[[PageOutline]] = 程式碼 = {{{ #!java package tw.org.nchc.code; import java.io.IOException; import java.text.ParsePosition; import java.text.SimpleDateFormat; import java.util.Date; import java.util.Locale; import org.apache.hadoop.fs.FileStatus; import org.apache.hadoop.fs.FileSystem; import org.apache.hadoop.fs.Path; import org.apache.hadoop.hbase.HBaseAdmin; import org.apache.hadoop.hbase.HBaseConfiguration; import org.apache.hadoop.hbase.HColumnDescriptor; import org.apache.hadoop.hbase.HTable; import org.apache.hadoop.hbase.HTableDescriptor; import org.apache.hadoop.io.Text; import org.apache.hadoop.io.Writable; import org.apache.hadoop.io.WritableComparable; import org.apache.hadoop.mapred.ClusterStatus; import org.apache.hadoop.mapred.JobClient; import org.apache.hadoop.mapred.JobConf; import org.apache.hadoop.mapred.MapReduceBase; import org.apache.hadoop.mapred.Mapper; import org.apache.hadoop.mapred.OutputCollector; import org.apache.hadoop.mapred.Reporter; class Log { String gid, sid, version; String alert_name, class_type, priority; String source, destination, type; // String ttl, tos, id, iplen, dgmlen; String srcport, dstport,tmp; public Log(String data) { String[] arr = data.split(";"); this.gid = arr[0]; this.sid = arr[1]; this.version = arr[2]; this.alert_name = arr[3]; this.class_type = arr[4]; this.priority = arr[5]; this.timestamp = getTime(arr[7] + "/" + arr[6] + ":" + arr[8] + ":" + arr[9] + ":" + arr[10]); this.source = getIP(arr[11]); this.srcport = this.tmp; this.destination = getIP(arr[12]); this.dstport = this.tmp; this.type = arr[13]; } long timestamp; String getIP(String str){ String res; int n = str.indexOf(":"); if (n == -1) { res = str; this.tmp = "0"; } else { String[] vec = str.split(":"); res = vec[0]; this.tmp = vec[1]; } return res; } long getTime(String str) { SimpleDateFormat sdf = new SimpleDateFormat("dd/MM:HH:mm:ss", Locale.TAIWAN); Long timestamp = sdf.parse(str, new ParsePosition(0)).getTime(); return timestamp; } } // import AccessLogParser public class SnortBase { static HBaseConfiguration conf = new HBaseConfiguration(); public static final String TABLE = "table.name"; static String tableName = "flex"; static HTable table = null; public static class MapClass extends MapReduceBase implements Mapper { public void configure(JobConf job) { } public void map(WritableComparable key, Text value, OutputCollector output, Reporter reporter) throws IOException { Log log = new Log(value.toString()); if (table == null) table = new HTable(conf, new Text(tableName)); long lockId = table.startUpdate(new Text(log.destination)); table.put(lockId, new Text("id:gid"), log.gid.getBytes()); table.put(lockId, new Text("id:sid"), log.sid.getBytes()); table.put(lockId, new Text("id:version"), log.version.getBytes()); table.put(lockId, new Text("name:name"), log.alert_name.getBytes()); table .put(lockId, new Text("name:class"), log.class_type .getBytes()); table.put(lockId, new Text("id:priority"), log.priority .getBytes()); table.put(lockId, new Text("direction:soure"), log.source.getBytes()); table.put(lockId, new Text("direction:srcport"), log.srcport.getBytes()); table.put(lockId, new Text("direction:dstport"), log.dstport.getBytes()); table.put(lockId, new Text("payload:type"), log.type.getBytes()); table.commit(lockId, log.timestamp); } } // do it to resolve warning : FileSystem.listPaths static public Path[] listPaths(FileSystem fsm, Path path) throws IOException { FileStatus[] fss = fsm.listStatus(path); int length = fss.length; Path[] pi = new Path[length]; for (int i = 0; i < length; i++) { pi[i] = fss[i].getPath(); } return pi; } public static void runMapReduce(String tableName, String inpath) throws IOException { Path tempDir = new Path("/tmp/Mylog/"); Path InputPath = new Path(inpath); FileSystem fs = FileSystem.get(conf); JobConf jobConf = new JobConf(conf, SnortBase.class); jobConf.setJobName("Snort Parse"); jobConf.set(TABLE, tableName); jobConf.setInputPath(InputPath); jobConf.setOutputPath(tempDir); jobConf.setMapperClass(MapClass.class); JobClient client = new JobClient(jobConf); ClusterStatus cluster = client.getClusterStatus(); jobConf.setNumMapTasks(cluster.getMapTasks()); jobConf.setNumReduceTasks(0); fs.delete(tempDir); JobClient.runJob(jobConf); fs.delete(tempDir); fs.close(); } public static void creatTable(String table) throws IOException { HBaseAdmin admin = new HBaseAdmin(conf); if (!admin.tableExists(new Text(table))) { System.out.println("1. " + table + " table creating ... please wait"); HTableDescriptor tableDesc = new HTableDescriptor(table); tableDesc.addFamily(new HColumnDescriptor("id:")); tableDesc.addFamily(new HColumnDescriptor("name:")); tableDesc.addFamily(new HColumnDescriptor("direction:")); tableDesc.addFamily(new HColumnDescriptor("payload:")); admin.createTable(tableDesc); } else { System.out.println("1. " + table + " table already exists."); } System.out.println("2. access_log files fetching using map/reduce"); } public static void main(String[] args) throws IOException, Exception { String path = "/user/waue/snort-log/alert_flex_parsed.txt"; creatTable(tableName); runMapReduce(tableName, path); } } }}} = 結果 = {{{ #!html
