This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Slow OpenVPN (kinda fixed) - Help with exceptions

Hi,

So I have kind of fixed the slow ssl/openvpn issue, but I can't seem to find a way to put the exception in.

- Part 1 of the fix was to disable the UDP flood protection - get 1.5-2mbit (otherwise caps out ~0.5mbit)
- Part 2 disable IPS get full speed of the link

I put exceptions in for IPS and add the VPN pools, which is fine, though it isn't until i put the source or the destination network as the local endpoints I don't get full speeds....

this has been driving me bonkers and I have finally found a solution but I don't want to disable IPS completely!

Anyone able to help?

Cheers

This thread was automatically locked due to age.

Parents

0 AaronPaap over 9 years ago

Hi Guys,

Let me re-explain what is going down...

The Open vpn tunnel I am using is on the UTM itself.

Both Site2Site and road warrior SSL vpn tunnels are slow.

I found that disabling IPS fixes the problem, but I don't know which IPS rule is in place that is causing the problem.

I have also found that adding exception rule for IPS with the remote network for the road warrior or ssl vpn resolves the issue (has to be both "coming from" and "going to") as well as disabling the rule UDP flood protection

adding the SSL vpn pool or users in does not resolve the issue and adding Port 443 to bypass IPS is a bit silly IMHO + I am not going to add every internal range under the sun to get this working correctly.
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 9 years ago in reply to AaronPaap

Please show one or two representative lines from the Intrusion Prevention log file.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 9 years ago in reply to AaronPaap

Please show one or two representative lines from the Intrusion Prevention log file.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 AaronPaap over 9 years ago in reply to BAlfson

Sorry BALfson, Don't know what exactly you want from IPS... Please find the whole log below:

