BOT et disque dur

Forum traitant de la distribution sécurisée montante nommée IP cop et basée sur la distribution Smoothwall. C'est à l'heure actuelle le forum le plus actif du site.

Modérateur: modos Ixus

Publier une réponse

BOT et disque dur

Messagepar tonton13 » 23 Nov 2006 21:15

Salut!

J'ai BOT et dès que j'active du p2p comme emule, le disque dur du firewall n'arrete pas de trvailler.
Mais pk? les logs sont désactivés.

Merci
tonton13
Lieutenant de vaisseau
Lieutenant de vaisseau
 
Messages: 190
Inscrit le: 03 Fév 2005 20:06
Haut

Messagepar micjack » 23 Nov 2006 21:36

Salut,
tonton13 a écrit: Mais pk? les logs sont désactivés.

De quels log tu parle ?

Il y'a des log Snort, proxy, syslog.... Enfin bref, de quel log tu parle en désactivé ? y en a peut etre d'autres qui tournent... (un log c'est un par service, mais en générale centralisés dans syslog)...
micjack
Amiral
Amiral
 
Messages: 3113
Inscrit le: 06 Juin 2003 00:00
Localisation: Varois
Haut

Messagepar tonton13 » 23 Nov 2006 23:46

Dans bot on peut cliquer sur le journal ou pas.
Moi j'ai désactivé.
tonton13
Lieutenant de vaisseau
Lieutenant de vaisseau
 
Messages: 190
Inscrit le: 03 Fév 2005 20:06
Haut

Messagepar micjack » 24 Nov 2006 00:42

Dans bot on peut cliquer sur le journal ou pas. Moi j'ai désactivé.

Dans ce cas, ce n'est pas BOT mais un autre process qui génére des slogs...

Regarde du coté de syslog (comme cité plus haut, log centralisés) /var/log/messages
micjack
Amiral
Amiral
 
Messages: 3113
Inscrit le: 06 Juin 2003 00:00
Localisation: Varois
Haut

Messagepar tonton13 » 24 Nov 2006 23:09

Donc voici les logs/

J'ai activé puis désactivé BOT:

