Nov 2 03:10:09 ids snort[4636]: IDS128 - CVE-1999-0067 - CGI phf attempt: 62.98.12.116:4406 -> 172.16.1.107:80
Nov 2 05:30:37 ids snort[4636]: IDS128 - CVE-1999-0067 - CGI phf attempt: 62.98.14.40:1402 -> 172.16.1.107:80
Nov 3 01:39:01 ids snort[5031]: IDS13 - RPC - portmap-request-mountd: 64.229.250.79:640 -> 172.16.1.107:111
Nov 3 01:39:01 ids snort[5031]: IDS13 - RPC - portmap-request-mountd: 64.229.250.79:641 -> 172.16.1.107:111
Nov 3 01:39:18 ids snort[5031]: IDS13 - RPC - portmap-request-mountd: 64.229.250.79:642 -> 172.16.1.107:111
Nov 3 01:39:18 ids snort[5031]: IDS13 - RPC - portmap-request-mountd: 64.229.250.79:645 -> 172.16.1.107:111
Nov 3 01:39:30 ids snort[5031]: IDS13 - RPC - portmap-request-mountd: 64.229.250.79:656 -> 172.16.1.107:111
Nov 3 01:39:30 ids snort[5031]: IDS13 - RPC - portmap-request-mountd: 64.229.250.79:657 -> 172.16.1.107:111
Nov 4 18:25:59 ids snort[5240]: spp_portscan: PORTSCAN DETECTED from 203.59.72.172 (STEALTH)
Nov 4 18:25:59 ids snort[5240]: SCAN-SYN FIN: 203.59.72.172:21 -> 172.16.1.103:21
Nov 4 18:25:59 ids snort[5240]: SCAN-SYN FIN: 203.59.72.172:21 -> 172.16.1.101:21
Nov 4 18:25:59 ids snort[5240]: SCAN-SYN FIN: 203.59.72.172:21 -> 172.16.1.102:21
Nov 4 18:25:59 ids snort[5240]: SCAN-SYN FIN: 203.59.72.172:21 -> 172.16.1.105:21
Nov 4 18:25:59 ids snort[5240]: SCAN-SYN FIN: 203.59.72.172:21 -> 172.16.1.104:21
Nov 4 18:25:59 ids snort[5240]: SCAN-SYN FIN: 203.59.72.172:21 -> 172.16.1.106:21
Nov 4 18:25:59 ids snort[5240]: SCAN-SYN FIN: 203.59.72.172:21 -> 172.16.1.107:21
Nov 4 18:25:59 ids snort[5240]: SCAN-SYN FIN: 203.59.72.172:21 -> 172.16.1.108:21
Nov 4 18:25:59 ids snort[5240]: SCAN-SYN FIN: 203.59.72.172:21 -> 172.16.1.109:21
Nov 4 18:26:17 ids snort[5240]: spp_portscan: portscan status from 203.59.72.172: 11 connections across 9 hosts: TCP(11), UDP(0) STEALTH
Nov 4 18:26:33 ids snort[5240]: spp_portscan: End of portscan from 203.59.72.172: TOTAL time(2s) hosts(9) TCP(11) UDP(0) STEALTH
Nov 4 22:29:45 ids snort[5240]: RPC Info Query: 24.69.66.75:738 -> 172.16.1.107:111
Nov 4 22:30:41 ids snort[5240]: IDS15 - RPC - portmap-request-status: 24.69.66.75:851 -> 172.16.1.107:111
Nov 4 22:30:41 ids snort[5240]: IDS362 - MISC - Shellcode X86 NOPS-UDP: 24.69.66.75:852 -> 172.16.1.107:949
Nov 5 09:52:07 ids snort[6147]: IDS152 - PING BSD: 207.239.115.11 -> 172.16.1.101
Nov 5 09:52:08 ids snort[6147]: IDS152 - PING BSD: 207.239.115.11 -> 172.16.1.101
Nov 5 09:52:09 ids snort[6147]: IDS152 - PING BSD: 207.239.115.11 -> 172.16.1.101
Nov 5 09:52:40 ids snort[6147]: IDS08 - TELNET - daemon-active: 172.16.1.101:23 -> 207.239.115.11:1270
Nov 5 11:54:40 ids snort[6147]: spp_portscan: PORTSCAN DETECTED from 202.114.208.160 (THRESHOLD 5 connections exceeded in 0 seconds)
Nov 5 11:57:15 ids snort[6147]: spp_portscan: portscan status from 202.114.208.160: 9 connections across 9 hosts: TCP(9), UDP(0)
Nov 5 11:57:33 ids snort[6147]: spp_portscan: End of portscan from 202.114.208.160: TOTAL time(0s) hosts(9) TCP(9) UDP(0)
Nov 6 16:44:14 ids snort[237]: spp_portscan: PORTSCAN DETECTED from 61.129.65.42 (STEALTH)
Nov 6 16:44:14 ids snort[237]: SCAN-SYN FIN: 61.129.65.42:111 -> 172.16.1.102:111
Nov 6 16:44:14 ids snort[237]: SCAN-SYN FIN: 61.129.65.42:111 -> 172.16.1.103:111
Nov 6 16:44:14 ids snort[237]: SCAN-SYN FIN: 61.129.65.42:111 -> 172.16.1.104:111
Nov 6 16:44:14 ids snort[237]: SCAN-SYN FIN: 61.129.65.42:111 -> 172.16.1.105:111
Nov 6 16:44:14 ids snort[237]: SCAN-SYN FIN: 61.129.65.42:111 -> 172.16.1.107:111
Nov 6 16:44:14 ids snort[237]: SCAN-SYN FIN: 61.129.65.42:111 -> 172.16.1.108:111
Nov 6 16:44:14 ids snort[237]: SCAN-SYN FIN: 61.129.65.42:111 -> 172.16.1.109:111