2016:02:04-10:30:48 fw snort[29678]: Enabling inline operation
2016:02:04-10:30:48 fw snort[29678]: Running in IDS mode
2016:02:04-10:30:48 fw snort[29678]:
2016:02:04-10:30:48 fw snort[29678]: --== Initializing Snort ==--
2016:02:04-10:30:48 fw snort[29678]: Initializing Output Plugins!
2016:02:04-10:30:48 fw snort[29678]: Initializing Preprocessors!
2016:02:04-10:30:48 fw snort[29678]: Initializing Plug-ins!
2016:02:04-10:30:48 fw snort[29678]: Parsing Rules file "/etc/snort/snort.conf"
2016:02:04-10:30:48 fw snort[29679]: Enabling inline operation
2016:02:04-10:30:48 fw snort[29679]: Running in IDS mode
2016:02:04-10:30:48 fw snort[29679]:
2016:02:04-10:30:48 fw snort[29679]: --== Initializing Snort ==--
2016:02:04-10:30:48 fw snort[29679]: Initializing Output Plugins!
2016:02:04-10:30:48 fw snort[29679]: Initializing Preprocessors!
2016:02:04-10:30:48 fw snort[29679]: Initializing Plug-ins!
2016:02:04-10:30:48 fw snort[29679]: Parsing Rules file "/etc/snort/snort.conf"
2016:02:04-10:30:49 fw snort[29678]: PortVar 'HTTP_PORTS' defined :
2016:02:04-10:30:49 fw snort[29678]: [ 80 2301 3128 7777 7779 8000 8008 8028 8080 8180 8888 9999 ]
2016:02:04-10:30:49 fw snort[29678]:
2016:02:04-10:30:49 fw snort[29678]: PortVar 'FILE_DATA_PORTS' defined :
2016:02:04-10:30:49 fw snort[29678]: [ 80 110 143 2301 3128 7777 7779 8000 8008 8028 8080 8180 8888 9999 ]
2016:02:04-10:30:49 fw snort[29678]:
2016:02:04-10:30:49 fw snort[29678]: PortVar 'SHELLCODE_PORTS' defined :
2016:02:04-10:30:49 fw snort[29678]: [ 0:79 81:65535 ]
2016:02:04-10:30:49 fw snort[29678]:
2016:02:04-10:30:49 fw snort[29678]: PortVar 'ORACLE_PORTS' defined :
2016:02:04-10:30:49 fw snort[29678]: [ 1024:65535 ]
2016:02:04-10:30:49 fw snort[29678]:
2016:02:04-10:30:49 fw snort[29678]: PortVar 'SSH_PORTS' defined :
2016:02:04-10:30:49 fw snort[29678]: [ 22 ]
2016:02:04-10:30:49 fw snort[29678]:
2016:02:04-10:30:49 fw snort[29678]: PortVar 'FTP_PORTS' defined :
2016:02:04-10:30:49 fw snort[29678]: [ 21 2100 3535 ]
2016:02:04-10:30:49 fw snort[29678]:
2016:02:04-10:30:49 fw snort[29678]: PortVar 'SIP_PORTS' defined :
2016:02:04-10:30:49 fw snort[29678]: [ 5060:5061 5600 ]
2016:02:04-10:30:49 fw snort[29678]:
2016:02:04-10:30:49 fw snort[29678]: Detection:
2016:02:04-10:30:49 fw snort[29678]: Search-Method = AC-BNFA-Q
2016:02:04-10:30:49 fw snort[29678]: Search-Method-Optimizations = enabled
2016:02:04-10:30:49 fw snort[29678]: Tagged Packet Limit: 256
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading all dynamic detection libs from /usr/lib/snort/so_rules/...
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic detection library /usr/lib/snort/so_rules//protocol-voip.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic detection library /usr/lib/snort/so_rules//file-pdf.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic detection library /usr/lib/snort/so_rules//protocol-nntp.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic detection library /usr/lib/snort/so_rules//os-other.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic detection library /usr/lib/snort/so_rules//os-linux.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic detection library /usr/lib/snort/so_rules//file-image.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic detection library /usr/lib/snort/so_rules//malware-other.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic detection library /usr/lib/snort/so_rules//protocol-tftp.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic detection library /usr/lib/snort/so_rules//browser-other.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic detection library /usr/lib/snort/so_rules//pua-p2p.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic detection library /usr/lib/snort/so_rules//server-oracle.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic detection library /usr/lib/snort/so_rules//server-mail.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic detection library /usr/lib/snort/so_rules//netbios.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic detection library /usr/lib/snort/so_rules//protocol-icmp.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic detection library /usr/lib/snort/so_rules//server-other.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic detection library /usr/lib/snort/so_rules//malware-cnc.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic detection library /usr/lib/snort/so_rules//server-webapp.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic detection library /usr/lib/snort/so_rules//file-other.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic detection library /usr/lib/snort/so_rules//server-iis.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic detection library /usr/lib/snort/so_rules//file-java.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic detection library /usr/lib/snort/so_rules//server-mysql.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic detection library /usr/lib/snort/so_rules//server-apache.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic detection library /usr/lib/snort/so_rules//exploit-kit.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic detection library /usr/lib/snort/so_rules//browser-plugins.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic detection library /usr/lib/snort/so_rules//indicator-shellcode.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic detection library /usr/lib/snort/so_rules//file-office.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic detection library /usr/lib/snort/so_rules//file-multimedia.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic detection library /usr/lib/snort/so_rules//protocol-scada.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic detection library /usr/lib/snort/so_rules//protocol-other.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic detection library /usr/lib/snort/so_rules//browser-ie.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic detection library /usr/lib/snort/so_rules//policy-social.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic detection library /usr/lib/snort/so_rules//protocol-dns.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic detection library /usr/lib/snort/so_rules//protocol-snmp.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic detection library /usr/lib/snort/so_rules//file-flash.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic detection library /usr/lib/snort/so_rules//policy-other.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic detection library /usr/lib/snort/so_rules//os-windows.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic detection library /usr/lib/snort/so_rules//file-executable.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Finished Loading all dynamic detection libs from /usr/lib/snort/so_rules/
2016:02:04-10:30:49 fw snort[29678]: Loading all dynamic preprocessor libs from /usr/lib/snort/...
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic preprocessor library /usr/lib/snort//libsf_gtp_preproc.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic preprocessor library /usr/lib/snort//libsf_ftptelnet_preproc.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic preprocessor library /usr/lib/snort//libsf_smtp_preproc.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic preprocessor library /usr/lib/snort//libsf_dns_preproc.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic preprocessor library /usr/lib/snort//libsf_ssl_preproc.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic preprocessor library /usr/lib/snort//libsf_pop_preproc.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic preprocessor library /usr/lib/snort//libsf_dnp3_preproc.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic preprocessor library /usr/lib/snort//libsf_sip_preproc.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic preprocessor library /usr/lib/snort//libsf_modbus_preproc.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic preprocessor library /usr/lib/snort//libsf_reputation_preproc.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic preprocessor library /usr/lib/snort//libsf_ssh_preproc.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic preprocessor library /usr/lib/snort//libsf_sdf_preproc.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic preprocessor library /usr/lib/snort//libsf_imap_preproc.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Loading dynamic preprocessor library /usr/lib/snort//libsf_dce2_preproc.so...
2016:02:04-10:30:49 fw snort[29678]: done
2016:02:04-10:30:49 fw snort[29678]: Finished Loading all dynamic preprocessor libs from /usr/lib/snort/
2016:02:04-10:30:49 fw snort[29678]: Log directory = /var/log/snort
2016:02:04-10:30:49 fw snort[29678]: Normalizer config:
2016:02:04-10:30:49 fw snort[29678]: ip4: on
2016:02:04-10:30:49 fw snort[29678]: ip4::df: off
2016:02:04-10:30:49 fw snort[29678]: ip4::rf: off
2016:02:04-10:30:49 fw snort[29678]: ip4::tos: off
2016:02:04-10:30:49 fw snort[29678]: ip4::trim: off
2016:02:04-10:30:49 fw snort[29678]: ip4::ttl: on (min=1, new=5)
2016:02:04-10:30:49 fw snort[29678]: Normalizer config:
2016:02:04-10:30:49 fw snort[29678]: tcp: on
2016:02:04-10:30:49 fw snort[29678]: tcp::ecn: stream
2016:02:04-10:30:49 fw snort[29678]: tcp::block: off
2016:02:04-10:30:49 fw snort[29678]: tcp::rsv: off
2016:02:04-10:30:49 fw snort[29678]: tcp::pad: off
2016:02:04-10:30:49 fw snort[29678]: tcp::req_urg: off
2016:02:04-10:30:49 fw snort[29678]: tcp::req_pay: off
2016:02:04-10:30:49 fw snort[29678]: tcp::req_urp: off
2016:02:04-10:30:49 fw snort[29678]: tcp::urp: off
2016:02:04-10:30:49 fw snort[29678]: tcp::opt: off
2016:02:04-10:30:49 fw snort[29678]: tcp::ips: on
2016:02:04-10:30:49 fw snort[29678]: tcp::trim_syn: off
2016:02:04-10:30:49 fw snort[29678]: tcp::trim_rst: off
2016:02:04-10:30:49 fw snort[29678]: tcp::trim_win: off
2016:02:04-10:30:49 fw snort[29678]: tcp::trim_mss: off
2016:02:04-10:30:49 fw snort[29678]: Normalizer config:
2016:02:04-10:30:49 fw snort[29678]: icmp4: on
2016:02:04-10:30:49 fw snort[29678]: Normalizer config:
2016:02:04-10:30:49 fw snort[29678]: ip6: on
2016:02:04-10:30:49 fw snort[29678]: ip6::hops: on (min=1, new=5)
2016:02:04-10:30:49 fw snort[29678]: Normalizer config:
2016:02:04-10:30:49 fw snort[29678]: icmp6: on
2016:02:04-10:30:49 fw snort[29678]: Frag3 global config:
2016:02:04-10:30:49 fw snort[29678]: Max frags: 65536
2016:02:04-10:30:49 fw snort[29678]: Fragment memory cap: 4194304 bytes
2016:02:04-10:30:49 fw snort[29678]: Frag3 engine config:
2016:02:04-10:30:49 fw snort[29678]: Bound Address: default
2016:02:04-10:30:49 fw snort[29678]: Target-based policy: WINDOWS
2016:02:04-10:30:49 fw snort[29678]: Fragment timeout: 180 seconds
2016:02:04-10:30:49 fw snort[29678]: Fragment min_ttl: 1
2016:02:04-10:30:49 fw snort[29678]: Fragment Anomalies: Alert
