Filename: logs2.pcapng
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etopen-all
Runtime: 13.0125789642 seconds
Hash: fc26247bdac1556a65d6165115c0641e
Uploaded: 1543908162

Logfiles


suricata-4.0.0-etopen-all-alert-2018-12-04-T-07-22-55-12042018.0722-logs2.pcapng.txt - (2576 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
11/28/2018-11:51:59.049076  [**] [1:2101411:12] GPL SNMP public access udp [**] [Classification: Attempted Information Leak] [Priority: 2] {UDP} 192.168.1.65:57993 -> 192.168.1.20:161
11/28/2018-11:52:02.051957  [**] [1:2101411:12] GPL SNMP public access udp [**] [Classification: Attempted Information Leak] [Priority: 2] {UDP} 192.168.1.65:57994 -> 192.168.1.20:161
11/28/2018-11:52:05.056559  [**] [1:2101411:12] GPL SNMP public access udp [**] [Classification: Attempted Information Leak] [Priority: 2] {UDP} 192.168.1.65:57995 -> 192.168.1.20:161
11/28/2018-11:52:08.060292  [**] [1:2101411:12] GPL SNMP public access udp [**] [Classification: Attempted Information Leak] [Priority: 2] {UDP} 192.168.1.65:57996 -> 192.168.1.20:161
11/28/2018-11:52:11.063445  [**] [1:2101411:12] GPL SNMP public access udp [**] [Classification: Attempted Information Leak] [Priority: 2] {UDP} 192.168.1.65:57997 -> 192.168.1.20:161
11/28/2018-11:52:14.066562  [**] [1:2101411:12] GPL SNMP public access udp [**] [Classification: Attempted Information Leak] [Priority: 2] {UDP} 192.168.1.65:57998 -> 192.168.1.20:161
11/28/2018-11:52:17.068768  [**] [1:2101411:12] GPL SNMP public access udp [**] [Classification: Attempted Information Leak] [Priority: 2] {UDP} 192.168.1.65:57999 -> 192.168.1.20:161
11/28/2018-11:52:20.071871  [**] [1:2101411:12] GPL SNMP public access udp [**] [Classification: Attempted Information Leak] [Priority: 2] {UDP} 192.168.1.65:58000 -> 192.168.1.20:161
11/28/2018-11:52:23.079052  [**] [1:2101411:12] GPL SNMP public access udp [**] [Classification: Attempted Information Leak] [Priority: 2] {UDP} 192.168.1.65:58001 -> 192.168.1.20:161
11/28/2018-11:52:26.082180  [**] [1:2101411:12] GPL SNMP public access udp [**] [Classification: Attempted Information Leak] [Priority: 2] {UDP} 192.168.1.65:58002 -> 192.168.1.20:161
11/28/2018-11:52:29.085469  [**] [1:2101411:12] GPL SNMP public access udp [**] [Classification: Attempted Information Leak] [Priority: 2] {UDP} 192.168.1.65:58003 -> 192.168.1.20:161
11/28/2018-11:52:32.088652  [**] [1:2101411:12] GPL SNMP public access udp [**] [Classification: Attempted Information Leak] [Priority: 2] {UDP} 192.168.1.65:58004 -> 192.168.1.20:161
11/28/2018-11:52:35.091789  [**] [1:2101411:12] GPL SNMP public access udp [**] [Classification: Attempted Information Leak] [Priority: 2] {UDP} 192.168.1.65:58005 -> 192.168.1.20:161
11/28/2018-11:52:38.101559  [**] [1:2101411:12] GPL SNMP public access udp [**] [Classification: Attempted Information Leak] [Priority: 2] {UDP} 192.168.1.65:58006 -> 192.168.1.20:161


packet_stats.log - (19342 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       1             2        900085498     3466805702    2183445600          4.4b    0.00
 IPv4       2            12         20129752     2783509284    1207516962         14.5b    0.01
 IPv4       6          1938         30465791     4016807998    2825124084       5475.1b    3.58
 IPv4      17         18288         12608524     4017147849    2969067817      54298.3b   35.50
 IPv6       6           286          4764065     3759669856     995957237        284.8b    0.19
 IPv6      17         30819         12431504     4017275061    2979353823      91820.7b   60.04
 IPv6      58           361        121753418     3998268405    2865768539       1034.5b    0.68
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       1             2           105750         132636        119193        238.4k    0.00
TMM_FLOWWORKER              IPv4       2            12            72477         100194         80073        960.9k    0.01
TMM_FLOWWORKER              IPv4       6          1938            65444        6090790        160856        311.7m    3.72
TMM_FLOWWORKER              IPv4      17         18288           108979       13174766        175232          3.2b   38.26
TMM_RECEIVEPCAPFILE         IPv4       1             2             2550           2581          2565          5.1k    0.00
TMM_RECEIVEPCAPFILE         IPv4       2            12             2557           2836          2635         31.6k    0.00
TMM_RECEIVEPCAPFILE         IPv4       6          1938             2530          52218          2852          5.5m    0.07
TMM_RECEIVEPCAPFILE         IPv4      17         18288             2527          86224          2714         49.6m    0.59
TMM_DECODEPCAPFILE          IPv4       1             2             4067           4069          4068          8.1k    0.00
TMM_DECODEPCAPFILE          IPv4       2            12             2719           3820          3291         39.5k    0.00
TMM_DECODEPCAPFILE          IPv4       6          1938             2647          39177          2988          5.8m    0.07
TMM_DECODEPCAPFILE          IPv4      17         18288             2654          55030          2898         53.0m    0.63
TMM_FLOWWORKER              IPv6       6           286            66253        6148673        175654         50.2m    0.60
TMM_FLOWWORKER              IPv6      17         30819            98147       11760521        144721          4.5b   53.25
TMM_FLOWWORKER              IPv6      58           361            67098         196949         85641         30.9m    0.37
TMM_RECEIVEPCAPFILE         IPv6       6           280             2544          10799          2831        792.7k    0.01
TMM_RECEIVEPCAPFILE         IPv6      17         30819             2525       16548759          3235         99.7m    1.19
TMM_RECEIVEPCAPFILE         IPv6      58           361             2531           3960          2635        951.5k    0.01
TMM_DECODEPCAPFILE          IPv6       6           280             2669        4478456         18896          5.3m    0.06
TMM_DECODEPCAPFILE          IPv6      17         30819             2654        4325428          3053         94.1m    1.12
TMM_DECODEPCAPFILE          IPv6      58           361             2662          38965          3705          1.3m    0.02

