程式碼
package tw.org.nchc.code; import java.io.IOException; import java.text.ParsePosition; import java.text.SimpleDateFormat; import java.util.Date; import java.util.Locale; import org.apache.hadoop.fs.FileStatus; import org.apache.hadoop.fs.FileSystem; import org.apache.hadoop.fs.Path; import org.apache.hadoop.hbase.HBaseAdmin; import org.apache.hadoop.hbase.HBaseConfiguration; import org.apache.hadoop.hbase.HColumnDescriptor; import org.apache.hadoop.hbase.HTable; import org.apache.hadoop.hbase.HTableDescriptor; import org.apache.hadoop.io.Text; import org.apache.hadoop.io.Writable; import org.apache.hadoop.io.WritableComparable; import org.apache.hadoop.mapred.ClusterStatus; import org.apache.hadoop.mapred.JobClient; import org.apache.hadoop.mapred.JobConf; import org.apache.hadoop.mapred.MapReduceBase; import org.apache.hadoop.mapred.Mapper; import org.apache.hadoop.mapred.OutputCollector; import org.apache.hadoop.mapred.Reporter; class Log { String gid, sid, version; String alert_name, class_type, priority; String source, destination, type; String srcport, dstport,tmp; public Log(String data) { String[] arr = data.split(";"); this.gid = arr[0]; this.sid = arr[1]; this.version = arr[2]; this.alert_name = arr[3]; this.class_type = arr[4]; this.priority = arr[5]; this.timestamp = getTime(arr[7] + "/" + arr[6] + ":" + arr[8] + ":" + arr[9] + ":" + arr[10]); this.source = getIP(arr[11]); this.srcport = this.tmp; this.destination = getIP(arr[12]); this.dstport = this.tmp; this.type = arr[13]; } long timestamp; String getIP(String str){ String res; int n = str.indexOf(":"); if (n == -1) { res = str; this.tmp = "0"; } else { String[] vec = str.split(":"); res = vec[0]; this.tmp = vec[1]; } return res; } long getTime(String str) { SimpleDateFormat sdf = new SimpleDateFormat("dd/MM:HH:mm:ss", Locale.TAIWAN); Long timestamp = sdf.parse(str, new ParsePosition(0)).getTime(); return timestamp; } } // import AccessLogParser public class SnortBase { static HBaseConfiguration conf = new HBaseConfiguration(); public static final String TABLE = "table.name"; static String tableName = "NewSnort"; static HTable table = null; public static class MapClass extends MapReduceBase implements Mapper<WritableComparable, Text, Text, Writable> { public void configure(JobConf job) { } public void map(WritableComparable key, Text value, OutputCollector<Text, Writable> output, Reporter reporter) throws IOException { Log log = new Log(value.toString()); String property_name = "priority="+log.priority+ ";class="+log.class_type+ ";snort_id="+log.sid; String property_source = log.source+":"+log.srcport+" => " +log.destination+":"+log.dstport; String property_payload = log.type; if (table == null) table = new HTable(conf, new Text(tableName)); long lockId = table.startUpdate(new Text(log.destination+":"+log.sid)); table.put(lockId, new Text("name:"+log.alert_name), property_name.getBytes()); table.put(lockId, new Text("from:"+log.source), property_source.getBytes()); table.put(lockId, new Text("payload:"+log.type), property_payload.getBytes()); table.commit(lockId, log.timestamp); } } // do it to resolve warning : FileSystem.listPaths static public Path[] listPaths(FileSystem fsm, Path path) throws IOException { FileStatus[] fss = fsm.listStatus(path); int length = fss.length; Path[] pi = new Path[length]; for (int i = 0; i < length; i++) { pi[i] = fss[i].getPath(); } return pi; } public static void runMapReduce(String tableName, String inpath) throws IOException { Path tempDir = new Path("/tmp/Mylog/"); Path InputPath = new Path(inpath); FileSystem fs = FileSystem.get(conf); JobConf jobConf = new JobConf(conf, SnortBase.class); jobConf.setJobName("Snort Parse"); jobConf.set(TABLE, tableName); jobConf.setInputPath(InputPath); jobConf.setOutputPath(tempDir); jobConf.setMapperClass(MapClass.class); JobClient client = new JobClient(jobConf); ClusterStatus cluster = client.getClusterStatus(); jobConf.setNumMapTasks(cluster.getMapTasks()); jobConf.setNumReduceTasks(0); fs.delete(tempDir); JobClient.runJob(jobConf); fs.delete(tempDir); fs.close(); } public static void creatTable(String table) throws IOException { HBaseAdmin admin = new HBaseAdmin(conf); if (!admin.tableExists(new Text(table))) { System.out.println("1. " + table + " table creating ... please wait"); HTableDescriptor tableDesc = new HTableDescriptor(table); tableDesc.addFamily(new HColumnDescriptor("name:")); tableDesc.addFamily(new HColumnDescriptor("from:")); tableDesc.addFamily(new HColumnDescriptor("payload:")); admin.createTable(tableDesc); } else { System.out.println("1. " + table + " table already exists."); } System.out.println("2. access_log files fetching using map/reduce"); } public static void main(String[] args) throws IOException, Exception { String path = "/user/waue/snort-log/alert_flex_parsed.txt"; creatTable(tableName); runMapReduce(tableName, path); } }
執行結果
128 row(s) in set. (0.29 sec)
Row | Column | Cell |
---|---|---|
105.175.203.246<=402 | from:168.150.177.165 | 168.150.177.165:0 => 105.175.203.246:0 |
105.175.203.246<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
105.175.203.246<=402 | payload:ICMP | ICMP |
