Snort mailing list archives
Snort + Guardian + Acid dont run
From: "Franco Catena" <facatena () surson com br>
Date: Wed, 9 Jun 2004 08:19:33 -0300
HI, Good my problem is the following: Use CL9 and I got to install the snort 1.9 + acid+guardian... Snort detects my sweepings in the nmap and it places them in Alert and in Portscan.log as I read at a forum. (preprocessor portscan: $EXTERNAL_NET 4 3 PORTSCAN.LOG AND PREPROCESSOR PORTSCAN-IGNOREHOSTS: 200.122.34.55) the case is that the attack attempts are on file. The fact is that they don't appear in the acid and therefore in MYSQL. ME already of mysql -h localhost -u snort -p and everything certain. What appears me in the healthy acid: [snortDB] (spp_stream4) NMAP FINGERPRINT (stateful) detection unclassified 5 (31%) 1 1 1 2004-06-07 02:36:45 2004-06-07 19:11:49 [snortDB] (spp_stream4) STEALTH ACTIVITY (XMAS scan) detection unclassified 6 (38%) 1 1 1 2004-06-07 02:36:45 2004-06-07 19:11:52 [snortDB] (spp_stream4) STEALTH ACTIVITY (NULL scan) detection unclassified 5 (31%) 1 1 1 2004-06-07 02:36:47 2004-06-07 19:11:52 Proceeding, I installed the guardian 1.7 and he see the file porscan.log but it doesn't take any attitude. Odd.. source = 200.122.34.132, dest = 200.122.34.55. No action done. Odd.. source = 200.122.34.132, dest = 200.122.34.55. No action done. Odd.. source = 200.122.34.132, dest = 200.122.34.55. No action done. Odd.. source = 200.122.34.132, dest = 200.122.34.55. No action done. Odd.. source = 200.122.34.132, dest = 200.122.34.55. No action done. Odd.. source = 200.122.34.132, dest = 200.122.34.55. No action done. Odd.. source = 200.122.34.132, dest = 200.122.34.55. No action done. Odd.. source = 200.122.34.132, dest = 200.122.34.55. No action done. Odd.. source = 200.122.34.132, dest = 200.122.34.55. No action done. Odd.. source = 200.122.34.132, dest = 200.122.34.55. No action done. config: # The machines IP address that is visable to the internet # If this is left undefined, then guardian will attempt to get the information # from ifconfig, as long as it has an interface to use. This would be useful # for people on ppp links, or dhcp machines, or if you are lazy :) HostIpAddr 200.122.34.55 # Here we define the interface which we will use to guess the IP address, and # block incoming offending packets. This is the only option that is required # for guardian to run. If the rest are undefined, guardian will use the default. Interface eth0 # The last octet of the ip address, which gives us the gateway address. HostGatewayByte 1 # Guardian's log file LogFile /var/log/guardian/guardian.log # Snort's alert file. This can be the snort.alert file, or a syslog file # There might be some snort alerts that get logged to syslog which guardian # might not see.. AlertFile /var/log/snort/alert # The list of ip addresses to ignore IgnoreFile /etc/guardian.ignore # This is a list of IP addresses on the current host, in case there is more # than one. If this file doesn't exist, then it will assume you want to run # with the default setup (machine's ip address, and broadcast/network). TargetFile /etc/guardian.target # The time in seconds to keep a host blocked. If undefined, it defaults to # 99999999, which basicly disables the feature. TimeLimit 86400 #-------------------------------------------------- # http://www.snort.org Snort 1.9.1 Ruleset # Contact: snort-sigs () lists sourceforge net #-------------------------------------------------- # NOTE:This ruleset only works for 1.9.1 and later #-------------------------------------------------- # $Id: snort.conf,v 1.110.2.4 2002/11/17 04:40:07 cazz Exp $ # ################################################### # This file contains a sample snort configuration. # You can take the following steps to create your # own custom configuration: # # 1) Set the network variables for your network # 2) Configure preprocessors # 3) Configure output plugins # 4) Customize your rule set # ################################################### # Step #1: Set the network variables: # # You must change the following variables to reflect # your local network. The variable is currently # setup for an RFC 1918 address space. # # You can specify it explicitly as: # # var HOME_NET 10.1.1.0/24 # # or use global variable $<interfacename>_ADDRESS # which will be always initialized to IP address and # netmask of the network interface which you run # snort at. # # var HOME_NET $eth0_ADDRESS # # You can specify lists of IP addresses for HOME_NET # by separating the IPs with commas like this: # # var HOME_NET [10.1.1.0/24,192.168.1.0/24] # # MAKE SURE YOU DON'T PLACE ANY SPACES IN YOUR LIST! # # or you can specify the variable to be any IP address # like this: var HOME_NET [192.168.100.0/24,127.0.0.1] # Set up the external network addresses as well. # A good start may be "any" var EXTERNAL_NET 200.122.34.55 # Configure your server lists. This allows snort to only look for attacks # to systems that have a service up. Why look for HTTP attacks if you are # not running a web server? This allows quick filtering based on IP addresses # These configurations MUST follow the same configuration scheme as defined # above for $HOME_NET. # List of DNS servers on your network var DNS_SERVERS $HOME_NET # List of SMTP servers on your network var SMTP_SERVERS $HOME_NET # List of web servers on your network var HTTP_SERVERS $HOME_NET # List of sql servers on your network var SQL_SERVERS $HOME_NET # List of telnet servers on your network var TELNET_SERVERS $HOME_NET # Configure your service ports. This allows snort to look for attacks # destined to a specific application only on the ports that application # runs on. For example, if you run a web server on port 8081, set your # HTTP_PORTS variable like this: # # var HTTP_PORTS 8081 # # Port lists must either be continuous [eg 80:8080], or a single port [eg 80]. # We will adding support for a real list of ports in the future. # Ports you run web servers on var HTTP_PORTS 80 # Ports you want to look for SHELLCODE on. var SHELLCODE_PORTS !80 # Ports you do oracle attacks on var ORACLE_PORTS 1521 # other variables # # AIM servers. AOL has a habit of adding new AIM servers, so instead of # modifying the signatures when they do, we add them to this list of # servers. var AIM_SERVERS [64.12.24.0/24,64.12.25.0/24,64.12.26.14/24,64.12.28.0/24,64.12.29.0/24, 64.12.161.0/24,64.12.163.0/24,205.188.5.0/24,205.188.9.0/24] # Path to your rules files (this can be a relative path) var RULE_PATH /etc/snort/rules ################################################### # Step #2: Configure preprocessors # # General configuration for preprocessors is of # the form # preprocessor <name_of_processor>: <configuration_options> # frag2: IP defragmentation support # ------------------------------- # This preprocessor performs IP defragmentation. This plugin will also detect # people launching fragmentation attacks (usually DoS) against hosts. No # arguments loads the default configuration of the preprocessor, which is a # 60 second timeout and a 4MB fragment buffer. # The following (comma delimited) options are available for frag2 # timeout [seconds] - sets the number of [seconds] than an unfinished # fragment will be kept around waiting for completion, # if this time expires the fragment will be flushed # memcap [bytes] - limit frag2 memory usage to [number] bytes # (default: 4194304) # # min_ttl [number] - minimum ttl to accept # # ttl_limit [number] - difference of ttl to accept without alerting # will cause false positves with router flap # # Frag2 uses Generator ID 113 and uses the following SIDS # for that GID: # SID Event description # ----- ------------------- # 1 Oversized fragment (reassembled frag > 64k bytes) # 2 Teardrop-type attack preprocessor frag2 # stream4: stateful inspection/stream reassembly for Snort #---------------------------------------------------------------------- # Use