wiki:icasIII

Version 8 (modified by waue, 14 years ago) (diff)

--

ICAS III
2011 版

分析後格式

1 2 3 4 5 6 7 8 9 10 11 12 13 14
來源; 警訊識別id ; sid的版本 ; 說明 ; 分類 ; 嚴重性(1最嚴重) ; 月 ; 日 ; 時 ; 分 ; 秒 ; 來源ip ; 目標ip ; 封包協定 ;

snort 格式說明

[**] [1:2189:3] BAD-TRAFFIC IP Proto 103 PIM [**]
[Classification: Detection of a non-standard protocol or event] [Priority: 2] 
05/17-08:30:14.750704 140.110.138.253 -> 224.0.0.13
PIM TTL:1 TOS:0xC0 ID:4076 IpLen:20 DgmLen:58
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2003-0567][Xref => http://www.securityfocus.com/bid/8211]

=>

1;2189;3;BAD-TRAFFIC IP Proto 103 PIM ;Detection of a non-standard protocol or event;2;05;17;08;30;14;140.110.138.253;224.0.0.13;PIM;
不知;sid;版本;說明 ;分類名稱;嚴重性;月;日;時;分;秒;  來源:埠  ; 目的:埠  ; 協定;

Idp8200

2003/8/11 13:05,140.113.130.221,0.0.0.0,Accepted,TCP,65432,'interface=eth2',FTP: Format String in Command,Major

2003/8/11 13:05,140.113.130.221,phe96.sro.nchc.org.tw,Accepted,TCP,65432,'interface=eth2',FTP: Format String in Command,Major

Time Received ## Src Addr ## Dst Addr ## Action ## Protocol ## Dst Port ## interface ## Description ## Severity

NK7Admin

1,TCP SYN,60.173.26.116,140.110.127.253,2011/3/1 14:41,1,6000,9415

2,UDP PORT SCAN,168.95.1.1,140.110.104.84,2011/3/1 14:41,1,53,34953

Attachments (2)

Download all attachments as: .zip