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       1             1             3277           3277          3277          3.3k  0.00  
flow                    IPv4       6          1938             2802        4507471          5767         11.2m  0.15  
flow                    IPv4      17         18288             2811        5886631          4465         81.7m  1.10  
stream                  IPv4       6          1938             2535          45067          3061          5.9m  0.08  
app-layer               IPv4      17         18288             2516        5972646          9538        174.4m  2.35  
detect                  IPv4       1             2            93783         125716        109749        219.5k  0.00  
detect                  IPv4       2            12            66913          94819         74023        888.3k  0.01  
detect                  IPv4       6          1938            44182        6066510        135008        261.6m  3.52  
detect                  IPv4      17         18288            91569        9813932        148279          2.7b  36.51 
tcp-prune               IPv4       6          1938             2505          43574          2799          5.4m  0.07  
flow                    IPv6       6           280             2811          29212          3243        908.1k  0.01  
flow                    IPv6      17         30819             2872        5733974          4611        142.1m  1.91  
flow                    IPv6      58           361             2972          30248          4122          1.5m  0.02  
stream                  IPv6       6           286             2669          55575          7268          2.1m  0.03  
app-layer               IPv6      17         30819             2516         624687          8469        261.0m  3.51  
detect                  IPv6       6           286            43967        6119757        148413         42.4m  0.57  
detect                  IPv6      17         30819            81093       11728576        119934          3.7b  49.77 
detect                  IPv6      58           361            55148         154014         72925         26.3m  0.35  
tcp-prune               IPv6       6           286             2509          32268          3079        880.8k  0.01  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
smb2                    IPv4      17            24             2531           3277          2615         62.8k  14.21 
dcerpc                  IPv4      17            11             4654          10528          9994        109.9k  24.87 
smb2                    IPv6       6             2             2638           2914          2776          5.6k  1.26  
smb2                    IPv6      17            36             2525           3277          2613         94.1k  21.29 
dcerpc                  IPv6       6             5             2669           6078          3509         17.5k  3.97  
dcerpc                  IPv6      17            15             4654          10528         10136        152.0k  34.40 
Proto detect            IPv4      17         16612             2628        5963171          3366         55.9m
Proto detect            IPv6      17         28577             2627         111397          3047         87.1m

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4      17            14            60526        1015057        144884          2.0m  34.81 
LOGGER_UNIFIED2             IPv4      17            14            39242         196705         54009        756.1k  12.98 
LOGGER_JSON_ALERT           IPv4      17            14            75256        1764338        217306          3.0m  52.21 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       1             2            11131          13111         12121        24.2k  0.01  
payload                           IPv4       6          1160             3008        5904770         44943        52.1m  16.17 
payload                           IPv4      17         18288             2975          72086          4076        74.6m  23.12 
stream                            IPv4       6          1160             2912        5569980         41359        48.0m  14.88 
Total                             IPv4                 20610                                          8475       174.7m
payload                           IPv6       6           199             2610          92943         25823         5.1m  1.59  
payload                           IPv6      17         30819             2989         384399          4264       131.4m  40.76 
payload                           IPv6      58           361             2754          29643          5502         2.0m  0.62  
stream                            IPv6       6           199             2535        5813985         46287         9.2m  2.86  
Total                             IPv6                 31578                                          4679       147.8m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       1             2            19198          31929         25563         51.1k  0.00  
PROF_DETECT_IPONLY          IPv4       2            12            18943          32222         22703        272.4k  0.00  
PROF_DETECT_IPONLY          IPv4       6             7            12118          49218         23768        166.4k  0.00  
PROF_DETECT_IPONLY          IPv4      17         16626             7169        5955161         21950        365.0m  5.90  
PROF_DETECT_RULES           IPv4       1             2             9897          12608         11252         22.5k  0.00  
PROF_DETECT_RULES           IPv4       2            12             2544          30172          4898         58.8k  0.00  
PROF_DETECT_RULES           IPv4       6          1938             2521        2742373         27953         54.2m  0.88  
PROF_DETECT_RULES           IPv4      17         18288            28577        8837582         52091        952.7m  15.40 
PROF_DETECT_STATEFUL_CONT    IPv4       1             2             2776           3065          2920          5.8k  0.00  
PROF_DETECT_STATEFUL_CONT    IPv4       2            12             2553           3131          2764         33.2k  0.00  
PROF_DETECT_STATEFUL_CONT    IPv4       6          1938             2505          41761          2957          5.7m  0.09  
PROF_DETECT_STATEFUL_CONT    IPv4      17         18288             2500          78719          2894         52.9m  0.86  
PROF_DETECT_PREFILTER       IPv4       1             2            27851          33913         30882         61.8k  0.00  
PROF_DETECT_PREFILTER       IPv4       2            12             8003           9076          8337        100.1k  0.00  
PROF_DETECT_PREFILTER       IPv4       6          1938             7808        5990731         70056        135.8m  2.19  
PROF_DETECT_PREFILTER       IPv4      17         18288            23400        9686222         29191        533.9m  8.63  
PROF_DETECT_PF_PAYLOAD      IPv4       1             2            17017          20125         18571         37.1k  0.00  
PROF_DETECT_PF_PAYLOAD      IPv4       6          1160            13542        5972217         94560        109.7m  1.77  
PROF_DETECT_PF_PAYLOAD      IPv4      17         18288             8032         110878          9557        174.8m  2.83  
PROF_DETECT_PF_SORT1        IPv4       6           979             2540          58699          3049          3.0m  0.05  
PROF_DETECT_PF_SORT1        IPv4      17         18288             2562          74381          2902         53.1m  0.86  
PROF_DETECT_PF_SORT2        IPv4       1             2             2892           3413          3152          6.3k  0.00  
PROF_DETECT_PF_SORT2        IPv4       2            12             2541           3222          2696         32.4k  0.00  
PROF_DETECT_PF_SORT2        IPv4       6          1938             2505          43299          2972          5.8m  0.09  
PROF_DETECT_PF_SORT2        IPv4      17         18288             2530        9664311          4201         76.8m  1.24  
PROF_DETECT_NONMPMLIST      IPv4       1             2             2534           3649          3091          6.2k  0.00  
PROF_DETECT_NONMPMLIST      IPv4       2            12             2555           3995          2885         34.6k  0.00  
PROF_DETECT_NONMPMLIST      IPv4       6          1938             2520          54391          3116          6.0m  0.10  
PROF_DETECT_NONMPMLIST      IPv4      17         18288             2510          66538          2924         53.5m  0.86  
PROF_DETECT_ALERT           IPv4       1             2             2530           3315          2922          5.8k  0.00  
PROF_DETECT_ALERT           IPv4       2            12             2547           3625          2730         32.8k  0.00  
PROF_DETECT_ALERT           IPv4       6          1938             2513          39612          2744          5.3m  0.09  
PROF_DETECT_ALERT           IPv4      17         18288             2514        5648279          3077         56.3m  0.91  
PROF_DETECT_CLEANUP         IPv4       1             2             2621           3277          2949          5.9k  0.00  
PROF_DETECT_CLEANUP         IPv4       2            12             2527           3012          2599         31.2k  0.00  
PROF_DETECT_CLEANUP         IPv4       6          1938             2512          45426          2880          5.6m  0.09  
PROF_DETECT_CLEANUP         IPv4      17         18288             2514          58051          2929         53.6m  0.87  
PROF_DETECT_GETSGH          IPv4       1             2             2788           3521          3154          6.3k  0.00  
PROF_DETECT_GETSGH          IPv4       2            12             2722           3417          2917         35.0k  0.00  
PROF_DETECT_GETSGH          IPv4       6          1938             2538          50407          2965          5.7m  0.09  
PROF_DETECT_GETSGH          IPv4      17         18288             2518          90560          6173        112.9m  1.83  
PROF_DETECT_IPONLY          IPv6       6            10             2925           6582          3499         35.0k  0.00  
PROF_DETECT_IPONLY          IPv6      17         28577             2786        6106345          3710        106.0m  1.71  
PROF_DETECT_IPONLY          IPv6      58           322             2833          46417          3769          1.2m  0.02  
PROF_DETECT_RULES           IPv6       6           286             2537         514569         38719         11.1m  0.18  
PROF_DETECT_RULES           IPv6      17         30819            23083        6019754         40157          1.2b  20.00 
PROF_DETECT_RULES           IPv6      58           361             2523          24605          3446          1.2m  0.02  
PROF_DETECT_STATEFUL_CONT    IPv6       6           286             2509          35964          3081        881.2k  0.01  
PROF_DETECT_STATEFUL_CONT    IPv6      17         30819             2499        7254876          3153         97.2m  1.57  
PROF_DETECT_STATEFUL_CONT    IPv6      58           361             2501          15768          2882          1.0m  0.02  
PROF_DETECT_STATEFUL_UPDATE    IPv6       6            18             2562           4015          2904         52.3k  0