Row Column Cell
105.175.203.246 direction:dstport 0
105.175.203.246 direction:soure 168.150.177.165
105.175.203.246 direction:srcport 0
105.175.203.246 id:gid 1
105.175.203.246 id:priority 3
105.175.203.246 id:sid 402
105.175.203.246 id:version 7
105.175.203.246 name:class Misc activity
105.175.203.246 name:name ICMP Destination Unreachable Port Unreachable
105.175.203.246 payload:type ICMP
105.219.67.188 direction:dstport 0
105.219.67.188 direction:soure 168.150.177.165
105.219.67.188 direction:srcport 0
105.219.67.188 id:gid 1
105.219.67.188 id:priority 3
105.219.67.188 id:sid 402
105.219.67.188 id:version 7
105.219.67.188 name:class Misc activity
105.219.67.188 name:name ICMP Destination Unreachable Port Unreachable
105.219.67.188 payload:type ICMP
108.69.106.249 direction:dstport 0
108.69.106.249 direction:soure 168.150.177.165
108.69.106.249 direction:srcport 0
108.69.106.249 id:gid 1
108.69.106.249 id:priority 3
108.69.106.249 id:sid 402
108.69.106.249 id:version 7
108.69.106.249 name:class Misc activity
108.69.106.249 name:name ICMP Destination Unreachable Port Unreachable
108.69.106.249 payload:type ICMP
111.243.168.133 direction:dstport 0
111.243.168.133 direction:soure 168.150.177.165
111.243.168.133 direction:srcport 0
111.243.168.133 id:gid 1
111.243.168.133 id:priority 3
111.243.168.133 id:sid 402
111.243.168.133 id:version 7
111.243.168.133 name:class Misc activity
111.243.168.133 name:name ICMP Destination Unreachable Port Unreachable
111.243.168.133 payload:type ICMP
111.87.222.49 direction:dstport 0
111.87.222.49 direction:soure 168.150.177.165
111.87.222.49 direction:srcport 0
111.87.222.49 id:gid 1
111.87.222.49 id:priority 3
111.87.222.49 id:sid 402
111.87.222.49 id:version 7
111.87.222.49 name:class Misc activity
111.87.222.49 name:name ICMP Destination Unreachable Port Unreachable
111.87.222.49 payload:type ICMP
117.35.249.36 direction:dstport 0
117.35.249.36 direction:soure 168.150.177.165
117.35.249.36 direction:srcport 0
117.35.249.36 id:gid 1
117.35.249.36 id:priority 3
117.35.249.36 id:sid 402
117.35.249.36 id:version 7
117.35.249.36 name:class Misc activity
117.35.249.36 name:name ICMP Destination Unreachable Port Unreachable
117.35.249.36 payload:type ICMP
123.154.36.61 direction:dstport 0
123.154.36.61 direction:soure 168.150.177.165
123.154.36.61 direction:srcport 0
123.154.36.61 id:gid 1
123.154.36.61 id:priority 3
123.154.36.61 id:sid 402
123.154.36.61 id:version 7
123.154.36.61 name:class Misc activity
123.154.36.61 name:name ICMP Destination Unreachable Port Unreachable
123.154.36.61 payload:type ICMP
124.47.161.50 direction:dstport 3729
124.47.161.50 direction:soure 168.150.177.165
124.47.161.50 direction:srcport 445
124.47.161.50 id:gid 1
124.47.161.50 id:priority 1
124.47.161.50 id:sid 2924
124.47.161.50 id:version 3
124.47.161.50 name:class Unsuccessful User Privilege Gain
124.47.161.50 name:name NETBIOS SMB-DS repeated logon failure
124.47.161.50 payload:type TCP
133.84.11.26 direction:dstport 0
133.84.11.26 direction:soure 168.150.177.165
133.84.11.26 direction:srcport 0
133.84.11.26 id:gid 1
133.84.11.26 id:priority 3
133.84.11.26 id:sid 402
133.84.11.26 id:version 7
133.84.11.26 name:class Misc activity
133.84.11.26 name:name ICMP Destination Unreachable Port Unreachable
133.84.11.26 payload:type ICMP
135.99.60.82 direction:dstport 0
135.99.60.82 direction:soure 168.150.177.165
135.99.60.82 direction:srcport 0
135.99.60.82 id:gid 1
135.99.60.82 id:priority 3
135.99.60.82 id:sid 402
135.99.60.82 id:version 7
135.99.60.82 name:class Misc activity
135.99.60.82 name:name ICMP Destination Unreachable Port Unreachable
135.99.60.82 payload:type ICMP
140.110.138.192 direction:dstport 39014
140.110.138.192 direction:soure 140.110.138.191
140.110.138.192 direction:srcport 24800
140.110.138.192 id:gid 1
140.110.138.192 id:priority 3
140.110.138.192 id:sid 100000137
140.110.138.192 id:version 1
140.110.138.192 name:class Misc activity
140.110.138.192 name:name COMMUNITY MISC BAD-SSL tcp detect
140.110.138.192 payload:type TCP
142.22.78.231 direction:dstport 0
142.22.78.231 direction:soure 168.150.177.165
142.22.78.231 direction:srcport 0
142.22.78.231 id:gid 1
142.22.78.231 id:priority 3
142.22.78.231 id:sid 402
142.22.78.231 id:version 7
142.22.78.231 name:class Misc activity
142.22.78.231 name:name ICMP Destination Unreachable Port Unreachable
142.22.78.231 payload:type ICMP
145.127.244.37 direction:dstport 0
145.127.244.37 direction:soure 168.150.177.165
145.127.244.37 direction:srcport 0
145.127.244.37 id:gid 1
145.127.244.37 id:priority 3
145.127.244.37 id:sid 402
145.127.244.37 id:version 7
145.127.244.37 name:class Misc activity
145.127.244.37 name:name ICMP Destination Unreachable Port Unreachable
145.127.244.37 payload:type ICMP
16.197.30.30 direction:dstport 0
16.197.30.30 direction:soure 168.150.177.165
16.197.30.30 direction:srcport 0
16.197.30.30 id:gid 1
16.197.30.30 id:priority 3
16.197.30.30 id:sid 402
16.197.30.30 id:version 7