Code: Tout sélectionner
Nov 24 22:10:52 rjcipcop ipcop: BlockOutTraffic Activé
Nov 24 22:10:52 rjcipcop snort: telnet_decode arguments:
Nov 24 22:10:52 rjcipcop snort:     alert_incomplete: ACTIVE
Nov 24 22:10:52 rjcipcop snort:     Ports to decode telnet on: 21 23 25 119 
Nov 24 22:10:52 rjcipcop snort:     alert_multiple_requests: ACTIVE
Nov 24 22:10:52 rjcipcop snort: X-Link2State Config:
Nov 24 22:10:53 rjcipcop snort:     Ports: 25 691 
Nov 24 22:10:52 rjcipcop snort: telnet_decode arguments:
Nov 24 22:10:53 rjcipcop snort:     Ports to decode telnet on: 21 23 25 119 
Nov 24 22:10:53 rjcipcop snort: X-Link2State Config:
Nov 24 22:10:53 rjcipcop snort:     Ports: 25 691 
Nov 24 22:10:54 rjcipcop kernel: NEW not SYN? IN=eth2 OUT=eth1 SRC=196.41.226.11 DST=192.168.2.2 LEN=40 TOS=0x00 PREC=0x00 TTL=108 ID=15548 DF PROTO=TCP SPT=4184 DPT=59999 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Nov 24 22:10:55 rjcipcop kernel: INPUT IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=81.39.5.74 DST=82.231.149.170 LEN=93 TOS=0x00 PREC=0x00 TTL=115 ID=64925 PROTO=UDP SPT=33500 DPT=59999 LEN=73
Nov 24 22:10:57 rjcipcop kernel: NEW not SYN? IN=eth2 OUT=eth1 SRC=196.41.226.11 DST=192.168.2.2 LEN=40 TOS=0x00 PREC=0x00 TTL=108 ID=15983 DF PROTO=TCP SPT=4184 DPT=59999 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Nov 24 22:10:59 rjcipcop kernel: INPUT IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=89.132.169.107 DST=82.231.149.170 LEN=93 TOS=0x00 PREC=0x00 TTL=110 ID=40212 PROTO=UDP SPT=13343 DPT=59999 LEN=73
Nov 24 22:11:01 rjcipcop kernel: INPUT IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=88.196.185.99 DST=82.231.149.170 LEN=91 TOS=0x00 PREC=0x00 TTL=113 ID=6207 PROTO=UDP SPT=6881 DPT=59999 LEN=71
Nov 24 22:11:04 rjcipcop kernel: NEW not SYN? IN=eth2 OUT=eth1 SRC=196.41.226.11 DST=192.168.2.2 LEN=40 TOS=0x00 PREC=0x00 TTL=108 ID=16765 DF PROTO=TCP SPT=4184 DPT=59999 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Nov 24 22:11:04 rjcipcop kernel: NEW not SYN? IN=eth2 OUT=eth1 SRC=82.49.165.190 DST=192.168.2.2 LEN=40 TOS=0x00 PREC=0x00 TTL=115 ID=12386 DF PROTO=TCP SPT=3039 DPT=4662 WINDOW=17040 RES=0x00 ACK FIN URGP=0
Nov 24 22:11:05 rjcipcop kernel: INPUT IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=88.5.172.30 DST=82.231.149.170 LEN=91 TOS=0x00 PREC=0x00 TTL=116 ID=22760 PROTO=UDP SPT=33886 DPT=59999 LEN=71
Nov 24 22:11:05 rjcipcop snort: Warning: flowbits key 'realplayer.playlist' is checked but not ever set.
Nov 24 22:11:05 rjcipcop snort: Warning: flowbits key 'dce.bind.veritas' is set but not ever checked.
Nov 24 22:11:05 rjcipcop snort: Warning: flowbits key 'dce.isystemactivator.bind.call.attempt' is set but not ever checked.
Nov 24 22:11:05 rjcipcop snort: Warning: flowbits key 'ms_sql_seen_dns' is checked but not ever set.
Nov 24 22:11:05 rjcipcop snort: 
Nov 24 22:11:05 rjcipcop snort: +-----------------------[thresholding-config]----------------------------------
Nov 24 22:11:05 rjcipcop snort: | memory-cap : 1048576 bytes
Nov 24 22:11:05 rjcipcop snort: +-----------------------[thresholding-global]----------------------------------
Nov 24 22:11:05 rjcipcop snort: | none
Nov 24 22:11:05 rjcipcop snort: +-----------------------[thresholding-local]-----------------------------------
Nov 24 22:11:05 rjcipcop snort: | gen-id=1      sig-id=2923       type=Threshold tracking=dst count=10  seconds=60 
Nov 24 22:11:05 rjcipcop snort: | gen-id=1      sig-id=2924       type=Threshold tracking=dst count=10  seconds=60 
Nov 24 22:11:05 rjcipcop snort: | gen-id=1      sig-id=3542       type=Threshold tracking=src count=5   seconds=2   
Nov 24 22:11:05 rjcipcop snort: | gen-id=1      sig-id=3152       type=Threshold tracking=src count=5   seconds=2   
Nov 24 22:11:05 rjcipcop snort: | gen-id=1      sig-id=4984       type=Threshold tracking=src count=5   seconds=2   
Nov 24 22:11:05 rjcipcop snort: | gen-id=1      sig-id=3543       type=Threshold tracking=src count=5   seconds=2   