2016:02:04-10:30:49 fw snort[29678]: Overlap Limit: 10
2016:02:04-10:30:49 fw snort[29678]: Min fragment Length: 100
2016:02:04-10:30:49 fw snort[29678]: Max Expected Streams: 31
2016:02:04-10:30:49 fw snort[29678]: Stream global config:
2016:02:04-10:30:49 fw snort[29678]: Track TCP sessions: ACTIVE
2016:02:04-10:30:49 fw snort[29678]: Max TCP sessions: 12800
2016:02:04-10:30:49 fw snort[29678]: TCP cache pruning timeout: 30 seconds
2016:02:04-10:30:49 fw snort[29678]: TCP cache nominal timeout: 3600 seconds
2016:02:04-10:30:49 fw snort[29678]: Memcap (for reassembly packet storage): 8388608
2016:02:04-10:30:49 fw snort[29678]: Track UDP sessions: ACTIVE
2016:02:04-10:30:49 fw snort[29678]: Max UDP sessions: 3200
2016:02:04-10:30:49 fw snort[29678]: UDP cache pruning timeout: 30 seconds
2016:02:04-10:30:49 fw snort[29678]: UDP cache nominal timeout: 180 seconds
2016:02:04-10:30:49 fw snort[29678]: Track ICMP sessions: INACTIVE
2016:02:04-10:30:49 fw snort[29678]: Track IP sessions: INACTIVE
2016:02:04-10:30:49 fw snort[29678]: Log info if session memory consumption exceeds 1048576
2016:02:04-10:30:49 fw snort[29678]: Send up to 2 active responses
2016:02:04-10:30:49 fw snort[29678]: Wait at least 5 seconds between responses
2016:02:04-10:30:49 fw snort[29678]: Protocol Aware Flushing: ACTIVE
2016:02:04-10:30:49 fw snort[29678]: Maximum Flush Point: 16000
2016:02:04-10:30:49 fw snort[29678]: Stream TCP Policy config:
2016:02:04-10:30:49 fw snort[29678]: Bound Address: default
2016:02:04-10:30:49 fw snort[29678]: Reassembly Policy: WINDOWS
2016:02:04-10:30:49 fw snort[29678]: Timeout: 180 seconds
2016:02:04-10:30:49 fw snort[29678]: Limit on TCP Overlaps: 10
2016:02:04-10:30:49 fw snort[29678]: Maximum number of bytes to queue per session: 1048576
2016:02:04-10:30:49 fw snort[29678]: Maximum number of segs to queue per session: 2621
2016:02:04-10:30:49 fw snort[29678]: Options:
2016:02:04-10:30:49 fw snort[29678]: Require 3-Way Handshake: YES
2016:02:04-10:30:49 fw snort[29678]: 3-Way Handshake Timeout: 180
2016:02:04-10:30:49 fw snort[29678]: Detect Anomalies: YES
2016:02:04-10:30:49 fw snort[29678]: Reassembly Ports:
2016:02:04-10:30:49 fw snort[29678]: 21 client (Footprint-IPS)
2016:02:04-10:30:49 fw snort[29678]: 22 client (Footprint-IPS)
2016:02:04-10:30:49 fw snort[29678]: 23 client (Footprint-IPS)
2016:02:04-10:30:49 fw snort[29678]: 25 client (Footprint-IPS)
2016:02:04-10:30:49 fw snort[29678]: 42 client (Footprint-IPS)
2016:02:04-10:30:49 fw snort[29678]: 53 client (Footprint-IPS)
2016:02:04-10:30:49 fw snort[29678]: 79 client (Footprint-IPS)
2016:02:04-10:30:49 fw snort[29678]: 80 client (Footprint-IPS) server (Footprint-IPS)
2016:02:04-10:30:49 fw snort[29678]: 81 client (Footprint-IPS) server (Footprint-IPS)
2016:02:04-10:30:49 fw snort[29678]: 109 client (Footprint-IPS)
2016:02:04-10:30:49 fw snort[29678]: 110 client (Footprint-IPS)
2016:02:04-10:30:49 fw snort[29678]: 111 client (Footprint-IPS)
2016:02:04-10:30:49 fw snort[29678]: 113 client (Footprint-IPS)
2016:02:04-10:30:49 fw snort[29678]: 119 client (Footprint-IPS)
2016:02:04-10:30:49 fw snort[29679]: PortVar 'HTTP_PORTS' defined :
2016:02:04-10:30:49 fw snort[29679]: [ 80 2301 3128 7777 7779 8000 8008 8028 8080 8180 8888 9999 ]
2016:02:04-10:30:49 fw snort[29679]:
2016:02:04-10:30:49 fw snort[29679]: PortVar 'FILE_DATA_PORTS' defined :
2016:02:04-10:30:49 fw snort[29679]: [ 80 110 143 2301 3128 7777 7779 8000 8008 8028 8080 8180 8888 9999 ]
2016:02:04-10:30:49 fw snort[29679]:
2016:02:04-10:30:49 fw snort[29679]: PortVar 'SHELLCODE_PORTS' defined :
2016:02:04-10:30:49 fw snort[29679]: [ 0:79 81:65535 ]
2016:02:04-10:30:49 fw snort[29679]:
2016:02:04-10:30:49 fw snort[29679]: PortVar 'ORACLE_PORTS' defined :
2016:02:04-10:30:49 fw snort[29678]: 135 client (Footprint-IPS)
2016:02:04-10:30:49 fw snort[29678]: 136 client (Footprint-IPS)
2016:02:04-10:30:49 fw snort[29678]: 137 client (Footprint-IPS)
2016:02:04-10:30:49 fw snort[29678]: 139 client (Footprint-IPS)
2016:02:04-10:30:49 fw snort[29678]: 143 client (Footprint-IPS)
2016:02:04-10:30:49 fw snort[29678]: 161 client (Footprint-IPS)
2016:02:04-10:30:49 fw snort[29678]: additional ports configured but not printed.
2016:02:04-10:30:49 fw snort[29678]: Stream UDP Policy config:
2016:02:04-10:30:49 fw snort[29678]: Timeout: 180 seconds
2016:02:04-10:30:49 fw snort[29678]: HttpInspect Config:
2016:02:04-10:30:49 fw snort[29679]: [ 1024:65535 ]
2016:02:04-10:30:49 fw snort[29679]:
2016:02:04-10:30:49 fw snort[29679]: PortVar 'SSH_PORTS' defined :
2016:02:04-10:30:49 fw snort[29679]: [ 22 ]
2016:02:04-10:30:49 fw snort[29679]:
2016:02:04-10:30:49 fw snort[29679]: PortVar 'FTP_PORTS' defined :
2016:02:04-10:30:49 fw snort[29679]: [ 21 2100 3535 ]
2016:02:04-10:30:49 fw snort[29679]:
2016:02:04-10:30:49 fw snort[29679]: PortVar 'SIP_PORTS' defined :
2016:02:04-10:30:49 fw snort[29679]: [ 5060:5061 5600 ]
2016:02:04-10:30:49 fw snort[29678]: GLOBAL CONFIG
2016:02:04-10:30:49 fw snort[29678]: Detect Proxy Usage: NO
2016:02:04-10:30:49 fw snort[29678]: IIS Unicode Map Filename: /etc/snort/unicode.map
2016:02:04-10:30:49 fw snort[29678]: IIS Unicode Map Codepage: 1252
2016:02:04-10:30:49 fw snort[29678]: Memcap used for logging URI and Hostname: 150994944
2016:02:04-10:30:49 fw snort[29678]: Max Gzip Memory: 838860
2016:02:04-10:30:49 fw snort[29678]: Max Gzip Sessions: 2688
2016:02:04-10:30:49 fw snort[29678]: Gzip Compress Depth: 65535
2016:02:04-10:30:49 fw snort[29678]: Gzip Decompress Depth: 65535
2016:02:04-10:30:49 fw snort[29678]: DEFAULT SERVER CONFIG:
2016:02:04-10:30:49 fw snort[29679]:
2016:02:04-10:30:49 fw snort[29679]: Detection:
2016:02:04-10:30:49 fw snort[29679]: Search-Method = AC-BNFA-Q
2016:02:04-10:30:49 fw snort[29679]: Search-Method-Optimizations = enabled
2016:02:04-10:30:49 fw snort[29678]: Server profile: All
2016:02:04-10:30:49 fw snort[29678]: Ports (PAF): 80 311 591 593 901 1220 1414 2301 2381 2809 3128 3702 7777 7779 8000 8008 8028 8080 8118 8123 8180 8243 8280 8888 9443 9999 11371
2016:02:04-10:30:49 fw snort[29678]: Server Flow Depth: 0
2016:02:04-10:30:49 fw snort[29678]: Client Flow Depth: 0
2016:02:04-10:30:49 fw snort[29678]: Max Chunk Length: 500000
2016:02:04-10:30:49 fw snort[29678]: Max Header Field Length: 750
2016:02:04-10:30:49 fw snort[29678]: Max Number Header Fields: 100
2016:02:04-10:30:49 fw snort[29678]: Max Number of WhiteSpaces allowed with header folding: 200
2016:02:04-10:30:49 fw snort[29678]: Inspect Pipeline Requests: YES
2016:02:04-10:30:49 fw snort[29678]: URI Discovery Strict Mode: NO
2016:02:04-10:30:49 fw snort[29678]: Allow Proxy Usage: NO
2016:02:04-10:30:49 fw snort[29678]: Disable Alerting: NO
2016:02:04-10:30:49 fw snort[29678]: Oversize Dir Length: 500
2016:02:04-10:30:49 fw snort[29678]: Only inspect URI: NO
2016:02:04-10:30:49 fw snort[29678]: Normalize HTTP Headers: NO
2016:02:04-10:30:49 fw snort[29678]: Inspect HTTP Cookies: YES
2016:02:04-10:30:49 fw snort[29678]: Inspect HTTP Responses: YES
2016:02:04-10:30:49 fw snort[29678]: Extract Gzip from responses: YES
2016:02:04-10:30:49 fw snort[29678]: Decompress response files:
2016:02:04-10:30:49 fw snort[29678]: Unlimited decompression of gzip data from responses: NO
2016:02:04-10:30:49 fw snort[29678]: Normalize Javascripts in HTTP Responses: NO
2016:02:04-10:30:49 fw snort[29678]: Normalize HTTP Cookies: NO
2016:02:04-10:30:49 fw snort[29678]: Enable XFF and True Client IP: NO
2016:02:04-10:30:49 fw snort[29678]: Log HTTP URI data: NO
2016:02:04-10:30:49 fw snort[29678]: Log HTTP Hostname data: NO
2016:02:04-10:30:49 fw snort[29678]: Extended ASCII code support in URI: NO
2016:02:04-10:30:49 fw snort[29678]: Ascii: YES alert: NO
2016:02:04-10:30:49 fw snort[29678]: Double Decoding: YES alert: NO
2016:02:04-10:30:49 fw snort[29678]: %U Encoding: YES alert: YES
2016:02:04-10:30:49 fw snort[29678]: Bare Byte: YES alert: NO
2016:02:04-10:30:49 fw snort[29678]: UTF 8: YES alert: NO
2016:02:04-10:30:49 fw snort[29678]: IIS Unicode: YES alert: NO
2016:02:04-10:30:49 fw snort[29678]: Multiple Slash: YES alert: NO
2016:02:04-10:30:49 fw snort[29678]: IIS Backslash: YES alert: NO
2016:02:04-10:30:49 fw snort[29678]: Directory Traversal: YES alert: NO
2016:02:04-10:30:49 fw snort[29678]: Web Root Traversal: YES alert: NO
2016:02:04-10:30:49 fw snort[29678]: Apache WhiteSpace: YES alert: NO
2016:02:04-10:30:49 fw snort[29678]: IIS Delimiter: YES alert: NO
2016:02:04-10:30:49 fw snort[29678]: IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
2016:02:04-10:30:49 fw snort[29678]: Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07
2016:02:04-10:30:49 fw snort[29678]: Whitespace Characters: 0x09 0x0b 0x0c 0x0d
2016:02:04-10:30:49 fw snort[29678]: rpc_decode arguments:
2016:02:04-10:30:49 fw snort[29678]: Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779
2016:02:04-10:30:49 fw snort[29678]: alert_fragments: INACTIVE
2016:02:04-10:30:49 fw snort[29678]: alert_large_fragments: INACTIVE
2016:02:04-10:30:49 fw snort[29678]: alert_incomplete: INACTIVE
2016:02:04-10:30:49 fw snort[29678]: alert_multiple_requests: INACTIVE
2016:02:04-10:30:49 fw snort[29678]: FTPTelnet Config:
2016:02:04-10:30:49 fw snort[29678]: GLOBAL CONFIG
2016:02:04-10:30:49 fw snort[29678]: Inspection Type: stateful
2016:02:04-10:30:49 fw snort[29678]: Check for Encrypted Traffic: YES alert: NO
2016:02:04-10:30:49 fw snort[29678]: Continue to check encrypted data: NO
2016:02:04-10:30:49 fw snort[29678]: TELNET CONFIG:
2016:02:04-10:30:49 fw snort[29678]: Ports: 23
2016:02:04-10:30:49 fw snort[29678]: Are You There Threshold: 20
2016:02:04-10:30:49 fw snort[29678]: Normalize: YES
2016:02:04-10:30:49 fw snort[29678]: Detect Anomalies: YES
2016:02:04-10:30:49 fw snort[29678]: FTP CONFIG:
2016:02:04-10:30:49 fw snort[29678]: FTP Server: default
2016:02:04-10:30:49 fw snort[29678]: Ports (PAF): 21 2100 3535
2016:02:04-10:30:49 fw snort[29678]: Check for Telnet Cmds: YES alert: YES
2016:02:04-10:30:49 fw snort[29678]: Ignore Telnet Cmd Operations: YES alert: YES
2016:02:04-10:30:49 fw snort[29678]: Ignore open data channels: NO
2016:02:04-10:30:49 fw snort[29678]: FTP Client: default
2016:02:04-10:30:49 fw snort[29678]: Check for Bounce Attacks: YES alert: YES
2016:02:04-10:30:49 fw snort[29678]: Check for Telnet Cmds: YES alert: YES
2016:02:04-10:30:49 fw snort[29678]: Ignore Telnet Cmd Operations: YES alert: YES
2016:02:04-10:30:49 fw snort[29678]: Max Response Length: 256
2016:02:04-10:30:49 fw snort[29678]: SMTP Config:
2016:02:04-10:30:49 fw snort[29678]: Ports: 25 465 587 691
2016:02:04-10:30:49 fw snort[29678]: Inspection Type: Stateful
2016:02:04-10:30:49 fw snort[29678]: Normalize: ATRN AUTH BDAT DATA DEBUG EHLO EMAL ESAM ESND ESOM ETRN EVFY EXPN HELO HELP IDENT MAIL NOOP ONEX QUEU QUIT RCPT RSET SAML SEND STARTTLS SOML TICK TIME TURN TURNME VERB VRFY X-EXPS XADR