Nov 6 16:44:19 ids snort[237]: RPC Info Query: 61.129.65.42:777 -> 172.16.1.107:111
Nov 6 16:44:36 ids snort[237]: spp_portscan: portscan status from 61.129.65.42: 8 connections across 7 hosts: TCP(8), UDP(0) STEALTH
Nov 6 16:44:52 ids snort[237]: spp_portscan: End of portscan from 61.129.65.42: TOTAL time(4s) hosts(7) TCP(8) UDP(0) STEALTH
Nov 6 17:02:50 ids snort[237]: spp_portscan: PORTSCAN DETECTED from 62.98.45.141 (STEALTH)
Nov 6 17:02:50 ids snort[237]: SCAN-SYN FIN: 62.98.45.141:111 -> 172.16.1.101:111
Nov 6 17:02:50 ids snort[237]: SCAN-SYN FIN: 62.98.45.141:111 -> 172.16.1.102:111
Nov 6 17:02:50 ids snort[237]: SCAN-SYN FIN: 62.98.45.141:111 -> 172.16.1.103:111
Nov 6 17:02:50 ids snort[237]: SCAN-SYN FIN: 62.98.45.141:111 -> 172.16.1.104:111
Nov 6 17:02:50 ids snort[237]: SCAN-SYN FIN: 62.98.45.141:111 -> 172.16.1.105:111
Nov 6 17:02:50 ids snort[237]: SCAN-SYN FIN: 62.98.45.141:111 -> 172.16.1.106:111
Nov 6 17:02:50 ids snort[237]: SCAN-SYN FIN: 62.98.45.141:111 -> 172.16.1.107:111
Nov 6 17:02:50 ids snort[237]: SCAN-SYN FIN: 62.98.45.141:111 -> 172.16.1.108:111
Nov 6 17:02:50 ids snort[237]: SCAN-SYN FIN: 62.98.45.141:111 -> 172.16.1.109:111
Nov 6 17:02:55 ids snort[237]: RPC Info Query: 62.98.45.141:816 -> 172.16.1.101:111
Nov 6 17:02:58 ids snort[237]: RPC Info Query: 62.98.45.141:826 -> 172.16.1.107:111
Nov 6 17:06:38 ids snort[237]: spp_portscan: portscan status from 62.98.45.141: 11 connections across 9 hosts: TCP(11), UDP(0) STEALTH
Nov 6 17:06:53 ids snort[237]: spp_portscan: End of portscan from 62.98.45.141: TOTAL time(8s) hosts(9) TCP(11) UDP(0) STEALTH
Nov 6 20:34:00 ids snort[237]: IDS13 - RPC - portmap-request-mountd: 212.129.5.218:822 -> 172.16.1.107:111
Nov 6 20:34:01 ids snort[237]: IDS13 - RPC - portmap-request-mountd: 212.129.5.218:823 -> 172.16.1.107:111
Nov 7 23:06:47 ids snort[1260]: spp_portscan: PORTSCAN DETECTED from 216.216.74.2 (THRESHOLD 5 connections exceeded in 0 seconds)
Nov 7 23:11:04 ids snort[1260]: spp_portscan: portscan status from 216.216.74.2: 9 connections across 9 hosts: TCP(9), UDP(0)
Nov 7 23:11:05 ids snort[1260]: RPC Info Query: 216.216.74.2:962 -> 172.16.1.101:111
Nov 7 23:11:06 ids snort[1260]: RPC Info Query: 216.216.74.2:963 -> 172.16.1.107:111
Nov 7 23:11:31 ids snort[1260]: spp_portscan: portscan status from 216.216.74.2: 2 connections across 1 hosts: TCP(2), UDP(0)
Nov 7 23:11:31 ids snort[1260]: IDS08 - TELNET - daemon-active: 172.16.1.101:23 -> 216.216.74.2:1209
Nov 7 23:11:34 ids snort[1260]: IDS08 - TELNET - daemon-active: 172.16.1.101:23 -> 216.216.74.2:1210
Nov 7 23:11:47 ids snort[1260]: spp_portscan: portscan status from 216.216.74.2: 2 connections across 2 hosts: TCP(2), UDP(0)
Nov 7 23:11:51 ids snort[1260]: IDS15 - RPC - portmap-request-status: 216.216.74.2:709 -> 172.16.1.107:111
Nov 7 23:11:51 ids snort[1260]: IDS362 - MISC - Shellcode X86 NOPS-UDP: 216.216.74.2:710 -> 172.16.1.107:871
Nov 7 23:12:03 ids snort[1260]: spp_portscan: portscan status from 216.216.74.2: 2 connections across 1 hosts: TCP(0), UDP(2)
Nov 7 23:12:23 ids snort[1260]: spp_portscan: portscan status from 216.216.74.2: 1 connections across 1 hosts: TCP(1), UDP(0)
Nov 7 23:12:47 ids snort[1260]: spp_portscan: End of portscan from 216.216.74.2: TOTAL time(324s) hosts(10) TCP(14) UDP(2)
Nov 9 22:14:48 ids snort[2197]: spp_portscan: PORTSCAN DETECTED from 24.25.74.35 (THRESHOLD 5 connections exceeded in 0 seconds)
Nov 9 22:15:07 ids snort[2197]: spp_portscan: portscan status from 24.25.74.35: 8 connections across 8 hosts: TCP(0), UDP(8)
Nov 9 22:15:23 ids snort[2197]: spp_portscan: End of portscan from 24.25.74.35: TOTAL time(0s) hosts(8) TCP(0) UDP(8)