This file has been truncated. Go here to download in full.


suricata-report-2018-12-04-T-07-22-55-12042018.0722-logs2.pcapng.txt - (18075 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/fc26247bdac1556a65d6165115c0641ed2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/12042018.0722-logs2.pcapng -vvv -k none
elapsedtime:12.073193
stderr:
stdout:
4/12/2018 -- 07:22:43 - <Info> - Configuration node 'rule-files' redefined.
4/12/2018 -- 07:22:43 - <Notice> - This is Suricata version 4.0.0 RELEASE
4/12/2018 -- 07:22:43 - <Info> - CPUs/cores online: 1
4/12/2018 -- 07:22:43 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31342 and 'request-body-inspect-window' set to 15693 after randomization.
4/12/2018 -- 07:22:43 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31699 and 'response-body-inspect-window' set to 16110 after randomization.
4/12/2018 -- 07:22:43 - <Config> - DNS request flood protection level: 500
4/12/2018 -- 07:22:43 - <Config> - DNS per flow memcap (state-memcap): 524288
4/12/2018 -- 07:22:43 - <Config> - DNS global memcap: 16777216
4/12/2018 -- 07:22:43 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
4/12/2018 -- 07:22:43 - <Config> - preallocated 1000 hosts of size 136
4/12/2018 -- 07:22:43 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
4/12/2018 -- 07:22:43 - <Config> - using magic-file /usr/share/file/magic
4/12/2018 -- 07:22:43 - <Config> - Core dump size is unlimited.
4/12/2018 -- 07:22:43 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
4/12/2018 -- 07:22:43 - <Config> - preallocated 1000 defrag trackers of size 168
4/12/2018 -- 07:22:43 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
4/12/2018 -- 07:22:43 - <Config> - stream "prealloc-sessions": 2048 (per thread)
4/12/2018 -- 07:22:43 - <Config> - stream "memcap": 33554432
4/12/2018 -- 07:22:43 - <Config> - stream "midstream" session pickups: disabled
4/12/2018 -- 07:22:43 - <Config> - stream "async-oneside": disabled
4/12/2018 -- 07:22:43 - <Config> - stream "checksum-validation": disabled
4/12/2018 -- 07:22:43 - <Config> - stream."inline": disabled
4/12/2018 -- 07:22:43 - <Config> - stream "bypass": disabled
4/12/2018 -- 07:22:43 - <Config> - stream "max-synack-queued": 5
4/12/2018 -- 07:22:43 - <Config> - stream.reassembly "memcap": 134217728
4/12/2018 -- 07:22:43 - <Config> - stream.reassembly "depth": 0
4/12/2018 -- 07:22:43 - <Config> - stream.reassembly "toserver-chunk-size": 2641
4/12/2018 -- 07:22:43 - <Config> - stream.reassembly "toclient-chunk-size": 2605
4/12/2018 -- 07:22:43 - <Config> - stream.reassembly.raw: enabled
4/12/2018 -- 07:22:43 - <Config> - stream.reassembly "segment-prealloc": 2048
4/12/2018 -- 07:22:43 - <Config> - Delayed detect disabled
4/12/2018 -- 07:22:43 - <Config> - pattern matchers: MPM: ac, SPM: bm
4/12/2018 -- 07:22:43 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
4/12/2018 -- 07:22:43 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
4/12/2018 -- 07:22:43 - <Config> - prefilter engines: MPM
4/12/2018 -- 07:22:43 - <Config> - IP reputation disabled
4/12/2018 -- 07:22:43 - <Perf> - Registered 148 keyword profiling counters.
4/12/2018 -- 07:22:43 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-ftp.rules
4/12/2018 -- 07:22:43 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-policy.rules
4/12/2018 -- 07:22:43 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-trojan.rules
4/12/2018 -- 07:22:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-games.rules
4/12/2018 -- 07:22:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-pop3.rules
4/12/2018 -- 07:22:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-user_agents.rules
4/12/2018 -- 07:22:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-activex.rules
4/12/2018 -- 07:22:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-rpc.rules
4/12/2018 -- 07:22:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-attack_response.rules
4/12/2018 -- 07:22:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp.rules
4/12/2018 -- 07:22:44 - <Config> - No rules loaded from ET-emerging-icmp.rules.
4/12/2018 -- 07:22:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-scan.rules
4/12/2018 -- 07:22:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-voip.rules
4/12/2018 -- 07:22:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-chat.rules
4/12/2018 -- 07:22:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp_info.rules
4/12/2018 -- 07:22:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-info.rules
4/12/2018 -- 07:22:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-shellcode.rules
4/12/2018 -- 07:22:44 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_client.rules
4/12/2018 -- 07:22:45 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-imap.rules
4/12/2018 -- 07:22:45 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_server.rules
4/12/2018 -- 07:22:45 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-current_events.rules
4/12/2018 -- 07:22:45 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-inappropriate.rules
4/12/2018 -- 07:22:45 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-smtp.rules
4/12/2018 -- 07:22:45 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_specific_apps.rules
4/12/2018 -- 07:22:47 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-deleted.rules
4/12/2018 -- 07:22:47 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-malware.rules
4/12/2018 -- 07:22:47 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-snmp.rules
4/12/2018 -- 07:22:47 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-worm.rules
4/12/2018 -- 07:22:47 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dns.rules
4/12/2018 -- 07:22:47 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-misc.rules
4/12/2018 -- 07:22:47 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-sql.rules
4/12/2018 -- 07:22:47 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dos.rules
4/12/2018 -- 07:22:47 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-netbios.rules
4/12/2018 -- 07:22:47 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-telnet.rules
4/12/2018 -- 07:22:47 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-exploit.rules
4/12/2018 -- 07:22:47 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-p2p.rules
4/12/2018 -- 07:22:47 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-tftp.rules
4/12/2018 -- 07:22:47 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-mobile_malware.rules
4/12/2018 -- 07:22:47 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-botcc.rules
4/12/2018 -- 07:22:47 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-compromised.rules
4/12/2018 -- 07:22:47 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-drop.rules
4/12/2018 -- 07:22:47 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-dshield.rules
4/12/2018 -- 07:22:47 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-tor.rules
4/12/2018 -- 07:22:48 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-ciarmy.rules
4/12/2018 -- 07:22:48 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/local.rules
4/12/2018 -- 07:22:48 - <Config> - No rules loaded from local.rules.
4/12/2018 -- 07:22:48 - <Info> - 44 rule files processed. 18236 rules successfully loaded, 0 rules failed
4/12/2018 -- 07:22:48 - <Info> - Threshold config parsed: 0 rule(s) found
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for tcp-packet
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for tcp-stream
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for udp-packet
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for other-ip