in concert with the -z [all|est] command line switch to defeat # stick/snot against TCP rules. Also performs full TCP stream # reassembly, stateful inspection of TCP streams, etc. Can statefully # detect various portscan types, fingerprinting, ECN, etc. # stateful inspection directive # no arguments loads the defaults (timeout 30, memcap 8388608) # options (options are comma delimited): # detect_scans - stream4 will detect stealth portscans and generate alerts # when it sees them when this option is set # detect_state_problems - detect TCP state problems, this tends to be very # noisy because there are a lot of crappy ip stack # implementations out there # # disable_evasion_alerts - turn off the possibly noisy mitigation of # overlapping sequences. # # min_ttl - this option has been moved to config min_ttl: <int> # # ttl_limit [number] - differential of the initial ttl on a session versus # the normal that someone may be playing games. # Routing flap may cause lots of false positives. # # keepstats [machine|binary] - keep session statistics, add "machine" to # get them in a flat format for machine reading, add # "binary" to get them in a unified binary output # format # noinspect - turn off stateful inspection only # timeout [number] - set the session timeout counter to [number] seconds, # default is 30 seconds # memcap [number] - limit stream4 memory usage to [number] bytes # log_flushed_streams - if an event is detected on a stream this option will # cause all packets that are stored in the stream4 # packet buffers to be flushed to disk. This only # works when logging in pcap mode! # # Stream4 uses Generator ID 111 and uses the following SIDS # for that GID: # SID Event description # ----- ------------------- # 1 Stealth activity # 2 Evasive RST packet # 3 Evasive TCP packet retransmission # 4 TCP Window violation # 5 Data on SYN packet # 6 Stealth scan: full XMAS # 7 Stealth scan: SYN-ACK-PSH-URG # 8 Stealth scan: FIN scan # 9 Stealth scan: NULL scan # 10 Stealth scan: NMAP XMAS scan # 11 Stealth scan: Vecna scan # 12 Stealth scan: NMAP fingerprint scan stateful detect # 13 Stealth scan: SYN-FIN scan # 14 TCP forward overlap preprocessor stream4: detect_scans, disable_evasion_alerts # tcp stream reassembly directive # no arguments loads the default configuration # Only reassemble the client, # Only reassemble the default list of ports (See below), # Give alerts for "bad" streams # # Available options (comma delimited): # clientonly - reassemble traffic for the client side of a connection only # serveronly - reassemble traffic for the server side of a connection only # both - reassemble both sides of a session # noalerts - turn off alerts from the stream reassembly stage of stream4 # ports [list] - use the space separated list of ports in [list], "all" # will turn on reassembly for all ports, "default" will turn # on reassembly for ports 21, 23, 25, 53, 80, 143, 110, 111 # and 513 preprocessor stream4_reassemble # http_decode: normalize HTTP requests # ------------------------------------ # http_decode normalizes HTTP requests from remote # machines by converting any %XX character # substitutions to their ASCII equivalent. This is # very useful for doing things like defeating hostile # attackers trying to stealth themselves from IDSs by # mixing these substitutions in with the request. # Specify the port numbers you want it to analyze as arguments. # # Major code cleanups thanks to rfp # # unicode - normalize unicode # iis_alt_unicode - %u encoding from iis # double_encode - alert on possible double encodings # iis_flip_slash - normalize \ as / # full_whitespace - treat \t as whitespace ( for apache ) # # for that GID: # SID Event description # ----- ------------------- # 1 UNICODE attack # 2 NULL byte attack preprocessor http_decode: 80 unicode iis_alt_unicode double_encode iis_flip_slash full_whitespace # rpc_decode: normalize RPC traffic # --------------------------------- # RPC may be sent in alternate encodings besides the usual # 4-byte encoding that is used by default. This preprocessor # normalized RPC traffic in much the same way as the http_decode # preprocessor. This plugin takes the ports numbers that RPC # services are running on as arguments. # The RPC decode preprocessor uses generator ID 106 # # arguments: space separated list # alert_fragments - alert on any rpc fragmented TCP data # no_alert_multiple_requests - don't alert when >1 rpc query is in a packet # no_alert_large_fragments - don't alert when the fragmented # sizes exceed the current packet size # no_alert_incomplete - don't alert when a single segment # exceeds the current packet size preprocessor rpc_decode: 111 32771 # bo: Back Orifice detector # ------------------------- # Detects Back Orifice traffic on the network. This preprocessor # uses the Back Orifice "encryption" algorithm to search for # traffic conforming to the Back Orifice protocol (not BO2K). # This preprocessor can take two arguments. The first is "-nobrute" # which turns off the plugin's brute forcing routine (brute forces # the key space of the protocol to find BO traffic). The second # argument that can be passed to the routine is a number to use # as the default key when trying to decrypt the traffic. The # default value is 31337 (just like BO). Be aware that turning on # the brute forcing option runs the risk of impacting the overall # performance of Snort, you've been warned... # # The Back Orifice detector uses Generator ID 105 and uses the # following SIDS for that GID: # SID Event description # ----- ------------------- # 1 Back Orifice traffic detected preprocessor bo: -nobrute # telnet_decode: Telnet negotiation string normalizer # --------------------------------------------------- # This preprocessor "normalizes" telnet negotiation strings from # telnet and ftp traffic. It works in much the same way as the # http_decode preprocessor, searching for traffic that breaks up # the normal data stream of a protocol and replacing it with # a normalized representation of that traffic so that the "content" # pattern matching keyword can work without requiring modifications. # This preprocessor requires no arguments. # Portscan uses Generator ID 109 and does not generate any SID currently. preprocessor telnet_decode # Portscan: detect a variety of portscans # --------------------------------------- # portscan preprocessor by Patrick Mullen <p_mullen () linuxrc net> # This preprocessor detects UDP packets or TCP SYN packets going to # four different ports in less than three seconds. "Stealth" TCP # packets are always detected, regardless of these settings. # Portscan uses Generator ID 100 and uses the following SIDS for that GID: # SID Event description # ----- ------------------- # 1 Portscan detect # 2 Inter-scan info # 3 Portscan End preprocessor portscan: $EXTERNAL_NET 4 3 portscan.log # Use portscan-ignorehosts to ignore TCP SYN and UDP "scans" from # specific networks or hosts to reduce false alerts. It is typical # to see many false alerts from DNS servers so you may want to # add your DNS servers here. You can all multiple hosts/networks # in a whitespace-delimited list. # preprocessor portscan-ignorehosts: 200.122.34.55 # arpspoof #---------------------------------------- # Experimental ARP detection code from Jeff Nathan, detects ARP attacks, # unicast ARP requests, and specific ARP mapping monitoring. To make use # of this preprocessor you must specify the IP and hardware address of hosts on # the same layer 2 segment as you. Specify one host IP MAC combo per line. # Also takes a "-unicast" option to turn on unicast ARP request detection. # Arpspoof uses Generator ID 112 and uses the following SIDS for that GID: # SID Event description # ----- ------------------- # 1 Unicast ARP request # 2 Etherframe ARP mismatch (src) # 3 Etherframe ARP mismatch (dst) # 4 ARP cache overwrite attack #preprocessor arpspoof #preprocessor arpspoof_detect_host: 192.168.40.1 f0:0f:00:f0:0f:00 # ASN1 Decode #----------------------------------------- # This is an experimental preprocessor. ASN.1 decoder and analysis plugin # from Andrew R. Baker. This preprocessor will detect abuses of the ASN.1 # protocol that higher level protocols (like SSL, SNMP, x.509, etc) rely on. # The ASN.1 decoder uses Generator ID 115 and uses the following SIDs for # that GID: # SID Event description # ----- ------------------- # 1 Indefinite length # 2 Invalid length # 3 Oversized item # 4 ASN.1 specification violation # 5 Dataum bad length # preprocessor asn1_decode # Fnord #----------------------------------------- # This is an experimental preprocessor. Polymorphic shellcode analyzer and # detector by Dragos Ruiu. This preprocessor will watch traffic for # polymorphic NOP-type sleds to defeat tools like ADMutate. The Fnord detector # uses Generator ID 114 and the following SIDs: # SID Event description # ----- ------------------- # 1 NOP-sled detected # preprocessor fnord # Conversation #------------------------------------------ # This preprocessor tracks conversations for tcp, udp and icmp traffic. It # is a prerequisite for running portscan2. # # allowed_ip_protcols 1 6 17 # list of allowed ip protcols ( defaults to any ) # # timeout [num] # conversation timeout ( defaults to 60 ) # # # max_conversations [num] # number of conversations to support at once (defaults to 65335) # # # alert_odd_protocols # alert on protocols not listed in allowed_ip_protocols preprocessor conversation: allowed_ip_protocols all, timeout 60, max_conversations 32000 # Portscan2 #------------------------------------------- # Portscan 2, detect portscans in a new and exciting way. # # Available options: # scanners_max [num] # targets_max [num] # target_limit [num] # port_limit [num] # timeout [num] # log [logdir] # preprocessor portscan2: scanners_max 3200, targets_max 5000, target_limit 5, port_limit 20, timeout 60 # Experimental Perf stats # ----------------------- # No docs. Highly subject to change. # # preprocessor perfmonitor: console flow events time 10 #################################################################### # Step #3: Configure output plugins # # Uncomment and configure the output plugins you decide to use. # General configuration for output plugins is of the form: # # output <name_of_plugin>: <configuration_options> # # alert_syslog: log alerts to syslog # ---------------------------------- # Use one or more syslog facilities as arguments # # output alert_syslog: LOG_AUTH LOG_ALERT # log_tcpdump: log packets in binary tcpdump format # ------------------------------------------------- # The only argument is the output file name. # # output log_tcpdump: tcpdump.log # database: log to a variety of databases # --------------------------------------- # See the README.database file for more information about configuring # and using this plugin. # output database: log, mysql, user=snort password=joaquisouza dbname=snort host=localhost output database: alert, postgresql, user=snort dbname=snort # output database: log, unixodbc, user=snort dbname=snort # output database: log, mssql, dbname=snort user=snort password=test # xml: xml logging # ---------------- # See the README.xml file for more information about configuring # and using this plugin. # # output xml: log, file=/var/log/snortxml # unified: Snort unified binary format alerting and logging # ------------------------------------------------------------- # The unified output plugin provides two new formats for logging # and generating alerts from Snort, the "unified" format. The # unified format is a straight binary format for logging data # out of Snort that is designed to be fast and efficient. Used # with barnyard (the new alert/log processor), most of the overhead # for logging and alerting to various slow storage mechanisms # such as databases or the network can now be avoided. # # Check out the spo_unified.h file for the data formats. # # Two arguments are supported. # filename - base filename to write to (current time_t is appended) # limit - maximum size of spool file in MB (default: 128) # # output alert_unified: filename snort.alert, limit 128 # output log_unified: filename snort.log, limit 128 # trap_snmp: SNMP alerting for Snort # ------------------------------------------------------------- # Read the README.SNMP file for more information on enabling and using this # plug-in. # # #The trap_snmp plugin accepts the following notification options # [c],[p[m|s]] # where, # c : Generate compact notifications. (Saves on bandwidth by # not reporting MOs for which values are unknown, not # available or, not applicable). By default this option is reset. # p : Generate a print of the invariant part of the offending packet. # This can be used to track the packet across the Internet. # By default this option is reset. # m : Use the MD5 algorithm to generate the packet print. # By default this algorithm is used. # s : Use the SHA1 algorithm to generate the packet print. # # The trap_snmp plugin requires several parameters # The parameters depend on the SNMP version that is used (specified) # For the SNMPv2c case the parameters will be as follows # alert, <sensorID>, [NotificationOptions] , {trap|inform} # -v <SnmpVersion> [-p <portNumber>] -c <community> <hostName> # # For SNMPv2c traps to the standard snmpTrap port# 162 with # MD5-digest based packetPrint generation # # output trap_snmp: alert, 7, cpm, trap -v 2c -c myCommunity myTrapListener # # For SNMPv2c informs with the 'compact' notification option to port 999 # # output trap_snmp: alert, 7, c, inform -v 2c -p 999 -c myCommunity myTrapListener # # # For SNMPv3 traps with # security name = snortUser # security level = authentication and privacy # authentication parameters : # authentication protocol = SHA , # authentication pass phrase = SnortAuthPassword # privacy (encryption) parameters # privacy protocol = DES, # privacy pass phrase = SnortPrivPassword # #output trap_snmp: alert, 7, trap -v 3 -u snortUser -l authPriv -a SHA -A SnortAuthPassword -x DES -X SnortPrivPassword myTrapListener #For SNMPv3 informs with authentication and encryption to myTrapListener #on port 999 #output trap_snmp: alert, 7, inform -v 3 -p 999 -u snortUser -l authPriv -a SHA -A SnortAuthPassword -x DES -X SnortPrivPassword myTrapListener # You can optionally define new rule types and associate one or # more output plugins specifically to that type. # # This example will create a type that will log to just tcpdump. # ruletype suspicious # { # type log # output log_tcpdump: suspicious.log # } # # EXAMPLE RULE FOR SUSPICIOUS RULETYPE: # suspicious $HOME_NET any -> $HOME_NET 6667 (msg:"Internal IRC Server";) # # This example will create a rule type that will log to syslog # and a mysql database. # ruletype redalert # { # type alert # output alert_syslog: LOG_AUTH LOG_ALERT # output database: log, mysql, user=snort dbname=snort host=localhost # } # # EXAMPLE RULE FOR REDALERT RULETYPE # redalert $HOME_NET any -> $EXTERNAL_NET 31337 (msg:"Someone is being LEET"; \ # flags:A+;) # # Include classification & priority settings # include classification.config # # Include reference systems # include reference.config #################################################################### # Step #4: Customize your rule set # # Up to date snort rules are available at http://www.snort.org # # The snort web site has documentation about how to write your own # custom snort rules. # # The rules included with this distribution generate alerts based on # on suspicious activity. Depending on your network environment, your # security policies, and what you consider to be suspicious, some of # these rules may either generate false positives ore may be detecting # activity you consider to be acceptable; therefore, you