105.219.67.188<=402 | from:168.150.177.165 | 168.150.177.165:0 => 105.219.67.188:0 |
105.219.67.188<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
105.219.67.188<=402 | payload:ICMP | ICMP |
108.69.106.249<=402 | from:168.150.177.165 | 168.150.177.165:0 => 108.69.106.249:0 |
108.69.106.249<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
108.69.106.249<=402 | payload:ICMP | ICMP |
111.243.168.133<=402 | from:168.150.177.165 | 168.150.177.165:0 => 111.243.168.133:0 |
111.243.168.133<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
111.243.168.133<=402 | payload:ICMP | ICMP |
111.87.222.49<=402 | from:168.150.177.165 | 168.150.177.165:0 => 111.87.222.49:0 |
111.87.222.49<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
111.87.222.49<=402 | payload:ICMP | ICMP |
117.35.249.36<=402 | from:168.150.177.165 | 168.150.177.165:0 => 117.35.249.36:0 |
117.35.249.36<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
117.35.249.36<=402 | payload:ICMP | ICMP |
123.154.36.61<=402 | from:168.150.177.165 | 168.150.177.165:0 => 123.154.36.61:0 |
123.154.36.61<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
123.154.36.61<=402 | payload:ICMP | ICMP |
124.47.161.50<=2924 | from:168.150.177.165 | 168.150.177.165:445 => 124.47.161.50:3729 |
124.47.161.50<=2924 | name:NETBIOS SMB-DS repeated logon failure | priority=1class=Unsuccessful User Privilege Gain |
124.47.161.50<=2924 | payload:TCP | TCP |
133.84.11.26<=402 | from:168.150.177.165 | 168.150.177.165:0 => 133.84.11.26:0 |
133.84.11.26<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
133.84.11.26<=402 | payload:ICMP | ICMP |
135.99.60.82<=402 | from:168.150.177.165 | 168.150.177.165:0 => 135.99.60.82:0 |
135.99.60.82<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
135.99.60.82<=402 | payload:ICMP | ICMP |
140.110.138.192<=100000137 | from:140.110.138.191 | 140.110.138.191:24800 => 140.110.138.192:39014 |
140.110.138.192<=100000137 | name:COMMUNITY MISC BAD-SSL tcp detect | priority=3class=Misc activity |
140.110.138.192<=100000137 | payload:TCP | TCP |
142.22.78.231<=402 | from:168.150.177.165 | 168.150.177.165:0 => 142.22.78.231:0 |
142.22.78.231<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
142.22.78.231<=402 | payload:ICMP | ICMP |
145.127.244.37<=402 | from:168.150.177.165 | 168.150.177.165:0 => 145.127.244.37:0 |
145.127.244.37<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
145.127.244.37<=402 | payload:ICMP | ICMP |
16.197.30.30<=402 | from:168.150.177.165 | 168.150.177.165:0 => 16.197.30.30:0 |
16.197.30.30<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
16.197.30.30<=402 | payload:ICMP | ICMP |
165.228.223.251<=2924 | from:168.150.177.165 | 168.150.177.165:445 => 165.228.223.251:3706 |
165.228.223.251<=2924 | name:NETBIOS SMB-DS repeated logon failure | priority=1class=Unsuccessful User Privilege Gain |
165.228.223.251<=2924 | payload:TCP | TCP |
167.85.69.97<=402 | from:168.150.177.165 | 168.150.177.165:0 => 167.85.69.97:0 |
167.85.69.97<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
167.85.69.97<=402 | payload:ICMP | ICMP |
168.150.177.115<=402 | from:168.150.177.165 | 168.150.177.165:0 => 168.150.177.115:0 |
168.150.177.115<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
168.150.177.115<=402 | payload:ICMP | ICMP |
168.150.177.115<=408 | from:168.150.177.165 | 168.150.177.165:0 => 168.150.177.115:0 |
168.150.177.115<=408 | name:ICMP Echo Reply | priority=3class=Misc activity |
168.150.177.115<=408 | payload:ICMP | ICMP |
168.150.177.165<=1411 | from:24.7.178.192 | 24.7.178.192:35974 => 168.150.177.165:161 |
168.150.177.165<=1411 | name:SNMP public access udp | priority=2class=Attempted Information Leak |
168.150.177.165<=1411 | payload:UDP | UDP |
168.150.177.165<=1417 | from:24.7.178.192 | 24.7.178.192:35974 => 168.150.177.165:161 |
168.150.177.165<=1417 | name:SNMP request udp | priority=2class=Attempted Information Leak |
168.150.177.165<=1417 | payload:UDP | UDP |
168.150.177.165<=18 | from:172.145.36.246 | 172.145.36.246:0 => 168.150.177.165:0 |
168.150.177.165<=18 | name:(portscan) UDP Decoy Portscan | priority=3class=Port Scan |
168.150.177.165<=18 | payload:PROTO:255 | PROTO:255 |
168.150.177.165<=2 | from:222.100.101.2 | 222.100.101.2:0 => 168.150.177.165:0 |
168.150.177.165<=2 | name:(portscan) TCP Decoy Portscan | priority=3class=Port Scan |
168.150.177.165<=2 | payload:PROTO:255 | PROTO:255 |
168.150.177.165<=2182 | from:219.47.72.53 | 219.47.72.53:34664 => 168.150.177.165:55728 |
168.150.177.165<=2182 | from:220.144.91.32 | 220.144.91.32:34664 => 168.150.177.165:55728 |
168.150.177.165<=2182 | name:BACKDOOR typot trojan traffic | priority=1class=A Network Trojan was detected |
168.150.177.165<=2182 | payload:TCP | TCP |
168.150.177.165<=2351 | from:12.215.86.115 | 12.215.86.115:1725 => 168.150.177.165:135 |
168.150.177.165<=2351 | from:143.238.254.172 | 143.238.254.172:38037 => 168.150.177.165:135 |
168.150.177.165<=2351 | from:172.131.96.11 | 172.131.96.11:4125 => 168.150.177.165:135 |
168.150.177.165<=2351 | from:172.209.45.131 | 172.209.45.131:4492 => 168.150.177.165:135 |
168.150.177.165<=2351 | from:208.28.150.10 | 208.28.150.10:2327 => 168.150.177.165:135 |