Nov 24 22:11:05 rjcipcop snort: | gen-id=1      sig-id=3527       type=Limit     tracking=dst count=5   seconds=60 
Nov 24 22:11:05 rjcipcop snort: | gen-id=1      sig-id=2523       type=Both      tracking=dst count=10  seconds=10 
Nov 24 22:11:05 rjcipcop snort: | gen-id=1      sig-id=3273       type=Threshold tracking=src count=5   seconds=2   
Nov 24 22:11:05 rjcipcop snort: | gen-id=1      sig-id=2275       type=Threshold tracking=dst count=5   seconds=60 
Nov 24 22:11:05 rjcipcop snort: +-----------------------[suppression]------------------------------------------
Nov 24 22:11:05 rjcipcop snort: | none
Nov 24 22:11:05 rjcipcop snort: +------------------------------------------------------------------------------
Nov 24 22:11:05 rjcipcop snort: Warning: flowbits key 'ms_sql_seen_dns' is checked but not ever set.
Nov 24 22:11:05 rjcipcop snort: Warning: flowbits key 'ms_sql_seen_dns' is checked but not ever set.
Nov 24 22:11:06 rjcipcop snort: Rule application order: ->pass->activation->dynamic->alert->log
Nov 24 22:11:06 rjcipcop snort: Warning: flowbits key 'dce.bind.veritas' is set but not ever checked.
Nov 24 22:11:06 rjcipcop snort: Warning: flowbits key 'dce.bind.veritas' is set but not ever checked.
Nov 24 22:11:06 rjcipcop snort: Log directory = /var/log/snort
Nov 24 22:11:06 rjcipcop snort: Warning: flowbits key 'dce.isystemactivator.bind.call.attempt' is set but not ever checked.
Nov 24 22:11:06 rjcipcop snort: Warning: flowbits key 'dce.isystemactivator.bind.call.attempt' is set but not ever checked.
Nov 24 22:11:06 rjcipcop snort: Warning: flowbits key 'realplayer.playlist' is checked but not ever set.
Nov 24 22:11:06 rjcipcop snort: Warning: flowbits key 'realplayer.playlist' is checked but not ever set.
Nov 24 22:11:06 rjcipcop snort: Snort initialization completed successfully (pid=876)
Nov 24 22:11:06 rjcipcop snort: 
Nov 24 22:11:06 rjcipcop snort: 
Nov 24 22:11:06 rjcipcop snort: +-----------------------[thresholding-config]----------------------------------
Nov 24 22:11:06 rjcipcop snort: | memory-cap : 1048576 bytes
Nov 24 22:11:06 rjcipcop snort: +-----------------------[thresholding-config]----------------------------------
Nov 24 22:11:07 rjcipcop snort: | memory-cap : 1048576 bytes
Nov 24 22:11:07 rjcipcop snort: +-----------------------[thresholding-global]----------------------------------
Nov 24 22:11:07 rjcipcop snort: +-----------------------[thresholding-global]----------------------------------
Nov 24 22:11:07 rjcipcop snort: | none
Nov 24 22:11:07 rjcipcop snort: | none
Nov 24 22:11:07 rjcipcop snort: +-----------------------[thresholding-local]-----------------------------------
Nov 24 22:11:06 rjcipcop kernel: NEW not SYN? IN=eth2 OUT=eth1 SRC=82.251.95.105 DST=192.168.2.2 LEN=108 TOS=0x00 PREC=0x00 TTL=120 ID=36195 DF PROTO=TCP SPT=2541 DPT=59999 WINDOW=65535 RES=0x00 ACK PSH URGP=0
Nov 24 22:11:07 rjcipcop snort: | gen-id=1      sig-id=2275       type=Threshold tracking=dst count=5   seconds=60 
Nov 24 22:11:07 rjcipcop snort: | gen-id=1      sig-id=3152       type=Threshold tracking=src count=5   seconds=2   
Nov 24 22:11:07 rjcipcop kernel: NEW not SYN? IN=eth2 OUT=eth1 SRC=83.154.127.249 DST=192.168.2.2 LEN=108 TOS=0x00 PREC=0x00 TTL=52 ID=46437 DF PROTO=TCP SPT=3770 DPT=59999 WINDOW=64240 RES=0x00 ACK PSH FIN URGP=0
Nov 24 22:11:07 rjcipcop snort: | gen-id=1      sig-id=4984       type=Threshold tracking=src count=5   seconds=2   
Nov 24 22:11:07 rjcipcop snort: +-----------------------[thresholding-local]-----------------------------------
Nov 24 22:11:07 rjcipcop snort: | gen-id=1      sig-id=3542       type=Threshold tracking=src count=5   seconds=2   
Nov 24 22:11:07 rjcipcop snort: | gen-id=1      sig-id=2275       type=Threshold tracking=dst count=5   seconds=60 
Nov 24 22:11:07 rjcipcop snort: | gen-id=1      sig-id=3152       type=Threshold tracking=src count=5   seconds=2   
Nov 24 22:11:07 rjcipcop snort: | gen-id=1      sig-id=4984       type=Threshold tracking=src count=5   seconds=2   