16.197.30.30 name:class Misc activity
16.197.30.30 name:name ICMP Destination Unreachable Port Unreachable
16.197.30.30 payload:type ICMP
165.228.223.251 direction:dstport 3706
165.228.223.251 direction:soure 168.150.177.165
165.228.223.251 direction:srcport 445
165.228.223.251 id:gid 1
165.228.223.251 id:priority 1
165.228.223.251 id:sid 2924
165.228.223.251 id:version 3
165.228.223.251 name:class Unsuccessful User Privilege Gain
165.228.223.251 name:name NETBIOS SMB-DS repeated logon failure
165.228.223.251 payload:type TCP
167.85.69.97 direction:dstport 0
167.85.69.97 direction:soure 168.150.177.165
167.85.69.97 direction:srcport 0
167.85.69.97 id:gid 1
167.85.69.97 id:priority 3
167.85.69.97 id:sid 402
167.85.69.97 id:version 7
167.85.69.97 name:class Misc activity
167.85.69.97 name:name ICMP Destination Unreachable Port Unreachable
167.85.69.97 payload:type ICMP
168.150.177.1 direction:dstport 1900
168.150.177.1 direction:soure 168.150.177.165
168.150.177.1 direction:srcport 13226
168.150.177.1 id:gid 1
168.150.177.1 id:priority 3
168.150.177.1 id:sid 1917
168.150.177.1 id:version 6
168.150.177.1 name:class Detection of a Network Scan
168.150.177.1 name:name SCAN UPnP service discover attempt
168.150.177.1 payload:type UDP
168.150.177.115 direction:dstport 0
168.150.177.115 direction:soure 168.150.177.165
168.150.177.115 direction:srcport 0
168.150.177.115 id:gid 1
168.150.177.115 id:priority 3
168.150.177.115 id:sid 408
168.150.177.115 id:version 5
168.150.177.115 name:class Misc activity
168.150.177.115 name:name ICMP Echo Reply
168.150.177.115 payload:type ICMP
168.150.177.165 direction:dstport 0
168.150.177.165 direction:soure 168.150.177.1
168.150.177.165 direction:srcport 0
168.150.177.165 id:gid 1
168.150.177.165 id:priority 3
168.150.177.165 id:sid 402
168.150.177.165 id:version 7
168.150.177.165 name:class Misc activity
168.150.177.165 name:name ICMP Destination Unreachable Port Unreachable
168.150.177.165 payload:type ICMP
169.237.5.23 direction:dstport 0
169.237.5.23 direction:soure 168.150.177.165
169.237.5.23 direction:srcport 0
169.237.5.23 id:gid 1
169.237.5.23 id:priority 3
169.237.5.23 id:sid 408
169.237.5.23 id:version 5
169.237.5.23 name:class Misc activity
169.237.5.23 name:name ICMP Echo Reply
169.237.5.23 payload:type ICMP
169.237.7.180 direction:dstport 0
169.237.7.180 direction:soure 168.150.177.165
169.237.7.180 direction:srcport 0
169.237.7.180 id:gid 1
169.237.7.180 id:priority 3
169.237.7.180 id:sid 408
169.237.7.180 id:version 5
169.237.7.180 name:class Misc activity
169.237.7.180 name:name ICMP Echo Reply
169.237.7.180 payload:type ICMP
172.145.36.246 direction:dstport 0
172.145.36.246 direction:soure 168.150.177.165
172.145.36.246 direction:srcport 0
172.145.36.246 id:gid 1
172.145.36.246 id:priority 3
172.145.36.246 id:sid 402
172.145.36.246 id:version 7
172.145.36.246 name:class Misc activity
172.145.36.246 name:name ICMP Destination Unreachable Port Unreachable
172.145.36.246 payload:type ICMP
174.46.118.149 direction:dstport 0
174.46.118.149 direction:soure 168.150.177.165
174.46.118.149 direction:srcport 0
174.46.118.149 id:gid 1
174.46.118.149 id:priority 3
174.46.118.149 id:sid 402
174.46.118.149 id:version 7
174.46.118.149 name:class Misc activity
174.46.118.149 name:name ICMP Destination Unreachable Port Unreachable
174.46.118.149 payload:type ICMP
176.232.251.36 direction:dstport 0
176.232.251.36 direction:soure 168.150.177.165
176.232.251.36 direction:srcport 0
176.232.251.36 id:gid 1
176.232.251.36 id:priority 3
176.232.251.36 id:sid 402
176.232.251.36 id:version 7
176.232.251.36 name:class Misc activity
176.232.251.36 name:name ICMP Destination Unreachable Port Unreachable
176.232.251.36 payload:type ICMP
180.211.173.54 direction:dstport 0
180.211.173.54 direction:soure 168.150.177.165
180.211.173.54 direction:srcport 0
180.211.173.54 id:gid 1
180.211.173.54 id:priority 3
180.211.173.54 id:sid 402
180.211.173.54 id:version 7
180.211.173.54 name:class Misc activity
180.211.173.54 name:name ICMP Destination Unreachable Port Unreachable
180.211.173.54 payload:type ICMP
182.227.184.247 direction:dstport 0
182.227.184.247 direction:soure 168.150.177.165
182.227.184.247 direction:srcport 0
182.227.184.247 id:gid 1
182.227.184.247 id:priority 3
182.227.184.247 id:sid 402
182.227.184.247 id:version 7
182.227.184.247 name:class Misc activity
182.227.184.247 name:name ICMP Destination Unreachable Port Unreachable
182.227.184.247 payload:type ICMP
195.180.37.6 direction:dstport 4626
195.180.37.6 direction:soure 168.150.177.165
195.180.37.6 direction:srcport 445
195.180.37.6 id:gid 1
195.180.37.6 id:priority 1
195.180.37.6 id:sid 2924
195.180.37.6 id:version 3
195.180.37.6 name:class Unsuccessful User Privilege Gain
195.180.37.6 name:name NETBIOS SMB-DS repeated logon failure
195.180.37.6 payload:type TCP
198.227.98.132 direction:dstport 0
198.227.98.132 direction:soure 168.150.177.165
198.227.98.132 direction:srcport 0
198.227.98.132 id:gid 1
198.227.98.132 id:priority 3
198.227.98.132 id:sid 402
198.227.98.132 id:version 7