168.150.177.165<=2351 | from:213.139.233.82 | 213.139.233.82:29543 => 168.150.177.165:135 |
168.150.177.165<=2351 | from:216.230.44.131 | 216.230.44.131:36188 => 168.150.177.165:135 |
168.150.177.165<=2351 | from:58.107.83.219 | 58.107.83.219:61335 => 168.150.177.165:135 |
168.150.177.165<=2351 | from:60.173.70.174 | 60.173.70.174:60112 => 168.150.177.165:135 |
168.150.177.165<=2351 | from:60.234.234.235 | 60.234.234.235:4016 => 168.150.177.165:135 |
168.150.177.165<=2351 | from:62.62.141.11 | 62.62.141.11:31463 => 168.150.177.165:135 |
168.150.177.165<=2351 | from:69.204.206.39 | 69.204.206.39:3469 => 168.150.177.165:135 |
168.150.177.165<=2351 | from:72.242.6.121 | 72.242.6.121:2825 => 168.150.177.165:135 |
168.150.177.165<=2351 | from:80.183.136.26 | 80.183.136.26:3834 => 168.150.177.165:135 |
168.150.177.165<=2351 | from:85.64.246.247 | 85.64.246.247:3083 => 168.150.177.165:135 |
168.150.177.165<=2351 | name:NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode | priority=1class=Attempted Administrator Privilege Gain |
168.150.177.165<=2351 | payload:TCP | TCP |
168.150.177.165<=2403 | from:124.47.161.50 | 124.47.161.50:1029 => 168.150.177.165:139 |
168.150.177.165<=2403 | from:212.175.111.242 | 212.175.111.242:1051 => 168.150.177.165:139 |
168.150.177.165<=2403 | from:58.238.103.14 | 58.238.103.14:4507 => 168.150.177.165:139 |
168.150.177.165<=2403 | from:59.114.124.128 | 59.114.124.128:62410 => 168.150.177.165:139 |
168.150.177.165<=2403 | from:63.87.226.35 | 63.87.226.35:4201 => 168.150.177.165:139 |
168.150.177.165<=2403 | name:NETBIOS SMB Session Setup AndX request unicode username overflow attempt | priority=1class=Attempted Administrator Privilege Gain |
168.150.177.165<=2403 | payload:TCP | TCP |
168.150.177.165<=2404 | from:124.47.161.50 | 124.47.161.50:3856 => 168.150.177.165:445 |
168.150.177.165<=2404 | from:151.205.152.150 | 151.205.152.150:1362 => 168.150.177.165:445 |
168.150.177.165<=2404 | from:165.228.223.251 | 165.228.223.251:4361 => 168.150.177.165:445 |
168.150.177.165<=2404 | from:168.226.4.156 | 168.226.4.156:1707 => 168.150.177.165:445 |
168.150.177.165<=2404 | from:195.180.37.6 | 195.180.37.6:4392 => 168.150.177.165:445 |
168.150.177.165<=2404 | from:200.105.199.142 | 200.105.199.142:2233 => 168.150.177.165:445 |
168.150.177.165<=2404 | from:200.207.41.77 | 200.207.41.77:2686 => 168.150.177.165:445 |
168.150.177.165<=2404 | from:206.159.178.239 | 206.159.178.239:1505 => 168.150.177.165:445 |
168.150.177.165<=2404 | from:206.162.170.188 | 206.162.170.188:3031 => 168.150.177.165:445 |
168.150.177.165<=2404 | from:212.175.111.242 | 212.175.111.242:3100 => 168.150.177.165:445 |
168.150.177.165<=2404 | from:212.175.208.47 | 212.175.208.47:2376 => 168.150.177.165:445 |
168.150.177.165<=2404 | from:216.138.123.38 | 216.138.123.38:3046 => 168.150.177.165:445 |
168.150.177.165<=2404 | from:218.163.231.62 | 218.163.231.62:3426 => 168.150.177.165:445 |
168.150.177.165<=2404 | from:218.170.102.140 | 218.170.102.140:4913 => 168.150.177.165:445 |
168.150.177.165<=2404 | from:219.117.242.253 | 219.117.242.253:2120 => 168.150.177.165:445 |
168.150.177.165<=2404 | from:219.235.49.90 | 219.235.49.90:4842 => 168.150.177.165:445 |
168.150.177.165<=2404 | from:24.105.187.229 | 24.105.187.229:3693 => 168.150.177.165:445 |
168.150.177.165<=2404 | from:61.120.225.67 | 61.120.225.67:3712 => 168.150.177.165:445 |
168.150.177.165<=2404 | from:62.35.20.128 | 62.35.20.128:2766 => 168.150.177.165:445 |
168.150.177.165<=2404 | from:63.87.226.35 | 63.87.226.35:3102 => 168.150.177.165:445 |
168.150.177.165<=2404 | from:63.90.117.56 | 63.90.117.56:4035 => 168.150.177.165:445 |
168.150.177.165<=2404 | from:64.148.211.242 | 64.148.211.242:1817 => 168.150.177.165:445 |
168.150.177.165<=2404 | from:64.201.236.198 | 64.201.236.198:3363 => 168.150.177.165:445 |
168.150.177.165<=2404 | from:66.66.255.9 | 66.66.255.9:4042 => 168.150.177.165:445 |
168.150.177.165<=2404 | from:70.150.95.119 | 70.150.95.119:3822 => 168.150.177.165:445 |
168.150.177.165<=2404 | from:70.20.129.58 | 70.20.129.58:1774 => 168.150.177.165:445 |
168.150.177.165<=2404 | from:71.99.253.94 | 71.99.253.94:1483 => 168.150.177.165:445 |
168.150.177.165<=2404 | from:87.219.188.122 | 87.219.188.122:3609 => 168.150.177.165:445 |
168.150.177.165<=2404 | name:NETBIOS SMB-DS Session Setup AndX request unicode username overflow attempt | priority=1class=Attempted Administrator Privilege Gain |
168.150.177.165<=2404 | payload:TCP | TCP |
168.150.177.165<=2466 | from:12.176.80.239 | 12.176.80.239:1352 => 168.150.177.165:445 |
168.150.177.165<=2466 | from:125.203.127.46 | 125.203.127.46:1300 => 168.150.177.165:445 |
168.150.177.165<=2466 | from:168.160.224.133 | 168.160.224.133:1549 => 168.150.177.165:445 |
168.150.177.165<=2466 | from:168.226.136.174 | 168.226.136.174:4093 => 168.150.177.165:445 |
168.150.177.165<=2466 | from:170.163.160.201 | 170.163.160.201:32410 => 168.150.177.165:445 |
168.150.177.165<=2466 | from:202.56.255.38 | 202.56.255.38:46297 => 168.150.177.165:445 |
168.150.177.165<=2466 | from:207.155.240.226 | 207.155.240.226:17507 => 168.150.177.165:445 |