Nov 11 21:25:06 ids snort[3357]: IDS13 - RPC - portmap-request-mountd: 24.42.46.171:635 -> 172.16.1.107:111
Nov 11 21:25:12 ids snort[3357]: IDS13 - RPC - portmap-request-mountd: 24.42.46.171:635 -> 172.16.1.107:111
Nov 11 21:25:21 ids snort[3357]: IDS13 - RPC - portmap-request-mountd: 24.42.46.171:635 -> 172.16.1.107:111
Nov 11 21:25:26 ids snort[3357]: IDS13 - RPC - portmap-request-mountd: 24.42.46.171:635 -> 172.16.1.107:111
Nov 11 21:25:32 ids snort[3357]: IDS13 - RPC - portmap-request-mountd: 24.42.46.171:635 -> 172.16.1.107:111
Nov 11 21:25:36 ids snort[3357]: IDS13 - RPC - portmap-request-mountd: 24.42.46.171:635 -> 172.16.1.107:111
Nov 11 21:25:41 ids snort[3357]: IDS13 - RPC - portmap-request-mountd: 24.42.46.171:635 -> 172.16.1.107:111
Nov 11 21:25:47 ids snort[3357]: IDS13 - RPC - portmap-request-mountd: 24.42.46.171:635 -> 172.16.1.107:111
Nov 11 21:25:51 ids snort[3357]: IDS13 - RPC - portmap-request-mountd: 24.42.46.171:635 -> 172.16.1.107:111
Nov 11 21:25:56 ids snort[3357]: IDS13 - RPC - portmap-request-mountd: 24.42.46.171:635 -> 172.16.1.107:111
Nov 11 21:26:02 ids snort[3357]: IDS13 - RPC - portmap-request-mountd: 24.42.46.171:635 -> 172.16.1.107:111
Nov 11 21:26:07 ids snort[3357]: IDS13 - RPC - portmap-request-mountd: 24.42.46.171:636 -> 172.16.1.107:111
Nov 11 21:26:12 ids snort[3357]: IDS13 - RPC - portmap-request-mountd: 24.42.46.171:636 -> 172.16.1.107:111
Nov 11 21:26:17 ids snort[3357]: IDS13 - RPC - portmap-request-mountd: 24.42.46.171:636 -> 172.16.1.107:111
Nov 11 21:26:22 ids snort[3357]: IDS13 - RPC - portmap-request-mountd: 24.42.46.171:636 -> 172.16.1.107:111
Nov 11 21:26:27 ids snort[3357]: IDS13 - RPC - portmap-request-mountd: 24.42.46.171:636 -> 172.16.1.107:111
Nov 11 21:26:32 ids snort[3357]: IDS13 - RPC - portmap-request-mountd: 24.42.46.171:636 -> 172.16.1.107:111
Nov 11 21:26:37 ids snort[3357]: IDS13 - RPC - portmap-request-mountd: 24.42.46.171:636 -> 172.16.1.107:111
Nov 11 21:26:42 ids snort[3357]: IDS13 - RPC - portmap-request-mountd: 24.42.46.171:636 -> 172.16.1.107:111
Nov 11 21:26:47 ids snort[3357]: IDS13 - RPC - portmap-request-mountd: 24.42.46.171:636 -> 172.16.1.107:111
Nov 11 21:26:52 ids snort[3357]: IDS13 - RPC - portmap-request-mountd: 24.42.46.171:636 -> 172.16.1.107:111
Nov 11 21:26:57 ids snort[3357]: IDS13 - RPC - portmap-request-mountd: 24.42.46.171:636 -> 172.16.1.107:111
Nov 11 21:27:02 ids snort[3357]: IDS13 - RPC - portmap-request-mountd: 24.42.46.171:636 -> 172.16.1.107:111
Nov 13 01:53:41 ids snort[3991]: spp_portscan: PORTSCAN DETECTED from 139.130.83.56 (STEALTH)
Nov 13 01:53:41 ids snort[3991]: SCAN-SYN FIN: 139.130.83.56:8828 -> 172.16.1.107:80
Nov 13 04:16:57 ids snort[3991]: spp_portscan: portscan status from 139.130.83.56: 3 connections across 2 hosts: TCP(3), UDP(0) STEALTH
Nov 13 04:17:13 ids snort[3991]: spp_portscan: End of portscan from 139.130.83.56: TOTAL time(1s) hosts(2) TCP(3) UDP(0) STEALTH
Nov 14 00:58:40 ids snort[4293]: spp_portscan: PORTSCAN DETECTED from 24.12.200.186 (THRESHOLD 5 connections exceeded in 3 seconds)
Nov 14 01:00:27 ids snort[4293]: spp_portscan: portscan status from 24.12.200.186: 8 connections across 8 hosts: TCP(8), UDP(0)
Nov 14 01:00:44 ids snort[4293]: spp_portscan: End of portscan from 24.12.200.186: TOTAL time(8s) hosts(8) TCP(8) UDP(0)
Nov 18 06:56:54 ids snort[5382]: spp_portscan: PORTSCAN DETECTED from 216.199.92.4 (THRESHOLD 5 connections exceeded in 0 seconds)
Nov 18 06:56:54 ids snort[5382]: RPC Info Query: 216.199.92.4:990 -> 172.16.1.101:111
Nov 18 07:32:06 ids snort[5382]: spp_portscan: portscan status from 216.199.92.4: 9 connections across 8 hosts: TCP(9), UDP(0)