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for http_uri
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for http_request_line
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for http_client_body
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for http_response_line
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for http_header
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for http_header
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for http_header_names
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for http_header_names
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for http_accept
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for http_accept_enc
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for http_accept_lang
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for http_referer
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for http_connection
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for http_content_len
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for http_content_len
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for http_content_type
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for http_content_type
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for http_protocol
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for http_protocol
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for http_start
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for http_start
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for http_raw_header
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for http_raw_header
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for http_method
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for http_cookie
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for http_cookie
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for http_raw_uri
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for http_user_agent
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for http_host
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for http_raw_host
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for http_stat_msg
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for http_stat_code
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for dns_query
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for tls_sni
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for tls_cert_issuer
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for tls_cert_subject
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for tls_cert_serial
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for dce_stub_data
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for dce_stub_data
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for ssh_protocol
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for ssh_protocol
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for ssh_software
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for ssh_software
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for file_data
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for file_data
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for http_request_line
4/12/2018 -- 07:22:48 - <Perf> - using shared mpm ctx' for http_response_line
4/12/2018 -- 07:22:48 - <Info> - 18241 signatures processed. 1175 are IP-only rules, 6125 are inspecting packet payload, 13172 inspect application layer, 0 are decoder event only
4/12/2018 -- 07:22:48 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
4/12/2018 -- 07:22:48 - <Perf> - TCP toserver: 41 port groups, 40 unique SGH's, 1 copies
4/12/2018 -- 07:22:48 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
4/12/2018 -- 07:22:48 - <Perf> - UDP toserver: 41 port groups, 33 unique SGH's, 8 copies
4/12/2018 -- 07:22:48 - <Perf> - UDP toclient: 21 port groups, 15 unique SGH's, 6 copies
4/12/2018 -- 07:22:48 - <Perf> - OTHER toserver: 254 proto groups, 2 unique SGH's, 252 copies
4/12/2018 -- 07:22:48 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
4/12/2018 -- 07:22:49 - <Perf> - Unique rule groups: 111
4/12/2018 -- 07:22:49 - <Perf> - Builtin MPM "toserver TCP packet": 31
4/12/2018 -- 07:22:49 - <Perf> - Builtin MPM "toclient TCP packet": 20
4/12/2018 -- 07:22:49 - <Perf> - Builtin MPM "toserver TCP stream": 31
4/12/2018 -- 07:22:49 - <Perf> - Builtin MPM "toclient TCP stream": 21
4/12/2018 -- 07:22:49 - <Perf> - Builtin MPM "toserver UDP packet": 33
4/12/2018 -- 07:22:49 - <Perf> - Builtin MPM "toclient UDP packet": 15
4/12/2018 -- 07:22:49 - <Perf> - Builtin MPM "other IP packet": 2
4/12/2018 -- 07:22:49 - <Perf> - AppLayer MPM "toserver http_uri": 8
4/12/2018 -- 07:22:49 - <Perf> - AppLayer MPM "toserver http_request_line": 1
4/12/2018 -- 07:22:49 - <Perf> - AppLayer MPM "toserver http_client_body": 6
4/12/2018 -- 07:22:49 - <Perf> - AppLayer MPM "toclient http_response_line": 1
4/12/2018 -- 07:22:49 - <Perf> - AppLayer MPM "toserver http_header": 6
4/12/2018 -- 07:22:49 - <Perf> - AppLayer MPM "toclient http_header": 3
4/12/2018 -- 07:22:49 - <Perf> - AppLayer MPM "toserver http_header_names": 1
4/12/2018 -- 07:22:49 - <Perf> - AppLayer MPM "toserver http_accept": 1
4/12/2018 -- 07:22:49 - <Perf> - AppLayer MPM "toserver http_referer": 1
4/12/2018 -- 07:22:49 - <Perf> - AppLayer MPM "toserver http_content_len": 1
4/12/2018 -- 07:22:49 - <Perf> - AppLayer MPM "toserver http_content_type": 1
4/12/2018 -- 07:22:49 - <Perf> - AppLayer MPM "toclient http_content_type": 1
4/12/2018 -- 07:22:49 - <Perf> - AppLayer MPM "toserver http_start": 1
4/12/2018 -- 07:22:49 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
4/12/2018 -- 07:22:49 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
4/12/2018 -- 07:22:49 - <Perf> - AppLayer MPM "toserver http_method": 3
4/12/2018 -- 07:22:49 - <Perf> - AppLayer MPM "toserver http_cookie": 1
4/12/2018 -- 07:22:49 - <Perf> - AppLayer MPM "toclient http_cookie": 2
4/12/2018 -- 07:22:49 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
4/12/2018 -- 07:22:49 - <Perf> - AppLayer MPM "toserver http_user_agent": 4
4/12/2018 -- 07:22:49 - <Perf> - AppLayer MPM "toserver http_host": 2
4/12/2018 -- 07:22:49 - <Perf> - AppLayer MPM "toclient http_stat_code": 1
4/12/2018 -- 07:22:49 - <Perf> - AppLayer MPM "toserver dns_query": 4
4/12/2018 -- 07:22:49 - <Perf> - AppLayer MPM "toserver tls_sni": 1
4/12/2018 -- 07:22:49 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
4/12/2018 -- 07:22:49 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
4/12/2018 -- 07:22:49 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
4/12/2018 -- 07:22:49 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
4/12/2018 -- 07:22:49 - <Perf> - AppLayer MPM "toserver file_data": 1
4/12/2018 -- 07:22:49 - <Perf> - AppLayer MPM "toclient file_data": 5
4/12/2018 -- 07:22:49 - <Perf> - Registered 18241 rule profiling counters.
4/12/2018 -- 07:22:49 - <Info> - fast output device (regular) initialized: alert
4/12/2018 -- 07:22:49 - <Info> - eve-log output device (regular) initialized: eve.json
4/12/2018 -- 07:22:49 - <Config> - enabling 'eve-log' module 'alert'
4/12/2018 -- 07:22:49 - <Config> - enabling 'eve-log' module 'http'
4/12/2018 -- 07:22:49 - <Config> - enabling 'eve-log' module 'dns'
4/12/2018 -- 07:22:49 - <Config> - enabling 'eve-log' module 'tls'
4/12/2018 -- 07:22:49 - <Config> - enabling 'eve-log' module 'files'
4/12/2018 -- 07:22:49 - <Config> - enabling 'eve-log' module 'ssh'
4/12/2018 -- 07:22:49 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
4/12/2018 -- 07:22:49 - <Info> - stats