198.227.98.132 name:class Misc activity
198.227.98.132 name:name ICMP Destination Unreachable Port Unreachable
198.227.98.132 payload:type ICMP
20.219.102.10 direction:dstport 0
20.219.102.10 direction:soure 168.150.177.165
20.219.102.10 direction:srcport 0
20.219.102.10 id:gid 1
20.219.102.10 id:priority 3
20.219.102.10 id:sid 402
20.219.102.10 id:version 7
20.219.102.10 name:class Misc activity
20.219.102.10 name:name ICMP Destination Unreachable Port Unreachable
20.219.102.10 payload:type ICMP
20.46.179.49 direction:dstport 0
20.46.179.49 direction:soure 168.150.177.165
20.46.179.49 direction:srcport 0
20.46.179.49 id:gid 1
20.46.179.49 id:priority 3
20.46.179.49 id:sid 402
20.46.179.49 id:version 7
20.46.179.49 name:class Misc activity
20.46.179.49 name:name ICMP Destination Unreachable Port Unreachable
20.46.179.49 payload:type ICMP
200.105.199.142 direction:dstport 3856
200.105.199.142 direction:soure 168.150.177.165
200.105.199.142 direction:srcport 445
200.105.199.142 id:gid 1
200.105.199.142 id:priority 1
200.105.199.142 id:sid 2924
200.105.199.142 id:version 3
200.105.199.142 name:class Unsuccessful User Privilege Gain
200.105.199.142 name:name NETBIOS SMB-DS repeated logon failure
200.105.199.142 payload:type TCP
200.207.41.77 direction:dstport 2591
200.207.41.77 direction:soure 168.150.177.165
200.207.41.77 direction:srcport 445
200.207.41.77 id:gid 1
200.207.41.77 id:priority 1
200.207.41.77 id:sid 2924
200.207.41.77 id:version 3
200.207.41.77 name:class Unsuccessful User Privilege Gain
200.207.41.77 name:name NETBIOS SMB-DS repeated logon failure
200.207.41.77 payload:type TCP
202.97.193.72 direction:dstport 0
202.97.193.72 direction:soure 168.150.177.165
202.97.193.72 direction:srcport 0
202.97.193.72 id:gid 1
202.97.193.72 id:priority 3
202.97.193.72 id:sid 408
202.97.193.72 id:version 5
202.97.193.72 name:class Misc activity
202.97.193.72 name:name ICMP Echo Reply
202.97.193.72 payload:type ICMP
202.99.172.171 direction:dstport 0
202.99.172.171 direction:soure 168.150.177.165
202.99.172.171 direction:srcport 0
202.99.172.171 id:gid 1
202.99.172.171 id:priority 3
202.99.172.171 id:sid 402
202.99.172.171 id:version 7
202.99.172.171 name:class Misc activity
202.99.172.171 name:name ICMP Destination Unreachable Port Unreachable
202.99.172.171 payload:type ICMP
202.99.172.172 direction:dstport 0
202.99.172.172 direction:soure 168.150.177.165
202.99.172.172 direction:srcport 0
202.99.172.172 id:gid 1
202.99.172.172 id:priority 3
202.99.172.172 id:sid 402
202.99.172.172 id:version 7
202.99.172.172 name:class Misc activity
202.99.172.172 name:name ICMP Destination Unreachable Port Unreachable
202.99.172.172 payload:type ICMP
204.16.208.61 direction:dstport 0
204.16.208.61 direction:soure 168.150.177.165
204.16.208.61 direction:srcport 0
204.16.208.61 id:gid 1
204.16.208.61 id:priority 3
204.16.208.61 id:sid 402
204.16.208.61 id:version 7
204.16.208.61 name:class Misc activity
204.16.208.61 name:name ICMP Destination Unreachable Port Unreachable
204.16.208.61 payload:type ICMP
205.152.165.102 direction:dstport 0
205.152.165.102 direction:soure 168.150.177.165
205.152.165.102 direction:srcport 0
205.152.165.102 id:gid 1
205.152.165.102 id:priority 3
205.152.165.102 id:sid 402
205.152.165.102 id:version 7
205.152.165.102 name:class Misc activity
205.152.165.102 name:name ICMP Destination Unreachable Port Unreachable
205.152.165.102 payload:type ICMP
206.159.178.239 direction:dstport 1581
206.159.178.239 direction:soure 168.150.177.165
206.159.178.239 direction:srcport 445
206.159.178.239 id:gid 1
206.159.178.239 id:priority 1
206.159.178.239 id:sid 2924
206.159.178.239 id:version 3
206.159.178.239 name:class Unsuccessful User Privilege Gain
206.159.178.239 name:name NETBIOS SMB-DS repeated logon failure
206.159.178.239 payload:type TCP
206.162.170.188 direction:dstport 2637
206.162.170.188 direction:soure 168.150.177.165
206.162.170.188 direction:srcport 445
206.162.170.188 id:gid 1
206.162.170.188 id:priority 1
206.162.170.188 id:sid 2924
206.162.170.188 id:version 3
206.162.170.188 name:class Unsuccessful User Privilege Gain
206.162.170.188 name:name NETBIOS SMB-DS repeated logon failure
206.162.170.188 payload:type TCP
207.210.240.12 direction:dstport 0
207.210.240.12 direction:soure 168.150.177.165
207.210.240.12 direction:srcport 0
207.210.240.12 id:gid 1
207.210.240.12 id:priority 3
207.210.240.12 id:sid 402
207.210.240.12 id:version 7
207.210.240.12 name:class Misc activity
207.210.240.12 name:name ICMP Destination Unreachable Port Unreachable
207.210.240.12 payload:type ICMP
207.210.240.22 direction:dstport 0
207.210.240.22 direction:soure 168.150.177.165
207.210.240.22 direction:srcport 0
207.210.240.22 id:gid 1
207.210.240.22 id:priority 3
207.210.240.22 id:sid 402
207.210.240.22 id:version 7
207.210.240.22 name:class Misc activity
207.210.240.22 name:name ICMP Destination Unreachable Port Unreachable
207.210.240.22 payload:type ICMP
207.220.248.51 direction:dstport 0
207.220.248.51 direction:soure 168.150.177.165
207.220.248.51 direction:srcport 0
207.220.248.51 id:gid 1