XAUTH XCIR XEXCH50 XGEN XLICENSE X-LINK2STATE XQUE XSTA XTRN XUSR CHUNKING X-ADAT X-DRCP X-ERCP X-EXCH50
2016:02:04-10:30:49 fw snort[29678]: Ignore Data: No
2016:02:04-10:30:49 fw snort[29678]: Ignore TLS Data: Yes
2016:02:04-10:30:49 fw snort[29678]: Ignore SMTP Alerts: No
2016:02:04-10:30:49 fw snort[29678]: Max Command Line Length: 512
2016:02:04-10:30:49 fw snort[29678]: Max Specific Command Line Length:
2016:02:04-10:30:49 fw snort[29678]: ATRN:255 AUTH:246 BDAT:255 DATA:246 DEBUG:255
2016:02:04-10:30:49 fw snort[29678]: EHLO:500 EMAL:255 ESAM:255 ESND:255 ESOM:255
2016:02:04-10:30:49 fw snort[29678]: ETRN:246 EVFY:255 EXPN:255 HELO:500 HELP:500
2016:02:04-10:30:49 fw snort[29678]: IDENT:255 MAIL:260 NOOP:255 ONEX:246 QUEU:246
2016:02:04-10:30:49 fw snort[29678]: QUIT:246 RCPT:300 RSET:246 SAML:246 SEND:246
2016:02:04-10:30:49 fw snort[29678]: SIZE:255 STARTTLS:246 SOML:246 TICK:246 TIME:246
2016:02:04-10:30:49 fw snort[29678]: TURN:246 TURNME:246 VERB:246 VRFY:255 X-EXPS:246
2016:02:04-10:30:49 fw snort[29678]: XADR:246 XAUTH:246 XCIR:246 XEXCH50:246 XGEN:246
2016:02:04-10:30:49 fw snort[29678]: XLICENSE:246 X-LINK2STATE:246 XQUE:246 XSTA:246 XTRN:246
2016:02:04-10:30:49 fw snort[29678]: XUSR:246
2016:02:04-10:30:49 fw snort[29678]: Max Header Line Length: 1000
2016:02:04-10:30:49 fw snort[29678]: Max Response Line Length: 512
2016:02:04-10:30:49 fw snort[29678]: X-Link2State Alert: Yes
2016:02:04-10:30:49 fw snort[29679]: Tagged Packet Limit: 256
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic engine /usr/lib/snort_dynamicengine/libsf_engine.so...
2016:02:04-10:30:49 fw snort[29678]: Drop on X-Link2State Alert: No
2016:02:04-10:30:49 fw snort[29678]: Alert on commands: None
2016:02:04-10:30:49 fw snort[29678]: Alert on unknown commands: No
2016:02:04-10:30:49 fw snort[29678]: SMTP Memcap: 838860
2016:02:04-10:30:49 fw snort[29678]: MIME Max Mem: 838860
2016:02:04-10:30:49 fw snort[29678]: Base64 Decoding: Enabled
2016:02:04-10:30:49 fw snort[29678]: Base64 Decoding Depth: Unlimited
2016:02:04-10:30:49 fw snort[29678]: Quoted-Printable Decoding: Enabled
2016:02:04-10:30:49 fw snort[29678]: Quoted-Printable Decoding Depth: Unlimited
2016:02:04-10:30:49 fw snort[29678]: Unix-to-Unix Decoding: Enabled
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29679]: Loading all dynamic detection libs from /usr/lib/snort/so_rules/...
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic detection library /usr/lib/snort/so_rules//protocol-voip.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic detection library /usr/lib/snort/so_rules//file-pdf.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic detection library /usr/lib/snort/so_rules//protocol-nntp.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic detection library /usr/lib/snort/so_rules//os-other.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29678]: Unix-to-Unix Decoding Depth: Unlimited
2016:02:04-10:30:49 fw snort[29678]: Non-Encoded MIME attachment Extraction: Enabled
2016:02:04-10:30:49 fw snort[29678]: Non-Encoded MIME attachment Extraction Depth: Unlimited
2016:02:04-10:30:49 fw snort[29678]: Log Attachment filename: Enabled
2016:02:04-10:30:49 fw snort[29678]: Log MAIL FROM Address: Enabled
2016:02:04-10:30:49 fw snort[29678]: Log RCPT TO Addresses: Enabled
2016:02:04-10:30:49 fw snort[29678]: Log Email Headers: Enabled
2016:02:04-10:30:49 fw snort[29678]: Email Hdrs Log Depth: 1464
2016:02:04-10:30:49 fw snort[29678]: SSH config:
2016:02:04-10:30:49 fw snort[29678]: Autodetection: ENABLED
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic detection library /usr/lib/snort/so_rules//os-linux.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic detection library /usr/lib/snort/so_rules//file-image.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic detection library /usr/lib/snort/so_rules//malware-other.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic detection library /usr/lib/snort/so_rules//protocol-tftp.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic detection library /usr/lib/snort/so_rules//browser-other.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29678]: Challenge-Response Overflow Alert: ENABLED
2016:02:04-10:30:49 fw snort[29678]: SSH1 CRC32 Alert: ENABLED
2016:02:04-10:30:49 fw snort[29678]: Server Version String Overflow Alert: ENABLED
2016:02:04-10:30:49 fw snort[29678]: Protocol Mismatch Alert: ENABLED
2016:02:04-10:30:49 fw snort[29678]: Bad Message Direction Alert: DISABLED
2016:02:04-10:30:49 fw snort[29678]: Bad Payload Size Alert: DISABLED
2016:02:04-10:30:49 fw snort[29678]: Unrecognized Version Alert: DISABLED
2016:02:04-10:30:49 fw snort[29678]: Max Encrypted Packets: 20
2016:02:04-10:30:49 fw snort[29678]: Max Server Version String Length: 100
2016:02:04-10:30:49 fw snort[29678]: MaxClientBytes: 19600 (Default)
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic detection library /usr/lib/snort/so_rules//pua-p2p.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic detection library /usr/lib/snort/so_rules//server-oracle.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic detection library /usr/lib/snort/so_rules//server-mail.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic detection library /usr/lib/snort/so_rules//netbios.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic detection library /usr/lib/snort/so_rules//protocol-icmp.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29678]: Ports:
2016:02:04-10:30:49 fw snort[29678]: 22
2016:02:04-10:30:49 fw snort[29678]:
2016:02:04-10:30:49 fw snort[29678]: DCE/RPC 2 Preprocessor Configuration
2016:02:04-10:30:49 fw snort[29678]: Global Configuration
2016:02:04-10:30:49 fw snort[29678]: DCE/RPC Defragmentation: Enabled
2016:02:04-10:30:49 fw snort[29678]: Memcap: 102400 KB
2016:02:04-10:30:49 fw snort[29678]: Events: smb co cl
2016:02:04-10:30:49 fw snort[29678]: SMB Fingerprint policy: Disabled
2016:02:04-10:30:49 fw snort[29678]: Server Default Configuration
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic detection library /usr/lib/snort/so_rules//server-other.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic detection library /usr/lib/snort/so_rules//malware-cnc.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic detection library /usr/lib/snort/so_rules//server-webapp.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic detection library /usr/lib/snort/so_rules//file-other.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic detection library /usr/lib/snort/so_rules//server-iis.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29678]: Policy: WinXP
2016:02:04-10:30:49 fw snort[29678]: Detect ports (PAF)
2016:02:04-10:30:49 fw snort[29678]: SMB: 139 445
2016:02:04-10:30:49 fw snort[29678]: TCP: 135
2016:02:04-10:30:49 fw snort[29678]: UDP: 135
2016:02:04-10:30:49 fw snort[29678]: RPC over HTTP server: 593
2016:02:04-10:30:49 fw snort[29678]: RPC over HTTP proxy: None
2016:02:04-10:30:49 fw snort[29678]: Autodetect ports (PAF)
2016:02:04-10:30:49 fw snort[29678]: SMB: None
2016:02:04-10:30:49 fw snort[29678]: TCP: 1025-65535
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic detection library /usr/lib/snort/so_rules//file-java.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic detection library /usr/lib/snort/so_rules//server-mysql.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic detection library /usr/lib/snort/so_rules//server-apache.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic detection library /usr/lib/snort/so_rules//exploit-kit.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic detection library /usr/lib/snort/so_rules//browser-plugins.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29678]: UDP: 1025-65535
2016:02:04-10:30:49 fw snort[29678]: RPC over HTTP server: 1025-65535
2016:02:04-10:30:49 fw snort[29678]: RPC over HTTP proxy: None
2016:02:04-10:30:49 fw snort[29678]: Maximum SMB command chaining: 3 commands
2016:02:04-10:30:49 fw snort[29678]: SMB file inspection: Disabled
2016:02:04-10:30:49 fw snort[29678]: DNS config:
2016:02:04-10:30:49 fw snort[29678]: DNS Client rdata txt Overflow Alert: ACTIVE
2016:02:04-10:30:49 fw snort[29678]: Obsolete DNS RR Types Alert: INACTIVE
2016:02:04-10:30:49 fw snort[29678]: Experimental DNS RR Types Alert: INACTIVE
2016:02:04-10:30:49 fw snort[29678]: Ports:
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic detection library /usr/lib/snort/so_rules//indicator-shellcode.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic detection library /usr/lib/snort/so_rules//file-office.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic detection library /usr/lib/snort/so_rules//file-multimedia.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic detection library /usr/lib/snort/so_rules//protocol-scada.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic detection library /usr/lib/snort/so_rules//protocol-other.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29678]: 53
2016:02:04-10:30:49 fw snort[29678]:
2016:02:04-10:30:49 fw snort[29678]: SSLPP config:
2016:02:04-10:30:49 fw snort[29678]: Encrypted packets: not inspected
2016:02:04-10:30:49 fw snort[29678]: Ports:
2016:02:04-10:30:49 fw snort[29678]: 443 465 563 636 989
2016:02:04-10:30:49 fw snort[29678]: 992 993 994 995 6907
2016:02:04-10:30:49 fw snort[29678]: 7702 7801 7900 7901 7902
2016:02:04-10:30:49 fw snort[29678]: 7903 7904 7905 7906 7908
2016:02:04-10:30:49 fw snort[29678]: 7909 7910 7911 7912 7913
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic detection library /usr/lib/snort/so_rules//browser-ie.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic detection library /usr/lib/snort/so_rules//policy-social.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic detection library /usr/lib/snort/so_rules//protocol-dns.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic detection library /usr/lib/snort/so_rules//protocol-snmp.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic detection library /usr/lib/snort/so_rules//file-flash.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29678]: 7914 7915 7916 7917 7918
2016:02:04-10:30:49 fw snort[29678]: 7919 7920
2016:02:04-10:30:49 fw snort[29678]: Server side data is trusted
2016:02:04-10:30:49 fw snort[29678]: Maximum SSL Heartbeat length: 0
2016:02:04-10:30:49 fw snort[29678]: Sensitive Data preprocessor config:
2016:02:04-10:30:49 fw snort[29678]: Global Alert Threshold: 25
2016:02:04-10:30:49 fw snort[29678]: Masked Output: DISABLED
2016:02:04-10:30:49 fw snort[29678]: SIP config:
2016:02:04-10:30:49 fw snort[29678]: Max number of sessions: 10000 (Default)
2016:02:04-10:30:49 fw snort[29678]: Max number of dialogs in a session: 4 (Default)
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic detection library /usr/lib/snort/so_rules//policy-other.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic detection library /usr/lib/snort/so_rules//os-windows.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic detection library /usr/lib/snort/so_rules//file-executable.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29679]: Finished Loading all dynamic detection libs from /usr/lib/snort/so_rules/
2016:02:04-10:30:49 fw snort[29679]: Loading all dynamic preprocessor libs from /usr/lib/snort/...
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic preprocessor library /usr/lib/snort//libsf_gtp_preproc.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29678]: Status: ENABLED
2016:02:04-10:30:49 fw snort[29678]: Ignore media channel: DISABLED
2016:02:04-10:30:49 fw snort[29678]: Max URI length: 512
2016:02:04-10:30:49 fw snort[29678]: Max Call ID length: 80
2016:02:04-10:30:49 fw snort[29678]: Max Request name length: 20 (Default)
2016:02:04-10:30:49 fw snort[29678]: Max From length: 256 (Default)
2016:02:04-10:30:49 fw snort[29678]: Max To length: 256 (Default)
2016:02:04-10:30:49 fw snort[29678]: Max Via length: 1024 (Default)
2016:02:04-10:30:49 fw snort[29678]: Max Contact length: 512
2016:02:04-10:30:49 fw snort[29678]: Max Content length: 1024 (Default)
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic preprocessor library /usr/lib/snort//libsf_ftptelnet_preproc.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic preprocessor library /usr/lib/snort//libsf_smtp_preproc.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic preprocessor library /usr/lib/snort//libsf_dns_preproc.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic preprocessor library /usr/lib/snort//libsf_ssl_preproc.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic preprocessor library /usr/lib/snort//libsf_pop_preproc.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29678]: Ports:
2016:02:04-10:30:49 fw snort[29678]: 5060
2016:02:04-10:30:49 fw snort[29678]: 5061
2016:02:04-10:30:49 fw snort[29678]: 5600
2016:02:04-10:30:49 fw snort[29678]:
2016:02:04-10:30:49 fw snort[29678]: Methods:
2016:02:04-10:30:49 fw snort[29678]:
2016:02:04-10:30:49 fw snort[29678]: invite
2016:02:04-10:30:49 fw snort[29678]: cancel
2016:02:04-10:30:49 fw snort[29678]: ack
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic preprocessor library /usr/lib/snort//libsf_dnp3_preproc.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic preprocessor library /usr/lib/snort//libsf_sip_preproc.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic preprocessor library /usr/lib/snort//libsf_modbus_preproc.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic preprocessor library /usr/lib/snort//libsf_reputation_preproc.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic preprocessor library /usr/lib/snort//libsf_ssh_preproc.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29678]: bye
2016:02:04-10:30:49 fw snort[29678]: register
2016:02:04-10:30:49 fw snort[29678]: options
2016:02:04-10:30:49 fw snort[29678]: refer
2016:02:04-10:30:49 fw snort[29678]: subscribe
2016:02:04-10:30:49 fw snort[29678]: update
2016:02:04-10:30:49 fw snort[29678]: join
2016:02:04-10:30:49 fw snort[29678]: info
2016:02:04-10:30:49 fw snort[29678]: message
2016:02:04-10:30:49 fw snort[29678]: notify
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic preprocessor library /usr/lib/snort//libsf_sdf_preproc.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic preprocessor library /usr/lib/snort//libsf_imap_preproc.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29679]: Loading dynamic preprocessor library /usr/lib/snort//libsf_dce2_preproc.so...
2016:02:04-10:30:49 fw snort[29679]: done