This file has been truncated. Go here to download in full.


stats.log - (2868 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
------------------------------------------------------------------------------------
Date: 12/4/2018 -- 07:22:55 (uptime: 0d, 00h 00m 06s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 70072
decoder.bytes                              | Total                     | 6213446
decoder.ipv4                               | Total                     | 20240
decoder.ipv6                               | Total                     | 31460
decoder.ethernet                           | Total                     | 70072
decoder.tcp                                | Total                     | 2218
decoder.udp                                | Total                     | 49107
decoder.icmpv4                             | Total                     | 2
decoder.icmpv6                             | Total                     | 361
decoder.avg_pkt_size                       | Total                     | 88
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 9
flow.udp                                   | Total                     | 45189
flow.icmpv6                                | Total                     | 322
tcp.sessions                               | Total                     | 4
tcp.syn                                    | Total                     | 5
tcp.synack                                 | Total                     | 3
detect.alert                               | Total                     | 14
detect.mpm_list                            | Total                     | 6
detect.nonmpm_list                         | Total                     | 1
detect.match_list                          | Total                     | 6
app_layer.flow.dcerpc_tcp                  | Total                     | 2
app_layer.flow.failed_udp                  | Total                     | 45189
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 1359
flow_mgr.flows_notimeout                   | Total                     | 1359
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 64628
flow_mgr.rows_maxlen                       | Total                     | 6
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 17304064


eve.json - (5493 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
{"timestamp":"2018-11-28T11:51:59.049076+0000","flow_id":1744081015259060,"pcap_cnt":1123,"event_type":"alert","src_ip":"192.168.1.65","src_port":57993,"dest_ip":"192.168.1.20","dest_port":161,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2101411,"rev":12,"signature":"GPL SNMP public access udp","category":"Attempted Information Leak","severity":2},"app_proto":"failed"}
{"timestamp":"2018-11-28T11:52:02.051957+0000","flow_id":294121531165429,"pcap_cnt":6470,"event_type":"alert","src_ip":"192.168.1.65","src_port":57994,"dest_ip":"192.168.1.20","dest_port":161,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2101411,"rev":12,"signature":"GPL SNMP public access udp","category":"Attempted Information Leak","severity":2},"app_proto":"failed"}
{"timestamp":"2018-11-28T11:52:05.056559+0000","flow_id":1984680788614383,"pcap_cnt":11759,"event_type":"alert","src_ip":"192.168.1.65","src_port":57995,"dest_ip":"192.168.1.20","dest_port":161,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2101411,"rev":12,"signature":"GPL SNMP public access udp","category":"Attempted Information Leak","severity":2},"app_proto":"failed"}
{"timestamp":"2018-11-28T11:52:08.060292+0000","flow_id":1324548610386820,"pcap_cnt":17449,"event_type":"alert","src_ip":"192.168.1.65","src_port":57996,"dest_ip":"192.168.1.20","dest_port":161,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2101411,"rev":12,"signature":"GPL SNMP public access udp","category":"Attempted Information Leak","severity":2},"app_proto":"failed"}
{"timestamp":"2018-11-28T11:52:11.063445+0000","flow_id":327733945825237,"pcap_cnt":22552,"event_type":"alert","src_ip":"192.168.1.65","src_port":57997,"dest_ip":"192.168.1.20","dest_port":161,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2101411,"rev":12,"signature":"GPL SNMP public access udp","category":"Attempted Information Leak","severity":2},"app_proto":"failed"}
{"timestamp":"2018-11-28T11:52:14.066562+0000","flow_id":452300882445314,"pcap_cnt":27808,"event_type":"alert","src_ip":"192.168.1.65","src_port":57998,"dest_ip":"192.168.1.20","dest_port":161,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2101411,"rev":12,"signature":"GPL SNMP public access udp","category":"Attempted Information Leak","severity":2},"app_proto":"failed"}
{"timestamp":"2018-11-28T11:52:17.068768+0000","flow_id":811450342902944,"pcap_cnt":33188,"event_type":"alert","src_ip":"192.168.1.65","src_port":57999,"dest_ip":"192.168.1.20","dest_port":161,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2101411,"rev":12,"signature":"GPL SNMP public access udp","category":"Attempted Information Leak","severity":2},"app_proto":"failed"}
{"timestamp":"2018-11-28T11:52:20.071871+0000","flow_id":1861144645212351,"pcap_cnt":38316,"event_type":"alert","src_ip":"192.168.1.65","src_port":58000,"dest_ip":"192.168.1.20","dest_port":161,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2101411,"rev":12,"signature":"GPL SNMP public access udp","category":"Attempted Information Leak","severity":2},"app_proto":"failed"}
{"timestamp":"2018-11-28T11:52:23.079052+0000","flow_id":899806410519756,"pcap_cnt":44147,"event_type":"alert","src_ip":"192.168.1.65","src_port":58001,"dest_ip":"192.168.1.20","dest_port":161,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2101411,"rev":12,"signature":"GPL SNMP public access udp","category":"Attempted Information Leak","severity":2},"app_proto":"failed"}
{"timestamp":"2018-11-28T11:52:26.082180+0000","flow_id":281219450945796,"pcap_cnt":50039,"event_type":"alert","src_ip":"192.168.1.65","src_port":58002,"dest_ip":"192.168.1.20","dest_port":161,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2101411,"rev":12,"signature":"GPL SNMP public access udp","category":"Attempted Information Leak","severity":2},"app_proto":"failed"}
{"timestamp":"2018-11-28T11:52:29.085469+0000","flow_id":2213413568466397,"pcap_cnt":55981,"event_type":"alert","src_ip":"192.168.1.65","src_port":58003,"dest_ip":"192.168.1.20","dest_port":161,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2101411,"rev":12,"signature":"GPL SNMP public access udp","category":"Attempted Information Leak","severity":2},"app_proto":"failed"}
{"timestamp":"2018-11-28T11:52:32.088652+0000","flow_id":1383647361915468,"pcap_cnt":60894,"event_type":"alert","src_ip":"192.168.1.65","src_port":58004,"dest_ip":"192.168.1.20","dest_port":161,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2101411,"rev":12,"signature":"GPL SNMP public access udp","category":"Attempted Information Leak","severity":2},"app_proto":"failed"}
{"timestamp":"2018-11-28T11:52:35.091789+0000","flow_id":1940777634850445,"pcap_cnt":65297,"event_type":"alert","src_ip":"192.168.1.65","src_port":58005,"dest_ip":"192.168.1.20","dest_port":161,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2101411,"rev":12,"signature":"GPL SNMP public access udp","category":"Attempted Information Leak","severity":2},"app_proto":"failed"}
{"timestamp":"2018-11-28T11:52:38.101559+0000","flow_id":132484734291127,"pcap_cnt":69720,"event_type":"alert","src_ip":"192.168.1.65","src_port":58006,"dest_ip":"192.168.1.20","dest_port":161,"proto":"UDP","alert":{"action":"allowed","gid":1,"signature_id":2101411,"rev":12,"signature":"GPL SNMP public access udp","category":"Attempted Information Leak","severity":2},"app_proto":"failed"}


