{{{
#!html
<div style="text-align: center; color:#151B8D"><big style="font-weight: bold;"><big><big>
ICAS III
</big></big></big></div> <div style="text-align: center; color:#7E2217"><big style="font-weight: bold;"><big>
2011 版
</big></big></div>
}}}
[[PageOutline]]



= snort 格式說明 = 

{{{
#!text
[**] [1:2189:3] BAD-TRAFFIC IP Proto 103 PIM [**]
[Classification: Detection of a non-standard protocol or event] [Priority: 2] 
05/17-08:30:14.750704 140.110.138.253 -> 224.0.0.13
PIM TTL:1 TOS:0xC0 ID:4076 IpLen:20 DgmLen:58
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0567][Xref => http://www.securityfocus.com/bid/8211]
}}}
=>

{{{
#!text
1;2189;3;BAD-TRAFFIC IP Proto 103 PIM ;Detection of a non-standard protocol or event;2;05;17;08;30;14;140.110.138.253;224.0.0.13;PIM;
1;100000160;2;COMMUNITY SIP TCP/IP message flooding directed to SIP proxy ;Attempted Denial of Service;2;05;17;08;30;21;140.110.138.191:24800;140.110.138.193:60347;TCP;
}}}

=

|| 1 || 2 || 3 || 4 || 5 || 6 || 7 || 8 || 9 || 10 || 11 || 12 || 13 || 14 || 
|| 可能是網卡編號（不確定也沒用到）; || snort警訊識別id ;  || sid的版本 ;  || 說明 ;  || 分類 ;  || 嚴重性（1最嚴重） ;  || 月 ;  || 日 ;  || 時 ;  || 分 ;  || 秒 ;  || 來源ip ;  || 目標ip ;  || 封包協定 ; || 

= Idp8200 =

{{{
#!text
2003/8/11 13:05,140.113.130.221,0.0.0.0,Accepted,TCP,65432,'interface=eth2',FTP: Format String in Command,Major

2003/8/11 13:05,140.113.130.221,phe96.sro.nchc.org.tw,Accepted,TCP,65432,'interface=eth2',FTP: Format String in Command,Major

}}}

= NK7Admin= 

{{{
#!text
1,TCP SYN,60.173.26.116,140.110.127.253,2011/3/1 14:41,1,6000,9415

2,UDP PORT SCAN,168.95.1.1,140.110.104.84,2011/3/1 14:41,1,53,34953

}}}