Nov 24 22:11:08 rjcipcop snort: | gen-id=1      sig-id=3542       type=Threshold tracking=src count=5   seconds=2   
Nov 24 22:11:08 rjcipcop snort: | gen-id=1      sig-id=3273       type=Threshold tracking=src count=5   seconds=2   
Nov 24 22:11:07 rjcipcop snort: | gen-id=1      sig-id=3273       type=Threshold tracking=src count=5   seconds=2   
Nov 24 22:11:08 rjcipcop snort: | gen-id=1      sig-id=3543       type=Threshold tracking=src count=5   seconds=2   
Nov 24 22:11:08 rjcipcop kernel: INPUT IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=82.231.21.195 DST=82.231.149.170 LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=30719 DF PROTO=TCP SPT=3777 DPT=445 WINDOW=64512 RES=0x00 SYN URGP=0
Nov 24 22:11:08 rjcipcop snort: | gen-id=1      sig-id=3543       type=Threshold tracking=src count=5   seconds=2   
Nov 24 22:11:08 rjcipcop snort: | gen-id=1      sig-id=3527       type=Limit     tracking=dst count=5   seconds=60 
Nov 24 22:11:08 rjcipcop snort: | gen-id=1      sig-id=3527       type=Limit     tracking=dst count=5   seconds=60 
Nov 24 22:11:08 rjcipcop snort: | gen-id=1      sig-id=2924       type=Threshold tracking=dst count=10  seconds=60 
Nov 24 22:11:08 rjcipcop snort: | gen-id=1      sig-id=2924       type=Threshold tracking=dst count=10  seconds=60 
Nov 24 22:11:08 rjcipcop snort: | gen-id=1      sig-id=2523       type=Both      tracking=dst count=10  seconds=10 
Nov 24 22:11:08 rjcipcop kernel: INPUT IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=212.93.223.46 DST=82.231.149.170 LEN=91 TOS=0x00 PREC=0x00 TTL=114 ID=32877 PROTO=UDP SPT=62739 DPT=59999 LEN=71
Nov 24 22:11:08 rjcipcop snort: | gen-id=1      sig-id=2523       type=Both      tracking=dst count=10  seconds=10 
Nov 24 22:11:08 rjcipcop snort: | gen-id=1      sig-id=2923       type=Threshold tracking=dst count=10  seconds=60 
Nov 24 22:11:08 rjcipcop snort: +-----------------------[suppression]------------------------------------------
Nov 24 22:11:08 rjcipcop snort: | none
Nov 24 22:11:08 rjcipcop snort: | gen-id=1      sig-id=2923       type=Threshold tracking=dst count=10  seconds=60 
Nov 24 22:11:08 rjcipcop snort: +------------------------------------------------------------------------------
Nov 24 22:11:09 rjcipcop snort: +-----------------------[suppression]------------------------------------------
Nov 24 22:11:09 rjcipcop snort: | none
Nov 24 22:11:09 rjcipcop snort: +------------------------------------------------------------------------------
Nov 24 22:11:09 rjcipcop snort: Rule application order: ->pass->activation->dynamic->alert->log
Nov 24 22:11:09 rjcipcop kernel: INPUT IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=195.112.95.126 DST=82.231.149.170 LEN=91 TOS=0x00 PREC=0x00 TTL=116 ID=31003 PROTO=UDP SPT=47225 DPT=59999 LEN=71
Nov 24 22:11:09 rjcipcop snort: Log directory = /var/log/snort
Nov 24 22:11:09 rjcipcop snort: Rule application order: ->pass->activation->dynamic->alert->log
Nov 24 22:11:09 rjcipcop snort: Log directory = /var/log/snort
Nov 24 22:11:09 rjcipcop snort: Snort initialization completed successfully (pid=878)
Nov 24 22:11:09 rjcipcop snort: Snort initialization completed successfully (pid=880)
Nov 24 22:11:14 rjcipcop kernel: INPUT IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=213.114.139.142 DST=82.231.149.170 LEN=91 TOS=0x00 PREC=0x00 TTL=114 ID=15665 PROTO=UDP SPT=44670 DPT=59999 LEN=71
Nov 24 22:11:16 rjcipcop kernel: NEW not SYN? IN=eth2 OUT=eth1 SRC=196.41.226.11 DST=192.168.2.2 LEN=40 TOS=0x00 PREC=0x00 TTL=108 ID=17918 DF PROTO=TCP SPT=4184 DPT=59999 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Nov 24 22:11:19 rjcipcop kernel: INPUT IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=81.38.77.125 DST=82.231.149.170 LEN=91 TOS=0x00 PREC=0x00 TTL=115 ID=16232 PROTO=UDP SPT=27201 DPT=59999 LEN=71
Nov 24 22:11:22 rjcipcop kernel: NEW not SYN? IN=eth1 OUT=eth2 SRC=192.168.2.2 DST=82.248.70.218 LEN=152 TOS=0x00 PREC=0x00 TTL=63 ID=8247 DF PROTO=TCP SPT=4662 DPT=3264 WINDOW=46 RES=0x00 ACK PSH FIN URGP=0