168.150.177.165<=2466 | from:212.123.21.67 | 212.123.21.67:5460 => 168.150.177.165:445 |
168.150.177.165<=2466 | from:213.92.32.16 | 213.92.32.16:4755 => 168.150.177.165:445 |
168.150.177.165<=2466 | from:216.241.50.148 | 216.241.50.148:3396 => 168.150.177.165:445 |
168.150.177.165<=2466 | from:218.219.220.239 | 218.219.220.239:2594 => 168.150.177.165:445 |
168.150.177.165<=2466 | from:219.164.3.40 | 219.164.3.40:4065 => 168.150.177.165:445 |
168.150.177.165<=2466 | from:61.57.245.34 | 61.57.245.34:14634 => 168.150.177.165:445 |
168.150.177.165<=2466 | from:63.161.52.34 | 63.161.52.34:6891 => 168.150.177.165:445 |
168.150.177.165<=2466 | from:64.148.211.242 | 64.148.211.242:4201 => 168.150.177.165:445 |
168.150.177.165<=2466 | from:65.106.97.11 | 65.106.97.11:3897 => 168.150.177.165:445 |
168.150.177.165<=2466 | from:68.255.112.117 | 68.255.112.117:2198 => 168.150.177.165:445 |
168.150.177.165<=2466 | from:74.130.69.42 | 74.130.69.42:2586 => 168.150.177.165:445 |
168.150.177.165<=2466 | from:80.203.220.210 | 80.203.220.210:1646 => 168.150.177.165:445 |
168.150.177.165<=2466 | from:83.229.70.170 | 83.229.70.170:3833 => 168.150.177.165:445 |
168.150.177.165<=2466 | name:NETBIOS SMB-DS IPC$ unicode share access | priority=3class=Generic Protocol Command Decode |
168.150.177.165<=2466 | payload:TCP | TCP |
168.150.177.165<=2514 | from:125.203.127.46 | 125.203.127.46:1300 => 168.150.177.165:445 |
168.150.177.165<=2514 | from:168.226.136.174 | 168.226.136.174:4093 => 168.150.177.165:445 |
168.150.177.165<=2514 | from:218.219.220.239 | 218.219.220.239:2594 => 168.150.177.165:445 |
168.150.177.165<=2514 | from:219.164.3.40 | 219.164.3.40:4065 => 168.150.177.165:445 |
168.150.177.165<=2514 | name:NETBIOS SMB-DS DCERPC LSASS DsRolerUpgradeDownlevelServer exploit attempt | priority=1class=Attempted Administrator Privilege Gain |
168.150.177.165<=2514 | payload:TCP | TCP |
168.150.177.165<=255 | from:85.97.114.6 | 85.97.114.6:0 => 168.150.177.165:0 |
168.150.177.165<=255 | name:(snort_decoder) WARNING: ICMP Original IP Fragmented and Offset Not 0! | priority=3class=Port Scan |
168.150.177.165<=255 | payload:ICMP | ICMP |
168.150.177.165<=3003 | from:168.226.4.156 | 168.226.4.156:1707 => 168.150.177.165:445 |
168.150.177.165<=3003 | name:NETBIOS SMB-DS Session Setup NTMLSSP unicode asn1 overflow attempt | priority=3class=Generic Protocol Command Decode |
168.150.177.165<=3003 | payload:TCP | TCP |
168.150.177.165<=366 | from:169.237.5.23 | 169.237.5.23:0 => 168.150.177.165:0 |
168.150.177.165<=366 | from:169.237.7.180 | 169.237.7.180:0 => 168.150.177.165:0 |
168.150.177.165<=366 | name:ICMP PING *NIX | priority=3class=Misc activity |
168.150.177.165<=366 | payload:ICMP | ICMP |
168.150.177.165<=368 | from:169.237.5.23 | 169.237.5.23:0 => 168.150.177.165:0 |
168.150.177.165<=368 | from:169.237.7.180 | 169.237.7.180:0 => 168.150.177.165:0 |
168.150.177.165<=368 | name:ICMP PING BSDtype | priority=3class=Misc activity |
168.150.177.165<=368 | payload:ICMP | ICMP |
168.150.177.165<=372 | from:220.79.110.181 | 220.79.110.181:0 => 168.150.177.165:0 |
168.150.177.165<=372 | name:ICMP PING Delphi-Piette Windows | priority=3class=Misc activity |
168.150.177.165<=372 | payload:ICMP | ICMP |
168.150.177.165<=384 | from:169.237.5.23 | 169.237.5.23:0 => 168.150.177.165:0 |
168.150.177.165<=384 | from:169.237.7.180 | 169.237.7.180:0 => 168.150.177.165:0 |
168.150.177.165<=384 | from:202.97.193.72 | 202.97.193.72:0 => 168.150.177.165:0 |
168.150.177.165<=384 | from:220.79.110.181 | 220.79.110.181:0 => 168.150.177.165:0 |
168.150.177.165<=384 | from:24.7.178.192 | 24.7.178.192:0 => 168.150.177.165:0 |
168.150.177.165<=384 | from:24.96.107.24 | 24.96.107.24:0 => 168.150.177.165:0 |
168.150.177.165<=384 | from:60.8.86.98 | 60.8.86.98:0 => 168.150.177.165:0 |
168.150.177.165<=384 | from:68.52.58.192 | 68.52.58.192:0 => 168.150.177.165:0 |
168.150.177.165<=384 | from:80.203.220.210 | 80.203.220.210:0 => 168.150.177.165:0 |
168.150.177.165<=384 | name:ICMP PING | priority=3class=Misc activity |
168.150.177.165<=384 | payload:ICMP | ICMP |
168.150.177.165<=399 | from:200.171.140.70 | 200.171.140.70:0 => 168.150.177.165:0 |
168.150.177.165<=399 | from:62.238.255.201 | 62.238.255.201:0 => 168.150.177.165:0 |
168.150.177.165<=399 | from:87.219.188.122 | 87.219.188.122:0 => 168.150.177.165:0 |
168.150.177.165<=399 | name:ICMP Destination Unreachable Host Unreachable | priority=3class=Misc activity |
168.150.177.165<=399 | payload:ICMP | ICMP |
168.150.177.165<=401 | from:200.41.26.131 | 200.41.26.131:0 => 168.150.177.165:0 |
168.150.177.165<=401 | name:ICMP Destination Unreachable Network Unreachable | priority=3class=Misc activity |
168.150.177.165<=401 | payload:ICMP | ICMP |
168.150.177.165<=402 | from:124.106.228.183 | 124.106.228.183:0 => 168.150.177.165:0 |
168.150.177.165<=402 | from:168.150.177.1 | 168.150.177.1:0 => 168.150.177.165:0 |
168.150.177.165<=402 | from:207.255.108.7 | 207.255.108.7:0 => 168.150.177.165:0 |
168.150.177.165<=402 | from:211.59.225.76 | 211.59.225.76:0 => 168.150.177.165:0 |
168.150.177.165<=402 | from:213.226.248.12 | 213.226.248.12:0 => 168.150.177.165:0 |