Nov 18 08:15:44 ids snort[5382]: spp_portscan: End of portscan from 216.199.92.4: TOTAL time(2113s) hosts(8) TCP(9) UDP(0)
Nov 18 10:22:11 ids snort[5382]: spp_portscan: PORTSCAN DETECTED from 194.152.124.142 (THRESHOLD 5 connections exceeded in 0 seconds)
Nov 18 11:31:35 ids snort[5382]: spp_portscan: portscan status from 194.152.124.142: 8 connections across 8 hosts: TCP(8), UDP(0)
Nov 18 11:31:52 ids snort[5382]: spp_portscan: End of portscan from 194.152.124.142: TOTAL time(9s) hosts(8) TCP(8) UDP(0)
Nov 18 17:00:27 ids snort[5382]: spp_portscan: PORTSCAN DETECTED from 24.29.162.158 (THRESHOLD 5 connections exceeded in 0 seconds)
Nov 18 17:16:18 ids snort[5382]: spp_portscan: portscan status from 24.29.162.158: 8 connections across 8 hosts: TCP(8), UDP(0)
Nov 18 17:16:39 ids snort[5382]: spp_portscan: End of portscan from 24.29.162.158: TOTAL time(0s) hosts(8) TCP(8) UDP(0)
Nov 18 22:06:13 ids snort[5382]: spp_portscan: PORTSCAN DETECTED from 62.161.77.94 (THRESHOLD 5 connections exceeded in 2 seconds)
Nov 18 22:10:11 ids snort[5382]: spp_portscan: portscan status from 62.161.77.94: 8 connections across 8 hosts: TCP(8), UDP(0)
Nov 18 22:10:27 ids snort[5382]: spp_portscan: End of portscan from 62.161.77.94: TOTAL time(11s) hosts(8) TCP(8) UDP(0)
Nov 19 11:13:15 ids snort[6009]: spp_portscan: PORTSCAN DETECTED from 24.141.204.189 (THRESHOLD 5 connections exceeded in 0 seconds)
Nov 19 11:26:00 ids snort[6009]: spp_portscan: portscan status from 24.141.204.189: 8 connections across 8 hosts: TCP(8), UDP(0)
Nov 19 14:56:59 ids snort[6009]: spp_portscan: End of portscan from 24.141.204.189: TOTAL time(0s) hosts(8) TCP(8) UDP(0)
Nov 19 14:56:59 ids snort[6009]: IDS7 - MISC-Source Port Traffic 53 TCP: 202.141.26.165:53 -> 172.16.1.107:111
Nov 19 14:56:59 ids snort[6009]: IDS7 - MISC-Source Port Traffic 53 TCP: 202.141.26.165:53 -> 172.16.1.101:111
Nov 20 10:08:04 ids snort[6484]: IDS13 - RPC - portmap-request-mountd: 203.146.85.84:1104 -> 172.16.1.107:111
Nov 20 10:08:34 ids snort[6484]: IDS13 - RPC - portmap-request-mountd: 203.146.85.84:1104 -> 172.16.1.107:111
Nov 20 10:09:04 ids snort[6484]: IDS13 - RPC - portmap-request-mountd: 203.146.85.84:1104 -> 172.16.1.107:111
Nov 20 13:11:06 ids snort[6484]: spp_portscan: PORTSCAN DETECTED from 131.215.30.2 (THRESHOLD 5 connections exceeded in 0 seconds)
Nov 20 13:11:06 ids snort[6484]: IDS8 - TELNET - daemon-active: 172.16.1.101:23 -> 131.215.30.2:4113
Nov 20 13:11:06 ids snort[6484]: RPC Info Query: 131.215.30.2:741 -> 172.16.1.101:111
Nov 20 13:12:30 ids snort[6484]: spp_portscan: portscan status from 131.215.30.2: 10 connections across 8 hosts: TCP(10), UDP(0)
Nov 20 13:12:47 ids snort[6484]: spp_portscan: End of portscan from 131.215.30.2: TOTAL time(9s) hosts(8) TCP(10) UDP(0)
Nov 20 14:04:57 ids snort[6484]: IDS212 - MISC - DNS Zone Transfer: 207.20.109.228:1343 -> 172.16.1.107:53
Nov 20 20:46:03 ids snort[6484]: IDS8 - TELNET - daemon-active: 172.16.1.101:23 -> 24.21.157.47:1630
Nov 20 20:46:03 ids snort[6484]: spp_portscan: PORTSCAN DETECTED from 24.21.157.47 (THRESHOLD 5 connections exceeded in 1 seconds)
Nov 20 20:48:45 ids snort[6484]: spp_portscan: portscan status from 24.21.157.47: 8 connections across 8 hosts: TCP(8), UDP(0)
Nov 20 20:57:37 ids snort[6484]: spp_portscan: End of portscan from 24.21.157.47: TOTAL time(10s) hosts(8) TCP(8) UDP(0)
Nov 21 12:41:26 ids snort[15035]: IDS128 - CVE-1999-0067 - CGI phf attempt: 203.146.64.167:7850 -> 172.16.1.107:80
Nov 21 13:09:53 ids snort[15035]: IDS13 - RPC - portmap-request-mountd: 203.146.85.92:1267 -> 172.16.1.107:111
Nov 21 13:09:58 ids snort[15035]: IDS13 - RPC - portmap-request-mountd: 203.146.85.92:1267 -> 172.16.1.107:111