Nov 24 22:11:24 rjcipcop kernel: INPUT IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=90.14.136.16 DST=82.231.149.170 LEN=70 TOS=0x00 PREC=0x00 TTL=116 ID=59885 PROTO=UDP SPT=23340 DPT=59999 LEN=50
Nov 24 22:11:25 rjcipcop kernel: NEW not SYN? IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=212.195.225.213 DST=82.231.149.170 LEN=64 TOS=0x00 PREC=0x00 TTL=117 ID=16460 DF PROTO=TCP SPT=4662 DPT=33919 WINDOW=21300 RES=0x00 ACK SYN URGP=0
Nov 24 22:11:28 rjcipcop kernel: NEW not SYN? IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=212.195.225.213 DST=82.231.149.170 LEN=64 TOS=0x00 PREC=0x00 TTL=117 ID=16554 DF PROTO=TCP SPT=4662 DPT=33919 WINDOW=21300 RES=0x00 ACK SYN URGP=0
Nov 24 22:11:29 rjcipcop kernel: GREEN-DROP IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0e:a6:b2:44:54:08:00 SRC=192.168.1.2 DST=192.168.1.255 LEN=229 TOS=0x00 PREC=0x00 TTL=64 ID=59854 PROTO=UDP SPT=138 DPT=138 LEN=209
Nov 24 22:11:29 rjcipcop kernel: INPUT IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=82.231.56.189 DST=82.231.149.170 LEN=48 TOS=0x00 PREC=0x00 TTL=121 ID=20978 DF PROTO=TCP SPT=3284 DPT=139 WINDOW=16384 RES=0x00 SYN URGP=0
Nov 24 22:11:32 rjcipcop kernel: NEW not SYN? IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=84.122.181.199 DST=82.231.149.170 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=60675 DF PROTO=TCP SPT=55958 DPT=42204 WINDOW=63894 RES=0x00 ACK URGP=0
Nov 24 22:11:34 rjcipcop kernel: NEW not SYN? IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=212.195.225.213 DST=82.231.149.170 LEN=64 TOS=0x00 PREC=0x00 TTL=117 ID=16682 DF PROTO=TCP SPT=4662 DPT=33919 WINDOW=21300 RES=0x00 ACK SYN URGP=0
Nov 24 22:11:36 rjcipcop kernel: INPUT IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=82.231.173.189 DST=82.231.149.170 LEN=64 TOS=0x00 PREC=0x00 TTL=41 ID=58198 DF PROTO=TCP SPT=2676 DPT=135 WINDOW=53760 RES=0x00 SYN URGP=0
Nov 24 22:11:37 rjcipcop kernel: GREEN-DROP IN=eth0 OUT= MAC=00:e0:7d:b7:25:6d:00:0e:a6:b2:44:54:08:00 SRC=192.168.1.2 DST=192.168.1.1 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=59857 DF PROTO=TCP SPT=1584 DPT=222 WINDOW=65535 RES=0x00 SYN URGP=0
Nov 24 22:11:40 rjcipcop kernel: GREEN-DROP IN=eth0 OUT= MAC=00:e0:7d:b7:25:6d:00:0e:a6:b2:44:54:08:00 SRC=192.168.1.2 DST=192.168.1.1 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=59858 DF PROTO=TCP SPT=1584 DPT=222 WINDOW=65535 RES=0x00 SYN URGP=0
Nov 24 22:11:41 rjcipcop kernel: NEW not SYN? IN=eth2 OUT=eth1 SRC=196.41.226.11 DST=192.168.2.2 LEN=40 TOS=0x00 PREC=0x00 TTL=108 ID=21078 DF PROTO=TCP SPT=4184 DPT=59999 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Nov 24 22:11:44 rjcipcop kernel: INPUT IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=210.213.246.76 DST=82.231.149.170 LEN=91 TOS=0x00 PREC=0x00 TTL=110 ID=25089 PROTO=UDP SPT=6881 DPT=59999 LEN=71
Nov 24 22:11:46 rjcipcop kernel: GREEN-DROP IN=eth0 OUT= MAC=00:e0:7d:b7:25:6d:00:0e:a6:b2:44:54:08:00 SRC=192.168.1.2 DST=192.168.1.1 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=60848 DF PROTO=TCP SPT=1584 DPT=222 WINDOW=65535 RES=0x00 SYN URGP=0
Nov 24 22:11:47 rjcipcop ipcop: BlockOutTraffic Désactivé
Nov 24 22:11:47 rjcipcop kernel: NEW not SYN? IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=84.122.181.199 DST=82.231.149.170 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=61778 DF PROTO=TCP SPT=55958 DPT=42204 WINDOW=63894 RES=0x00 ACK URGP=0
Nov 24 22:11:48 rjcipcop kernel: INPUT IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=217.211.170.149 DST=82.231.149.170 LEN=91 TOS=0x00 PREC=0x00 TTL=113 ID=27609 PROTO=UDP SPT=7001 DPT=59999 LEN=71
Nov 24 22:11:48 rjcipcop kernel: NEW not SYN? IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=86.198.246.234 DST=82.231.149.170 LEN=64 TOS=0x00 PREC=0x00 TTL=117 ID=31116 DF PROTO=TCP SPT=4662 DPT=45142 WINDOW=62780 RES=0x00 ACK SYN URGP=0