207.220.248.51 id:priority 3
207.220.248.51 id:sid 402
207.220.248.51 id:version 7
207.220.248.51 name:class Misc activity
207.220.248.51 name:name ICMP Destination Unreachable Port Unreachable
207.220.248.51 payload:type ICMP
207.56.212.95 direction:dstport 0
207.56.212.95 direction:soure 168.150.177.165
207.56.212.95 direction:srcport 0
207.56.212.95 id:gid 1
207.56.212.95 id:priority 3
207.56.212.95 id:sid 402
207.56.212.95 id:version 7
207.56.212.95 name:class Misc activity
207.56.212.95 name:name ICMP Destination Unreachable Port Unreachable
207.56.212.95 payload:type ICMP
210.185.223.146 direction:dstport 0
210.185.223.146 direction:soure 168.150.177.165
210.185.223.146 direction:srcport 0
210.185.223.146 id:gid 1
210.185.223.146 id:priority 3
210.185.223.146 id:sid 402
210.185.223.146 id:version 7
210.185.223.146 name:class Misc activity
210.185.223.146 name:name ICMP Destination Unreachable Port Unreachable
210.185.223.146 payload:type ICMP
212.175.111.242 direction:dstport 1582
212.175.111.242 direction:soure 168.150.177.165
212.175.111.242 direction:srcport 445
212.175.111.242 id:gid 1
212.175.111.242 id:priority 1
212.175.111.242 id:sid 2924
212.175.111.242 id:version 3
212.175.111.242 name:class Unsuccessful User Privilege Gain
212.175.111.242 name:name NETBIOS SMB-DS repeated logon failure
212.175.111.242 payload:type TCP
212.175.208.47 direction:dstport 1753
212.175.208.47 direction:soure 168.150.177.165
212.175.208.47 direction:srcport 445
212.175.208.47 id:gid 1
212.175.208.47 id:priority 1
212.175.208.47 id:sid 2924
212.175.208.47 id:version 3
212.175.208.47 name:class Unsuccessful User Privilege Gain
212.175.208.47 name:name NETBIOS SMB-DS repeated logon failure
212.175.208.47 payload:type TCP
212.187.177.228 direction:dstport 0
212.187.177.228 direction:soure 168.150.177.165
212.187.177.228 direction:srcport 0
212.187.177.228 id:gid 1
212.187.177.228 id:priority 3
212.187.177.228 id:sid 402
212.187.177.228 id:version 7
212.187.177.228 name:class Misc activity
212.187.177.228 name:name ICMP Destination Unreachable Port Unreachable
212.187.177.228 payload:type ICMP
213.35.7.207 direction:dstport 0
213.35.7.207 direction:soure 168.150.177.165
213.35.7.207 direction:srcport 0
213.35.7.207 id:gid 1
213.35.7.207 id:priority 3
213.35.7.207 id:sid 402
213.35.7.207 id:version 7
213.35.7.207 name:class Misc activity
213.35.7.207 name:name ICMP Destination Unreachable Port Unreachable
213.35.7.207 payload:type ICMP
217.208.68.90 direction:dstport 0
217.208.68.90 direction:soure 168.150.177.165
217.208.68.90 direction:srcport 0
217.208.68.90 id:gid 1
217.208.68.90 id:priority 3
217.208.68.90 id:sid 402
217.208.68.90 id:version 7
217.208.68.90 name:class Misc activity
217.208.68.90 name:name ICMP Destination Unreachable Port Unreachable
217.208.68.90 payload:type ICMP
219.117.242.253 direction:dstport 2120
219.117.242.253 direction:soure 168.150.177.165
219.117.242.253 direction:srcport 445
219.117.242.253 id:gid 1
219.117.242.253 id:priority 1
219.117.242.253 id:sid 2924
219.117.242.253 id:version 3
219.117.242.253 name:class Unsuccessful User Privilege Gain
219.117.242.253 name:name NETBIOS SMB-DS repeated logon failure
219.117.242.253 payload:type TCP
22.221.10.223 direction:dstport 0
22.221.10.223 direction:soure 168.150.177.165
22.221.10.223 direction:srcport 0
22.221.10.223 id:gid 1
22.221.10.223 id:priority 3
22.221.10.223 id:sid 402
22.221.10.223 id:version 7
22.221.10.223 name:class Misc activity
22.221.10.223 name:name ICMP Destination Unreachable Port Unreachable
22.221.10.223 payload:type ICMP
220.79.110.181 direction:dstport 0
220.79.110.181 direction:soure 168.150.177.165
220.79.110.181 direction:srcport 0
220.79.110.181 id:gid 1
220.79.110.181 id:priority 3
220.79.110.181 id:sid 408
220.79.110.181 id:version 5
220.79.110.181 name:class Misc activity
220.79.110.181 name:name ICMP Echo Reply
220.79.110.181 payload:type ICMP
221.203.145.56 direction:dstport 0
221.203.145.56 direction:soure 168.150.177.165
221.203.145.56 direction:srcport 0
221.203.145.56 id:gid 1
221.203.145.56 id:priority 3
221.203.145.56 id:sid 402
221.203.145.56 id:version 7
221.203.145.56 name:class Misc activity
221.203.145.56 name:name ICMP Destination Unreachable Port Unreachable
221.203.145.56 payload:type ICMP
221.203.145.73 direction:dstport 0
221.203.145.73 direction:soure 168.150.177.165
221.203.145.73 direction:srcport 0
221.203.145.73 id:gid 1
221.203.145.73 id:priority 3
221.203.145.73 id:sid 402
221.203.145.73 id:version 7
221.203.145.73 name:class Misc activity
221.203.145.73 name:name ICMP Destination Unreachable Port Unreachable
221.203.145.73 payload:type ICMP
221.203.145.74 direction:dstport 0
221.203.145.74 direction:soure 168.150.177.165
221.203.145.74 direction:srcport 0
221.203.145.74 id:gid 1
221.203.145.74 id:priority 3
221.203.145.74 id:sid 402
221.203.145.74 id:version 7
221.203.145.74 name:class Misc activity
221.203.145.74 name:name ICMP Destination Unreachable Port Unreachable
221.203.145.74 payload:type ICMP
221.203.189.44 direction:dstport 0