Nov 21 13:10:24 ids snort[15035]: IDS13 - RPC - portmap-request-mountd: 203.146.85.92:1267 -> 172.16.1.107:111
Nov 21 13:10:29 ids snort[15035]: IDS13 - RPC - portmap-request-mountd: 203.146.85.92:1267 -> 172.16.1.107:111
Nov 21 13:10:34 ids snort[15035]: IDS13 - RPC - portmap-request-mountd: 203.146.85.92:1267 -> 172.16.1.107:111
Nov 21 13:10:39 ids snort[15035]: IDS13 - RPC - portmap-request-mountd: 203.146.85.92:1267 -> 172.16.1.107:111
Nov 21 13:10:43 ids snort[15035]: IDS13 - RPC - portmap-request-mountd: 203.146.85.92:1267 -> 172.16.1.107:111
Nov 21 13:10:49 ids snort[15035]: IDS13 - RPC - portmap-request-mountd: 203.146.85.92:1267 -> 172.16.1.107:111
Nov 21 13:10:54 ids snort[15035]: IDS13 - RPC - portmap-request-mountd: 203.146.85.92:1267 -> 172.16.1.107:111
Nov 21 13:10:59 ids snort[15035]: IDS13 - RPC - portmap-request-mountd: 203.146.85.92:1267 -> 172.16.1.107:111
Nov 21 13:11:04 ids snort[15035]: IDS13 - RPC - portmap-request-mountd: 203.146.85.92:1267 -> 172.16.1.107:111
Nov 21 13:11:09 ids snort[15035]: IDS13 - RPC - portmap-request-mountd: 203.146.85.92:1267 -> 172.16.1.107:111
Nov 21 13:11:14 ids snort[15035]: IDS13 - RPC - portmap-request-mountd: 203.146.85.92:1267 -> 172.16.1.107:111
Nov 21 13:11:19 ids snort[15035]: IDS13 - RPC - portmap-request-mountd: 203.146.85.92:1267 -> 172.16.1.107:111
Nov 21 13:11:24 ids snort[15035]: IDS13 - RPC - portmap-request-mountd: 203.146.85.92:1267 -> 172.16.1.107:111
Nov 21 13:11:34 ids snort[15035]: IDS13 - RPC - portmap-request-mountd: 203.146.85.92:1267 -> 172.16.1.107:111
Nov 21 13:11:39 ids snort[15035]: IDS13 - RPC - portmap-request-mountd: 203.146.85.92:1267 -> 172.16.1.107:111
Nov 21 13:11:43 ids snort[15035]: IDS13 - RPC - portmap-request-mountd: 203.146.85.92:1267 -> 172.16.1.107:111
Nov 21 18:59:36 ids snort[15035]: RPC Info Query: 207.156.136.5:2828 -> 172.16.1.101:111
Nov 22 07:55:20 ids snort[15248]: spp_portscan: PORTSCAN DETECTED from 217.1.30.70 (THRESHOLD 5 connections exceeded in 3 seconds)
Nov 22 08:16:29 ids snort[15248]: spp_portscan: portscan status from 217.1.30.70: 6 connections across 6 hosts: TCP(6), UDP(0)
Nov 22 08:16:34 ids snort[15248]: spp_portscan: PORTSCAN DETECTED from 213.120.237.178 (THRESHOLD 5 connections exceeded in 6 seconds)
Nov 22 08:16:47 ids snort[15248]: spp_portscan: End of portscan from 217.1.30.70: TOTAL time(3s) hosts(6) TCP(6) UDP(0)
Nov 22 08:16:51 ids snort[15248]: spp_portscan: portscan status from 213.120.237.178: 8 connections across 8 hosts: TCP(8), UDP(0)
Nov 22 08:17:22 ids snort[15248]: spp_portscan: portscan status from 213.120.237.178: 4 connections across 4 hosts: TCP(4), UDP(0)
Nov 22 08:18:36 ids snort[15248]: spp_portscan: End of portscan from 213.120.237.178: TOTAL time(31s) hosts(11) TCP(12) UDP(0)
Nov 22 19:55:28 ids snort[15248]: spp_portscan: PORTSCAN DETECTED from 62.136.60.95 (THRESHOLD 5 connections exceeded in 0 seconds)
Nov 22 21:37:47 ids snort[15248]: spp_portscan: portscan status from 62.136.60.95: 8 connections across 8 hosts: TCP(8), UDP(0)
Nov 22 21:38:03 ids snort[15248]: spp_portscan: End of portscan from 62.136.60.95: TOTAL time(8s) hosts(8) TCP(8) UDP(0)
Nov 22 21:55:12 ids snort[15248]: IDS13 - RPC - portmap-request-mountd: 208.133.204.1:855 -> 172.16.1.107:111
Nov 22 21:55:17 ids snort[15248]: IDS13 - RPC - portmap-request-mountd: 208.133.204.1:855 -> 172.16.1.107:111
Nov 22 21:55:47 ids snort[15248]: IDS13 - RPC - portmap-request-mountd: 208.133.204.1:855 -> 172.16.1.107:111
Nov 22 21:56:12 ids snort[15248]: IDS13 - RPC - portmap-request-mountd: 208.133.204.1:856 -> 172.16.1.107:111