are # encouraged to comment out rules that are not applicable in your # environment. # # Note that using all of the rules at the same time may lead to # serious packet loss on slower machines. YMMV, use with caution, # standard disclaimers apply. :) # # The following individuals contributed many of rules in this # distribution. # # Credits: # Ron Gula <rgula () securitywizards com> of Network Security Wizards # Max Vision <vision () whitehats com> # Martin Markgraf <martin () mail du gtn com> # Fyodor Yarochkin <fygrave () tigerteam net> # Nick Rogness <nick () rapidnet com> # Jim Forster <jforster () rapidnet com> # Scott McIntyre <scott () whoi edu> # Tom Vandepoel <Tom.Vandepoel () ubizen com> # Brian Caswell <bmc () snort org> # Zeno <admin () cgisecurity com> # Ryan Russell <ryan () securityfocus com> # #========================================= # Include all relevant rulesets here # # shellcode, policy, info, backdoor, and virus rulesets are # disabled by default. These require tuning and maintance. # Please read the included specific file for more information. #========================================= include $RULE_PATH/bad-traffic.rules include $RULE_PATH/exploit.rules include $RULE_PATH/scan.rules include $RULE_PATH/finger.rules include $RULE_PATH/ftp.rules include $RULE_PATH/telnet.rules include $RULE_PATH/rpc.rules include $RULE_PATH/rservices.rules include $RULE_PATH/dos.rules include $RULE_PATH/ddos.rules include $RULE_PATH/dns.rules include $RULE_PATH/tftp.rules include $RULE_PATH/web-cgi.rules include $RULE_PATH/web-coldfusion.rules include $RULE_PATH/web-iis.rules include $RULE_PATH/web-frontpage.rules include $RULE_PATH/web-misc.rules include $RULE_PATH/web-client.rules include $RULE_PATH/web-php.rules include $RULE_PATH/sql.rules include $RULE_PATH/x11.rules include $RULE_PATH/icmp.rules include $RULE_PATH/netbios.rules include $RULE_PATH/misc.rules include $RULE_PATH/attack-responses.rules include $RULE_PATH/oracle.rules include $RULE_PATH/mysql.rules include $RULE_PATH/snmp.rules include $RULE_PATH/smtp.rules include $RULE_PATH/imap.rules include $RULE_PATH/pop3.rules include $RULE_PATH/pop2.rules include $RULE_PATH/nntp.rules include $RULE_PATH/other-ids.rules include $RULE_PATH/web-attacks.rules include $RULE_PATH/backdoor.rules include $RULE_PATH/shellcode.rules include $RULE_PATH/policy.rules include $RULE_PATH/porn.rules include $RULE_PATH/info.rules include $RULE_PATH/icmp-info.rules include $RULE_PATH/virus.rules include $RULE_PATH/chat.rules include $RULE_PATH/multimedia.rules include $RULE_PATH/p2p.rules include $RULE_PATH/experimental.rules include $RULE_PATH/local.rules [**] [1:729:3] Virus - Possible scr Worm [**] [Classification: Misc activity] [Priority: 3] 06/06-11:03:12.272287 200.230.22.5:110 -> 200.122.34.55:14387 TCP TTL:119 TOS:0x0 ID:52057 IpLen:20 DgmLen:411 DF ***AP*** Seq: 0xD159CF99 Ack: 0xD3F3D993 Win: 0xFC05 TcpLen: 20 [**] [100:1:1] spp_portscan: PORTSCAN DETECTED from 200.122.34.132 (THRESHOLD 4 connections exceeded in 0 seconds) [**] 06/07-02:17:53.414748 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 40 connections across 1 hosts: TCP(40), UDP(0) [**] 06/07-02:17:56.111341 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 38 connections across 1 hosts: TCP(38), UDP(0) [**] 06/07-02:18:00.008500 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 70 connections across 1 hosts: TCP(70), UDP(0) [**] 06/07-02:18:04.170192 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 69 connections across 1 hosts: TCP(69), UDP(0) [**] 06/07-02:18:08.008897 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 70 connections across 1 hosts: TCP(70), UDP(0) [**] 06/07-02:18:12.194667 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 66 connections across 1 hosts: TCP(66), UDP(0) [**] 06/07-02:18:16.012419 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 75 connections across 1 hosts: TCP(75), UDP(0) [**] 06/07-02:18:20.171640 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 75 connections across 1 hosts: TCP(75), UDP(0) [**] 06/07-02:18:24.062879 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 76 connections across 1 hosts: TCP(76), UDP(0) [**] 06/07-02:18:28.224130 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 68 connections across 1 hosts: TCP(68), UDP(0) [**] 06/07-02:18:32.063113 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 72 connections across 1 hosts: TCP(72), UDP(0) [**] 06/07-02:18:36.124981 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 78 connections across 1 hosts: TCP(78), UDP(0) [**] 06/07-02:18:40.010413 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 83 connections across 1 hosts: TCP(83), UDP(0) [**] 06/07-02:18:44.124928 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 82 connections across 1 hosts: TCP(82), UDP(0) [**] 06/07-02:18:48.006406 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 83 connections across 1 hosts: TCP(83), UDP(0) [**] 06/07-02:18:52.124844 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 79 connections across 1 hosts: TCP(79), UDP(0) [**] 06/07-02:18:56.116191 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 82 connections across 1 hosts: TCP(82), UDP(0) [**] 06/07-02:19:00.263616 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 86 connections across 1 hosts: TCP(86), UDP(0) [**] 06/07-02:19:04.296331 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 85 connections across 1 hosts: TCP(85), UDP(0) [**] 06/07-02:19:08.008598 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 89 connections across 1 hosts: TCP(89), UDP(0) [**] 06/07-02:19:12.057679 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 96 connections across 1 hosts: TCP(96), UDP(0) [**] 06/07-02:19:16.016833 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 38 connections across 1 hosts: TCP(38), UDP(0) [**] 06/07-02:32:59.606604 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 06/07-02:33:54.571344 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 40 connections across 1 hosts: TCP(40), UDP(0) [**] 06/07-02:33:58.110521 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 59 connections across 1 hosts: TCP(59), UDP(0) [**] 06/07-02:34:02.117164 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 62 connections across 1 hosts: TCP(62), UDP(0) [**] 06/07-02:34:06.112425 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 67 connections across 1 hosts: TCP(67), UDP(0) [**] 06/07-02:34:10.119811 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 71 connections across 1 hosts: TCP(71), UDP(0) [**] 06/07-02:34:14.113579 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 75 connections across 1 hosts: TCP(75), UDP(0) [**] 06/07-02:34:18.008001 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 59 connections across 1 hosts: TCP(59), UDP(0) [**] 06/07-02:34:22.003818 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 76 connections across 1 hosts: TCP(76), UDP(0) [**] 06/07-02:34:26.253685 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 76 connections across 1 hosts: TCP(76), UDP(0) [**] 06/07-02:34:30.007260 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 79 connections across 1 hosts: TCP(79), UDP(0) [**] 06/07-02:34:34.124812 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 81 connections across 1 hosts: TCP(81), UDP(0) [**] 06/07-02:34:38.046735 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 87 connections across 1 hosts: TCP(87), UDP(0) [**] 06/07-02:34:42.019648 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 89 connections across 1 hosts: TCP(89), UDP(0) [**] 06/07-02:34:46.177958 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 82 connections across 1 hosts: TCP(82), UDP(0) [**] 06/07-02:34:50.009318 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 97 connections across 1 hosts: TCP(97), UDP(0) [**] 06/07-02:34:54.168120 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 