Nov 24 22:11:50 rjcipcop kernel: INPUT IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=88.242.238.139 DST=82.231.149.170 LEN=93 TOS=0x00 PREC=0x00 TTL=113 ID=55834 PROTO=UDP SPT=54321 DPT=59999 LEN=73
Nov 24 22:11:51 rjcipcop kernel: NEW not SYN? IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=86.198.246.234 DST=82.231.149.170 LEN=64 TOS=0x00 PREC=0x00 TTL=117 ID=31256 DF PROTO=TCP SPT=4662 DPT=45142 WINDOW=62780 RES=0x00 ACK SYN URGP=0
Nov 24 22:11:51 rjcipcop kernel: INPUT IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=82.123.179.254 DST=82.231.149.170 LEN=90 TOS=0x00 PREC=0x00 TTL=116 ID=33143 PROTO=UDP SPT=14788 DPT=59999 LEN=70
Nov 24 22:11:52 rjcipcop kernel: INPUT IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=81.34.52.149 DST=82.231.149.170 LEN=91 TOS=0x00 PREC=0x00 TTL=116 ID=27919 PROTO=UDP SPT=49152 DPT=59999 LEN=71
Nov 24 22:11:52 rjcipcop kernel: INPUT IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=86.216.251.90 DST=82.231.149.170 LEN=91 TOS=0x00 PREC=0x00 TTL=117 ID=16568 PROTO=UDP SPT=40974 DPT=59999 LEN=71
Nov 24 22:11:56 rjcipcop kernel: INPUT IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=82.173.247.206 DST=82.231.149.170 LEN=91 TOS=0x00 PREC=0x00 TTL=116 ID=13807 PROTO=UDP SPT=6881 DPT=59999 LEN=71
Nov 24 22:11:57 rjcipcop kernel: NEW not SYN? IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=86.198.246.234 DST=82.231.149.170 LEN=64 TOS=0x00 PREC=0x00 TTL=117 ID=31532 DF PROTO=TCP SPT=4662 DPT=45142 WINDOW=62780 RES=0x00 ACK SYN URGP=0
Nov 24 22:11:59 rjcipcop sshd[954]: Accepted password for root from 192.168.1.2 port 1587 ssh2
Nov 24 22:11:59 rjcipcop sshd[954]: subsystem request for sftp
Nov 24 22:12:01 rjcipcop kernel: INPUT IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=58.8.72.234 DST=82.231.149.170 LEN=91 TOS=0x00 PREC=0x00 TTL=42 ID=38592 PROTO=UDP SPT=46572 DPT=59999 LEN=71
Nov 24 22:12:05 rjcipcop kernel: NEW not SYN? IN=eth1 OUT=eth2 SRC=192.168.2.2 DST=89.86.64.47 LEN=120 TOS=0x00 PREC=0x00 TTL=63 ID=14073 DF PROTO=TCP SPT=38315 DPT=49711 WINDOW=46 RES=0x00 ACK PSH URGP=0
Nov 24 22:12:05 rjcipcop kernel: NEW not SYN? IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=84.122.181.199 DST=82.231.149.170 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=63054 DF PROTO=TCP SPT=55406 DPT=42204 WINDOW=63894 RES=0x00 ACK URGP=0
Nov 24 22:12:06 rjcipcop kernel: INPUT IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=66.24.115.144 DST=82.231.149.170 LEN=91 TOS=0x00 PREC=0x00 TTL=109 ID=27994 PROTO=UDP SPT=60540 DPT=59999 LEN=71
Nov 24 22:12:13 rjcipcop kernel: INPUT IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=86.216.200.158 DST=82.231.149.170 LEN=118 TOS=0x00 PREC=0x00 TTL=116 ID=5121 PROTO=UDP SPT=21172 DPT=59999 LEN=98
Nov 24 22:12:18 rjcipcop kernel: INPUT IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=82.231.47.205 DST=82.231.149.170 LEN=64 TOS=0x00 PREC=0x00 TTL=40 ID=2417 DF PROTO=TCP SPT=2928 DPT=445 WINDOW=53760 RES=0x00 SYN URGP=0
Nov 24 22:12:24 rjcipcop kernel: INPUT IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=82.82.179.139 DST=82.231.149.170 LEN=91 TOS=0x00 PREC=0x00 TTL=119 ID=64778 PROTO=UDP SPT=6883 DPT=59999 LEN=71
Nov 24 22:12:30 rjcipcop kernel: INPUT IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=24.68.239.24 DST=82.231.149.170 LEN=91 TOS=0x00 PREC=0x00 TTL=46 ID=50210 PROTO=UDP SPT=6881 DPT=59999 LEN=71
Nov 24 22:12:30 rjcipcop kernel: NEW not SYN? IN=eth2 OUT=eth1 SRC=196.41.226.11 DST=192.168.2.2 LEN=40 TOS=0x00 PREC=0x00 TTL=108 ID=27682 DF PROTO=TCP SPT=4184 DPT=59999 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Nov 24 22:12:31 rjcipcop kernel: NEW not SYN? IN=eth1 OUT=eth2 SRC=192.168.2.2 DST=89.159.68.17 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=25608 DF PROTO=TCP SPT=4662 DPT=3532 WINDOW=6432 RES=0x00 ACK FIN URGP=0
