tracking=src count=3 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019019 type=Both tracking=dst count=2 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019020 type=Both tracking=dst count=2 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019021 type=Both tracking=dst count=2 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019022 type=Both tracking=src count=2 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019015 type=Both tracking=src count=1 seconds=120
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019016 type=Both tracking=dst count=2 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019017 type=Both tracking=dst count=2 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019018 type=Both tracking=dst count=2 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019011 type=Both tracking=src count=1 seconds=120
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019012 type=Both tracking=src count=1 seconds=120
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019013 type=Both tracking=src count=1 seconds=120
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019014 type=Both tracking=src count=1 seconds=120
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019010 type=Both tracking=src count=1 seconds=120
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2009646 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2014372 type=Both tracking=src count=2 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2009703 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2017162 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2017161 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008643 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008657 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008658 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008609 type=Threshold tracking=src count=3 seconds=10
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008603 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2013416 type=Threshold tracking=dst count=10 seconds=20
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020853 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2016101 type=Limit tracking=src count=1 seconds=120
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2013385 type=Limit tracking=src count=1 seconds=360
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2011402 type=Limit tracking=src count=5 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2011403 type=Limit tracking=src count=5 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008663 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2001316 type=Limit tracking=src count=1 seconds=360
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2001315 type=Limit tracking=src count=1 seconds=360
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2016212 type=Limit tracking=src count=1 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008734 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008756 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008749 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008797 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018984 type=Both tracking=src count=1 seconds=30
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018977 type=Both tracking=src count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2018978 type=Both tracking=dst count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2011497 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2010486 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2010487 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2017919 type=Both tracking=dst count=2 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2017920 type=Both tracking=src count=2 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2017921 type=Both tracking=src count=2 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2017918 type=Both tracking=dst count=2 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020668 type=Limit tracking=dst count=1 seconds=1200
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020669 type=Limit tracking=dst count=1 seconds=1200
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020664 type=Limit tracking=dst count=1 seconds=1200
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020665 type=Limit tracking=dst count=1 seconds=1200
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020666 type=Limit tracking=dst count=1 seconds=1200
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020667 type=Limit tracking=dst count=1 seconds=1200
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020660 type=Limit tracking=dst count=1 seconds=1200
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2010494 type=Threshold tracking=src count=5 seconds=120
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020661 type=Limit tracking=dst count=1 seconds=1200
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020662 type=Limit tracking=dst count=1 seconds=1200
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020663 type=Limit tracking=dst count=1 seconds=1200
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020659 type=Limit tracking=dst count=1 seconds=1200
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2010513 type=Threshold tracking=src count=10 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2010508 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020632 type=Limit tracking=dst count=1 seconds=1200
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020633 type=Limit tracking=dst count=1 seconds=1200
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2017967 type=Both tracking=src count=2 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020630 type=Limit tracking=dst count=1 seconds=1200
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020631 type=Limit tracking=dst count=1 seconds=1200
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2017965 type=Both tracking=src count=1 seconds=120
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2017966 type=Both tracking=src count=1 seconds=120
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020741 type=Both tracking=src count=3 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008579 type=Threshold tracking=dst count=20 seconds=15
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020742 type=Both tracking=src count=3 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008577 type=Threshold tracking=dst count=5 seconds=15
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2008578 type=Limit tracking=src count=1 seconds=10
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020702 type=Both tracking=src count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2003171 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2016030 type=Limit tracking=src count=1 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2016031 type=Limit tracking=src count=1 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2016033 type=Limit tracking=src count=1 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2020712 type=Limit tracking=src count=2 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2016016 type=Both tracking=dst count=5 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2012305 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2012306 type=Limit tracking=dst count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2012303 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2012304 type=Limit tracking=src count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019748 type=Limit tracking=src count=1 seconds=600
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019749 type=Limit tracking=src count=1 seconds=600
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2007583 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019778 type=Both tracking=dst count=1 seconds=60
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2001564 type=Limit tracking=src count=5 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2009040 type=Threshold tracking=src count=20 seconds=10
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2001562 type=Limit tracking=src count=2 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2011716 type=Limit tracking=src count=5 seconds=120
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=1 sig-id=2019166 type=Both tracking=src count=5 seconds=300
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: +-----------------------[suppression]------------------------------------------
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=129 sig-id=12 tracking=none
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: | gen-id=129 sig-id=20 tracking=none
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: -------------------------------------------------------------------------------
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: Rule application order: activation->dynamic->pass->drop->sdrop->reject->alert->log
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: Verifying Preprocessor Configurations!
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'ET.Fareit.chk' is set but not ever checked.
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'ET.Onelouder.bin' is set but not ever checked.