keyword_perf.log - (2576 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 12/4/2018 -- 07:22:55
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          121764068       36541           18597           8782854         3332.00         3803.00         2843.00        
  pcre             133533          15              0               9834            8902.00         0.00            8902.00        
  byte_test        540299          111             25              21598           4867.00         4756.00         4899.00        
  byte_jump        2807246         865             0               36118           3245.00         0.00            3245.00        
  byte_extract     153071          29              29              37672           5278.00         5278.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          121764068       36541           18597           8782854         3332.00         3803.00         2843.00        
  pcre             133533          15              0               9834            8902.00         0.00            8902.00        
  byte_test        540299          111             25              21598           4867.00         4756.00         4899.00        
  byte_jump        2807246         865             0               36118           3245.00         0.00            3245.00        
  byte_extract     153071          29              29              37672           5278.00         5278.00         0.00           


suricata-4.0.0-etopen-all-perf.txt-2018-12-04-T-07-22-55-12042018.0722-logs2.pcapng.txt - (38870 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 12/4/2018 -- 07:22:55. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2010140      1        7        366119008    31.20  48854    0        8796579     7494.15     0.00        7494.15    
  2        2010142      1        4        153212015    13.06  48854    0        5931444     3136.12     0.00        3136.12    
  3        2023627      1        3        32361760     2.76   9343     0        5883782     3463.74     0.00        3463.74    
  4        2008120      1        4        140629569    11.98  48841    0        5861499     2879.33     0.00        2879.33    
  5        2010143      1        3        147093273    12.54  48854    0        5752417     3010.87     0.00        3010.87    
  6        2023622      1        3        109951683    9.37   37836    0        5688263     2906.01     0.00        2906.01    
  7        2020767      1        2        2895575      0.25   16       0        2615281     180973.44   0.00        180973.44  
  8        2100566      1        5        21019418     1.79   6757     0        1950720     3110.76     0.00        3110.76    
  9        2001330      1        8        738435       0.06   95       0        393560      7773.00     0.00        7773.00    
  10       2018054      1        1        360492       0.03   13       0        91388       27730.15    0.00        27730.15   
  11       2020773      1        2        413820       0.04   15       0        90763       27588.00    0.00        27588.00   
  12       2023621      1        4        1783068      0.15   596      0        89958       2991.72     0.00        2991.72    
  13       2102190      1        5        2780691      0.24   881      0        68207       3156.29     0.00        3156.29    
  14       2015986      1        5        2557176      0.22   879      0        66850       2909.19     0.00        2909.19    
  15       2018032      1        2        413303       0.04   16       0        64900       25831.44    0.00        25831.44   
  16       2020614      1        2        415627       0.04   18       0        64830       23090.39    0.00        23090.39   
  17       2023624      1        3        28000955     2.39   9818     0        64440       2852.00     0.00        2852.00    
  18       2020770      1        2        259035       0.02   10       0        62961       25903.50    0.00        25903.50   
  19       2008119      1        3        17249879     1.47   6105     0        61484       2825.53     0.00        2825.53    
  20       2023625      1        3        37025247     3.16   13548    0        61435       2732.89     0.00        2732.89    
  21       2020777      1        2        380078       0.03   15       0        60305       25338.53    0.00        25338.53   
  22       2020797      1        2        255116       0.02   12       0        57987       21259.67    0.00        21259.67   
  23       2017944      1        5        402911       0.03   14       0        57375       28779.36    0.00        28779.36   
  24       2020780      1        2        218289       0.02   9        0        57271       24254.33    0.00        24254.33   
  25       2023626      1        3        38721008     3.30   13875    0        57153       2790.70     0.00        2790.70    
  26       2014957      1        1        112605       0.01   19       0        57002       5926.58     0.00        5926.58    
  27       2016181      1        2        672169       0.06   206      0        56086       3262.96     0.00        3262.96    
  28       2020788      1        2        259840       0.02   8        0        55837       32480.00    0.00        32480.00   
  29       2020794      1        2        284055       0.02   11       0        54930       25823.18    0.00        25823.18   
  30       2020214      1        1        139165       0.01   10       0        54555       13916.50    0.00        13916.50   
  31       2018075      1        3        399760       0.03   16       0        54458       24985.00    0.00        24985.00   
  32       2020793      1        2        238697       0.02   8        0        53932       29837.12    0.00        29837.12   
  33       2020769      1        2        164265       0.01   6        0        53658       27377.50    0.00        27377.50   
  34       2020693      1        1        451814       0.04   18       0        53100       25100.78    0.00        25100.78   
  35       2020606      1        4        312454       0.03   15       0        52610       20830.27    0.00        20830.27   
  36       2017914      1        2        260450       0.02   10       0        52105       26045.00    0.00        26045.00   
  37       2100327      1        10       2643545      0.23   849      0        51785       3113.72     0.00        3113.72    
  38       2020775      1        2        294898       0.03   11       0        51275       26808.91    0.00        26808.91   
  39       2017548      1        6        198731       0.02   10       0        49939       19873.10    0.00        19873.10   
  40       2023623      1        3        11634846     0.99   4129     0        49882       2817.84     0.00        2817.84    
  41       2018383      1        8        181027       0.02   16       0        49149       11314.19    0.00        11314.19   
  42       2020764      1        2        345192       0.03   14       0        47536       24656.57    0.00        24656.57   
  43       2023617      1        3        1768654      0.15   563      0        47086       3141.48     0.00        3141.48    
  44       2017915      1        2        345523       0.03   16       0        46962       21595.19    0.00        21595.19   
  45       2023611      1        3        306388       0.03   14       0        46793       21884.86    0.00        21884.86   
  46       2018166      1        3        363662       0.03   16       0        45199       22728.88    0.00        22728.88   
  47       2018013      1        3        213663       0.02   9        0        44671       23740.33    0.00        23740.33   
  48       2020768      1        2        258547       0.02   10       0        44158       25854.70    0.00        25854.70   
  49       2023616      1        3        1716657      0.15   543      0        44060       3161.43     0.00        3161.43    
  50       2020696      1        1        351058       0.03   15       0        43806       23403.87    0.00        23403.87   
  51       2016179      1        2        686643       0.06   206      0        43170       3333.22     0.00        3333.22    
  52       2018069      1        1        403076       0.03   18       0        42275       22393.11    0.00        22393.11   
  53       2020784      1        2        245856       0.02   10       0        41544       24585.60    0.00        24585.60   
  54       2017877      1        3        483744       0.04   16       0        39646       30234.00    0.00        30234.00   
  55       2020609      1        4        312951       0.03   14       0        39295       22353.64    0.00        22353.64   
  56       2020608      1        4        308079       0.03   13       0        37169       23698.38    0.00        23698.38   