221.203.189.44 direction:soure 168.150.177.165
221.203.189.44 direction:srcport 0
221.203.189.44 id:gid 1
221.203.189.44 id:priority 3
221.203.189.44 id:sid 402
221.203.189.44 id:version 7
221.203.189.44 name:class Misc activity
221.203.189.44 name:name ICMP Destination Unreachable Port Unreachable
221.203.189.44 payload:type ICMP
222.26.224.140 direction:dstport 0
222.26.224.140 direction:soure 168.150.177.165
222.26.224.140 direction:srcport 0
222.26.224.140 id:gid 1
222.26.224.140 id:priority 3
222.26.224.140 id:sid 402
222.26.224.140 id:version 7
222.26.224.140 name:class Misc activity
222.26.224.140 name:name ICMP Destination Unreachable Port Unreachable
222.26.224.140 payload:type ICMP
223.124.151.30 direction:dstport 0
223.124.151.30 direction:soure 168.150.177.165
223.124.151.30 direction:srcport 0
223.124.151.30 id:gid 1
223.124.151.30 id:priority 3
223.124.151.30 id:sid 402
223.124.151.30 id:version 7
223.124.151.30 name:class Misc activity
223.124.151.30 name:name ICMP Destination Unreachable Port Unreachable
223.124.151.30 payload:type ICMP
224.0.0.1 direction:dstport 0
224.0.0.1 direction:soure 140.110.138.5
224.0.0.1 direction:srcport 0
224.0.0.1 id:gid 1
224.0.0.1 id:priority 3
224.0.0.1 id:sid 384
224.0.0.1 id:version 5
224.0.0.1 name:class Misc activity
224.0.0.1 name:name ICMP PING
224.0.0.1 payload:type ICMP
224.0.0.13 direction:dstport 0
224.0.0.13 direction:soure 140.110.138.253
224.0.0.13 direction:srcport 0
224.0.0.13 id:gid 1
224.0.0.13 id:priority 2
224.0.0.13 id:sid 2189
224.0.0.13 id:version 3
224.0.0.13 name:class Detection of a non-standard protocol or event
224.0.0.13 name:name BAD-TRAFFIC IP Proto 103 PIM
224.0.0.13 payload:type PIM
23.227.229.222 direction:dstport 0
23.227.229.222 direction:soure 168.150.177.165
23.227.229.222 direction:srcport 0
23.227.229.222 id:gid 1
23.227.229.222 id:priority 3
23.227.229.222 id:sid 402
23.227.229.222 id:version 7
23.227.229.222 name:class Misc activity
23.227.229.222 name:name ICMP Destination Unreachable Port Unreachable
23.227.229.222 payload:type ICMP
239.255.255.250 direction:dstport 1900
239.255.255.250 direction:soure 168.150.177.165
239.255.255.250 direction:srcport 1028
239.255.255.250 id:gid 1
239.255.255.250 id:priority 3
239.255.255.250 id:sid 1917
239.255.255.250 id:version 6
239.255.255.250 name:class Detection of a Network Scan
239.255.255.250 name:name SCAN UPnP service discover attempt
239.255.255.250 payload:type UDP
24.105.187.229 direction:dstport 3641
24.105.187.229 direction:soure 168.150.177.165
24.105.187.229 direction:srcport 445
24.105.187.229 id:gid 1
24.105.187.229 id:priority 1
24.105.187.229 id:sid 2924
24.105.187.229 id:version 3
24.105.187.229 name:class Unsuccessful User Privilege Gain
24.105.187.229 name:name NETBIOS SMB-DS repeated logon failure
24.105.187.229 payload:type TCP
24.7.178.192 direction:dstport 0
24.7.178.192 direction:soure 168.150.177.165
24.7.178.192 direction:srcport 0
24.7.178.192 id:gid 1
24.7.178.192 id:priority 3
24.7.178.192 id:sid 408
24.7.178.192 id:version 5
24.7.178.192 name:class Misc activity
24.7.178.192 name:name ICMP Echo Reply
24.7.178.192 payload:type ICMP
24.96.107.24 direction:dstport 0
24.96.107.24 direction:soure 168.150.177.165
24.96.107.24 direction:srcport 0
24.96.107.24 id:gid 1
24.96.107.24 id:priority 3
24.96.107.24 id:sid 408
24.96.107.24 id:version 5
24.96.107.24 name:class Misc activity
24.96.107.24 name:name ICMP Echo Reply
24.96.107.24 payload:type ICMP
34.168.1.34 direction:dstport 0
34.168.1.34 direction:soure 168.150.177.165
34.168.1.34 direction:srcport 0
34.168.1.34 id:gid 1
34.168.1.34 id:priority 3
34.168.1.34 id:sid 402
34.168.1.34 id:version 7
34.168.1.34 name:class Misc activity
34.168.1.34 name:name ICMP Destination Unreachable Port Unreachable
34.168.1.34 payload:type ICMP
36.57.178.19 direction:dstport 0
36.57.178.19 direction:soure 168.150.177.165
36.57.178.19 direction:srcport 0
36.57.178.19 id:gid 1
36.57.178.19 id:priority 3
36.57.178.19 id:sid 402
36.57.178.19 id:version 7
36.57.178.19 name:class Misc activity
36.57.178.19 name:name ICMP Destination Unreachable Port Unreachable
36.57.178.19 payload:type ICMP
37.12.58.204 direction:dstport 0
37.12.58.204 direction:soure 168.150.177.165
37.12.58.204 direction:srcport 0
37.12.58.204 id:gid 1
37.12.58.204 id:priority 3
37.12.58.204 id:sid 402
37.12.58.204 id:version 7
37.12.58.204 name:class Misc activity
37.12.58.204 name:name ICMP Destination Unreachable Port Unreachable
37.12.58.204 payload:type ICMP
39.162.217.80 direction:dstport 0
39.162.217.80 direction:soure 168.150.177.165
39.162.217.80 direction:srcport 0
39.162.217.80 id:gid 1
39.162.217.80 id:priority 3
39.162.217.80 id:sid 402
39.162.217.80 id:version 7
39.162.217.80 name:class Misc activity
39.162.217.80 name:name ICMP Destination Unreachable Port Unreachable
39.162.217.80 payload:type ICMP
39.227.15.107 direction:dstport 0
39.227.15.107 direction:soure 168.150.177.165
39.227.15.107 direction:srcport 0
39.227.15.107 id:gid 1
39.227.15.107 id:priority 3
39.227.15.107 id:sid 402
39.227.15.107 id:version 7