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'ET.gadu.loggedin' is checked but not ever set.
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'ET.ButterflyJoin' is set but not ever checked.
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'et.WinHttpRequest' is checked but not ever set.
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'ET.Adobe.Site.Download' is checked but not ever set.
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'et.http.PK' is checked but not ever set.
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'ET.JS.Obfus.Func' is checked but not ever set.
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'ET.webc2ugx' is set but not ever checked.
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'ET.autoit.ua' is checked but not ever set.
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'ET.lethic.established' is set but not ever checked.
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'et.MCOFF' is checked but not ever set.
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'ET.MSSQL' is checked but not ever set.
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'ms.rdp.established' is checked but not ever set.
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'ET.invalid.cab' is checked but not ever set.
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'ET.pdf.in.http' is checked but not ever set.
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'ET.http.binary' is checked but not ever set.
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'EXE2' is set but not ever checked.
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'et.MS.XMLHTTP.ip.request' is checked but not ever set.
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'ET.lizkebab' is checked but not ever set.
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'ET.http.javaclient.vulnerable' is checked but not ever set.
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'ET.http.javaclient.SakuraPorts' is checked but not ever set.
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'et.JavaArchiveOrClass' is checked but not ever set.
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'AnglerEK' is set but not ever checked.
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'et.MS.XMLHTTP.no.exe.request' is checked but not ever set.
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'ET.http.rtf.download' is set but not ever checked.
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'ET.http.javaclient' is checked but not ever set.
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'FlimKit.SWF.Redirect' is checked but not ever set.
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'ET.wininet.UA' is checked but not ever set.
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'SunDown.EK' is set but not ever checked.
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'ET.RDP.Morto' is set but not ever checked.
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: WARNING: flowbits key 'NuclearEK' is set but not ever checked.
Fri Feb 19 00:21:12 2016 daemon.notice snort[6456]: 131 out of 1024 flowbits in use.
Fri Feb 19 00:21:13 2016 kern.info kernel: [ 665.225818] br-lan: port 1(eth1) entered forwarding state
Fri Feb 19 00:21:16 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:21:16 2016 daemon.notice netifd: lan (6509): Sending select for 192.168.1.59...
Fri Feb 19 00:21:16 2016 daemon.notice netifd: lan (6509): Lease of 192.168.1.59 obtained, lease time 86400
Fri Feb 19 00:21:16 2016 daemon.notice netifd: Interface 'lan' is now up
Fri Feb 19 00:21:16 2016 daemon.info dnsmasq[5500]: reading /tmp/resolv.conf.auto
Fri Feb 19 00:21:16 2016 daemon.info dnsmasq[5500]: using local addresses only for domain lan
Fri Feb 19 00:21:16 2016 daemon.info dnsmasq[5500]: using nameserver 192.168.1.1#53
Fri Feb 19 00:21:16 2016 user.notice firewall: Reloading firewall due to ifup of lan (br-lan)
Fri Feb 19 00:21:31 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:21:31 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:21:31 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:21:48 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:21:48 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:21:48 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:22:06 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:22:06 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:22:06 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:22:10 2016 user.notice root: Successful NTP clock adjust (0.us.pool.ntp.org).
Fri Feb 19 00:22:11 2016 daemon.info procd: - init complete -
Fri Feb 19 00:22:12 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:22:12 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:22:12 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:22:19 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:22:19 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:22:19 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]:
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: [ Port Based Pattern Matching Memory ]
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: +- [ Aho-Corasick Summary ] -------------------------------------
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: | Storage Format : Full
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: | Finite Automaton : DFA
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: | Alphabet Size : 256 Chars
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: | Sizeof State : Variable (1,2,4 bytes)
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: | Instances : 335
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: | 1 byte states : 228
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: | 2 byte states : 107
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: | 4 byte states : 0
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: | Characters : 408795
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: | States : 252270
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: | Transitions : 13611564
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: | State Density : 21.1%
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: | Patterns : 34402
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: | Match States : 30013
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: | Memory (MB) : 134.67
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: | Patterns : 3.40
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: | Match Lists : 8.23
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: | DFA
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: | 1 byte states : 3.38
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: | 2 byte states : 119.41
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: | 4 byte states : 0.00
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: +----------------------------------------------------------------
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: [ Number of patterns truncated to 20 bytes: 5427 ]
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: afpacket DAQ configured to inline.
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Acquiring network traffic from "eth0:eth2".
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Initializing daemon mode
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Daemon initialized, signaled parent pid: 1
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Reload thread starting...
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Reload thread started, thread 0xffea13f210 (6830)
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Checking PID path...