91 connections across 1 hosts: TCP(91), UDP(0) [**] 06/07-02:34:58.208689 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 94 connections across 1 hosts: TCP(94), UDP(0) [**] 06/07-02:35:02.202012 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 90 connections across 1 hosts: TCP(90), UDP(0) [**] 06/07-02:35:06.050758 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 103 connections across 1 hosts: TCP(103), UDP(0) [**] 06/07-02:35:10.006735 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 98 connections across 1 hosts: TCP(98), UDP(0) [**] 06/07-02:35:14.216961 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 104 connections across 1 hosts: TCP(104), UDP(0) [**] 06/07-02:35:18.052988 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 44 connections across 1 hosts: TCP(44), UDP(0) [**] 06/07-02:35:22.210937 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 69 connections across 1 hosts: TCP(69), UDP(0) [**] 06/07-02:35:26.050301 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 70 connections across 1 hosts: TCP(70), UDP(0) [**] 06/07-02:35:30.212187 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 63 connections across 1 hosts: TCP(63), UDP(0) [**] 06/07-02:35:34.052286 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 66 connections across 1 hosts: TCP(66), UDP(0) [**] 06/07-02:35:38.052805 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 77 connections across 1 hosts: TCP(77), UDP(0) [**] 06/07-02:35:42.214618 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 76 connections across 1 hosts: TCP(76), UDP(0) [**] 06/07-02:35:46.055068 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 76 connections across 1 hosts: TCP(76), UDP(0) [**] 06/07-02:35:50.102583 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 79 connections across 1 hosts: TCP(79), UDP(0) [**] 06/07-02:35:54.164910 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 82 connections across 1 hosts: TCP(82), UDP(0) [**] 06/07-02:35:58.006510 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 83 connections across 1 hosts: TCP(83), UDP(0) [**] 06/07-02:36:02.157913 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 73 connections across 1 hosts: TCP(73), UDP(0) [**] 06/07-02:36:06.009244 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 84 connections across 1 hosts: TCP(84), UDP(0) [**] 06/07-02:36:10.156913 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 88 connections across 1 hosts: TCP(88), UDP(0) [**] 06/07-02:36:14.011106 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 86 connections across 1 hosts: TCP(86), UDP(0) [**] 06/07-02:36:18.157196 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 77 connections across 1 hosts: TCP(77), UDP(0) [**] 06/07-02:36:22.205950 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 77 connections across 1 hosts: TCP(77), UDP(0) [**] 06/07-02:36:26.008708 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 81 connections across 1 hosts: TCP(81), UDP(0) [**] 06/07-02:36:30.229690 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 85 connections across 1 hosts: TCP(85), UDP(0) [**] 06/07-02:36:34.057838 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 95 connections across 1 hosts: TCP(95), UDP(0) [**] 06/07-02:36:38.220935 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 95 connections across 1 hosts: TCP(95), UDP(0) [**] 06/07-02:36:42.058920 [**] [111:12:1] (spp_stream4) NMAP FINGERPRINT (stateful) detection [**] 06/07-02:36:45.622487 200.122.34.132:43035 -> 200.122.34.55:21 TCP TTL:45 TOS:0x0 ID:58018 IpLen:20 DgmLen:60 ***A**** Seq: 0xCFC017EE Ack: 0x0 Win: 0x400 TcpLen: 40 TCP Options (5) => WS: 10 NOP MSS: 265 TS: 1061109567 0 EOL [**] [111:10:1] (spp_stream4) STEALTH ACTIVITY (XMAS scan) detection [**] 06/07-02:36:45.641925 200.122.34.132:43038 -> 200.122.34.55:83 TCP TTL:45 TOS:0x0 ID:65134 IpLen:20 DgmLen:60 **U*P**F Seq: 0xCFC017EE Ack: 0x0 Win: 0x400 TcpLen: 40 UrgPtr: 0x0 TCP Options (5) => WS: 10 NOP MSS: 265 TS: 1061109567 0 EOL [**] [111:9:1] (spp_stream4) STEALTH ACTIVITY (NULL scan) detection [**] 06/07-02:36:47.508223 200.122.34.132:43033 -> 200.122.34.55:21 TCP TTL:45 TOS:0x0 ID:32656 IpLen:20 DgmLen:60 ******** Seq: 0xCFC017EE Ack: 0x0 Win: 0x400 TcpLen: 40 TCP Options (5) => WS: 10 NOP MSS: 265 TS: 1061109567 0 EOL [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 84 connections across 1 hosts: TCP(84), UDP(0) STEALTH [**] 06/07-02:36:47.539193 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 06/07-02:36:52.607394 [**] [100:3:1] spp_portscan: End of portscan from 200.122.34.132: TOTAL time(1140s) hosts(1) TCP(4992) UDP(0) STEALTH [**] 06/07-02:46:37.573742 [**] [100:1:1] spp_portscan: PORTSCAN DETECTED from 200.122.34.132 (THRESHOLD 4 connections exceeded in 0 seconds) [**] 06/07-03:10:13.569239 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 41 connections across 1 hosts: TCP(41), UDP(0) [**] 06/07-03:10:17.253173 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 56 connections across 1 hosts: TCP(56), UDP(0) [**] 06/07-03:10:21.186624 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 68 connections across 1 hosts: TCP(68), UDP(0) [**] 06/07-03:10:25.030899 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 74 connections across 1 hosts: TCP(74), UDP(0) [**] 06/07-03:10:29.188928 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 66 connections across 1 hosts: TCP(66), UDP(0) [**] 06/07-03:10:33.027975 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 76 connections across 1 hosts: TCP(76), UDP(0) [**] 06/07-03:10:37.188055 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 74 connections across 1 hosts: TCP(74), UDP(0) [**] 06/07-03:10:41.028573 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 76 connections across 1 hosts: TCP(76), UDP(0) [**] 06/07-03:10:45.069472 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 80 connections across 1 hosts: TCP(80), UDP(0) [**] 06/07-03:10:49.806378 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 80 connections across 1 hosts: TCP(80), UDP(0) [**] 06/07-03:10:53.006414 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 75 connections across 1 hosts: TCP(75), UDP(0) [**] 06/07-03:10:57.015416 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 80 connections across 1 hosts: TCP(80), UDP(0) [**] 06/07-03:11:01.114903 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 83 connections across 1 hosts: TCP(83), UDP(0) [**] 06/07-03:11:05.005238 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 88 connections across 1 hosts: TCP(88), UDP(0) [**] 06/07-03:11:09.132516 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 88 connections across 1 hosts: TCP(88), UDP(0) [**] 06/07-03:11:13.005708 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 88 connections across 1 hosts: TCP(88), UDP(0) [**] 06/07-03:11:17.132821 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 89 connections across 1 hosts: TCP(89), UDP(0) [**] 06/07-03:11:21.009706 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 95 connections across 1 hosts: TCP(95), UDP(0) [**] 06/07-03:11:25.750762 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 69 connections across 1 hosts: TCP(69), UDP(0) [**] 06/07-03:11:29.149119 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 14 connections across 1 hosts: TCP(14), UDP(0) [**] 06/07-03:11:33.004984 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 19 connections across 1 hosts: TCP(19), UDP(0) [**] 06/07-03:11:37.400894 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 21 connections across 1 hosts: TCP(21), UDP(0) [**] 06/07-03:11:41.806012 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 18 connections across 1 hosts: TCP(18), UDP(0) [**] 06/07-03:11:45.051932 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 28 connections across 1 hosts: TCP(28), UDP(0) [**] 