2016:02:04-10:30:49 fw snort[29679]: Finished Loading all dynamic preprocessor libs from /usr/lib/snort/
2016:02:04-10:30:49 fw snort[29679]: Log directory = /var/log/snort
2016:02:04-10:30:49 fw snort[29679]: Normalizer config:
2016:02:04-10:30:49 fw snort[29679]: ip4: on
2016:02:04-10:30:49 fw snort[29678]: benotify
2016:02:04-10:30:49 fw snort[29678]: do
2016:02:04-10:30:49 fw snort[29678]: qauth
2016:02:04-10:30:49 fw snort[29678]: sprack
2016:02:04-10:30:49 fw snort[29678]: publish
2016:02:04-10:30:49 fw snort[29678]: service
2016:02:04-10:30:49 fw snort[29678]: unsubscribe
2016:02:04-10:30:49 fw snort[29678]: prack
2016:02:04-10:30:49 fw snort[29678]:
2016:02:04-10:30:49 fw snort[29678]: IMAP Config:
2016:02:04-10:30:49 fw snort[29679]: ip4::df: off
2016:02:04-10:30:49 fw snort[29679]: ip4::rf: off
2016:02:04-10:30:49 fw snort[29679]: ip4::tos: off
2016:02:04-10:30:49 fw snort[29679]: ip4::trim: off
2016:02:04-10:30:49 fw snort[29679]: ip4::ttl: on (min=1, new=5)
2016:02:04-10:30:49 fw snort[29679]: Normalizer config:
2016:02:04-10:30:49 fw snort[29679]: tcp: on
2016:02:04-10:30:49 fw snort[29679]: tcp::ecn: stream
2016:02:04-10:30:49 fw snort[29679]: tcp::block: off
2016:02:04-10:30:49 fw snort[29679]: tcp::rsv: off
2016:02:04-10:30:49 fw snort[29678]: Ports: 143
2016:02:04-10:30:49 fw snort[29678]: IMAP Memcap: 838860
2016:02:04-10:30:49 fw snort[29678]: MIME Max Mem: 838860
2016:02:04-10:30:49 fw snort[29678]: Base64 Decoding: Enabled
2016:02:04-10:30:49 fw snort[29678]: Base64 Decoding Depth: Unlimited
2016:02:04-10:30:49 fw snort[29678]: Quoted-Printable Decoding: Enabled
2016:02:04-10:30:49 fw snort[29678]: Quoted-Printable Decoding Depth: Unlimited
2016:02:04-10:30:49 fw snort[29678]: Unix-to-Unix Decoding: Enabled
2016:02:04-10:30:49 fw snort[29678]: Unix-to-Unix Decoding Depth: Unlimited
2016:02:04-10:30:49 fw snort[29678]: Non-Encoded MIME attachment Extraction: Enabled
2016:02:04-10:30:49 fw snort[29679]: tcp::pad: off
2016:02:04-10:30:49 fw snort[29679]: tcp::req_urg: off
2016:02:04-10:30:49 fw snort[29679]: tcp::req_pay: off
2016:02:04-10:30:49 fw snort[29679]: tcp::req_urp: off
2016:02:04-10:30:49 fw snort[29679]: tcp::urp: off
2016:02:04-10:30:49 fw snort[29679]: tcp::opt: off
2016:02:04-10:30:49 fw snort[29679]: tcp::ips: on
2016:02:04-10:30:49 fw snort[29679]: tcp::trim_syn: off
2016:02:04-10:30:49 fw snort[29679]: tcp::trim_rst: off
2016:02:04-10:30:49 fw snort[29679]: tcp::trim_win: off
2016:02:04-10:30:49 fw snort[29678]: Non-Encoded MIME attachment Extraction Depth: Unlimited
2016:02:04-10:30:49 fw snort[29678]: POP Config:
2016:02:04-10:30:49 fw snort[29678]: Ports: 110
2016:02:04-10:30:49 fw snort[29678]: POP Memcap: 838860
2016:02:04-10:30:49 fw snort[29678]: MIME Max Mem: 838860
2016:02:04-10:30:49 fw snort[29678]: Base64 Decoding: Enabled
2016:02:04-10:30:49 fw snort[29678]: Base64 Decoding Depth: Unlimited
2016:02:04-10:30:49 fw snort[29678]: Quoted-Printable Decoding: Enabled
2016:02:04-10:30:49 fw snort[29678]: Quoted-Printable Decoding Depth: Unlimited
2016:02:04-10:30:49 fw snort[29678]: Unix-to-Unix Decoding: Enabled
2016:02:04-10:30:49 fw snort[29679]: tcp::trim_mss: off
2016:02:04-10:30:49 fw snort[29679]: Normalizer config:
2016:02:04-10:30:49 fw snort[29679]: icmp4: on
2016:02:04-10:30:49 fw snort[29679]: Normalizer config:
2016:02:04-10:30:49 fw snort[29679]: ip6: on
2016:02:04-10:30:49 fw snort[29679]: ip6::hops: on (min=1, new=5)
2016:02:04-10:30:49 fw snort[29679]: Normalizer config:
2016:02:04-10:30:49 fw snort[29679]: icmp6: on
2016:02:04-10:30:49 fw snort[29679]: Frag3 global config:
2016:02:04-10:30:49 fw snort[29679]: Max frags: 65536
2016:02:04-10:30:49 fw snort[29678]: Unix-to-Unix Decoding Depth: Unlimited
2016:02:04-10:30:49 fw snort[29678]: Non-Encoded MIME attachment Extraction: Enabled
2016:02:04-10:30:49 fw snort[29678]: Non-Encoded MIME attachment Extraction Depth: Unlimited
2016:02:04-10:30:49 fw snort[29678]: DNP3 config:
2016:02:04-10:30:49 fw snort[29678]: Memcap: 262144
2016:02:04-10:30:49 fw snort[29678]: Check Link-Layer CRCs: DISABLED
2016:02:04-10:30:49 fw snort[29678]: Ports:
2016:02:04-10:30:49 fw snort[29678]: 20000
2016:02:04-10:30:49 fw snort[29678]:
2016:02:04-10:30:49 fw snort[29678]: Modbus config:
2016:02:04-10:30:49 fw snort[29679]: Fragment memory cap: 4194304 bytes
2016:02:04-10:30:49 fw snort[29679]: Frag3 engine config:
2016:02:04-10:30:49 fw snort[29679]: Bound Address: default
2016:02:04-10:30:49 fw snort[29679]: Target-based policy: WINDOWS
2016:02:04-10:30:49 fw snort[29679]: Fragment timeout: 180 seconds
2016:02:04-10:30:49 fw snort[29679]: Fragment min_ttl: 1
2016:02:04-10:30:49 fw snort[29679]: Fragment Anomalies: Alert
2016:02:04-10:30:49 fw snort[29679]: Overlap Limit: 10
2016:02:04-10:30:49 fw snort[29679]: Min fragment Length: 100
2016:02:04-10:30:49 fw snort[29679]: Max Expected Streams: 31
2016:02:04-10:30:49 fw snort[29678]: Ports:
2016:02:04-10:30:49 fw snort[29678]: 502
2016:02:04-10:30:49 fw snort[29678]:
2016:02:04-10:30:49 fw snort[29678]:
2016:02:04-10:30:49 fw snort[29678]: +++++++++++++++++++++++++++++++++++++++++++++++++++
2016:02:04-10:30:49 fw snort[29678]: Initializing rule chains...
2016:02:04-10:30:49 fw snort[29679]: Stream global config:
2016:02:04-10:30:49 fw snort[29679]: Track TCP sessions: ACTIVE
2016:02:04-10:30:49 fw snort[29679]: Max TCP sessions: 12800
2016:02:04-10:30:49 fw snort[29679]: TCP cache pruning timeout: 30 seconds
2016:02:04-10:30:49 fw snort[29679]: TCP cache nominal timeout: 3600 seconds
2016:02:04-10:30:49 fw snort[29679]: Memcap (for reassembly packet storage): 8388608
2016:02:04-10:30:49 fw snort[29679]: Track UDP sessions: ACTIVE
2016:02:04-10:30:49 fw snort[29679]: Max UDP sessions: 3200
2016:02:04-10:30:49 fw snort[29679]: UDP cache pruning timeout: 30 seconds
2016:02:04-10:30:49 fw snort[29679]: UDP cache nominal timeout: 180 seconds
2016:02:04-10:30:49 fw snort[29679]: Track ICMP sessions: INACTIVE
2016:02:04-10:30:49 fw snort[29679]: Track IP sessions: INACTIVE
2016:02:04-10:30:49 fw snort[29679]: Log info if session memory consumption exceeds 1048576
2016:02:04-10:30:49 fw snort[29679]: Send up to 2 active responses
2016:02:04-10:30:49 fw snort[29679]: Wait at least 5 seconds between responses
2016:02:04-10:30:49 fw snort[29679]: Protocol Aware Flushing: ACTIVE
2016:02:04-10:30:49 fw snort[29679]: Maximum Flush Point: 16000
2016:02:04-10:30:49 fw snort[29679]: Stream TCP Policy config:
2016:02:04-10:30:49 fw snort[29679]: Bound Address: default
2016:02:04-10:30:49 fw snort[29679]: Reassembly Policy: WINDOWS
2016:02:04-10:30:49 fw snort[29679]: Timeout: 180 seconds
2016:02:04-10:30:49 fw snort[29679]: Limit on TCP Overlaps: 10
2016:02:04-10:30:49 fw snort[29679]: Maximum number of bytes to queue per session: 1048576
2016:02:04-10:30:49 fw snort[29679]: Maximum number of segs to queue per session: 2621
2016:02:04-10:30:49 fw snort[29679]: Options:
2016:02:04-10:30:49 fw snort[29679]: Require 3-Way Handshake: YES
2016:02:04-10:30:49 fw snort[29679]: 3-Way Handshake Timeout: 180
2016:02:04-10:30:49 fw snort[29679]: Detect Anomalies: YES
2016:02:04-10:30:49 fw snort[29679]: Reassembly Ports:
2016:02:04-10:30:49 fw snort[29679]: 21 client (Footprint-IPS)
2016:02:04-10:30:49 fw snort[29679]: 22 client (Footprint-IPS)
2016:02:04-10:30:49 fw snort[29679]: 23 client (Footprint-IPS)
2016:02:04-10:30:49 fw snort[29679]: 25 client (Footprint-IPS)
2016:02:04-10:30:49 fw snort[29679]: 42 client (Footprint-IPS)
2016:02:04-10:30:49 fw snort[29679]: 53 client (Footprint-IPS)
2016:02:04-10:30:49 fw snort[29679]: 79 client (Footprint-IPS)
2016:02:04-10:30:49 fw snort[29679]: 80 client (Footprint-IPS) server (Footprint-IPS)
2016:02:04-10:30:49 fw snort[29679]: 81 client (Footprint-IPS) server (Footprint-IPS)
2016:02:04-10:30:49 fw snort[29679]: 109 client (Footprint-IPS)
2016:02:04-10:30:49 fw snort[29679]: 110 client (Footprint-IPS)
2016:02:04-10:30:49 fw snort[29679]: 111 client (Footprint-IPS)
2016:02:04-10:30:49 fw snort[29679]: 113 client (Footprint-IPS)
2016:02:04-10:30:49 fw snort[29679]: 119 client (Footprint-IPS)
2016:02:04-10:30:49 fw snort[29679]: 135 client (Footprint-IPS)
2016:02:04-10:30:49 fw snort[29679]: 136 client (Footprint-IPS)
2016:02:04-10:30:49 fw snort[29679]: 137 client (Footprint-IPS)
2016:02:04-10:30:49 fw snort[29679]: 139 client (Footprint-IPS)
2016:02:04-10:30:49 fw snort[29679]: 143 client (Footprint-IPS)
2016:02:04-10:30:49 fw snort[29679]: 161 client (Footprint-IPS)
2016:02:04-10:30:49 fw snort[29679]: additional ports configured but not printed.
2016:02:04-10:30:49 fw snort[29679]: Stream UDP Policy config:
2016:02:04-10:30:49 fw snort[29679]: Timeout: 180 seconds
2016:02:04-10:30:49 fw snort[29679]: HttpInspect Config:
2016:02:04-10:30:49 fw snort[29679]: GLOBAL CONFIG
2016:02:04-10:30:49 fw snort[29679]: Detect Proxy Usage: NO
2016:02:04-10:30:49 fw snort[29679]: IIS Unicode Map Filename: /etc/snort/unicode.map
2016:02:04-10:30:49 fw snort[29679]: IIS Unicode Map Codepage: 1252
2016:02:04-10:30:49 fw snort[29679]: Memcap used for logging URI and Hostname: 150994944
2016:02:04-10:30:49 fw snort[29679]: Max Gzip Memory: 838860
2016:02:04-10:30:49 fw snort[29679]: Max Gzip Sessions: 2688
2016:02:04-10:30:49 fw snort[29679]: Gzip Compress Depth: 65535
2016:02:04-10:30:49 fw snort[29679]: Gzip Decompress Depth: 65535
2016:02:04-10:30:49 fw snort[29679]: DEFAULT SERVER CONFIG:
2016:02:04-10:30:49 fw snort[29679]: Server profile: All
2016:02:04-10:30:49 fw snort[29679]: Ports (PAF): 80 311 591 593 901 1220 1414 2301 2381 2809 3128 3702 7777 7779 8000 8008 8028 8080 8118 8123 8180 8243 8280 8888 9443 9999 11371
2016:02:04-10:30:49 fw snort[29679]: Server Flow Depth: 0
2016:02:04-10:30:49 fw snort[29679]: Client Flow Depth: 0
2016:02:04-10:30:49 fw snort[29679]: Max Chunk Length: 500000
2016:02:04-10:30:49 fw snort[29679]: Max Header Field Length: 750
2016:02:04-10:30:49 fw snort[29679]: Max Number Header Fields: 100
2016:02:04-10:30:49 fw snort[29679]: Max Number of WhiteSpaces allowed with header folding: 200
2016:02:04-10:30:49 fw snort[29679]: Inspect Pipeline Requests: YES
2016:02:04-10:30:49 fw snort[29679]: URI Discovery Strict Mode: NO
2016:02:04-10:30:49 fw snort[29679]: Allow Proxy Usage: NO
2016:02:04-10:30:49 fw snort[29679]: Disable Alerting: NO
2016:02:04-10:30:49 fw snort[29679]: Oversize Dir Length: 500
2016:02:04-10:30:49 fw snort[29679]: Only inspect URI: NO
2016:02:04-10:30:49 fw snort[29679]: Normalize HTTP Headers: NO
2016:02:04-10:30:49 fw snort[29679]: Inspect HTTP Cookies: YES
2016:02:04-10:30:49 fw snort[29679]: Inspect HTTP Responses: YES
2016:02:04-10:30:49 fw snort[29679]: Extract Gzip from responses: YES
2016:02:04-10:30:49 fw snort[29679]: Decompress response files:
2016:02:04-10:30:49 fw snort[29679]: Unlimited decompression of gzip data from responses: NO
2016:02:04-10:30:49 fw snort[29679]: Normalize Javascripts in HTTP Responses: NO
2016:02:04-10:30:49 fw snort[29679]: Normalize HTTP Cookies: NO
2016:02:04-10:30:49 fw snort[29679]: Enable XFF and True Client IP: NO
2016:02:04-10:30:49 fw snort[29679]: Log HTTP URI data: NO
2016:02:04-10:30:49 fw snort[29679]: Log HTTP Hostname data: NO
2016:02:04-10:30:49 fw snort[29679]: Extended ASCII code support in URI: NO
2016:02:04-10:30:49 fw snort[29679]: Ascii: YES alert: NO
2016:02:04-10:30:49 fw snort[29679]: Double Decoding: YES alert: NO
2016:02:04-10:30:49 fw snort[29679]: %U Encoding: YES alert: YES
2016:02:04-10:30:49 fw snort[29679]: Bare Byte: YES alert: NO
2016:02:04-10:30:49 fw snort[29679]: UTF 8: YES alert: NO
2016:02:04-10:30:49 fw snort[29679]: IIS Unicode: YES alert: NO
2016:02:04-10:30:49 fw snort[29679]: Multiple Slash: YES alert: NO
2016:02:04-10:30:49 fw snort[29679]: IIS Backslash: YES alert: NO
2016:02:04-10:30:49 fw snort[29679]: Directory Traversal: YES alert: NO
2016:02:04-10:30:49 fw snort[29679]: Web Root Traversal: YES alert: NO
2016:02:04-10:30:49 fw snort[29679]: Apache WhiteSpace: YES alert: NO
2016:02:04-10:30:49 fw snort[29679]: IIS Delimiter: YES alert: NO
2016:02:04-10:30:49 fw snort[29679]: IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
2016:02:04-10:30:49 fw snort[29679]: Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07
2016:02:04-10:30:49 fw snort[29679]: Whitespace Characters: 0x09 0x0b 0x0c 0x0d
2016:02:04-10:30:49 fw snort[29679]: rpc_decode arguments:
2016:02:04-10:30:49 fw snort[29679]: Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779
2016:02:04-10:30:49 fw snort[29679]: alert_fragments: INACTIVE
2016:02:04-10:30:49 fw snort[29679]: alert_large_fragments: INACTIVE
2016:02:04-10:30:49 fw snort[29679]: alert_incomplete: INACTIVE
2016:02:04-10:30:49 fw snort[29679]: alert_multiple_requests: INACTIVE
2016:02:04-10:30:49 fw snort[29679]: FTPTelnet Config:
2016:02:04-10:30:49 fw snort[29679]: GLOBAL CONFIG
2016:02:04-10:30:49 fw snort[29679]: Inspection Type: stateful
2016:02:04-10:30:49 fw snort[29679]: Check for Encrypted Traffic: YES alert: NO
2016:02:04-10:30:49 fw snort[29679]: Continue to check encrypted data: NO
2016:02:04-10:30:49 fw snort[29679]: TELNET CONFIG:
2016:02:04-10:30:49 fw snort[29679]: Ports: 23
2016:02:04-10:30:49 fw snort[29679]: Are You There Threshold: 20
2016:02:04-10:30:49 fw snort[29679]: Normalize: YES
2016:02:04-10:30:49 fw snort[29679]: Detect Anomalies: YES
2016:02:04-10:30:49 fw snort[29679]: FTP CONFIG:
2016:02:04-10:30:49 fw snort[29679]: FTP Server: default
2016:02:04-10:30:49 fw snort[29679]: Ports (PAF): 21 2100 3535
2016:02:04-10:30:49 fw snort[29679]: Check for Telnet Cmds: YES alert: YES
2016:02:04-10:30:49 fw snort[29679]: Ignore Telnet Cmd Operations: YES alert: YES
2016:02:04-10:30:49 fw snort[29679]: Ignore open data channels: NO
2016:02:04-10:30:49 fw snort[29679]: FTP Client: default
2016:02:04-10:30:49 fw snort[29679]: Check for Bounce Attacks: YES alert: YES
2016:02:04-10:30:49 fw snort[29679]: Check for Telnet Cmds: YES alert: YES
2016:02:04-10:30:49 fw snort[29679]: Ignore Telnet Cmd Operations: YES alert: YES
2016:02:04-10:30:49 fw snort[29679]: Max Response Length: 256
2016:02:04-10:30:49 fw snort[29679]: SMTP Config:
2016:02:04-10:30:49 fw snort[29679]: Ports: 25 465 587 691
2016:02:04-10:30:49 fw snort[29679]: Inspection Type: Stateful
2016:02:04-10:30:49 fw snort[29679]: Normalize: ATRN AUTH BDAT DATA DEBUG EHLO EMAL ESAM ESND ESOM ETRN EVFY EXPN HELO HELP IDENT MAIL NOOP ONEX QUEU QUIT RCPT RSET SAML SEND STARTTLS SOML TICK TIME TURN TURNME VERB VRFY X-EXPS XADR