39.227.15.107 name:class Misc activity
39.227.15.107 name:name ICMP Destination Unreachable Port Unreachable
39.227.15.107 payload:type ICMP
43.89.251.229 direction:dstport 0
43.89.251.229 direction:soure 168.150.177.165
43.89.251.229 direction:srcport 0
43.89.251.229 id:gid 1
43.89.251.229 id:priority 3
43.89.251.229 id:sid 402
43.89.251.229 id:version 7
43.89.251.229 name:class Misc activity
43.89.251.229 name:name ICMP Destination Unreachable Port Unreachable
43.89.251.229 payload:type ICMP
57.61.61.63 direction:dstport 0
57.61.61.63 direction:soure 168.150.177.165
57.61.61.63 direction:srcport 0
57.61.61.63 id:gid 1
57.61.61.63 id:priority 3
57.61.61.63 id:sid 402
57.61.61.63 id:version 7
57.61.61.63 name:class Misc activity
57.61.61.63 name:name ICMP Destination Unreachable Port Unreachable
57.61.61.63 payload:type ICMP
58.47.158.247 direction:dstport 0
58.47.158.247 direction:soure 168.150.177.165
58.47.158.247 direction:srcport 0
58.47.158.247 id:gid 1
58.47.158.247 id:priority 3
58.47.158.247 id:sid 402
58.47.158.247 id:version 7
58.47.158.247 name:class Misc activity
58.47.158.247 name:name ICMP Destination Unreachable Port Unreachable
58.47.158.247 payload:type ICMP
60.8.86.98 direction:dstport 0
60.8.86.98 direction:soure 168.150.177.165
60.8.86.98 direction:srcport 0
60.8.86.98 id:gid 1
60.8.86.98 id:priority 3
60.8.86.98 id:sid 408
60.8.86.98 id:version 5
60.8.86.98 name:class Misc activity
60.8.86.98 name:name ICMP Echo Reply
60.8.86.98 payload:type ICMP
61.156.42.101 direction:dstport 0
61.156.42.101 direction:soure 168.150.177.165
61.156.42.101 direction:srcport 0
61.156.42.101 id:gid 1
61.156.42.101 id:priority 3
61.156.42.101 id:sid 402
61.156.42.101 id:version 7
61.156.42.101 name:class Misc activity
61.156.42.101 name:name ICMP Destination Unreachable Port Unreachable
61.156.42.101 payload:type ICMP
61.156.42.103 direction:dstport 0
61.156.42.103 direction:soure 168.150.177.165
61.156.42.103 direction:srcport 0
61.156.42.103 id:gid 1
61.156.42.103 id:priority 3
61.156.42.103 id:sid 402
61.156.42.103 id:version 7
61.156.42.103 name:class Misc activity
61.156.42.103 name:name ICMP Destination Unreachable Port Unreachable
61.156.42.103 payload:type ICMP
61.186.97.131 direction:dstport 0
61.186.97.131 direction:soure 168.150.177.165
61.186.97.131 direction:srcport 0
61.186.97.131 id:gid 1
61.186.97.131 id:priority 3
61.186.97.131 id:sid 402
61.186.97.131 id:version 7
61.186.97.131 name:class Misc activity
61.186.97.131 name:name ICMP Destination Unreachable Port Unreachable
61.186.97.131 payload:type ICMP
63.87.226.35 direction:dstport 3042
63.87.226.35 direction:soure 168.150.177.165
63.87.226.35 direction:srcport 445
63.87.226.35 id:gid 1
63.87.226.35 id:priority 1
63.87.226.35 id:sid 2924
63.87.226.35 id:version 3
63.87.226.35 name:class Unsuccessful User Privilege Gain
63.87.226.35 name:name NETBIOS SMB-DS repeated logon failure
63.87.226.35 payload:type TCP
63.90.117.56 direction:dstport 3633
63.90.117.56 direction:soure 168.150.177.165
63.90.117.56 direction:srcport 445
63.90.117.56 id:gid 1
63.90.117.56 id:priority 1
63.90.117.56 id:sid 2924
63.90.117.56 id:version 3
63.90.117.56 name:class Unsuccessful User Privilege Gain
63.90.117.56 name:name NETBIOS SMB-DS repeated logon failure
63.90.117.56 payload:type TCP
64.148.211.242 direction:dstport 1185
64.148.211.242 direction:soure 168.150.177.165
64.148.211.242 direction:srcport 445
64.148.211.242 id:gid 1
64.148.211.242 id:priority 1
64.148.211.242 id:sid 2924
64.148.211.242 id:version 3
64.148.211.242 name:class Unsuccessful User Privilege Gain
64.148.211.242 name:name NETBIOS SMB-DS repeated logon failure
64.148.211.242 payload:type TCP
64.201.236.198 direction:dstport 3227
64.201.236.198 direction:soure 168.150.177.165
64.201.236.198 direction:srcport 445
64.201.236.198 id:gid 1
64.201.236.198 id:priority 1
64.201.236.198 id:sid 2924
64.201.236.198 id:version 3
64.201.236.198 name:class Unsuccessful User Privilege Gain
64.201.236.198 name:name NETBIOS SMB-DS repeated logon failure
64.201.236.198 payload:type TCP
65.114.168.237 direction:dstport 0
65.114.168.237 direction:soure 168.150.177.165
65.114.168.237 direction:srcport 0
65.114.168.237 id:gid 1
65.114.168.237 id:priority 3
65.114.168.237 id:sid 408
65.114.168.237 id:version 5
65.114.168.237 name:class Misc activity
65.114.168.237 name:name ICMP Echo Reply
65.114.168.237 payload:type ICMP
66.103.174.225 direction:dstport 0
66.103.174.225 direction:soure 168.150.177.165
66.103.174.225 direction:srcport 0
66.103.174.225 id:gid 1
66.103.174.225 id:priority 3
66.103.174.225 id:sid 402
66.103.174.225 id:version 7
66.103.174.225 name:class Misc activity
66.103.174.225 name:name ICMP Destination Unreachable Port Unreachable
66.103.174.225 payload:type ICMP
66.35.192.227 direction:dstport 0
66.35.192.227 direction:soure 168.150.177.165
66.35.192.227 direction:srcport 0
66.35.192.227 id:gid 1
66.35.192.227 id:priority 3
66.35.192.227 id:sid 402
66.35.192.227 id:version 7
66.35.192.227 name:class Misc activity
66.35.192.227 name:name ICMP Destination Unreachable Port Unreachable