06/07-03:11:49.003250 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 27 connections across 1 hosts: TCP(27), UDP(0) [**] 06/07-03:11:53.374486 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 33 connections across 1 hosts: TCP(33), UDP(0) [**] 06/07-03:11:57.555974 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 42 connections across 1 hosts: TCP(42), UDP(0) [**] 06/07-03:12:01.491847 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 37 connections across 1 hosts: TCP(37), UDP(0) [**] 06/07-03:12:05.231818 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 33 connections across 1 hosts: TCP(33), UDP(0) [**] 06/07-03:12:09.254466 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 39 connections across 1 hosts: TCP(39), UDP(0) [**] 06/07-03:12:13.286774 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 37 connections across 1 hosts: TCP(37), UDP(0) [**] 06/07-03:12:17.009276 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 44 connections across 1 hosts: TCP(44), UDP(0) [**] 06/07-03:12:21.456380 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 40 connections across 1 hosts: TCP(40), UDP(0) [**] 06/07-03:12:25.377359 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 43 connections across 1 hosts: TCP(43), UDP(0) [**] 06/07-03:12:29.295635 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 43 connections across 1 hosts: TCP(43), UDP(0) [**] 06/07-03:12:33.215047 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 42 connections across 1 hosts: TCP(42), UDP(0) [**] 06/07-03:12:37.137332 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 43 connections across 1 hosts: TCP(43), UDP(0) [**] 06/07-03:12:41.055556 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 46 connections across 1 hosts: TCP(46), UDP(0) [**] 06/07-03:12:45.010348 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 53 connections across 1 hosts: TCP(53), UDP(0) [**] 06/07-03:12:49.457314 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 46 connections across 1 hosts: TCP(46), UDP(0) [**] 06/07-03:12:53.379299 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 47 connections across 1 hosts: TCP(47), UDP(0) [**] 06/07-03:12:57.298245 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 48 connections across 1 hosts: TCP(48), UDP(0) [**] 06/07-03:13:01.221161 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 51 connections across 1 hosts: TCP(51), UDP(0) [**] 06/07-03:13:05.139866 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 51 connections across 1 hosts: TCP(51), UDP(0) [**] 06/07-03:13:09.061694 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 51 connections across 1 hosts: TCP(51), UDP(0) [**] 06/07-03:13:13.007999 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 58 connections across 1 hosts: TCP(58), UDP(0) [**] 06/07-03:13:17.477924 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 52 connections across 1 hosts: TCP(52), UDP(0) [**] 06/07-03:13:21.381506 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 55 connections across 1 hosts: TCP(55), UDP(0) [**] 06/07-03:13:25.300286 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 55 connections across 1 hosts: TCP(55), UDP(0) [**] 06/07-03:13:29.222858 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 43 connections across 1 hosts: TCP(43), UDP(0) [**] 06/07-03:13:33.008591 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 55 connections across 1 hosts: TCP(55), UDP(0) [**] 06/07-03:13:37.323501 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 55 connections across 1 hosts: TCP(55), UDP(0) [**] 06/07-03:13:41.244973 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 55 connections across 1 hosts: TCP(55), UDP(0) [**] 06/07-03:13:45.733891 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 58 connections across 1 hosts: TCP(58), UDP(0) [**] 06/07-03:13:49.395492 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 59 connections across 1 hosts: TCP(59), UDP(0) [**] 06/07-03:13:53.317060 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 59 connections across 1 hosts: TCP(59), UDP(0) [**] 06/07-03:13:57.235512 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 59 connections across 1 hosts: TCP(59), UDP(0) [**] 06/07-03:14:01.426643 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 59 connections across 1 hosts: TCP(59), UDP(0) [**] 06/07-03:14:05.348726 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 59 connections across 1 hosts: TCP(59), UDP(0) [**] 06/07-03:14:09.267127 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 63 connections across 1 hosts: TCP(63), UDP(0) [**] 06/07-03:14:13.186363 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 63 connections across 1 hosts: TCP(63), UDP(0) [**] 06/07-03:14:17.114910 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 63 connections across 1 hosts: TCP(63), UDP(0) [**] 06/07-03:14:21.028508 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 61 connections across 1 hosts: TCP(61), UDP(0) [**] 06/07-03:14:25.370970 [**] [111:12:1] (spp_stream4) NMAP FINGERPRINT (stateful) detection [**] 06/07-03:14:27.092771 200.122.34.132:34749 -> 200.122.34.55:21 TCP TTL:41 TOS:0x0 ID:30110 IpLen:20 DgmLen:60 ***A**** Seq: 0x6AC4BA65 Ack: 0x0 Win: 0x400 TcpLen: 40 TCP Options (5) => WS: 10 NOP MSS: 265 TS: 1061109567 0 EOL [**] [111:10:1] (spp_stream4) STEALTH ACTIVITY (XMAS scan) detection [**] 06/07-03:14:27.136988 200.122.34.132:34752 -> 200.122.34.55:83 TCP TTL:41 TOS:0x0 ID:29674 IpLen:20 DgmLen:60 **U*P**F Seq: 0x6AC4BA65 Ack: 0x0 Win: 0x400 TcpLen: 40 UrgPtr: 0x0 TCP Options (5) => WS: 10 NOP MSS: 265 TS: 1061109567 0 EOL [**] [111:9:1] (spp_stream4) STEALTH ACTIVITY (NULL scan) detection [**] 06/07-03:14:30.015854 200.122.34.132:34747 -> 200.122.34.55:21 TCP TTL:41 TOS:0x0 ID:15819 IpLen:20 DgmLen:60 ******** Seq: 0x6AC4BA65 Ack: 0x0 Win: 0x400 TcpLen: 40 TCP Options (5) => WS: 10 NOP MSS: 265 TS: 1061109567 0 EOL [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 30 connections across 1 hosts: TCP(30), UDP(0) STEALTH [**] 06/07-03:14:30.042118 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 06/07-03:14:34.300280 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 06/07-03:32:48.124280 [**] [100:3:1] spp_portscan: End of portscan from 200.122.34.132: TOTAL time(262s) hosts(1) TCP(3505) UDP(0) STEALTH [**] 06/07-03:42:07.346519 [**] [100:1:1] spp_portscan: PORTSCAN DETECTED from 200.122.34.132 (THRESHOLD 4 connections exceeded in 0 seconds) [**] 06/07-03:55:30.557498 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 40 connections across 1 hosts: TCP(40), UDP(0) [**] 06/07-03:55:34.128833 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 51 connections across 1 hosts: TCP(51), UDP(0) [**] 06/07-03:55:38.039049 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 61 connections across 1 hosts: TCP(61), UDP(0) [**] 06/07-03:55:44.147611 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 30 connections across 1 hosts: TCP(30), UDP(0) [**] 06/07-03:55:46.357942 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 74 connections across 1 hosts: TCP(74), UDP(0) [**] 06/07-03:55:50.219785 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 36 connections across 1 hosts: TCP(36), UDP(0) [**] 06/07-03:55:54.061439 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 41 connections across 1 hosts: TCP(41), UDP(0) [**] 06/07-03:55:58.204038 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 41 connections across 1 hosts: TCP(41), UDP(0) [**] 06/07-03:56:02.043157 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 45 connections across 1 hosts: TCP(45), UDP(0) [**] 06/07-03:56:06.301930 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 47 connections across 1 hosts: TCP(47), UDP(0) [**] 06/07-03:56:10.141646 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 55 connections across 1 hosts: TCP(55), UDP(0) [**] 06/07-03:56:14.006079 