XAUTH XCIR XEXCH50 XGEN XLICENSE X-LINK2STATE XQUE XSTA XTRN XUSR CHUNKING X-ADAT X-DRCP X-ERCP X-EXCH50
2016:02:04-10:30:49 fw snort[29679]: Ignore Data: No
2016:02:04-10:30:49 fw snort[29679]: Ignore TLS Data: Yes
2016:02:04-10:30:49 fw snort[29679]: Ignore SMTP Alerts: No
2016:02:04-10:30:49 fw snort[29679]: Max Command Line Length: 512
2016:02:04-10:30:49 fw snort[29679]: Max Specific Command Line Length:
2016:02:04-10:30:49 fw snort[29679]: ATRN:255 AUTH:246 BDAT:255 DATA:246 DEBUG:255
2016:02:04-10:30:49 fw snort[29679]: EHLO:500 EMAL:255 ESAM:255 ESND:255 ESOM:255
2016:02:04-10:30:49 fw snort[29679]: ETRN:246 EVFY:255 EXPN:255 HELO:500 HELP:500
2016:02:04-10:30:49 fw snort[29679]: IDENT:255 MAIL:260 NOOP:255 ONEX:246 QUEU:246
2016:02:04-10:30:49 fw snort[29679]: QUIT:246 RCPT:300 RSET:246 SAML:246 SEND:246
2016:02:04-10:30:49 fw snort[29679]: SIZE:255 STARTTLS:246 SOML:246 TICK:246 TIME:246
2016:02:04-10:30:49 fw snort[29679]: TURN:246 TURNME:246 VERB:246 VRFY:255 X-EXPS:246
2016:02:04-10:30:49 fw snort[29679]: XADR:246 XAUTH:246 XCIR:246 XEXCH50:246 XGEN:246
2016:02:04-10:30:49 fw snort[29679]: XLICENSE:246 X-LINK2STATE:246 XQUE:246 XSTA:246 XTRN:246
2016:02:04-10:30:49 fw snort[29679]: XUSR:246
2016:02:04-10:30:49 fw snort[29679]: Max Header Line Length: 1000
2016:02:04-10:30:49 fw snort[29679]: Max Response Line Length: 512
2016:02:04-10:30:49 fw snort[29679]: X-Link2State Alert: Yes
2016:02:04-10:30:49 fw snort[29679]: Drop on X-Link2State Alert: No
2016:02:04-10:30:49 fw snort[29679]: Alert on commands: None
2016:02:04-10:30:49 fw snort[29679]: Alert on unknown commands: No
2016:02:04-10:30:49 fw snort[29679]: SMTP Memcap: 838860
2016:02:04-10:30:49 fw snort[29679]: MIME Max Mem: 838860
2016:02:04-10:30:49 fw snort[29679]: Base64 Decoding: Enabled
2016:02:04-10:30:49 fw snort[29679]: Base64 Decoding Depth: Unlimited
2016:02:04-10:30:49 fw snort[29679]: Quoted-Printable Decoding: Enabled
2016:02:04-10:30:49 fw snort[29679]: Quoted-Printable Decoding Depth: Unlimited
2016:02:04-10:30:49 fw snort[29679]: Unix-to-Unix Decoding: Enabled
2016:02:04-10:30:49 fw snort[29679]: Unix-to-Unix Decoding Depth: Unlimited
2016:02:04-10:30:49 fw snort[29679]: Non-Encoded MIME attachment Extraction: Enabled
2016:02:04-10:30:49 fw snort[29679]: Non-Encoded MIME attachment Extraction Depth: Unlimited
2016:02:04-10:30:49 fw snort[29679]: Log Attachment filename: Enabled
2016:02:04-10:30:49 fw snort[29679]: Log MAIL FROM Address: Enabled
2016:02:04-10:30:49 fw snort[29679]: Log RCPT TO Addresses: Enabled
2016:02:04-10:30:49 fw snort[29679]: Log Email Headers: Enabled
2016:02:04-10:30:49 fw snort[29679]: Email Hdrs Log Depth: 1464
2016:02:04-10:30:49 fw snort[29679]: SSH config:
2016:02:04-10:30:49 fw snort[29679]: Autodetection: ENABLED
2016:02:04-10:30:49 fw snort[29679]: Challenge-Response Overflow Alert: ENABLED
2016:02:04-10:30:49 fw snort[29679]: SSH1 CRC32 Alert: ENABLED
2016:02:04-10:30:49 fw snort[29679]: Server Version String Overflow Alert: ENABLED
2016:02:04-10:30:49 fw snort[29679]: Protocol Mismatch Alert: ENABLED
2016:02:04-10:30:49 fw snort[29679]: Bad Message Direction Alert: DISABLED
2016:02:04-10:30:49 fw snort[29679]: Bad Payload Size Alert: DISABLED
2016:02:04-10:30:49 fw snort[29679]: Unrecognized Version Alert: DISABLED
2016:02:04-10:30:49 fw snort[29679]: Max Encrypted Packets: 20
2016:02:04-10:30:49 fw snort[29679]: Max Server Version String Length: 100
2016:02:04-10:30:49 fw snort[29679]: MaxClientBytes: 19600 (Default)
2016:02:04-10:30:49 fw snort[29679]: Ports:
2016:02:04-10:30:49 fw snort[29679]: 22
2016:02:04-10:30:49 fw snort[29679]:
2016:02:04-10:30:49 fw snort[29679]: DCE/RPC 2 Preprocessor Configuration
2016:02:04-10:30:49 fw snort[29679]: Global Configuration
2016:02:04-10:30:49 fw snort[29679]: DCE/RPC Defragmentation: Enabled
2016:02:04-10:30:49 fw snort[29679]: Memcap: 102400 KB
2016:02:04-10:30:49 fw snort[29679]: Events: smb co cl
2016:02:04-10:30:49 fw snort[29679]: SMB Fingerprint policy: Disabled
2016:02:04-10:30:49 fw snort[29679]: Server Default Configuration
2016:02:04-10:30:49 fw snort[29679]: Policy: WinXP
2016:02:04-10:30:49 fw snort[29679]: Detect ports (PAF)
2016:02:04-10:30:49 fw snort[29679]: SMB: 139 445
2016:02:04-10:30:49 fw snort[29679]: TCP: 135
2016:02:04-10:30:49 fw snort[29679]: UDP: 135
2016:02:04-10:30:49 fw snort[29679]: RPC over HTTP server: 593
2016:02:04-10:30:49 fw snort[29679]: RPC over HTTP proxy: None
2016:02:04-10:30:49 fw snort[29679]: Autodetect ports (PAF)
2016:02:04-10:30:49 fw snort[29679]: SMB: None
2016:02:04-10:30:49 fw snort[29679]: TCP: 1025-65535
2016:02:04-10:30:49 fw snort[29679]: UDP: 1025-65535
2016:02:04-10:30:49 fw snort[29679]: RPC over HTTP server: 1025-65535
2016:02:04-10:30:49 fw snort[29679]: RPC over HTTP proxy: None
2016:02:04-10:30:49 fw snort[29679]: Maximum SMB command chaining: 3 commands
2016:02:04-10:30:49 fw snort[29679]: SMB file inspection: Disabled
2016:02:04-10:30:49 fw snort[29679]: DNS config:
2016:02:04-10:30:49 fw snort[29679]: DNS Client rdata txt Overflow Alert: ACTIVE
2016:02:04-10:30:49 fw snort[29679]: Obsolete DNS RR Types Alert: INACTIVE
2016:02:04-10:30:49 fw snort[29679]: Experimental DNS RR Types Alert: INACTIVE
2016:02:04-10:30:49 fw snort[29679]: Ports:
2016:02:04-10:30:49 fw snort[29679]: 53
2016:02:04-10:30:49 fw snort[29679]:
2016:02:04-10:30:49 fw snort[29679]: SSLPP config:
2016:02:04-10:30:49 fw snort[29679]: Encrypted packets: not inspected
2016:02:04-10:30:49 fw snort[29679]: Ports:
2016:02:04-10:30:49 fw snort[29679]: 443 465 563 636 989
2016:02:04-10:30:49 fw snort[29679]: 992 993 994 995 6907
2016:02:04-10:30:49 fw snort[29679]: 7702 7801 7900 7901 7902
2016:02:04-10:30:49 fw snort[29679]: 7903 7904 7905 7906 7908
2016:02:04-10:30:49 fw snort[29679]: 7909 7910 7911 7912 7913
2016:02:04-10:30:49 fw snort[29679]: 7914 7915 7916 7917 7918
2016:02:04-10:30:49 fw snort[29679]: 7919 7920
2016:02:04-10:30:49 fw snort[29679]: Server side data is trusted
2016:02:04-10:30:49 fw snort[29679]: Maximum SSL Heartbeat length: 0
2016:02:04-10:30:49 fw snort[29679]: Sensitive Data preprocessor config:
2016:02:04-10:30:49 fw snort[29679]: Global Alert Threshold: 25
2016:02:04-10:30:49 fw snort[29679]: Masked Output: DISABLED
2016:02:04-10:30:49 fw snort[29679]: SIP config:
2016:02:04-10:30:49 fw snort[29679]: Max number of sessions: 10000 (Default)
2016:02:04-10:30:49 fw snort[29679]: Max number of dialogs in a session: 4 (Default)
2016:02:04-10:30:49 fw snort[29679]: Status: ENABLED
2016:02:04-10:30:49 fw snort[29679]: Ignore media channel: DISABLED
2016:02:04-10:30:49 fw snort[29679]: Max URI length: 512
2016:02:04-10:30:49 fw snort[29679]: Max Call ID length: 80
2016:02:04-10:30:49 fw snort[29679]: Max Request name length: 20 (Default)
2016:02:04-10:30:49 fw snort[29679]: Max From length: 256 (Default)
2016:02:04-10:30:49 fw snort[29679]: Max To length: 256 (Default)
2016:02:04-10:30:49 fw snort[29679]: Max Via length: 1024 (Default)
2016:02:04-10:30:49 fw snort[29679]: Max Contact length: 512
2016:02:04-10:30:49 fw snort[29679]: Max Content length: 1024 (Default)
2016:02:04-10:30:49 fw snort[29679]: Ports:
2016:02:04-10:30:49 fw snort[29679]: 5060
2016:02:04-10:30:49 fw snort[29679]: 5061
2016:02:04-10:30:49 fw snort[29679]: 5600
2016:02:04-10:30:49 fw snort[29679]:
2016:02:04-10:30:49 fw snort[29679]: Methods:
2016:02:04-10:30:49 fw snort[29679]:
2016:02:04-10:30:49 fw snort[29679]: invite
2016:02:04-10:30:49 fw snort[29679]: cancel
2016:02:04-10:30:49 fw snort[29679]: ack
2016:02:04-10:30:49 fw snort[29679]: bye
2016:02:04-10:30:49 fw snort[29679]: register
2016:02:04-10:30:49 fw snort[29679]: options
2016:02:04-10:30:49 fw snort[29679]: refer
2016:02:04-10:30:49 fw snort[29679]: subscribe
2016:02:04-10:30:49 fw snort[29679]: update
2016:02:04-10:30:49 fw snort[29679]: join
2016:02:04-10:30:49 fw snort[29679]: info
2016:02:04-10:30:49 fw snort[29679]: message
2016:02:04-10:30:49 fw snort[29679]: notify
2016:02:04-10:30:49 fw snort[29679]: benotify
2016:02:04-10:30:49 fw snort[29679]: do
2016:02:04-10:30:49 fw snort[29679]: qauth
2016:02:04-10:30:49 fw snort[29679]: sprack
2016:02:04-10:30:49 fw snort[29679]: publish
2016:02:04-10:30:49 fw snort[29679]: service
2016:02:04-10:30:49 fw snort[29679]: unsubscribe
2016:02:04-10:30:49 fw snort[29679]: prack
2016:02:04-10:30:49 fw snort[29679]:
2016:02:04-10:30:49 fw snort[29679]: IMAP Config:
2016:02:04-10:30:49 fw snort[29679]: Ports: 143
2016:02:04-10:30:49 fw snort[29679]: IMAP Memcap: 838860
2016:02:04-10:30:49 fw snort[29679]: MIME Max Mem: 838860
2016:02:04-10:30:49 fw snort[29679]: Base64 Decoding: Enabled
2016:02:04-10:30:49 fw snort[29679]: Base64 Decoding Depth: Unlimited
2016:02:04-10:30:49 fw snort[29679]: Quoted-Printable Decoding: Enabled
2016:02:04-10:30:49 fw snort[29679]: Quoted-Printable Decoding Depth: Unlimited
2016:02:04-10:30:49 fw snort[29679]: Unix-to-Unix Decoding: Enabled
2016:02:04-10:30:49 fw snort[29679]: Unix-to-Unix Decoding Depth: Unlimited
2016:02:04-10:30:49 fw snort[29679]: Non-Encoded MIME attachment Extraction: Enabled
2016:02:04-10:30:49 fw snort[29679]: Non-Encoded MIME attachment Extraction Depth: Unlimited
2016:02:04-10:30:49 fw snort[29679]: POP Config:
2016:02:04-10:30:49 fw snort[29679]: Ports: 110
2016:02:04-10:30:49 fw snort[29679]: POP Memcap: 838860
2016:02:04-10:30:49 fw snort[29679]: MIME Max Mem: 838860
2016:02:04-10:30:49 fw snort[29679]: Base64 Decoding: Enabled
2016:02:04-10:30:49 fw snort[29679]: Base64 Decoding Depth: Unlimited
2016:02:04-10:30:49 fw snort[29679]: Quoted-Printable Decoding: Enabled
2016:02:04-10:30:49 fw snort[29679]: Quoted-Printable Decoding Depth: Unlimited
2016:02:04-10:30:49 fw snort[29679]: Unix-to-Unix Decoding: Enabled
2016:02:04-10:30:49 fw snort[29679]: Unix-to-Unix Decoding Depth: Unlimited
2016:02:04-10:30:49 fw snort[29679]: Non-Encoded MIME attachment Extraction: Enabled
2016:02:04-10:30:49 fw snort[29679]: Non-Encoded MIME attachment Extraction Depth: Unlimited
2016:02:04-10:30:49 fw snort[29679]: DNP3 config:
2016:02:04-10:30:49 fw snort[29679]: Memcap: 262144
2016:02:04-10:30:49 fw snort[29679]: Check Link-Layer CRCs: DISABLED
2016:02:04-10:30:49 fw snort[29679]: Ports:
2016:02:04-10:30:49 fw snort[29679]: 20000
2016:02:04-10:30:49 fw snort[29679]:
2016:02:04-10:30:49 fw snort[29679]: Modbus config:
2016:02:04-10:30:49 fw snort[29679]: Ports:
2016:02:04-10:30:49 fw snort[29679]: 502
2016:02:04-10:30:49 fw snort[29679]:
2016:02:04-10:30:49 fw snort[29679]:
2016:02:04-10:30:49 fw snort[29679]: +++++++++++++++++++++++++++++++++++++++++++++++++++
2016:02:04-10:30:49 fw snort[29679]: Initializing rule chains...
2016:02:04-10:30:50 fw snort[29678]: 5207 Snort rules read
2016:02:04-10:30:50 fw snort[29678]: 5189 detection rules
2016:02:04-10:30:50 fw snort[29678]: 0 decoder rules
2016:02:04-10:30:50 fw snort[29678]: 18 preprocessor rules
2016:02:04-10:30:50 fw snort[29678]: 5207 Option Chains linked into 391 Chain Headers
2016:02:04-10:30:50 fw snort[29678]: 0 Dynamic rules
2016:02:04-10:30:50 fw snort[29678]: +++++++++++++++++++++++++++++++++++++++++++++++++++
2016:02:04-10:30:50 fw snort[29678]:
2016:02:04-10:30:50 fw snort[29679]: 5207 Snort rules read
2016:02:04-10:30:50 fw snort[29679]: 5189 detection rules
2016:02:04-10:30:50 fw snort[29679]: 0 decoder rules
2016:02:04-10:30:50 fw snort[29679]: 18 preprocessor rules
2016:02:04-10:30:50 fw snort[29679]: 5207 Option Chains linked into 391 Chain Headers
2016:02:04-10:30:50 fw snort[29679]: 0 Dynamic rules
2016:02:04-10:30:50 fw snort[29679]: +++++++++++++++++++++++++++++++++++++++++++++++++++
2016:02:04-10:30:50 fw snort[29679]:
2016:02:04-10:30:51 fw snort[29678]: +-------------------[Rule Port Counts]---------------------------------------
2016:02:04-10:30:51 fw snort[29678]: | tcp udp icmp ip
2016:02:04-10:30:51 fw snort[29678]: | src 1412 34 0 0
2016:02:04-10:30:51 fw snort[29678]: | dst 2397 1050 0 0
2016:02:04-10:30:51 fw snort[29678]: | any 324 5 3 0
2016:02:04-10:30:51 fw snort[29678]: | nc 137 21 0 0
2016:02:04-10:30:51 fw snort[29678]: | s+d 8 10 0 0
2016:02:04-10:30:51 fw snort[29678]: +----------------------------------------------------------------------------
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:15470] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:16154] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:16179] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:16182] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:17118] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:16394] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:7196] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:36210] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:36211] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:8092] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:17765] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:18673] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:21352] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:13879] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:13450] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:13475] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:13676] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:13666] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:13826] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:13825] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:13798] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:13802] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:13954] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:13835] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:14251] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:14260] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:15009] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:15124] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:15453] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:15847] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:14646] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:15912] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:15848] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:16232] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:16408] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:16415] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:16533] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:16530] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:26877] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:10127] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:8351] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:24671] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35884] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35885] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35886] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35887] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:36229] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:36230] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:17647] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:30901] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:17699] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:23039] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:34051] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:15734] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:31738] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:21354] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:21355] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:23608] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:13667] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:13887] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:15327] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:19187] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:17697] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:14263] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:15300] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:31431] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35689] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35060] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35889] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:19350] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:13897] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:36208] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:36209] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35624] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35625] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35626] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35627] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35711] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35712] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35713] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35714] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35715] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35716] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35717] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35718] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35725] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35726] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35773] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35774] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35775] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35776] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35777] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35778] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35834] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35835] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:17300] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:14252] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:14253] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:14254] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:15857] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:15920] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:17242] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:17608] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:17700] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:16649] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:16662] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:17762] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:17251] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:18063] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:18676] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:18949] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:15298] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:13958] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:13469] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:13582] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:13969] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:13803] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:13790] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:15117] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:14655] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:15125] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:15498] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:15454] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:15365] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:15465] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:15519] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:15521] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:16230] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:24666] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:17665] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:22089] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:33587] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:17775] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:26213] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:26214] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:26215] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:13308] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:11619] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:15328] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:24971] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:30902] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:30903] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:30912] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:30913] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:30921] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:30922] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:30932] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:30942] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:30943] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35727] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35728] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35828] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35829] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35832] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35833] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:36212] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:36213] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:36214] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:36215] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:36216] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:36217] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:36225] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:36226] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:36227] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:36228] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:36385] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:36386] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:36387] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:36388] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35876] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:15433] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:31668] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:34968] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:20825] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35923] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35924] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35925] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35928] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:29308] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:29309] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:29310] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:29311] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:29312] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:29908] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:30346] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:31979] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:31980] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:31981] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:31982] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:32106] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:32110] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:32111] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:32112] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:32113] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:32114] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:32115] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:32116] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:32398] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:33927] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:33928] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