66.35.192.227 payload:type ICMP
68.116.49.23 direction:dstport 60667
68.116.49.23 direction:soure 168.150.177.165
68.116.49.23 direction:srcport 445
68.116.49.23 id:gid 1
68.116.49.23 id:priority 1
68.116.49.23 id:sid 2924
68.116.49.23 id:version 3
68.116.49.23 name:class Unsuccessful User Privilege Gain
68.116.49.23 name:name NETBIOS SMB-DS repeated logon failure
68.116.49.23 payload:type TCP
68.254.5.217 direction:dstport 4243
68.254.5.217 direction:soure 168.150.177.165
68.254.5.217 direction:srcport 445
68.254.5.217 id:gid 1
68.254.5.217 id:priority 1
68.254.5.217 id:sid 2924
68.254.5.217 id:version 3
68.254.5.217 name:class Unsuccessful User Privilege Gain
68.254.5.217 name:name NETBIOS SMB-DS repeated logon failure
68.254.5.217 payload:type TCP
68.52.58.192 direction:dstport 0
68.52.58.192 direction:soure 168.150.177.165
68.52.58.192 direction:srcport 0
68.52.58.192 id:gid 1
68.52.58.192 id:priority 3
68.52.58.192 id:sid 408
68.52.58.192 id:version 5
68.52.58.192 name:class Misc activity
68.52.58.192 name:name ICMP Echo Reply
68.52.58.192 payload:type ICMP
70.20.129.58 direction:dstport 2688
70.20.129.58 direction:soure 168.150.177.165
70.20.129.58 direction:srcport 445
70.20.129.58 id:gid 1
70.20.129.58 id:priority 1
70.20.129.58 id:sid 2924
70.20.129.58 id:version 3
70.20.129.58 name:class Unsuccessful User Privilege Gain
70.20.129.58 name:name NETBIOS SMB-DS repeated logon failure
70.20.129.58 payload:type TCP
8.173.117.77 direction:dstport 0
8.173.117.77 direction:soure 168.150.177.165
8.173.117.77 direction:srcport 0
8.173.117.77 id:gid 1
8.173.117.77 id:priority 3
8.173.117.77 id:sid 402
8.173.117.77 id:version 7
8.173.117.77 name:class Misc activity
8.173.117.77 name:name ICMP Destination Unreachable Port Unreachable
8.173.117.77 payload:type ICMP
8.34.19.235 direction:dstport 0
8.34.19.235 direction:soure 168.150.177.165
8.34.19.235 direction:srcport 0
8.34.19.235 id:gid 1
8.34.19.235 id:priority 3
8.34.19.235 id:sid 402
8.34.19.235 id:version 7
8.34.19.235 name:class Misc activity
8.34.19.235 name:name ICMP Destination Unreachable Port Unreachable
8.34.19.235 payload:type ICMP
80.203.220.210 direction:dstport 1662
80.203.220.210 direction:soure 168.150.177.165
80.203.220.210 direction:srcport 445
80.203.220.210 id:gid 1
80.203.220.210 id:priority 1
80.203.220.210 id:sid 2924
80.203.220.210 id:version 3
80.203.220.210 name:class Unsuccessful User Privilege Gain
80.203.220.210 name:name NETBIOS SMB-DS repeated logon failure
80.203.220.210 payload:type TCP
80.252.21.163 direction:dstport 0
80.252.21.163 direction:soure 168.150.177.165
80.252.21.163 direction:srcport 0
80.252.21.163 id:gid 1
80.252.21.163 id:priority 3
80.252.21.163 id:sid 402
80.252.21.163 id:version 7
80.252.21.163 name:class Misc activity
80.252.21.163 name:name ICMP Destination Unreachable Port Unreachable
80.252.21.163 payload:type ICMP
82.70.205.178 direction:dstport 3745
82.70.205.178 direction:soure 168.150.177.165
82.70.205.178 direction:srcport 445
82.70.205.178 id:gid 1
82.70.205.178 id:priority 1
82.70.205.178 id:sid 2924
82.70.205.178 id:version 3
82.70.205.178 name:class Unsuccessful User Privilege Gain
82.70.205.178 name:name NETBIOS SMB-DS repeated logon failure
82.70.205.178 payload:type TCP
83.220.74.162 direction:dstport 0
83.220.74.162 direction:soure 168.150.177.165
83.220.74.162 direction:srcport 0
83.220.74.162 id:gid 1
83.220.74.162 id:priority 3
83.220.74.162 id:sid 402
83.220.74.162 id:version 7
83.220.74.162 name:class Misc activity
83.220.74.162 name:name ICMP Destination Unreachable Port Unreachable
83.220.74.162 payload:type ICMP
91.156.41.244 direction:dstport 0
91.156.41.244 direction:soure 168.150.177.165
91.156.41.244 direction:srcport 0
91.156.41.244 id:gid 1
91.156.41.244 id:priority 3
91.156.41.244 id:sid 402
91.156.41.244 id:version 7
91.156.41.244 name:class Misc activity
91.156.41.244 name:name ICMP Destination Unreachable Port Unreachable
91.156.41.244 payload:type ICMP
95.105.169.35 direction:dstport 0
95.105.169.35 direction:soure 168.150.177.165
95.105.169.35 direction:srcport 0
95.105.169.35 id:gid 1
95.105.169.35 id:priority 3
95.105.169.35 id:sid 402
95.105.169.35 id:version 7
95.105.169.35 name:class Misc activity
95.105.169.35 name:name ICMP Destination Unreachable Port Unreachable
95.105.169.35 payload:type ICMP
95.149.33.232 direction:dstport 0
95.149.33.232 direction:soure 168.150.177.165
95.149.33.232 direction:srcport 0
95.149.33.232 id:gid 1
95.149.33.232 id:priority 3
95.149.33.232 id:sid 402
95.149.33.232 id:version 7
95.149.33.232 name:class Misc activity
95.149.33.232 name:name ICMP Destination Unreachable Port Unreachable
95.149.33.232 payload:type ICMP
97.76.172.44 direction:dstport 0
97.76.172.44 direction:soure 168.150.177.165
97.76.172.44 direction:srcport 0
97.76.172.44 id:gid 1
97.76.172.44 id:priority 3
97.76.172.44 id:sid 402
97.76.172.44 id:version 7
97.76.172.44 name:class Misc activity
97.76.172.44 name:name ICMP Destination Unreachable Port Unreachable
97.76.172.44 payload:type ICMP

98 row(s) in set.

}}}