168.150.177.165<=402 | from:222.139.201.232 | 222.139.201.232:0 => 168.150.177.165:0 |
168.150.177.165<=402 | from:68.10.140.78 | 68.10.140.78:0 => 168.150.177.165:0 |
168.150.177.165<=402 | from:68.229.220.72 | 68.229.220.72:0 => 168.150.177.165:0 |
168.150.177.165<=402 | from:70.144.239.205 | 70.144.239.205:0 => 168.150.177.165:0 |
168.150.177.165<=402 | from:80.187.4.226 | 80.187.4.226:0 => 168.150.177.165:0 |
168.150.177.165<=402 | from:81.211.124.57 | 81.211.124.57:0 => 168.150.177.165:0 |
168.150.177.165<=402 | from:84.131.4.249 | 84.131.4.249:0 => 168.150.177.165:0 |
168.150.177.165<=402 | from:84.94.132.18 | 84.94.132.18:0 => 168.150.177.165:0 |
168.150.177.165<=402 | from:85.105.136.12 | 85.105.136.12:0 => 168.150.177.165:0 |
168.150.177.165<=402 | from:85.108.165.183 | 85.108.165.183:0 => 168.150.177.165:0 |
168.150.177.165<=402 | from:85.97.114.6 | 85.97.114.6:0 => 168.150.177.165:0 |
168.150.177.165<=402 | from:87.202.139.118 | 87.202.139.118:0 => 168.150.177.165:0 |
168.150.177.165<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
168.150.177.165<=402 | payload:ICMP | ICMP |
168.150.177.165<=469 | from:68.52.58.192 | 68.52.58.192:0 => 168.150.177.165:0 |
168.150.177.165<=469 | name:ICMP PING NMAP | priority=2class=Attempted Information Leak |
168.150.177.165<=469 | payload:ICMP | ICMP |
168.150.177.165<=485 | from:80.143.2.4 | 80.143.2.4:0 => 168.150.177.165:0 |
168.150.177.165<=485 | from:84.152.165.254 | 84.152.165.254:0 => 168.150.177.165:0 |
168.150.177.165<=485 | name:ICMP Destination Unreachable Communication Administratively Prohibited | priority=3class=Misc activity |
168.150.177.165<=485 | payload:ICMP | ICMP |
168.150.177.165<=530 | from:222.212.64.198 | 222.212.64.198:4113 => 168.150.177.165:139 |
168.150.177.165<=530 | name:NETBIOS NT NULL session | priority=2class=Attempted Information Leak |
168.150.177.165<=530 | payload:TCP | TCP |
168.150.177.165<=538 | from:124.60.120.214 | 124.60.120.214:4460 => 168.150.177.165:139 |
168.150.177.165<=538 | from:222.233.63.49 | 222.233.63.49:2146 => 168.150.177.165:139 |
168.150.177.165<=538 | from:64.132.169.61 | 64.132.169.61:34944 => 168.150.177.165:139 |
168.150.177.165<=538 | name:NETBIOS SMB IPC$ unicode share access | priority=3class=Generic Protocol Command Decode |
168.150.177.165<=538 | payload:TCP | TCP |
168.150.177.1<=19 | from:168.150.177.165 | 168.150.177.165:0 => 168.150.177.1:0 |
168.150.177.1<=19 | name:(portscan) UDP Portsweep | priority=3class=Port Scan |
168.150.177.1<=19 | payload:PROTO:255 | PROTO:255 |
168.150.177.1<=1917 | from:168.150.177.165 | 168.150.177.165:13226 => 168.150.177.1:1900 |
168.150.177.1<=1917 | name:SCAN UPnP service discover attempt | priority=3class=Detection of a Network Scan |
168.150.177.1<=1917 | payload:UDP | UDP |
169.237.5.23<=408 | from:168.150.177.165 | 168.150.177.165:0 => 169.237.5.23:0 |
169.237.5.23<=408 | name:ICMP Echo Reply | priority=3class=Misc activity |
169.237.5.23<=408 | payload:ICMP | ICMP |
169.237.7.180<=408 | from:168.150.177.165 | 168.150.177.165:0 => 169.237.7.180:0 |
169.237.7.180<=408 | name:ICMP Echo Reply | priority=3class=Misc activity |
169.237.7.180<=408 | payload:ICMP | ICMP |
172.145.36.246<=402 | from:168.150.177.165 | 168.150.177.165:0 => 172.145.36.246:0 |
172.145.36.246<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
172.145.36.246<=402 | payload:ICMP | ICMP |
174.46.118.149<=402 | from:168.150.177.165 | 168.150.177.165:0 => 174.46.118.149:0 |
174.46.118.149<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
174.46.118.149<=402 | payload:ICMP | ICMP |
176.232.251.36<=402 | from:168.150.177.165 | 168.150.177.165:0 => 176.232.251.36:0 |
176.232.251.36<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
176.232.251.36<=402 | payload:ICMP | ICMP |
180.211.173.54<=402 | from:168.150.177.165 | 168.150.177.165:0 => 180.211.173.54:0 |
180.211.173.54<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
180.211.173.54<=402 | payload:ICMP | ICMP |
182.227.184.247<=402 | from:168.150.177.165 | 168.150.177.165:0 => 182.227.184.247:0 |
182.227.184.247<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
182.227.184.247<=402 | payload:ICMP | ICMP |
195.180.37.6<=2924 | from:168.150.177.165 | 168.150.177.165:445 => 195.180.37.6:4626 |
195.180.37.6<=2924 | name:NETBIOS SMB-DS repeated logon failure | priority=1class=Unsuccessful User Privilege Gain |
195.180.37.6<=2924 | payload:TCP | TCP |
198.227.98.132<=402 | from:168.150.177.165 | 168.150.177.165:0 => 198.227.98.132:0 |
198.227.98.132<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
198.227.98.132<=402 | payload:ICMP | ICMP |
20.219.102.10<=402 | from:168.150.177.165 | 168.150.177.165:0 => 20.219.102.10:0 |
20.219.102.10<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
20.219.102.10<=402 | payload:ICMP | ICMP |
20.46.179.49<=402 | from:168.150.177.165 | 168.150.177.165:0 => 20.46.179.49:0 |
20.46.179.49<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
20.46.179.49<=402 | payload:ICMP | ICMP |
200.105.199.142<=2924 | from:168.150.177.165 | 168.150.177.165:445 => 200.105.199.142:3856 |
200.105.199.142<=2924 | name:NETBIOS SMB-DS repeated logon failure | priority=1class=Unsuccessful User Privilege Gain |