Nov 22 21:56:17 ids snort[15248]: IDS13 - RPC - portmap-request-mountd: 208.133.204.1:856 -> 172.16.1.107:111
Nov 22 21:56:47 ids snort[15248]: IDS13 - RPC - portmap-request-mountd: 208.133.204.1:856 -> 172.16.1.107:111
Nov 22 21:57:07 ids snort[15248]: IDS13 - RPC - portmap-request-mountd: 208.133.204.1:856 -> 172.16.1.107:111
Nov 23 00:44:41 ids snort[16083]: spp_portscan: PORTSCAN DETECTED from 209.237.67.12 (THRESHOLD 5 connections exceeded in 0 seconds)
Nov 23 02:02:07 ids snort[16083]: spp_portscan: portscan status from 209.237.67.12: 8 connections across 8 hosts: TCP(8), UDP(0)
Nov 23 02:02:23 ids snort[16083]: spp_portscan: End of portscan from 209.237.67.12: TOTAL time(0s) hosts(8) TCP(8) UDP(0)
Nov 23 19:46:57 ids snort[16083]: spp_portscan: PORTSCAN DETECTED from 206.77.188.15 (STEALTH)
Nov 23 19:46:57 ids snort[16083]: SCAN-SYN FIN: 206.77.188.15:53 -> 172.16.1.101:53
Nov 23 19:46:57 ids snort[16083]: SCAN-SYN FIN: 206.77.188.15:53 -> 172.16.1.102:53
Nov 23 19:46:57 ids snort[16083]: SCAN-SYN FIN: 206.77.188.15:53 -> 172.16.1.103:53
Nov 23 19:46:57 ids snort[16083]: SCAN-SYN FIN: 206.77.188.15:53 -> 172.16.1.104:53
Nov 23 19:46:57 ids snort[16083]: SCAN-SYN FIN: 206.77.188.15:53 -> 172.16.1.105:53
Nov 23 19:46:57 ids snort[16083]: SCAN-SYN FIN: 206.77.188.15:53 -> 172.16.1.106:53
Nov 23 19:46:57 ids snort[16083]: SCAN-SYN FIN: 206.77.188.15:53 -> 172.16.1.107:53
Nov 23 19:46:57 ids snort[16083]: SCAN-SYN FIN: 206.77.188.15:53 -> 172.16.1.108:53
Nov 23 19:46:57 ids snort[16083]: PING-ICMP Time Exceeded: 205.171.25.58 -> 172.16.1.101
Nov 23 19:46:57 ids snort[16083]: IDS277 - NAMED Iquery Probe: 206.77.188.15:3243 -> 172.16.1.107:53
Nov 23 19:46:57 ids snort[16083]: IDS278 - SCAN -named Version probe: 206.77.188.15:3243 -> 172.16.1.107:53
Nov 23 20:34:09 ids snort[16083]: spp_portscan: portscan status from 206.77.188.15: 10 connections across 8 hosts: TCP(9), UDP(1) STEALTH
Nov 23 20:34:24 ids snort[16083]: spp_portscan: End of portscan from 206.77.188.15: TOTAL time(1s) hosts(8) TCP(9) UDP(1) STEALTH
Nov 24 07:34:14 ids snort[16609]: spp_portscan: PORTSCAN DETECTED from 217.5.83.235 (THRESHOLD 5 connections exceeded in 6 seconds)
Nov 24 07:34:29 ids snort[16609]: spp_portscan: portscan status from 217.5.83.235: 8 connections across 8 hosts: TCP(8), UDP(0)
Nov 24 08:04:16 ids snort[16609]: spp_portscan: portscan status from 217.5.83.235: 4 connections across 4 hosts: TCP(4), UDP(0)
Nov 24 08:04:32 ids snort[16609]: spp_portscan: End of portscan from 217.5.83.235: TOTAL time(30s) hosts(11) TCP(12) UDP(0)
Nov 24 09:51:56 ids snort[16609]: spp_portscan: PORTSCAN DETECTED from 64.45.218.3 (THRESHOLD 5 connections exceeded in 0 seconds)
Nov 24 12:52:29 ids snort[16609]: spp_portscan: portscan status from 64.45.218.3: 8 connections across 8 hosts: TCP(8), UDP(0)
Nov 24 12:52:45 ids snort[16609]: spp_portscan: End of portscan from 64.45.218.3: TOTAL time(9s) hosts(8) TCP(8) UDP(0)
Nov 25 09:01:12 ids snort[17159]: MISC-WinGate-1080-Attempt: 24.42.178.243:4881 -> 172.16.1.101:1080
Nov 25 09:01:12 ids snort[17159]: MISC-WinGate-1080-Attempt: 24.42.178.243:4882 -> 172.16.1.102:1080
Nov 25 09:01:12 ids snort[17159]: MISC-WinGate-1080-Attempt: 24.42.178.243:4883 -> 172.16.1.103:1080
Nov 25 09:01:12 ids snort[17159]: MISC-WinGate-1080-Attempt: 24.42.178.243:4884 -> 172.16.1.104:1080
Nov 25 09:01:12 ids snort[17159]: MISC-WinGate-1080-Attempt: 24.42.178.243:4885 -> 172.16.1.105:1080
Nov 25 09:01:12 ids snort[17159]: spp_portscan: PORTSCAN DETECTED from 24.42.178.243 (THRESHOLD 5 connections exceeded in 0 seconds)
Nov 25 09:01:12 ids snort[17159]: MISC-WinGate-1080-Attempt: 24.42.178.243:4886 -> 172.16.1.106:1080