:33929] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:36557] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:36558] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:36649] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:13417] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:13510] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:13511] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:23052] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:23053] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:36652] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:10480] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:15474] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:16375] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35895] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35904] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35913] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35914] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35915] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35916] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35917] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35918] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35919] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35921] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:15973] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:13425] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:17681] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:17682] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:17683] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:18692] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:21936] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:18101] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:13418] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:16405] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:18249] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:20275] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:16396] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:16532] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:16531] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35883] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:24973] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:23847] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:10161] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:12028] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:15301] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:13921] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:24595] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:24596] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:24597] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:15149] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:7019] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:11672] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35336] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35337] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35338] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35339] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35340] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35341] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35342] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35343] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:15449] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:15450] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:30881] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:16222] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:13947] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:13946] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:14772] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:15975] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:15976] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:29944] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:29945] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:13773] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:31983] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:31984] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:12636] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:16370] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35877] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35878] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35879] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35880] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35881] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:35882] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:16343] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:23180] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:30884] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:30885] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:30886] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:30889] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:30890] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:33869] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:33870] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:34022] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:34023] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]: DynamicPlugin: Rule [3:36246] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29678]:
2016:02:04-10:30:51 fw snort[29678]: +-----------------------[detection-filter-config]------------------------------
2016:02:04-10:30:51 fw snort[29678]: | memory-cap : 1048576 bytes
2016:02:04-10:30:51 fw snort[29678]: +-----------------------[detection-filter-rules]-------------------------------
2016:02:04-10:30:51 fw snort[29678]: -------------------------------------------------------------------------------
2016:02:04-10:30:51 fw snort[29678]:
2016:02:04-10:30:51 fw snort[29678]: +-----------------------[rate-filter-config]-----------------------------------
2016:02:04-10:30:51 fw snort[29678]: | memory-cap : 1048576 bytes
2016:02:04-10:30:51 fw snort[29678]: +-----------------------[rate-filter-rules]------------------------------------
2016:02:04-10:30:51 fw snort[29678]: | none
2016:02:04-10:30:51 fw snort[29678]: -------------------------------------------------------------------------------
2016:02:04-10:30:51 fw snort[29678]:
2016:02:04-10:30:51 fw snort[29678]: +-----------------------[event-filter-config]----------------------------------
2016:02:04-10:30:51 fw snort[29678]: | memory-cap : 1048576 bytes
2016:02:04-10:30:51 fw snort[29678]: +-----------------------[event-filter-global]----------------------------------
2016:02:04-10:30:51 fw snort[29678]: +-----------------------[event-filter-local]-----------------------------------
2016:02:04-10:30:51 fw snort[29678]: | none
2016:02:04-10:30:51 fw snort[29678]: +-----------------------[suppression]------------------------------------------
2016:02:04-10:30:51 fw snort[29678]: | none
2016:02:04-10:30:51 fw snort[29678]: -------------------------------------------------------------------------------
2016:02:04-10:30:51 fw snort[29678]: Rule application order: activation->dynamic->pass->drop->sdrop->reject->alert->log
2016:02:04-10:30:51 fw snort[29678]: Verifying Preprocessor Configurations!
2016:02:04-10:30:51 fw snort[29678]: WARNING: flowbits key 'winspy_upload_client-to-server' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29678]: WARNING: flowbits key 'file.swf' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29678]: WARNING: flowbits key 'file.elf' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29678]: WARNING: flowbits key 'file.docm' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29678]: WARNING: flowbits key 'file.otf' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29678]: WARNING: flowbits key 'file.class' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29678]: WARNING: flowbits key 'file.ppsx' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29678]: WARNING: flowbits key 'file.silverlight' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29678]: WARNING: flowbits key 'file.pdf' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29678]: WARNING: flowbits key 'file.cis' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29678]: WARNING: flowbits key 'GWBoy_InitConnection1' is set but not ever checked.
2016:02:04-10:30:51 fw snort[29678]: WARNING: flowbits key 'file.docx' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29678]: WARNING: flowbits key 'file.pyc' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29678]: WARNING: flowbits key 'file.ttf' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29678]: WARNING: flowbits key 'file.universalbinary' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29678]: WARNING: flowbits key 'file.xlsx' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29678]: WARNING: flowbits key 'file.zip' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29678]: WARNING: flowbits key 'file.doc' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29678]: WARNING: flowbits key 'StealthRedirector_CreateRedirection' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29678]: WARNING: flowbits key 'nova_cgi_cts' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29678]: WARNING: flowbits key 'file.jar' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29678]: WARNING: flowbits key 'winspy_execute_client-to-server' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29678]: WARNING: flowbits key 'file.application' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29678]: WARNING: flowbits key 'file.exe' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29678]: WARNING: flowbits key 'kit.blackhole' is set but not ever checked.
2016:02:04-10:30:51 fw snort[29678]: WARNING: flowbits key 'file.apk' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29678]: WARNING: flowbits key 'winspy_conn_client-to-server' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29678]: WARNING: flowbits key 'file.cws' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29678]: WARNING: flowbits key 'file.rtf' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29678]: WARNING: flowbits key 'file.xls' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29678]: WARNING: flowbits key 'BuschTrommel_InitConnection2' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29678]: WARNING: flowbits key 'file.jpeg' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29678]: WARNING: flowbits key 'file.pptx' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29678]: 255 out of 1024 flowbits in use.
2016:02:04-10:30:51 fw snort[29679]: +-------------------[Rule Port Counts]---------------------------------------
2016:02:04-10:30:51 fw snort[29679]: | tcp udp icmp ip
2016:02:04-10:30:51 fw snort[29679]: | src 1412 34 0 0
2016:02:04-10:30:51 fw snort[29679]: | dst 2397 1050 0 0
2016:02:04-10:30:51 fw snort[29679]: | any 324 5 3 0
2016:02:04-10:30:51 fw snort[29679]: | nc 137 21 0 0
2016:02:04-10:30:51 fw snort[29679]: | s+d 8 10 0 0
2016:02:04-10:30:51 fw snort[29679]: +----------------------------------------------------------------------------
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:15470] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:16154] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:16179] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:16182] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:17118] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:16394] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:7196] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:36210] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:36211] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:8092] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:17765] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:18673] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:21352] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:13879] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:13450] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:13475] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:13676] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:13666] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:13826] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:13825] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:13798] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:13802] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:13954] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:13835] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:14251] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:14260] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:15009] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:15124] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:15453] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:15847] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:14646] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:15912] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:15848] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:16232] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:16408] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:16415] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:16533] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:16530] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:26877] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:10127] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:8351] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:24671] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35884] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35885] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35886] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35887] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:36229] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:36230] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:17647] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:30901] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:17699] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:23039] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:34051] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:15734] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:31738] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:21354] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:21355] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:23608] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:13667] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:13887] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:15327] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:19187] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:17697] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:14263] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:15300] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:31431] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35689] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35060] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35889] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:19350] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:13897] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:36208] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:36209] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35624] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35625] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35626] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35627] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35711] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35712] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35713] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35714] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35715] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35716] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35717] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35718] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35725] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35726] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35773] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35774] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35775] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35776] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35777] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35778] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35834] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35835] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:17300] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:14252] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:14253] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:14254] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:15857] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:15920] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:17242] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:17608] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:17700] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:16649] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:16662] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:17762] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:17251] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:18063] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:18676] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:18949] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:15298] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:13958] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:13469] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:13582] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:13969] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:13803] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:13790] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:15117] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:14655] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:15125] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:15498] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:15454] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:15365] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:15465] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:15519] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:15521] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:16230] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:24666] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:17665] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:22089] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:33587] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:17775] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:26213] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:26214] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:26215] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:13308] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:11619] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:15328] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:24971] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:30902] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:30903] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:30912] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:30913] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:30921] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:30922] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:30932] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:30942] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:30943] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35727] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35728] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35828] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35829] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35832] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35833] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:36212] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:36213] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:36214] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:36215] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:36216] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:36217] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:36225] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:36226] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:36227] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:36228] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:36385] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:36386] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:36387] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:36388] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35876] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:15433] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:31668] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:34968] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:20825] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35923] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35924] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35925] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35928] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:29308] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:29309] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:29310] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:29311] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:29312] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:29908] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:30346] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:31979] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:31980] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:31981] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:31982] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:32106] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:32110] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:32111] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:32112] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:32113] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:32114] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:32115] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:32116] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:32398] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:33927] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:33928] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:33929] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:36557] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:36558] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:36649] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:13417] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:13510] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:13511] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:23052] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:23053] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:36652] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:10480] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:15474] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:16375] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35895] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