  57       2023615      1        3        1831331      0.16   613      0        36076       2987.49     0.00        2987.49    
  58       2018153      1        4        324805       0.03   16       0        35440       20300.31    0.00        20300.31   
  59       2023619      1        3        1686682      0.14   534      0        34125       3158.58     0.00        3158.58    
  60       2020694      1        1        205613       0.02   11       0        34042       18692.09    0.00        18692.09   
  61       2020796      1        2        307797       0.03   12       0        33950       25649.75    0.00        25649.75   
  62       2009981      1        2        37363        0.00   2        0        33904       18681.50    0.00        18681.50   
  63       2017707      1        4        403579       0.03   16       0        33852       25223.69    0.00        25223.69   
  64       2020765      1        2        218102       0.02   10       0        32456       21810.20    0.00        21810.20   
  65       2017934      1        4        170357       0.01   9        0        32153       18928.56    0.00        18928.56   
  66       2020789      1        2        261896       0.02   12       0        32032       21824.67    0.00        21824.67   
  67       2020783      1        3        216967       0.02   9        0        31646       24107.44    0.00        24107.44   
  68       2018880      1        2        200791       0.02   9        0        30793       22310.11    0.00        22310.11   
  69       2020774      1        2        204186       0.02   10       0        30706       20418.60    0.00        20418.60   
  70       2020781      1        5        262193       0.02   12       0        30664       21849.42    0.00        21849.42   
  71       2023612      1        4        1929825      0.16   634      0        30656       3043.89     0.00        3043.89    
  72       2016922      1        12       395331       0.03   16       0        30268       24708.19    0.00        24708.19   
  73       2020763      1        2        472054       0.04   20       0        30261       23602.70    0.00        23602.70   
  74       2017935      1        3        350639       0.03   115      0        29944       3049.03     0.00        3049.03    
  75       2018637      1        2        285391       0.02   12       0        29914       23782.58    0.00        23782.58   
  76       2020779      1        3        207687       0.02   11       0        29901       18880.64    0.00        18880.64   
  77       2020792      1        2        256570       0.02   11       0        29808       23324.55    0.00        23324.55   
  78       2018077      1        5        223566       0.02   11       0        29803       20324.18    0.00        20324.18   
  79       2020795      1        2        161749       0.01   7        0        29769       23107.00    0.00        23107.00   
  80       2020766      1        2        383622       0.03   15       0        29737       25574.80    0.00        25574.80   
  81       2020586      1        3        326065       0.03   14       0        29557       23290.36    0.00        23290.36   
  82       2020692      1        1        221149       0.02   11       0        29381       20104.45    0.00        20104.45   
  83       2018638      1        2        258637       0.02   11       0        29350       23512.45    0.00        23512.45   
  84       2020798      1        2        313021       0.03   14       0        29139       22358.64    0.00        22358.64   
  85       2017913      1        3        218918       0.02   9        0        28999       24324.22    0.00        24324.22   
  86       2020785      1        3        288691       0.02   13       0        28982       22207.00    0.00        22207.00   
  87       2009243      1        2        530795       0.05   166      0        28976       3197.56     0.00        3197.56    
  88       2020799      1        2        279667       0.02   15       0        28763       18644.47    0.00        18644.47   
  89       2019083      1        2        224836       0.02   10       0        28753       22483.60    0.00        22483.60   
  90       2018057      1        4        160135       0.01   8        0        28674       20016.88    0.00        20016.88   
  91       2020786      1        4        211773       0.02   9        0        28512       23530.33    0.00        23530.33   
  92       2020772      1        2        220821       0.02   11       0        28471       20074.64    0.00        20074.64   
  93       2016178      1        2        659361       0.06   206      0        28418       3200.78     0.00        3200.78    
  94       2019602      1        1        218773       0.02   10       0        28148       21877.30    0.00        21877.30   
  95       2020791      1        3        251294       0.02   12       0        27905       20941.17    0.00        20941.17   
  96       2018636      1        2        106684       0.01   5        0        27623       21336.80    0.00        21336.80   
  97       2020778      1        2        193347       0.02   9        0        27442       21483.00    0.00        21483.00   
  98       2022773      1        2        283789       0.02   16       0        27223       17736.81    0.00        17736.81   
  99       2020787      1        2        235142       0.02   10       0        27197       23514.20    0.00        23514.20   
  100      2020607      1        3        198276       0.02   9        0        27072       22030.67    0.00        22030.67   
  101      2020800      1        2        199883       0.02   8        0        26938       24985.38    0.00        24985.38   
  102      2018076      1        3        171033       0.01   9        0        26895       19003.67    0.00        19003.67   
  103      2021716      1        1        373973       0.03   16       0        26882       23373.31    0.00        23373.31   
  104      2020790      1        2        172994       0.01   13       0        26818       13307.23    0.00        13307.23   
  105      2017876      1        3        301519       0.03   16       0        26643       18844.94    0.00        18844.94   
  106      2020776      1        2        122226       0.01   5        0        26501       24445.20    0.00        24445.20   
  107      2020782      1        2        193749       0.02   9        0        26465       21527.67    0.00        21527.67   
  108      2020610      1        3        96730        0.01   5        0        26455       19346.00    0.00        19346.00   
  109      2020695      1        1        151453       0.01   8        0        26372       18931.62    0.00        18931.62   
  110      2008306      1        3        158666       0.01   49       0        26300       3238.08     0.00        3238.08    
  111      2020691      1        1        139947       0.01   8        0        26227       17493.38    0.00        17493.38   
  112      2020612      1        3        261003       0.02   14       0        26070       18643.07    0.00        18643.07   
  113      2020613      1        3        127950       0.01   6        0        25934       21325.00    0.00        21325.00   
  114      2018085      1        2        332564       0.03   17       0        25858       19562.59    0.00        19562.59   
  115      2021065      1        2        178726       0.02   8        0        25598       22340.75    0.00        22340.75   
  116      2020771      1        2        120484       0.01   5        0        25597       24096.80    0.00        24096.80   
  117      2025090      1        1        24827        0.00   1        0        24827       24827.00    0.00        24827.00   
  118      2018639      1        2        159512       0.01   9        0        24705       17723.56    0.00        17723.56   
  119      2018287      1        2        210648       0.02   11       0        24045       19149.82    0.00        19149.82   
  120      2022401      1        3        168051       0.01   16       0        23816       10503.19    0.00        10503.19   
  121      2016323      1        1        275630       0.02   70       0        22449       3937.57     0.00        3937.57    
  122      2022506      1        3        668336       0.06   222      0        16720       3010.52     0.00        3010.52    
  123      2023618      1        3        1742193      0.15   592      0        16506       2942.89     0.00        2942.89    
  124      2025401      1        2        603841       0.05   200      0        15883       3019.20     0.00        3019.20    
  125      2019492      1        2        5