200.105.199.142<=2924 | payload:TCP | TCP |
200.207.41.77<=2924 | from:168.150.177.165 | 168.150.177.165:445 => 200.207.41.77:2591 |
200.207.41.77<=2924 | name:NETBIOS SMB-DS repeated logon failure | priority=1class=Unsuccessful User Privilege Gain |
200.207.41.77<=2924 | payload:TCP | TCP |
202.97.193.72<=408 | from:168.150.177.165 | 168.150.177.165:0 => 202.97.193.72:0 |
202.97.193.72<=408 | name:ICMP Echo Reply | priority=3class=Misc activity |
202.97.193.72<=408 | payload:ICMP | ICMP |
202.99.172.171<=402 | from:168.150.177.165 | 168.150.177.165:0 => 202.99.172.171:0 |
202.99.172.171<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
202.99.172.171<=402 | payload:ICMP | ICMP |
202.99.172.172<=402 | from:168.150.177.165 | 168.150.177.165:0 => 202.99.172.172:0 |
202.99.172.172<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
202.99.172.172<=402 | payload:ICMP | ICMP |
204.16.208.61<=402 | from:168.150.177.165 | 168.150.177.165:0 => 204.16.208.61:0 |
204.16.208.61<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
204.16.208.61<=402 | payload:ICMP | ICMP |
205.152.165.102<=402 | from:168.150.177.165 | 168.150.177.165:0 => 205.152.165.102:0 |
205.152.165.102<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
205.152.165.102<=402 | payload:ICMP | ICMP |
206.159.178.239<=2924 | from:168.150.177.165 | 168.150.177.165:445 => 206.159.178.239:1581 |
206.159.178.239<=2924 | name:NETBIOS SMB-DS repeated logon failure | priority=1class=Unsuccessful User Privilege Gain |
206.159.178.239<=2924 | payload:TCP | TCP |
206.162.170.188<=2924 | from:168.150.177.165 | 168.150.177.165:445 => 206.162.170.188:2637 |
206.162.170.188<=2924 | name:NETBIOS SMB-DS repeated logon failure | priority=1class=Unsuccessful User Privilege Gain |
206.162.170.188<=2924 | payload:TCP | TCP |
207.210.240.12<=402 | from:168.150.177.165 | 168.150.177.165:0 => 207.210.240.12:0 |
207.210.240.12<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
207.210.240.12<=402 | payload:ICMP | ICMP |
207.210.240.22<=402 | from:168.150.177.165 | 168.150.177.165:0 => 207.210.240.22:0 |
207.210.240.22<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
207.210.240.22<=402 | payload:ICMP | ICMP |
207.220.248.51<=402 | from:168.150.177.165 | 168.150.177.165:0 => 207.220.248.51:0 |
207.220.248.51<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
207.220.248.51<=402 | payload:ICMP | ICMP |
207.56.212.95<=402 | from:168.150.177.165 | 168.150.177.165:0 => 207.56.212.95:0 |
207.56.212.95<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
207.56.212.95<=402 | payload:ICMP | ICMP |
210.185.223.146<=402 | from:168.150.177.165 | 168.150.177.165:0 => 210.185.223.146:0 |
210.185.223.146<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
210.185.223.146<=402 | payload:ICMP | ICMP |
212.175.111.242<=1 | from:168.150.177.165 | 168.150.177.165:0 => 212.175.111.242:0 |
212.175.111.242<=1 | name:(portscan) TCP Portscan | priority=3class=Port Scan |
212.175.111.242<=1 | payload:PROTO:255 | PROTO:255 |
212.175.111.242<=2924 | from:168.150.177.165 | 168.150.177.165:445 => 212.175.111.242:1582 |
212.175.111.242<=2924 | name:NETBIOS SMB-DS repeated logon failure | priority=1class=Unsuccessful User Privilege Gain |
212.175.111.242<=2924 | payload:TCP | TCP |
212.175.208.47<=1 | from:168.150.177.165 | 168.150.177.165:0 => 212.175.208.47:0 |
212.175.208.47<=1 | name:(portscan) TCP Portscan | priority=3class=Port Scan |
212.175.208.47<=1 | payload:PROTO:255 | PROTO:255 |
212.175.208.47<=2924 | from:168.150.177.165 | 168.150.177.165:445 => 212.175.208.47:1753 |
212.175.208.47<=2924 | name:NETBIOS SMB-DS repeated logon failure | priority=1class=Unsuccessful User Privilege Gain |
212.175.208.47<=2924 | payload:TCP | TCP |
212.187.177.228<=402 | from:168.150.177.165 | 168.150.177.165:0 => 212.187.177.228:0 |
212.187.177.228<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
212.187.177.228<=402 | payload:ICMP | ICMP |
213.35.7.207<=402 | from:168.150.177.165 | 168.150.177.165:0 => 213.35.7.207:0 |
213.35.7.207<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
213.35.7.207<=402 | payload:ICMP | ICMP |
217.208.68.90<=402 | from:168.150.177.165 | 168.150.177.165:0 => 217.208.68.90:0 |
217.208.68.90<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
217.208.68.90<=402 | payload:ICMP | ICMP |
219.117.242.253<=2924 | from:168.150.177.165 | 168.150.177.165:445 => 219.117.242.253:2120 |
219.117.242.253<=2924 | name:NETBIOS SMB-DS repeated logon failure | priority=1class=Unsuccessful User Privilege Gain |
219.117.242.253<=2924 | payload:TCP | TCP |
22.221.10.223<=402 | from:168.150.177.165 | 168.150.177.165:0 => 22.221.10.223:0 |
22.221.10.223<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
22.221.10.223<=402 | payload:ICMP | ICMP |
220.79.110.181<=408 | from:168.150.177.165 | 168.150.177.165:0 => 220.79.110.181:0 |
220.79.110.181<=408 | name:ICMP Echo Reply | priority=3class=Misc activity |
220.79.110.181<=408 | payload:ICMP | ICMP |
221.203.145.56<=402 | from:168.150.177.165 | 168.150.177.165:0 => 221.203.145.56:0 |
221.203.145.56<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