35904] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35913] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35914] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35915] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35916] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35917] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35918] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35919] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35921] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:15973] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:13425] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:17681] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:17682] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:17683] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:18692] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:21936] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:18101] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:13418] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:16405] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:18249] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:20275] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:16396] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:16532] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:16531] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35883] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:24973] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:23847] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:10161] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:12028] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:15301] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:13921] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:24595] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:24596] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:24597] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:15149] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:7019] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:11672] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35336] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35337] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35338] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35339] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35340] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35341] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35342] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35343] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:15449] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:15450] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:30881] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:16222] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:13947] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:13946] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:14772] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:15975] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:15976] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:29944] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:29945] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:13773] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:31983] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:31984] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:12636] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:16370] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35877] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35878] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35879] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35880] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35881] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:35882] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:16343] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:23180] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:30884] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:30885] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:30886] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:30889] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:30890] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:33869] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:33870] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:34022] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:34023] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]: DynamicPlugin: Rule [3:36246] not enabled in configuration, rule will not be used.
2016:02:04-10:30:51 fw snort[29679]:
2016:02:04-10:30:51 fw snort[29679]: +-----------------------[detection-filter-config]------------------------------
2016:02:04-10:30:51 fw snort[29679]: | memory-cap : 1048576 bytes
2016:02:04-10:30:51 fw snort[29679]: +-----------------------[detection-filter-rules]-------------------------------
2016:02:04-10:30:51 fw snort[29679]: -------------------------------------------------------------------------------
2016:02:04-10:30:51 fw snort[29679]:
2016:02:04-10:30:51 fw snort[29679]: +-----------------------[rate-filter-config]-----------------------------------
2016:02:04-10:30:51 fw snort[29679]: | memory-cap : 1048576 bytes
2016:02:04-10:30:51 fw snort[29679]: +-----------------------[rate-filter-rules]------------------------------------
2016:02:04-10:30:51 fw snort[29679]: | none
2016:02:04-10:30:51 fw snort[29679]: -------------------------------------------------------------------------------
2016:02:04-10:30:51 fw snort[29679]:
2016:02:04-10:30:51 fw snort[29679]: +-----------------------[event-filter-config]----------------------------------
2016:02:04-10:30:51 fw snort[29679]: | memory-cap : 1048576 bytes
2016:02:04-10:30:51 fw snort[29679]: +-----------------------[event-filter-global]----------------------------------
2016:02:04-10:30:51 fw snort[29679]: +-----------------------[event-filter-local]-----------------------------------
2016:02:04-10:30:51 fw snort[29679]: | none
2016:02:04-10:30:51 fw snort[29679]: +-----------------------[suppression]------------------------------------------
2016:02:04-10:30:51 fw snort[29679]: | none
2016:02:04-10:30:51 fw snort[29679]: -------------------------------------------------------------------------------
2016:02:04-10:30:51 fw snort[29679]: Rule application order: activation->dynamic->pass->drop->sdrop->reject->alert->log
2016:02:04-10:30:51 fw snort[29679]: Verifying Preprocessor Configurations!
2016:02:04-10:30:51 fw snort[29679]: WARNING: flowbits key 'winspy_upload_client-to-server' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29679]: WARNING: flowbits key 'file.swf' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29679]: WARNING: flowbits key 'file.elf' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29679]: WARNING: flowbits key 'file.docm' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29679]: WARNING: flowbits key 'file.otf' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29679]: WARNING: flowbits key 'file.class' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29679]: WARNING: flowbits key 'file.ppsx' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29679]: WARNING: flowbits key 'file.silverlight' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29679]: WARNING: flowbits key 'file.pdf' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29679]: WARNING: flowbits key 'file.cis' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29679]: WARNING: flowbits key 'GWBoy_InitConnection1' is set but not ever checked.
2016:02:04-10:30:51 fw snort[29679]: WARNING: flowbits key 'file.docx' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29679]: WARNING: flowbits key 'file.pyc' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29679]: WARNING: flowbits key 'file.ttf' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29679]: WARNING: flowbits key 'file.universalbinary' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29679]: WARNING: flowbits key 'file.xlsx' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29679]: WARNING: flowbits key 'file.zip' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29679]: WARNING: flowbits key 'file.doc' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29679]: WARNING: flowbits key 'StealthRedirector_CreateRedirection' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29679]: WARNING: flowbits key 'nova_cgi_cts' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29679]: WARNING: flowbits key 'file.jar' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29679]: WARNING: flowbits key 'winspy_execute_client-to-server' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29679]: WARNING: flowbits key 'file.application' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29679]: WARNING: flowbits key 'file.exe' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29679]: WARNING: flowbits key 'kit.blackhole' is set but not ever checked.
2016:02:04-10:30:51 fw snort[29679]: WARNING: flowbits key 'file.apk' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29679]: WARNING: flowbits key 'winspy_conn_client-to-server' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29679]: WARNING: flowbits key 'file.cws' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29679]: WARNING: flowbits key 'file.rtf' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29679]: WARNING: flowbits key 'file.xls' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29679]: WARNING: flowbits key 'BuschTrommel_InitConnection2' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29679]: WARNING: flowbits key 'file.jpeg' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29679]: WARNING: flowbits key 'file.pptx' is checked but not ever set.
2016:02:04-10:30:51 fw snort[29679]: 255 out of 1024 flowbits in use.
2016:02:04-10:30:53 fw snort[29678]:
2016:02:04-10:30:53 fw snort[29678]: [ Port Based Pattern Matching Memory ]
2016:02:04-10:30:53 fw snort[29678]: +-[AC-BNFA Search Info Summary]------------------------------
2016:02:04-10:30:53 fw snort[29678]: | Instances : 857
2016:02:04-10:30:53 fw snort[29678]: | Patterns : 85256
2016:02:04-10:30:53 fw snort[29678]: | Pattern Chars : 1130833
2016:02:04-10:30:53 fw snort[29678]: | Num States : 820892
2016:02:04-10:30:53 fw snort[29678]: | Num Match States : 84448
2016:02:04-10:30:53 fw snort[29678]: | Memory : 17.89Mbytes
2016:02:04-10:30:53 fw snort[29678]: | Patterns : 3.03M
2016:02:04-10:30:53 fw snort[29678]: | Match Lists : 4.50M
2016:02:04-10:30:53 fw snort[29678]: | Transitions : 10.16M
2016:02:04-10:30:53 fw snort[29678]: +-------------------------------------------------
2016:02:04-10:30:53 fw snort[29678]: [ Number of null byte prefixed patterns trimmed: 1677 ]
2016:02:04-10:30:53 fw snort[29678]: nfqmnl DAQ configured to inline.
2016:02:04-10:30:53 fw snort[29678]: Reload thread starting...
2016:02:04-10:30:53 fw snort[29678]: Reload thread started, thread 0xf4638b70 (29696)
2016:02:04-10:30:53 fw snort[29678]: Set gid to 800
2016:02:04-10:30:53 fw snort[29678]: Set uid to 800
2016:02:04-10:30:53 fw snort[29678]: Checking PID path...
2016:02:04-10:30:53 fw snort[29678]: PID path stat checked out ok, PID path set to /var/run/
2016:02:04-10:30:53 fw snort[29678]: Writing PID "29678" to file "/var/run//snort_0.pid"
2016:02:04-10:30:53 fw snort[29678]: WARNING: normalizations disabled because DAQ can't replace packets.
2016:02:04-10:30:53 fw snort[29678]:
2016:02:04-10:30:53 fw snort[29678]: --== Initialization Complete ==--
2016:02:04-10:30:53 fw snort[29678]:
2016:02:04-10:30:53 fw snort[29678]: ,,_ -*> Snort! <*-
2016:02:04-10:30:53 fw snort[29678]: o" )~ Version 2.9.7.6 GRE (Build 285)
2016:02:04-10:30:53 fw snort[29678]: '''' By Martin Roesch & The Snort Team: www.snort.org/contact
2016:02:04-10:30:53 fw snort[29678]: Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved.
2016:02:04-10:30:53 fw snort[29678]: Copyright (C) 1998-2013 Sourcefire, Inc., et al.
2016:02:04-10:30:53 fw snort[29678]: Using libpcap version 1.0.0
2016:02:04-10:30:53 fw snort[29678]: Using PCRE version: 7.8 2008-09-05
2016:02:04-10:30:53 fw snort[29678]: Using ZLIB version: 1.2.8
2016:02:04-10:30:53 fw snort[29678]:
2016:02:04-10:30:53 fw snort[29678]: Rules Engine: SF_SNORT_DETECTION_ENGINE Version 2.4 <Build 1>
2016:02:04-10:30:53 fw snort[29678]: Rules Object: file-executable Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29678]: Rules Object: os-windows Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29678]: Rules Object: policy-other Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29678]: Rules Object: file-flash Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29678]: Rules Object: protocol-snmp Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29678]: Rules Object: protocol-dns Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29678]: Rules Object: policy-social Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29678]: Rules Object: browser-ie Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29678]: Rules Object: protocol-other Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29678]: Rules Object: protocol-scada Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29678]: Rules Object: file-multimedia Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29678]: Rules Object: file-office Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29678]: Rules Object: indicator-shellcode Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29678]: Rules Object: browser-plugins Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29678]: Rules Object: exploit-kit Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29678]: Rules Object: server-apache Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29678]: Rules Object: server-mysql Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29678]: Rules Object: file-java Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29678]: Rules Object: server-iis Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29678]: Rules Object: file-other Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29678]: Rules Object: server-webapp Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29678]: Rules Object: malware-cnc Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29678]: Rules Object: server-other Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29678]: Rules Object: protocol-icmp Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29678]: Rules Object: netbios Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29678]: Rules Object: server-mail Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29678]: Rules Object: server-oracle Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29678]: Rules Object: pua-p2p Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29678]: Rules Object: browser-other Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29678]: Rules Object: protocol-tftp Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29678]: Rules Object: malware-other Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29678]: Rules Object: file-image Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29678]: Rules Object: os-linux Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29678]: Rules Object: os-other Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29678]: Rules Object: protocol-nntp Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29678]: Rules Object: file-pdf Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29678]: Rules Object: protocol-voip Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29678]: Preprocessor Object: SF_DCERPC2 Version 1.0 <Build 3>
2016:02:04-10:30:53 fw snort[29678]: Preprocessor Object: SF_IMAP Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29678]: Preprocessor Object: SF_SDF Version 1.1 <Build 1>
2016:02:04-10:30:53 fw snort[29678]: Preprocessor Object: SF_SSH Version 1.1 <Build 3>
2016:02:04-10:30:53 fw snort[29678]: Preprocessor Object: SF_REPUTATION Version 1.1 <Build 1>
2016:02:04-10:30:53 fw snort[29678]: Preprocessor Object: SF_MODBUS Version 1.1 <Build 1>
2016:02:04-10:30:53 fw snort[29678]: Preprocessor Object: SF_SIP Version 1.1 <Build 1>
2016:02:04-10:30:53 fw snort[29678]: Preprocessor Object: SF_DNP3 Version 1.1 <Build 1>
2016:02:04-10:30:53 fw snort[29678]: Preprocessor Object: SF_POP Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29678]: Preprocessor Object: SF_SSLPP Version 1.1 <Build 4>
2016:02:04-10:30:53 fw snort[29678]: Preprocessor Object: SF_DNS Version 1.1 <Build 4>
2016:02:04-10:30:53 fw snort[29678]: Preprocessor Object: SF_SMTP Version 1.1 <Build 9>
2016:02:04-10:30:53 fw snort[29678]: Preprocessor Object: SF_FTPTELNET Version 1.2 <Build 13>
2016:02:04-10:30:53 fw snort[29678]: Preprocessor Object: SF_GTP Version 1.1 <Build 1>
2016:02:04-10:30:53 fw snort[29678]: Commencing packet processing (pid=29678)
2016:02:04-10:30:53 fw snort[29678]: Decoding Raw IP4
2016:02:04-10:30:53 fw snort[29679]:
2016:02:04-10:30:53 fw snort[29679]: [ Port Based Pattern Matching Memory ]
2016:02:04-10:30:53 fw snort[29679]: +-[AC-BNFA Search Info Summary]------------------------------
2016:02:04-10:30:53 fw snort[29679]: | Instances : 857
2016:02:04-10:30:53 fw snort[29679]: | Patterns : 85256
2016:02:04-10:30:53 fw snort[29679]: | Pattern Chars : 1130833
2016:02:04-10:30:53 fw snort[29679]: | Num States : 820892
2016:02:04-10:30:53 fw snort[29679]: | Num Match States : 84448
2016:02:04-10:30:53 fw snort[29679]: | Memory : 17.89Mbytes
2016:02:04-10:30:53 fw snort[29679]: | Patterns : 3.03M
2016:02:04-10:30:53 fw snort[29679]: | Match Lists : 4.50M
2016:02:04-10:30:53 fw snort[29679]: | Transitions : 10.16M
2016:02:04-10:30:53 fw snort[29679]: +-------------------------------------------------
2016:02:04-10:30:53 fw snort[29679]: [ Number of null byte prefixed patterns trimmed: 1677 ]
2016:02:04-10:30:53 fw snort[29679]: nfqmnl DAQ configured to inline.
2016:02:04-10:30:53 fw snort[29679]: Reload thread starting...
2016:02:04-10:30:53 fw snort[29679]: Reload thread started, thread 0xf456ab70 (29697)
2016:02:04-10:30:53 fw snort[29679]: Set gid to 800
2016:02:04-10:30:53 fw snort[29679]: Set uid to 800
2016:02:04-10:30:53 fw snort[29679]: Checking PID path...
2016:02:04-10:30:53 fw snort[29679]: PID path stat checked out ok, PID path set to /var/run/
2016:02:04-10:30:53 fw snort[29679]: Writing PID "29679" to file "/var/run//snort_1.pid"
2016:02:04-10:30:53 fw snort[29679]: WARNING: normalizations disabled because DAQ can't replace packets.
2016:02:04-10:30:53 fw snort[29679]:
2016:02:04-10:30:53 fw snort[29679]: --== Initialization Complete ==--
2016:02:04-10:30:53 fw snort[29679]:
2016:02:04-10:30:53 fw snort[29679]: ,,_ -*> Snort! <*-
2016:02:04-10:30:53 fw snort[29679]: o" )~ Version 2.9.7.6 GRE (Build 285)
2016:02:04-10:30:53 fw snort[29679]: '''' By Martin Roesch & The Snort Team: www.snort.org/contact
2016:02:04-10:30:53 fw snort[29679]: Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved.
2016:02:04-10:30:53 fw snort[29679]: Copyright (C) 1998-2013 Sourcefire, Inc., et al.
2016:02:04-10:30:53 fw snort[29679]: Using libpcap version 1.0.0
2016:02:04-10:30:53 fw snort[29679]: Using PCRE version: 7.8 2008-09-05
2016:02:04-10:30:53 fw snort[29679]: Using ZLIB version: 1.2.8
2016:02:04-10:30:53 fw snort[29679]:
2016:02:04-10:30:53 fw snort[29679]: Rules Engine: SF_SNORT_DETECTION_ENGINE Version 2.4 <Build 1>
2016:02:04-10:30:53 fw snort[29679]: Rules Object: file-executable Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29679]: Rules Object: os-windows Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29679]: Rules Object: policy-other Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29679]: Rules Object: file-flash Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29679]: Rules Object: protocol-snmp Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29679]: Rules Object: protocol-dns Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29679]: Rules Object: policy-social Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29679]: Rules Object: browser-ie Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29679]: Rules Object: protocol-other Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29679]: Rules Object: protocol-scada Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29679]: Rules Object: file-multimedia Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29679]: Rules Object: file-office Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29679]: Rules Object: indicator-shellcode Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29679]: Rules Object: browser-plugins Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29679]: Rules Object: exploit-kit Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29679]: Rules Object: server-apache Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29679]: Rules Object: server-mysql Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29679]: Rules Object: file-java Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29679]: Rules Object: server-iis Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29679]: Rules Object: file-other Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29679]: Rules Object: server-webapp Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29679]: Rules Object: malware-cnc Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29679]: Rules Object: server-other Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29679]: Rules Object: protocol-icmp Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29679]: Rules Object: netbios Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29679]: Rules Object: server-mail Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29679]: Rules Object: server-oracle Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29679]: Rules Object: pua-p2p Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29679]: Rules Object: browser-other Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29679]: Rules Object: protocol-tftp Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29679]: Rules Object: malware-other Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29679]: Rules Object: file-image Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29679]: Rules Object: os-linux Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29679]: Rules Object: os-other Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29679]: Rules Object: protocol-nntp Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29679]: Rules Object: file-pdf Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29679]: Rules Object: protocol-voip Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29679]: Preprocessor Object: SF_DCERPC2 Version 1.0 <Build 3>
2016:02:04-10:30:53 fw snort[29679]: Preprocessor Object: SF_IMAP Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29679]: Preprocessor Object: SF_SDF Version 1.1 <Build 1>
2016:02:04-10:30:53 fw snort[29679]: Preprocessor Object: SF_SSH Version 1.1 <Build 3>
2016:02:04-10:30:53 fw snort[29679]: Preprocessor Object: SF_REPUTATION Version 1.1 <Build 1>
2016:02:04-10:30:53 fw snort[29679]: Preprocessor Object: SF_MODBUS Version 1.1 <Build 1>
2016:02:04-10:30:53 fw snort[29679]: Preprocessor Object: SF_SIP Version 1.1 <Build 1>
2016:02:04-10:30:53 fw snort[29679]: Preprocessor Object: SF_DNP3 Version 1.1 <Build 1>
2016:02:04-10:30:53 fw snort[29679]: Preprocessor Object: SF_POP Version 1.0 <Build 1>
2016:02:04-10:30:53 fw snort[29679]: Preprocessor Object: SF_SSLPP Version 1.1 <Build 4>
2016:02:04-10:30:53 fw snort[29679]: Preprocessor Object: SF_DNS Version 1.1 <Build 4>
2016:02:04-10:30:53 fw snort[29679]: Preprocessor Object: SF_SMTP Version 1.1 <Build 9>
2016:02:04-10:30:53 fw snort[29679]: Preprocessor Object: SF_FTPTELNET Version 1.2 <Build 13>
2016:02:04-10:30:53 fw snort[29679]: Preprocessor Object: SF_GTP Version 1.1 <Build 1>
2016:02:04-10:30:53 fw snort[29679]: Commencing packet processing (pid=29679)
2016:02:04-10:30:53 fw snort[29679]: Decoding Raw IP4
Cancel
Vote Up 0 Vote Down

Cancel