Nov 25 09:01:12 ids snort[17159]: MISC-WinGate-1080-Attempt: 24.42.178.243:4887 -> 172.16.1.107:1080
Nov 25 09:01:12 ids snort[17159]: MISC-WinGate-1080-Attempt: 24.42.178.243:4888 -> 172.16.1.108:1080
Nov 25 09:01:13 ids snort[17159]: MISC-WinGate-1080-Attempt: 24.42.178.243:4881 -> 172.16.1.101:1080
Nov 25 09:01:13 ids snort[17159]: MISC-WinGate-1080-Attempt: 24.42.178.243:4887 -> 172.16.1.107:1080
Nov 25 09:01:13 ids snort[17159]: MISC-WinGate-1080-Attempt: 24.42.178.243:4881 -> 172.16.1.101:1080
Nov 25 09:01:13 ids snort[17159]: MISC-WinGate-1080-Attempt: 24.42.178.243:4887 -> 172.16.1.107:1080
Nov 25 09:01:14 ids snort[17159]: MISC-WinGate-1080-Attempt: 24.42.178.243:4881 -> 172.16.1.101:1080
Nov 25 09:01:14 ids snort[17159]: MISC-WinGate-1080-Attempt: 24.42.178.243:4887 -> 172.16.1.107:1080
Nov 25 09:01:15 ids snort[17159]: MISC-WinGate-1080-Attempt: 24.42.178.243:4882 -> 172.16.1.102:1080
Nov 25 09:01:15 ids snort[17159]: MISC-WinGate-1080-Attempt: 24.42.178.243:4883 -> 172.16.1.103:1080
Nov 25 09:01:15 ids snort[17159]: MISC-WinGate-1080-Attempt: 24.42.178.243:4884 -> 172.16.1.104:1080
Nov 25 09:01:15 ids snort[17159]: MISC-WinGate-1080-Attempt: 24.42.178.243:4885 -> 172.16.1.105:1080
Nov 25 09:01:15 ids snort[17159]: MISC-WinGate-1080-Attempt: 24.42.178.243:4888 -> 172.16.1.108:1080
Nov 25 09:06:19 ids snort[17159]: spp_portscan: portscan status from 24.42.178.243: 8 connections across 8 hosts: TCP(8), UDP(0)
Nov 25 09:06:53 ids snort[17159]: spp_portscan: End of portscan from 24.42.178.243: TOTAL time(3s) hosts(8) TCP(8) UDP(0)
Nov 25 12:13:19 ids snort[17159]: spp_portscan: PORTSCAN DETECTED from 152.2.48.83 (THRESHOLD 5 connections exceeded in 0 seconds)
Nov 25 12:34:45 ids snort[17159]: spp_portscan: portscan status from 152.2.48.83: 8 connections across 8 hosts: TCP(8), UDP(0)
Nov 25 12:35:02 ids snort[17159]: spp_portscan: End of portscan from 152.2.48.83: TOTAL time(0s) hosts(8) TCP(8) UDP(0)
Nov 25 21:25:26 ids snort[17159]: spp_portscan: PORTSCAN DETECTED from 172.155.157.149 (THRESHOLD 5 connections exceeded in 0 seconds)
Nov 25 21:31:17 ids snort[17159]: spp_portscan: portscan status from 172.155.157.149: 7 connections across 7 hosts: TCP(7), UDP(0)
Nov 25 21:31:34 ids snort[17159]: spp_portscan: End of portscan from 172.155.157.149: TOTAL time(0s) hosts(7) TCP(7) UDP(0)
Nov 26 07:35:34 ids snort[17488]: spp_portscan: PORTSCAN DETECTED from 128.84.246.7 (THRESHOLD 5 connections exceeded in 0 seconds)
Nov 26 07:41:13 ids snort[17488]: spp_portscan: portscan status from 128.84.246.7: 9 connections across 8 hosts: TCP(9), UDP(0)
Nov 26 07:41:13 ids snort[17488]: IDS8 - TELNET - daemon-active: 172.16.1.101:23 -> 128.84.246.7:3913
Nov 26 09:00:02 ids snort[17488]: spp_portscan: End of portscan from 128.84.246.7: TOTAL time(339s) hosts(8) TCP(9) UDP(0)
Nov 26 19:51:53 ids snort[17488]: spp_portscan: PORTSCAN DETECTED from 208.185.167.115 (THRESHOLD 5 connections exceeded in 4 seconds)
Nov 26 20:49:24 ids snort[17488]: spp_portscan: portscan status from 208.185.167.115: 8 connections across 8 hosts: TCP(8), UDP(0)
Nov 26 21:15:10 ids snort[17488]: spp_portscan: portscan status from 208.185.167.115: 1 connections across 1 hosts: TCP(1), UDP(0)
Nov 26 21:35:31 ids snort[17488]: spp_portscan: portscan status from 208.185.167.115: 7 connections across 7 hosts: TCP(7), UDP(0)
Nov 26 21:35:47 ids snort[17488]: spp_portscan: End of portscan from 208.185.167.115: TOTAL time(5001s) hosts(14) TCP(16) UDP(0)
Nov 28 01:21:50 ids snort[17917]: spp_portscan: PORTSCAN DETECTED from 63.165.207.14 (THRESHOLD 5 connections exceeded in 3 seconds)