Nov 24 22:12:37 rjcipcop kernel: NEW not SYN? IN=eth2 OUT=eth1 SRC=82.251.95.105 DST=192.168.2.2 LEN=40 TOS=0x00 PREC=0x00 TTL=120 ID=39173 DF PROTO=TCP SPT=2541 DPT=59999 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Nov 24 22:12:37 rjcipcop kernel: INPUT IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=85.60.0.213 DST=82.231.149.170 LEN=91 TOS=0x00 PREC=0x00 TTL=49 ID=8529 PROTO=UDP SPT=47167 DPT=59999 LEN=71
Nov 24 22:12:40 rjcipcop kernel: NEW not SYN? IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=84.122.181.199 DST=82.231.149.170 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=147 DF PROTO=TCP SPT=55406 DPT=42204 WINDOW=63894 RES=0x00 ACK URGP=0
Nov 24 22:12:44 rjcipcop kernel: INPUT IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=68.9.120.210 DST=82.231.149.170 LEN=91 TOS=0x00 PREC=0x00 TTL=117 ID=24216 PROTO=UDP SPT=28700 DPT=59999 LEN=71
Nov 24 22:12:44 rjcipcop kernel: NEW not SYN? IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=124.8.38.172 DST=82.231.149.170 LEN=40 TOS=0x00 PREC=0x00 TTL=115 ID=25182 PROTO=TCP SPT=4662 DPT=53451 WINDOW=0 RES=0x00 ACK RST URGP=0
Nov 24 22:12:48 rjcipcop kernel: INPUT IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=128.100.69.88 DST=82.231.149.170 LEN=91 TOS=0x00 PREC=0x00 TTL=110 ID=2109 PROTO=UDP SPT=26620 DPT=59999 LEN=71
Nov 24 22:12:55 rjcipcop kernel: INPUT IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=82.61.143.39 DST=82.231.149.170 LEN=93 TOS=0x00 PREC=0x00 TTL=51 ID=317 PROTO=UDP SPT=55555 DPT=59999 LEN=73
Nov 24 22:13:00 rjcipcop kernel: INPUT IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=87.74.29.25 DST=82.231.149.170 LEN=91 TOS=0x00 PREC=0x00 TTL=118 ID=6333 PROTO=UDP SPT=21058 DPT=59999 LEN=71
Nov 24 22:13:07 rjcipcop kernel: INPUT IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=124.121.35.100 DST=82.231.149.170 LEN=91 TOS=0x00 PREC=0x00 TTL=41 ID=6445 PROTO=UDP SPT=14253 DPT=59999 LEN=71
Nov 24 22:13:08 rjcipcop kernel: NEW not SYN? IN=eth2 OUT=eth1 SRC=218.186.58.168 DST=192.168.2.2 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=14962 PROTO=TCP SPT=8661 DPT=59999 WINDOW=0 RES=0x00 RST URGP=0
Nov 24 22:13:12 rjcipcop kernel: NEW not SYN? IN=eth2 OUT=eth1 SRC=86.216.22.47 DST=192.168.2.2 LEN=40 TOS=0x00 PREC=0x00 TTL=116 ID=2882 DF PROTO=TCP SPT=1400 DPT=4662 WINDOW=17255 RES=0x00 ACK FIN URGP=0
Nov 24 22:13:12 rjcipcop kernel: INPUT IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=24.76.125.80 DST=82.231.149.170 LEN=93 TOS=0x00 PREC=0x00 TTL=116 ID=49349 PROTO=UDP SPT=44725 DPT=59999 LEN=73
Nov 24 22:13:14 rjcipcop kernel: NEW not SYN? IN=eth2 OUT=eth1 SRC=86.216.22.47 DST=192.168.2.2 LEN=40 TOS=0x00 PREC=0x00 TTL=116 ID=3212 DF PROTO=TCP SPT=1400 DPT=4662 WINDOW=17255 RES=0x00 ACK FIN URGP=0
Nov 24 22:13:18 rjcipcop kernel: INPUT IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=74.107.188.113 DST=82.231.149.170 LEN=93 TOS=0x00 PREC=0x00 TTL=115 ID=12916 PROTO=UDP SPT=21 DPT=59999 LEN=73
Nov 24 22:13:20 rjcipcop kernel: NEW not SYN? IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=86.212.166.27 DST=82.231.149.170 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=18129 DF PROTO=TCP SPT=4662 DPT=40566 WINDOW=65535 RES=0x00 ACK SYN URGP=0
Nov 24 22:13:22 rjcipcop kernel: NEW not SYN? IN=eth2 OUT=eth1 SRC=86.216.22.47 DST=192.168.2.2 LEN=40 TOS=0x00 PREC=0x00 TTL=116 ID=3484 DF PROTO=TCP SPT=1400 DPT=4662 WINDOW=17255 RES=0x00 ACK FIN URGP=0
Nov 24 22:13:22 rjcipcop kernel: NEW not SYN? IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=86.212.166.27 DST=82.231.149.170 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=18216 DF PROTO=TCP SPT=4662 DPT=40566 WINDOW=65535 RES=0x00 ACK SYN URGP=0
Nov 24 22:13:25 rjcipcop kernel: INPUT IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=82.231.210.229 DST=82.231.149.170 LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=61761 DF PROTO=TCP SPT=3703 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0
Nov 24 22:13:28 rjcipcop kernel: NEW not SYN? IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=86.212.166.27 DST=82.231.149.170 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=18389 DF PROTO=TCP SPT=4662 DPT=40566 WINDOW=65535 RES=0x00 ACK SYN URGP=0