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 54 connections across 1 hosts: TCP(54), UDP(0) [**] 06/07-03:56:18.120364 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 59 connections across 1 hosts: TCP(59), UDP(0) [**] 06/07-03:56:22.263296 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 55 connections across 1 hosts: TCP(55), UDP(0) [**] 06/07-03:56:26.105712 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 61 connections across 1 hosts: TCP(61), UDP(0) [**] 06/07-03:56:30.264034 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 62 connections across 1 hosts: TCP(62), UDP(0) [**] 06/07-03:56:34.186480 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 64 connections across 1 hosts: TCP(64), UDP(0) [**] 06/07-03:56:38.133533 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 69 connections across 1 hosts: TCP(69), UDP(0) [**] 06/07-03:56:42.184978 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 70 connections across 1 hosts: TCP(70), UDP(0) [**] 06/07-03:56:46.039687 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 76 connections across 1 hosts: TCP(76), UDP(0) [**] 06/07-03:56:50.185890 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 70 connections across 1 hosts: TCP(70), UDP(0) [**] 06/07-03:56:54.028248 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 78 connections across 1 hosts: TCP(78), UDP(0) [**] 06/07-03:56:58.328616 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 71 connections across 1 hosts: TCP(71), UDP(0) [**] 06/07-03:57:02.118710 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 77 connections across 1 hosts: TCP(77), UDP(0) [**] 06/07-03:57:06.210299 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 62 connections across 1 hosts: TCP(62), UDP(0) [**] 06/07-03:57:10.169188 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 67 connections across 1 hosts: TCP(67), UDP(0) [**] 06/07-03:57:14.289748 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 69 connections across 1 hosts: TCP(69), UDP(0) [**] 06/07-03:57:18.301890 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 70 connections across 1 hosts: TCP(70), UDP(0) [**] 06/07-03:57:22.299407 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 41 connections across 1 hosts: TCP(41), UDP(0) [**] 06/07-03:57:26.220007 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 51 connections across 1 hosts: TCP(51), UDP(0) [**] 06/07-03:57:30.019558 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 60 connections across 1 hosts: TCP(60), UDP(0) [**] 06/07-03:57:34.201372 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 59 connections across 1 hosts: TCP(59), UDP(0) [**] 06/07-03:57:38.008588 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 61 connections across 1 hosts: TCP(61), UDP(0) [**] 06/07-03:57:42.182676 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 53 connections across 1 hosts: TCP(53), UDP(0) [**] 06/07-03:57:46.081118 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 66 connections across 1 hosts: TCP(66), UDP(0) [**] 06/07-03:57:50.261249 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 44 connections across 1 hosts: TCP(44), UDP(0) [**] 06/07-03:57:54.929321 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 66 connections across 1 hosts: TCP(66), UDP(0) [**] 06/07-03:57:58.441526 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 59 connections across 1 hosts: TCP(59), UDP(0) [**] 06/07-03:58:02.183739 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 61 connections across 1 hosts: TCP(61), UDP(0) [**] 06/07-03:58:06.006266 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 71 connections across 1 hosts: TCP(71), UDP(0) [**] 06/07-03:58:10.214419 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 70 connections across 1 hosts: TCP(70), UDP(0) [**] 06/07-03:58:14.010470 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 64 connections across 1 hosts: TCP(64), UDP(0) [**] 06/07-03:58:18.015950 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 75 connections across 1 hosts: TCP(75), UDP(0) [**] 06/07-03:58:22.008278 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 74 connections across 1 hosts: TCP(74), UDP(0) [**] 06/07-03:58:26.169675 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 65 connections across 1 hosts: TCP(65), UDP(0) [**] 06/07-03:58:30.107521 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 66 connections across 1 hosts: TCP(66), UDP(0) [**] 06/07-03:58:34.089567 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 69 connections across 1 hosts: TCP(69), UDP(0) [**] 06/07-03:58:38.087761 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 72 connections across 1 hosts: TCP(72), UDP(0) [**] 06/07-03:58:42.089028 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 70 connections across 1 hosts: TCP(70), UDP(0) [**] 06/07-03:58:46.271008 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 71 connections across 1 hosts: TCP(71), UDP(0) [**] 06/07-03:58:50.283850 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 72 connections across 1 hosts: TCP(72), UDP(0) [**] 06/07-03:58:54.259949 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 72 connections across 1 hosts: TCP(72), UDP(0) [**] 06/07-03:58:58.252584 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 74 connections across 1 hosts: TCP(74), UDP(0) [**] 06/07-03:59:02.250365 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 74 connections across 1 hosts: TCP(74), UDP(0) [**] 06/07-03:59:06.142800 [**] [111:12:1] (spp_stream4) NMAP FINGERPRINT (stateful) detection [**] 06/07-03:59:07.745837 200.122.34.132:60995 -> 200.122.34.55:21 TCP TTL:50 TOS:0x0 ID:62837 IpLen:20 DgmLen:60 ***A**** Seq: 0x14B54B78 Ack: 0x0 Win: 0x800 TcpLen: 40 TCP Options (5) => WS: 10 NOP MSS: 265 TS: 1061109567 0 EOL [**] [111:10:1] (spp_stream4) STEALTH ACTIVITY (XMAS scan) detection [**] 06/07-03:59:07.758686 200.122.34.132:60998 -> 200.122.34.55:83 TCP TTL:50 TOS:0x0 ID:4744 IpLen:20 DgmLen:60 **U*P**F Seq: 0x14B54B78 Ack: 0x0 Win: 0x800 TcpLen: 40 UrgPtr: 0x0 TCP Options (5) => WS: 10 NOP MSS: 265 TS: 1061109567 0 EOL [**] [111:9:1] (spp_stream4) STEALTH ACTIVITY (NULL scan) detection [**] 06/07-03:59:09.767140 200.122.34.132:60993 -> 200.122.34.55:21 TCP TTL:50 TOS:0x0 ID:1443 IpLen:20 DgmLen:60 ******** Seq: 0x14B54B78 Ack: 0x0 Win: 0x800 TcpLen: 40 TCP Options (5) => WS: 10 NOP MSS: 265 TS: 1061109567 0 EOL [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 32 connections across 1 hosts: TCP(32), UDP(0) STEALTH [**] 06/07-03:59:12.142408 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 06/07-04:01:46.884385 [**] [100:3:1] spp_portscan: End of portscan from 200.122.34.132: TOTAL time(223s) hosts(1) TCP(3368) UDP(0) STEALTH [**] 06/07-04:05:06.453261 [**] [100:1:1] spp_portscan: PORTSCAN DETECTED from 200.47.143.63 (THRESHOLD 4 connections exceeded in 0 seconds) [**] 06/07-15:34:26.579319 [**] [100:2:1] spp_portscan: portscan status from 200.47.143.63: 7 connections across 1 hosts: TCP(7), UDP(0) [**] 06/07-15:34:35.429394 [**] [100:2:1] spp_portscan: portscan status from 200.47.143.63: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 06/07-15:34:53.580910 [**] [100:3:1] spp_portscan: End of portscan from 200.47.143.63: TOTAL time(9s) hosts(1) TCP(8) UDP(0) [**] 06/07-15:34:59.632138 [**] [100:1:1] spp_portscan: PORTSCAN DETECTED from 200.122.34.132 (THRESHOLD 4 connections exceeded in 0 seconds) [**] 06/07-18:46:47.584609 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 40 connections across 1 hosts: TCP(40), UDP(0) [**] 06/07-18:46:51.280494 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 50 connections across 1 hosts: TCP(50), UDP(0) [**] 06/07-18:46:55.892620 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 60 connections across 1 hosts: TCP(60), UDP(0) [**] 06/07-18:46:59.097038 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 64 