221.203.145.56<=402 | payload:ICMP | ICMP |
221.203.145.73<=402 | from:168.150.177.165 | 168.150.177.165:0 => 221.203.145.73:0 |
221.203.145.73<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
221.203.145.73<=402 | payload:ICMP | ICMP |
221.203.145.74<=402 | from:168.150.177.165 | 168.150.177.165:0 => 221.203.145.74:0 |
221.203.145.74<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
221.203.145.74<=402 | payload:ICMP | ICMP |
221.203.189.44<=402 | from:168.150.177.165 | 168.150.177.165:0 => 221.203.189.44:0 |
221.203.189.44<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
221.203.189.44<=402 | payload:ICMP | ICMP |
222.26.224.140<=402 | from:168.150.177.165 | 168.150.177.165:0 => 222.26.224.140:0 |
222.26.224.140<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
222.26.224.140<=402 | payload:ICMP | ICMP |
223.124.151.30<=402 | from:168.150.177.165 | 168.150.177.165:0 => 223.124.151.30:0 |
223.124.151.30<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
223.124.151.30<=402 | payload:ICMP | ICMP |
224.0.0.13<=2189 | from:140.110.138.253 | 140.110.138.253:0 => 224.0.0.13:0 |
224.0.0.13<=2189 | name:BAD-TRAFFIC IP Proto 103 PIM | priority=2class=Detection of a non-standard protocol or event |
224.0.0.13<=2189 | payload:PIM | PIM |
224.0.0.1<=382 | from:140.110.138.5 | 140.110.138.5:0 => 224.0.0.1:0 |
224.0.0.1<=382 | name:ICMP PING Windows | priority=3class=Misc activity |
224.0.0.1<=382 | payload:ICMP | ICMP |
224.0.0.1<=384 | from:140.110.138.5 | 140.110.138.5:0 => 224.0.0.1:0 |
224.0.0.1<=384 | name:ICMP PING | priority=3class=Misc activity |
224.0.0.1<=384 | payload:ICMP | ICMP |
23.227.229.222<=402 | from:168.150.177.165 | 168.150.177.165:0 => 23.227.229.222:0 |
23.227.229.222<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
23.227.229.222<=402 | payload:ICMP | ICMP |
239.255.255.250<=1917 | from:168.150.177.165 | 168.150.177.165:1028 => 239.255.255.250:1900 |
239.255.255.250<=1917 | name:SCAN UPnP service discover attempt | priority=3class=Detection of a Network Scan |
239.255.255.250<=1917 | payload:UDP | UDP |
24.105.187.229<=2924 | from:168.150.177.165 | 168.150.177.165:445 => 24.105.187.229:3641 |
24.105.187.229<=2924 | name:NETBIOS SMB-DS repeated logon failure | priority=1class=Unsuccessful User Privilege Gain |
24.105.187.229<=2924 | payload:TCP | TCP |
24.7.178.192<=402 | from:168.150.177.165 | 168.150.177.165:0 => 24.7.178.192:0 |
24.7.178.192<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
24.7.178.192<=402 | payload:ICMP | ICMP |
24.7.178.192<=408 | from:168.150.177.165 | 168.150.177.165:0 => 24.7.178.192:0 |
24.7.178.192<=408 | name:ICMP Echo Reply | priority=3class=Misc activity |
24.7.178.192<=408 | payload:ICMP | ICMP |
24.96.107.24<=408 | from:168.150.177.165 | 168.150.177.165:0 => 24.96.107.24:0 |
24.96.107.24<=408 | name:ICMP Echo Reply | priority=3class=Misc activity |
24.96.107.24<=408 | payload:ICMP | ICMP |
34.168.1.34<=402 | from:168.150.177.165 | 168.150.177.165:0 => 34.168.1.34:0 |
34.168.1.34<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
34.168.1.34<=402 | payload:ICMP | ICMP |
36.57.178.19<=402 | from:168.150.177.165 | 168.150.177.165:0 => 36.57.178.19:0 |
36.57.178.19<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
36.57.178.19<=402 | payload:ICMP | ICMP |
37.12.58.204<=402 | from:168.150.177.165 | 168.150.177.165:0 => 37.12.58.204:0 |
37.12.58.204<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
37.12.58.204<=402 | payload:ICMP | ICMP |
39.162.217.80<=402 | from:168.150.177.165 | 168.150.177.165:0 => 39.162.217.80:0 |
39.162.217.80<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
39.162.217.80<=402 | payload:ICMP | ICMP |
39.227.15.107<=402 | from:168.150.177.165 | 168.150.177.165:0 => 39.227.15.107:0 |
39.227.15.107<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
39.227.15.107<=402 | payload:ICMP | ICMP |
43.89.251.229<=402 | from:168.150.177.165 | 168.150.177.165:0 => 43.89.251.229:0 |
43.89.251.229<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
43.89.251.229<=402 | payload:ICMP | ICMP |
57.61.61.63<=402 | from:168.150.177.165 | 168.150.177.165:0 => 57.61.61.63:0 |
57.61.61.63<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
57.61.61.63<=402 | payload:ICMP | ICMP |
58.47.158.247<=402 | from:168.150.177.165 | 168.150.177.165:0 => 58.47.158.247:0 |
58.47.158.247<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
58.47.158.247<=402 | payload:ICMP | ICMP |
60.8.86.98<=408 | from:168.150.177.165 | 168.150.177.165:0 => 60.8.86.98:0 |
60.8.86.98<=408 | name:ICMP Echo Reply | priority=3class=Misc activity |
60.8.86.98<=408 | payload:ICMP | ICMP |
61.156.42.101<=402 | from:168.150.177.165 | 168.150.177.165:0 => 61.156.42.101:0 |
61.156.42.101<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
61.156.42.101<=402 | payload:ICMP | ICMP |
61.156.42.103<=402 | from:168.150.177.165 | 168.150.177.165:0 => 61.156.42.103:0 |
61.156.42.103<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
61.156.42.103<=402 | payload:ICMP | ICMP |
61.186.97.131<=402 | from:168.150.177.165 | 168.150.177.165:0 => 61.186.97.131:0 |
61.186.97.131<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