Nov 24 22:13:30 rjcipcop kernel: INPUT IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=203.206.63.116 DST=82.231.149.170 LEN=91 TOS=0x00 PREC=0x00 TTL=109 ID=3189 PROTO=UDP SPT=6789 DPT=59999 LEN=71
Nov 24 22:13:33 rjcipcop kernel: NEW not SYN? IN=eth2 OUT=eth1 SRC=86.216.22.47 DST=192.168.2.2 LEN=40 TOS=0x00 PREC=0x00 TTL=116 ID=3721 DF PROTO=TCP SPT=1400 DPT=4662 WINDOW=17255 RES=0x00 ACK FIN URGP=0
Nov 24 22:13:37 rjcipcop kernel: INPUT IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=24.4.2.0 DST=82.231.149.170 LEN=91 TOS=0x00 PREC=0x00 TTL=103 ID=63209 PROTO=UDP SPT=65222 DPT=59999 LEN=71
Nov 24 22:13:38 rjcipcop kernel: NEW not SYN? IN=eth1 OUT=eth2 SRC=192.168.2.2 DST=80.24.129.33 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=4553 DF PROTO=TCP SPT=4662 DPT=22677 WINDOW=6432 RES=0x00 ACK FIN URGP=0
Nov 24 22:13:42 rjcipcop kernel: NEW not SYN? IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=84.122.181.199 DST=82.231.149.170 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=4410 DF PROTO=TCP SPT=55406 DPT=42204 WINDOW=63894 RES=0x00 ACK FIN URGP=0
Nov 24 22:13:44 rjcipcop kernel: INPUT IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=90.14.136.16 DST=82.231.149.170 LEN=70 TOS=0x00 PREC=0x00 TTL=116 ID=68 PROTO=UDP SPT=23340 DPT=59999 LEN=50
Nov 24 22:13:48 rjcipcop kernel: INPUT IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=80.238.98.122 DST=82.231.149.170 LEN=91 TOS=0x00 PREC=0x00 TTL=115 ID=41240 PROTO=UDP SPT=33873 DPT=59999 LEN=71
Nov 24 22:13:50 rjcipcop kernel: NEW not SYN? IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=84.122.181.199 DST=82.231.149.170 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=5045 DF PROTO=TCP SPT=55406 DPT=42204 WINDOW=63894 RES=0x00 ACK URGP=0
Nov 24 22:13:54 rjcipcop kernel: INPUT IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=88.73.189.61 DST=82.231.149.170 LEN=91 TOS=0x00 PREC=0x00 TTL=55 ID=18218 PROTO=UDP SPT=52980 DPT=59999 LEN=71
Nov 24 22:13:55 rjcipcop kernel: NEW not SYN? IN=eth2 OUT=eth1 SRC=81.56.145.147 DST=192.168.2.2 LEN=108 TOS=0x00 PREC=0x00 TTL=119 ID=43514 DF PROTO=TCP SPT=36565 DPT=59999 WINDOW=64999 RES=0x00 ACK PSH URGP=0
Nov 24 22:13:58 rjcipcop kernel: NEW not SYN? IN=eth2 OUT=eth1 SRC=86.216.22.47 DST=192.168.2.2 LEN=40 TOS=0x00 PREC=0x00 TTL=116 ID=4641 DF PROTO=TCP SPT=1400 DPT=4662 WINDOW=17255 RES=0x00 ACK FIN URGP=0
Nov 24 22:14:00 rjcipcop kernel: INPUT IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=12.155.201.163 DST=82.231.149.170 LEN=71 TOS=0x00 PREC=0x00 TTL=113 ID=25306 PROTO=UDP SPT=28546 DPT=59999 LEN=51
Nov 24 22:14:06 rjcipcop kernel: NEW not SYN? IN=eth1 OUT=eth2 SRC=192.168.2.2 DST=88.123.44.186 LEN=40 TOS=0x00 PREC=0x00 TTL=63 ID=44913 DF PROTO=TCP SPT=59999 DPT=1822 WINDOW=5840 RES=0x00 ACK FIN URGP=0
Nov 24 22:14:08 rjcipcop kernel: INPUT IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=24.47.105.162 DST=82.231.149.170 LEN=93 TOS=0x00 PREC=0x00 TTL=111 ID=19559 PROTO=UDP SPT=40626 DPT=59999 LEN=73
Nov 24 22:14:12 rjcipcop kernel: INPUT IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=82.231.56.189 DST=82.231.149.170 LEN=48 TOS=0x00 PREC=0x00 TTL=121 ID=4262 DF PROTO=TCP SPT=4694 DPT=135 WINDOW=16384 RES=0x00 SYN URGP=0
Nov 24 22:14:18 rjcipcop kernel: INPUT IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=68.190.210.62 DST=82.231.149.170 LEN=93 TOS=0x00 PREC=0x00 TTL=113 ID=37406 PROTO=UDP SPT=16218 DPT=59999 LEN=73
Nov 24 22:14:24 rjcipcop kernel: INPUT IN=eth2 OUT= MAC=00:30:f1:59:5f:52:00:07:cb:1d:b1:94:08:00 SRC=196.205.131.214


Autre question:

cela veut dire quoi: NEW not SYN?

Merci
tonton13
Lieutenant de vaisseau
Lieutenant de vaisseau
 
Messages: 190
Inscrit le: 03 Fév 2005 20:06
Haut
Publier une réponse

Retour vers IPCop

Qui est en ligne ?

Utilisateur(s) parcourant actuellement ce forum : Aucun utilisateur inscrit et 1 invité

Powered by boolaz
cron