Changes between Initial Version and Version 1 of icasIII


Ignore:
Timestamp:
Apr 27, 2011, 3:59:25 PM (13 years ago)
Author:
waue
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • icasIII

    v1 v1  
     1[**] [1:2189:3] BAD-TRAFFIC IP Proto 103 PIM [**]
     2[Classification: Detection of a non-standard protocol or event] [Priority: 2]
     305/17-08:30:14.750704 140.110.138.253 -> 224.0.0.13
     4PIM TTL:1 TOS:0xC0 ID:4076 IpLen:20 DgmLen:58
     5[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0567][Xref => http://www.securityfocus.com/bid/8211]
     6
     7=>
     8
     91;2189;3;BAD-TRAFFIC IP Proto 103 PIM ;Detection of a non-standard protocol or event;2;05;17;08;30;14;140.110.138.253;224.0.0.13;PIM;
     101;100000160;2;COMMUNITY SIP TCP/IP message flooding directed to SIP proxy ;Attempted Denial of Service;2;05;17;08;30;21;140.110.138.191:24800;140.110.138.193:60347;TCP;
     11
     12==
     13
     14可能是網卡編號(不確定也沒用到);snort警訊識別id ; sid的版本 ; 說明 ; 分類 ; 嚴重性(1最嚴重) ; 月 ; 日 ; 時 ; 分 ; 秒 ; 來源ip ; 目標ip ; 封包協定 ;