61.186.97.131<=402 | payload:ICMP | ICMP |
63.87.226.35<=2924 | from:168.150.177.165 | 168.150.177.165:445 => 63.87.226.35:3042 |
63.87.226.35<=2924 | name:NETBIOS SMB-DS repeated logon failure | priority=1class=Unsuccessful User Privilege Gain |
63.87.226.35<=2924 | payload:TCP | TCP |
63.90.117.56<=2924 | from:168.150.177.165 | 168.150.177.165:445 => 63.90.117.56:3633 |
63.90.117.56<=2924 | name:NETBIOS SMB-DS repeated logon failure | priority=1class=Unsuccessful User Privilege Gain |
63.90.117.56<=2924 | payload:TCP | TCP |
64.148.211.242<=2924 | from:168.150.177.165 | 168.150.177.165:445 => 64.148.211.242:1185 |
64.148.211.242<=2924 | name:NETBIOS SMB-DS repeated logon failure | priority=1class=Unsuccessful User Privilege Gain |
64.148.211.242<=2924 | payload:TCP | TCP |
64.201.236.198<=2924 | from:168.150.177.165 | 168.150.177.165:445 => 64.201.236.198:3227 |
64.201.236.198<=2924 | name:NETBIOS SMB-DS repeated logon failure | priority=1class=Unsuccessful User Privilege Gain |
64.201.236.198<=2924 | payload:TCP | TCP |
65.114.168.237<=408 | from:168.150.177.165 | 168.150.177.165:0 => 65.114.168.237:0 |
65.114.168.237<=408 | name:ICMP Echo Reply | priority=3class=Misc activity |
65.114.168.237<=408 | payload:ICMP | ICMP |
66.103.174.225<=402 | from:168.150.177.165 | 168.150.177.165:0 => 66.103.174.225:0 |
66.103.174.225<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
66.103.174.225<=402 | payload:ICMP | ICMP |
66.35.192.227<=402 | from:168.150.177.165 | 168.150.177.165:0 => 66.35.192.227:0 |
66.35.192.227<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
66.35.192.227<=402 | payload:ICMP | ICMP |
68.116.49.23<=2924 | from:168.150.177.165 | 168.150.177.165:445 => 68.116.49.23:60667 |
68.116.49.23<=2924 | name:NETBIOS SMB-DS repeated logon failure | priority=1class=Unsuccessful User Privilege Gain |
68.116.49.23<=2924 | payload:TCP | TCP |
68.254.5.217<=2924 | from:168.150.177.165 | 168.150.177.165:445 => 68.254.5.217:4243 |
68.254.5.217<=2924 | name:NETBIOS SMB-DS repeated logon failure | priority=1class=Unsuccessful User Privilege Gain |
68.254.5.217<=2924 | payload:TCP | TCP |
68.52.58.192<=408 | from:168.150.177.165 | 168.150.177.165:0 => 68.52.58.192:0 |
68.52.58.192<=408 | name:ICMP Echo Reply | priority=3class=Misc activity |
68.52.58.192<=408 | payload:ICMP | ICMP |
70.20.129.58<=2924 | from:168.150.177.165 | 168.150.177.165:445 => 70.20.129.58:2688 |
70.20.129.58<=2924 | name:NETBIOS SMB-DS repeated logon failure | priority=1class=Unsuccessful User Privilege Gain |
70.20.129.58<=2924 | payload:TCP | TCP |
8.173.117.77<=402 | from:168.150.177.165 | 168.150.177.165:0 => 8.173.117.77:0 |
8.173.117.77<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
8.173.117.77<=402 | payload:ICMP | ICMP |
8.34.19.235<=402 | from:168.150.177.165 | 168.150.177.165:0 => 8.34.19.235:0 |
8.34.19.235<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
8.34.19.235<=402 | payload:ICMP | ICMP |
80.203.220.210<=2924 | from:168.150.177.165 | 168.150.177.165:445 => 80.203.220.210:1662 |
80.203.220.210<=2924 | name:NETBIOS SMB-DS repeated logon failure | priority=1class=Unsuccessful User Privilege Gain |
80.203.220.210<=2924 | payload:TCP | TCP |
80.203.220.210<=408 | from:168.150.177.165 | 168.150.177.165:0 => 80.203.220.210:0 |
80.203.220.210<=408 | name:ICMP Echo Reply | priority=3class=Misc activity |
80.203.220.210<=408 | payload:ICMP | ICMP |
80.252.21.163<=402 | from:168.150.177.165 | 168.150.177.165:0 => 80.252.21.163:0 |
80.252.21.163<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
80.252.21.163<=402 | payload:ICMP | ICMP |
82.70.205.178<=2924 | from:168.150.177.165 | 168.150.177.165:445 => 82.70.205.178:3745 |
82.70.205.178<=2924 | name:NETBIOS SMB-DS repeated logon failure | priority=1class=Unsuccessful User Privilege Gain |
82.70.205.178<=2924 | payload:TCP | TCP |
82.70.205.178<=3 | from:168.150.177.165 | 168.150.177.165:0 => 82.70.205.178:0 |
82.70.205.178<=3 | name:(portscan) TCP Portsweep | priority=3class=Port Scan |
82.70.205.178<=3 | payload:PROTO:255 | PROTO:255 |
83.220.74.162<=402 | from:168.150.177.165 | 168.150.177.165:0 => 83.220.74.162:0 |
83.220.74.162<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
83.220.74.162<=402 | payload:ICMP | ICMP |
91.156.41.244<=402 | from:168.150.177.165 | 168.150.177.165:0 => 91.156.41.244:0 |
91.156.41.244<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
91.156.41.244<=402 | payload:ICMP | ICMP |
95.105.169.35<=402 | from:168.150.177.165 | 168.150.177.165:0 => 95.105.169.35:0 |
95.105.169.35<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
95.105.169.35<=402 | payload:ICMP | ICMP |
95.149.33.232<=402 | from:168.150.177.165 | 168.150.177.165:0 => 95.149.33.232:0 |
95.149.33.232<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
95.149.33.232<=402 | payload:ICMP | ICMP |
97.76.172.44<=402 | from:168.150.177.165 | 168.150.177.165:0 => 97.76.172.44:0 |
97.76.172.44<=402 | name:ICMP Destination Unreachable Port Unreachable | priority=3class=Misc activity |
97.76.172.44<=402 | payload:ICMP | ICMP |
128 row(s) in set.
Last modified 16 years ago
Last modified on Aug 11, 2008, 5:04:27 PM