This file has been truncated. Go here to download in full.


unified2.alert.1543908169 - (2646 bytes) - download
1
2
3
4
5
6
4[þ_¿´ £À¨AÀ¨≡y[þ_[þ_¿´]„%'éÎtæâIôÒEO€˜øÀ¨AÀ¨≡;vX01public $Ss00+lQ4[þbÊõ £À¨AÀ¨⊡y[þb[þbÊõ]„%'éÎtæâIôÒEO€˜iÀ¨AÀ¨⊡;uW01public $St00+lQ4[þeÜï £À¨AÀ¨⋡y[þe[þeÜï]„%'éÎtæâIôÒEO€—íÀ¨AÀ¨⋡;tV01public $Su00+lQ4[þhë„ £À¨AÀ¨⌡y[þh[þhë„]„%'éÎtæâIôÒEOR€—¦À¨AÀ¨⌡;sU01public $Sv00+lQ4[þk÷Õ £À¨AÀ¨⍡y[þk[þk÷Õ]„%'éÎtæâIôÒEO‚€—vÀ¨AÀ¨⍡;rT01public $Sw00+lQ4[þn £À¨AÀ¨⎡y[þn[þn]„%'éÎtæâIôÒEO €–èÀ¨AÀ¨⎡;qS01public $Sx00+lQ4[þq  £À¨AÀ¨⏡y[þq[þq ]„%'éÎtæâIôÒEO ²€–FÀ¨AÀ¨⏡;pR01public $Sy00+lQ4[þt¿ £À¨AÀ¨␡y[þt[þt¿]„%'éÎtæâIôÒEO 
À¨AÀ¨␡;oQ01public $Sz00+lQ4	[þw4Ì £À¨AÀ¨②y	[þw[þw4Ì]„%'éÎtæâIôÒEO!,€•ÌÀ¨AÀ¨②;nP01public $S{00+lQ4
[þzA £À¨AÀ¨⒡y
[þz[þzA]„%'éÎtæâIôÒEO!k€•À¨AÀ¨⒡;mO01public $S|00+lQ4[þ}MÝ £À¨AÀ¨ⓡy[þ}[þ}MÝ]„%'éÎtæâIôÒEO!¡€•WÀ¨AÀ¨ⓡ;lN01public $S}00+lQ4[þ€ZL £À¨AÀ¨┡y[þ€[þ€ZL]„%'éÎtæâIôÒEO!Ԁ•$À¨AÀ¨┡;kM01public $S~00+lQ4
[þƒf £À¨AÀ¨╡y
[þƒ[þƒf]„%'éÎtæâIôÒEO"€”ìÀ¨AÀ¨╡;jL01public $S00+lQ4[þ†Œ· £À¨AÀ¨□y[þ†[þ†Œ·]„%'éÎtæâIôÒEO"U€”£À¨AÀ¨□;iK01public $S€00+lQ


IDSDeathBlossom.py.log - (1150 bytes) - download
1
2
3
4
5
6
7
8
2018-12-04 07:22:42,616 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2018-12-04 07:22:43,376 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2018-12-04 07:22:43,376 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etopen-all
2018-12-04 07:22:43,376 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2018-12-04 07:22:43,376 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2018-12-04 07:22:43,377 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/fc26247bdac1556a65d6165115c0641ed2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/12042018.0722-logs2.pcapng -vvv -k none
2018-12-04 07:22:55,451 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2018-12-04 07:22:55,452 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 12.8440458775