Nov 28 01:22:07 ids snort[17917]: spp_portscan: portscan status from 63.165.207.14: 8 connections across 8 hosts: TCP(8), UDP(0)
Nov 28 01:22:23 ids snort[17917]: spp_portscan: End of portscan from 63.165.207.14: TOTAL time(3s) hosts(8) TCP(8) UDP(0)
Nov 29 11:13:29 ids snort[18432]: spp_portscan: PORTSCAN DETECTED from 12.24.136.201 (STEALTH)
Nov 29 11:13:29 ids snort[18432]: SCAN-SYN FIN: 12.24.136.201:511 -> 172.16.1.101:511
Nov 29 11:13:29 ids snort[18432]: SCAN-SYN FIN: 12.24.136.201:511 -> 172.16.1.102:511
Nov 29 11:13:29 ids snort[18432]: SCAN-SYN FIN: 12.24.136.201:511 -> 172.16.1.103:511
Nov 29 11:13:29 ids snort[18432]: SCAN-SYN FIN: 12.24.136.201:511 -> 172.16.1.104:511
Nov 29 11:13:29 ids snort[18432]: SCAN-SYN FIN: 12.24.136.201:511 -> 172.16.1.105:511
Nov 29 11:13:29 ids snort[18432]: SCAN-SYN FIN: 12.24.136.201:511 -> 172.16.1.106:511
Nov 29 11:13:29 ids snort[18432]: SCAN-SYN FIN: 12.24.136.201:511 -> 172.16.1.107:511
Nov 29 11:13:29 ids snort[18432]: SCAN-SYN FIN: 12.24.136.201:511 -> 172.16.1.108:511
Nov 29 11:14:24 ids snort[18432]: spp_portscan: portscan status from 12.24.136.201: 8 connections across 8 hosts: TCP(8), UDP(0) STEALTH
Nov 29 11:14:42 ids snort[18432]: spp_portscan: End of portscan from 12.24.136.201: TOTAL time(0s) hosts(8) TCP(8) UDP(0) STEALTH
Nov 29 15:04:04 ids snort[18432]: spp_portscan: PORTSCAN DETECTED from 213.56.229.206 (THRESHOLD 5 connections exceeded in 1 seconds)
Nov 29 16:09:50 ids snort[18432]: spp_portscan: portscan status from 213.56.229.206: 8 connections across 8 hosts: TCP(8), UDP(0)
Nov 29 16:10:07 ids snort[18432]: spp_portscan: End of portscan from 213.56.229.206: TOTAL time(4s) hosts(8) TCP(8) UDP(0)
Nov 30 04:58:53 ids snort[18951]: spp_portscan: PORTSCAN DETECTED from 144.132.223.204 (THRESHOLD 5 connections exceeded in 7 seconds)
Nov 30 04:59:12 ids snort[18951]: spp_portscan: portscan status from 144.132.223.204: 8 connections across 8 hosts: TCP(8), UDP(0)
Nov 30 06:45:46 ids snort[18951]: spp_portscan: portscan status from 144.132.223.204: 2 connections across 2 hosts: TCP(2), UDP(0)
Nov 30 09:36:09 ids snort[18951]: spp_portscan: End of portscan from 144.132.223.204: TOTAL time(29s) hosts(9) TCP(10) UDP(0)
Nov 30 09:36:09 ids snort[18951]: spp_portscan: PORTSCAN DETECTED from 149.225.118.255 (THRESHOLD 5 connections exceeded in 0 seconds)
Nov 30 09:37:19 ids snort[18951]: spp_portscan: portscan status from 149.225.118.255: 8 connections across 8 hosts: TCP(8), UDP(0)
Nov 30 09:37:36 ids snort[18951]: spp_portscan: End of portscan from 149.225.118.255: TOTAL time(3s) hosts(8) TCP(8) UDP(0)
Nov 30 15:42:39 ids snort[18951]: spp_portscan: PORTSCAN DETECTED from 216.78.181.149 (THRESHOLD 5 connections exceeded in 0 seconds)
Nov 30 17:00:01 ids snort[18951]: spp_portscan: portscan status from 216.78.181.149: 8 connections across 8 hosts: TCP(8), UDP(0)
Nov 30 17:00:19 ids snort[18951]: spp_portscan: End of portscan from 216.78.181.149: TOTAL time(1s) hosts(8) TCP(8) UDP(0)
Nov 30 20:43:01 ids snort[18951]: spp_portscan: PORTSCAN DETECTED from 141.223.222.143 (THRESHOLD 5 connections exceeded in 2 seconds)
Nov 30 21:55:43 ids snort[18951]: spp_portscan: portscan status from 141.223.222.143: 8 connections across 8 hosts: TCP(8), UDP(0)
Nov 30 21:55:44 ids snort[18951]: IDS287 - FTP - Wuftp260 venglin linux: 141.223.222.143:4761 -> 172.16.1.104:21
Nov 30 21:55:47 ids snort[18951]: IDS317 - FTP-site-exec: 141.223.222.143:4761 -> 172.16.1.104:21
Nov 30 22:00:32 ids snort[18951]: spp_portscan: End of portscan from 141.223.222.143: TOTAL time(4365s) hosts(8) TCP(8) UDP(0)
Nov 30 22:30:56 ids snort[18951]: IDS8 - TELNET - daemon-active: 172.16.1.103:23 -> 207.239.115.11:1947