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: PID path stat checked out ok, PID path set to /var/snort/
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Writing PID "6456" to file "/var/snort//snort_eth0:eth2.pid"
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]:
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: --== Initialization Complete ==--
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]:
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: ,,_ -*> Snort! <*-
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: o" )~ Version 2.9.7.2 GRE (Build 177)
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: '''' By Martin Roesch & The Snort Team: http://www.snort.org/contact#team
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Copyright (C) 2014 Cisco and/or its affiliates. All rights reserved.
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Using libpcap version 1.5.3
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Using PCRE version: 8.36 2014-09-26
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Using ZLIB version: 1.2.8
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]:
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Rules Engine: SF_SNORT_DETECTION_ENGINE Version 2.4 <Build 1>
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Preprocessor Object: SF_DCERPC2 Version 1.0 <Build 3>
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Preprocessor Object: SF_DNS Version 1.1 <Build 4>
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Preprocessor Object: SF_FTPTELNET Version 1.2 <Build 13>
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Preprocessor Object: SF_SDF Version 1.1 <Build 1>
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Preprocessor Object: SF_SIP Version 1.1 <Build 1>
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Preprocessor Object: SF_POP Version 1.0 <Build 1>
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Preprocessor Object: SF_DNP3 Version 1.1 <Build 1>
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Preprocessor Object: SF_SSLPP Version 1.1 <Build 4>
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Preprocessor Object: SF_IMAP Version 1.0 <Build 1>
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Preprocessor Object: SF_MODBUS Version 1.1 <Build 1>
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Preprocessor Object: SF_REPUTATION Version 1.1 <Build 1>
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Preprocessor Object: SF_SMTP Version 1.1 <Build 9>
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Preprocessor Object: SF_SSH Version 1.1 <Build 3>
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Preprocessor Object: SF_GTP Version 1.1 <Build 1>
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Commencing packet processing (pid=6456)
Fri Feb 19 00:22:25 2016 daemon.notice snort[6456]: Decoding Ethernet
Fri Feb 19 00:22:25 2016 kern.info kernel: [ 737.185840] device eth2 entered promiscuous mode
Fri Feb 19 00:22:25 2016 kern.info kernel: [ 737.335825] device eth0 entered promiscuous mode
Fri Feb 19 00:22:32 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:22:32 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:22:32 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:22:45 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:22:45 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:22:45 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:22:53 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:22:53 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:22:53 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:22:57 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:22:57 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:22:57 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:23:03 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:23:03 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:23:03 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:23:21 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:23:21 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:23:21 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:23:40 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:23:40 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:23:40 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:23:55 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:23:55 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:23:55 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:24:05 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:24:05 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:24:05 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:24:18 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:24:18 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:24:19 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:24:32 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:24:32 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:24:32 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com
Fri Feb 19 00:24:34 2016 daemon.err uhttpd[5285]: cut: standard output: Broken pipe
Fri Feb 19 00:24:35 2016 daemon.err uhttpd[5285]: cat: can't open '/.do_date': No such file or directory
Fri Feb 19 00:24:35 2016 daemon.info dnsmasq[5500]: query[A] yourhost.example.com from 127.0.0.1
Fri Feb 19 00:24:35 2016 daemon.info dnsmasq[5500]: forwarded yourhost.example.com to 192.168.1.1
Fri Feb 19 00:24:35 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: yourhost.example.com
Fri Feb 19 00:24:35 2016 daemon.info dnsmasq[5500]: query[AAAA] yourhost.example.com from 127.0.0.1
Fri Feb 19 00:24:35 2016 daemon.info dnsmasq[5500]: forwarded yourhost.example.com to 192.168.1.1
Fri Feb 19 00:24:40 2016 daemon.info dnsmasq[5500]: query[A] yourhost.example.com from 127.0.0.1
Fri Feb 19 00:24:40 2016 daemon.info dnsmasq[5500]: forwarded yourhost.example.com to 192.168.1.1
Fri Feb 19 00:24:40 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: yourhost.example.com
Fri Feb 19 00:24:40 2016 daemon.info dnsmasq[5500]: query[AAAA] yourhost.example.com from 127.0.0.1
Fri Feb 19 00:24:40 2016 daemon.info dnsmasq[5500]: forwarded yourhost.example.com to 192.168.1.1
Fri Feb 19 00:24:45 2016 daemon.info dnsmasq[5500]: query[A] openapi.meshare.com from 192.168.1.118
Fri Feb 19 00:24:45 2016 daemon.info dnsmasq[5500]: forwarded openapi.meshare.com to 192.168.1.1
Fri Feb 19 00:24:45 2016 daemon.warn dnsmasq[5500]: possible DNS-rebind attack detected: openapi.meshare.com