connections across 1 hosts: TCP(64), UDP(0) [**] 06/07-18:47:03.094416 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 76 connections across 1 hosts: TCP(76), UDP(0) [**] 06/07-18:47:07.255018 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 71 connections across 1 hosts: TCP(71), UDP(0) [**] 06/07-18:47:11.005788 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 64 connections across 1 hosts: TCP(64), UDP(0) [**] 06/07-18:47:15.225808 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 68 connections across 1 hosts: TCP(68), UDP(0) [**] 06/07-18:47:19.010784 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 81 connections across 1 hosts: TCP(81), UDP(0) [**] 06/07-18:47:23.180575 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 76 connections across 1 hosts: TCP(76), UDP(0) [**] 06/07-18:47:27.005539 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 79 connections across 1 hosts: TCP(79), UDP(0) [**] 06/07-18:47:31.006169 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 90 connections across 1 hosts: TCP(90), UDP(0) [**] 06/07-18:47:35.249389 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 86 connections across 1 hosts: TCP(86), UDP(0) [**] 06/07-18:47:39.007849 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 91 connections across 1 hosts: TCP(91), UDP(0) [**] 06/07-18:47:43.009378 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 94 connections across 1 hosts: TCP(94), UDP(0) [**] 06/07-18:47:47.112158 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 95 connections across 1 hosts: TCP(95), UDP(0) [**] 06/07-18:47:51.011428 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 95 connections across 1 hosts: TCP(95), UDP(0) [**] 06/07-18:47:55.111879 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 99 connections across 1 hosts: TCP(99), UDP(0) [**] 06/07-18:47:59.010781 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 101 connections across 1 hosts: TCP(101), UDP(0) [**] 06/07-18:48:03.111560 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 100 connections across 1 hosts: TCP(100), UDP(0) [**] 06/07-18:48:07.103841 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 103 connections across 1 hosts: TCP(103), UDP(0) [**] 06/07-18:48:11.040559 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 60 connections across 1 hosts: TCP(60), UDP(0) [**] 06/07-18:48:15.062948 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 70 connections across 1 hosts: TCP(70), UDP(0) [**] 06/07-18:48:19.225296 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 61 connections across 1 hosts: TCP(61), UDP(0) [**] 06/07-18:48:23.054529 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 71 connections across 1 hosts: TCP(71), UDP(0) [**] 06/07-18:48:27.194163 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 75 connections across 1 hosts: TCP(75), UDP(0) [**] 06/07-18:48:31.034848 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 76 connections across 1 hosts: TCP(76), UDP(0) [**] 06/07-18:48:35.196272 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 66 connections across 1 hosts: TCP(66), UDP(0) [**] 06/07-18:48:39.035881 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 76 connections across 1 hosts: TCP(76), UDP(0) [**] 06/07-18:48:43.194876 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 79 connections across 1 hosts: TCP(79), UDP(0) [**] 06/07-18:48:47.087669 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 83 connections across 1 hosts: TCP(83), UDP(0) [**] 06/07-18:48:51.204337 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 72 connections across 1 hosts: TCP(72), UDP(0) [**] 06/07-18:48:55.037578 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 71 connections across 1 hosts: TCP(71), UDP(0) [**] 06/07-18:48:59.085322 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 83 connections across 1 hosts: TCP(83), UDP(0) [**] 06/07-18:49:03.256125 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 88 connections across 1 hosts: TCP(88), UDP(0) [**] 06/07-18:49:07.091322 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 90 connections across 1 hosts: TCP(90), UDP(0) [**] 06/07-18:49:11.010765 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 80 connections across 1 hosts: TCP(80), UDP(0) [**] 06/07-18:49:15.090080 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 78 connections across 1 hosts: TCP(78), UDP(0) [**] 06/07-18:49:19.122120 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 81 connections across 1 hosts: TCP(81), UDP(0) [**] 06/07-18:49:23.101107 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 94 connections across 1 hosts: TCP(94), UDP(0) [**] 06/07-18:49:27.005777 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 95 connections across 1 hosts: TCP(95), UDP(0) [**] 06/07-18:49:31.100333 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 82 connections across 1 hosts: TCP(82), UDP(0) [**] 06/07-18:49:35.171298 [**] [111:12:1] (spp_stream4) NMAP FINGERPRINT (stateful) detection [**] 06/07-18:49:37.781630 200.122.34.132:49802 -> 200.122.34.55:21 TCP TTL:48 TOS:0x0 ID:52848 IpLen:20 DgmLen:60 ***A**** Seq: 0xB8FEA898 Ack: 0x0 Win: 0x1000 TcpLen: 40 TCP Options (5) => WS: 10 NOP MSS: 265 TS: 1061109567 0 EOL [**] [111:10:1] (spp_stream4) STEALTH ACTIVITY (XMAS scan) detection [**] 06/07-18:49:37.825864 200.122.34.132:49805 -> 200.122.34.55:83 TCP TTL:48 TOS:0x0 ID:6476 IpLen:20 DgmLen:60 **U*P**F Seq: 0xB8FEA898 Ack: 0x0 Win: 0x1000 TcpLen: 40 UrgPtr: 0x0 TCP Options (5) => WS: 10 NOP MSS: 265 TS: 1061109567 0 EOL [**] [111:9:1] (spp_stream4) STEALTH ACTIVITY (NULL scan) detection [**] 06/07-18:49:39.690403 200.122.34.132:49800 -> 200.122.34.55:21 TCP TTL:48 TOS:0x0 ID:25687 IpLen:20 DgmLen:60 ******** Seq: 0xB8FEA898 Ack: 0x0 Win: 0x1000 TcpLen: 40 TCP Options (5) => WS: 10 NOP MSS: 265 TS: 1061109567 0 EOL [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 58 connections across 1 hosts: TCP(58), UDP(0) STEALTH [**] 06/07-18:49:39.708691 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 1 connections across 1 hosts: TCP(1), UDP(0) [**] 06/07-18:50:08.828488 [**] [100:3:1] spp_portscan: End of portscan from 200.122.34.132: TOTAL time(175s) hosts(1) TCP(3373) UDP(0) STEALTH [**] 06/07-18:50:12.050358 [**] [100:1:1] spp_portscan: PORTSCAN DETECTED from 200.122.34.132 (THRESHOLD 4 connections exceeded in 0 seconds) [**] 06/07-19:04:59.467679 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 40 connections across 1 hosts: TCP(40), UDP(0) [**] 06/07-19:05:03.125075 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 59 connections across 1 hosts: TCP(59), UDP(0) [**] 06/07-19:05:07.243279 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 60 connections across 1 hosts: TCP(60), UDP(0) [**] 06/07-19:05:11.082335 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 64 connections across 1 hosts: TCP(64), UDP(0) [**] 06/07-19:05:15.243414 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 65 connections across 1 hosts: TCP(65), UDP(0) [**] 06/07-19:05:19.053734 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 76 connections across 1 hosts: TCP(76), UDP(0) [**] 06/07-19:05:23.213906 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 75 connections across 1 hosts: TCP(75), UDP(0) [**] 06/07-19:05:27.054661 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 78 connections across 1 hosts: TCP(78), UDP(0) [**] 06/07-19:05:31.204582 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 73 connections across 1 hosts: TCP(73), UDP(0) [**] 06/07-19:05:35.187633 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 76 connections across 1 hosts: TCP(76), UDP(0) [**] 06/07-19:05:39.146067 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 81 connections across 1 hosts: TCP(81), UDP(0) [**] 06/07-19:05:43.012818 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 88 connections across 1 hosts: TCP(88), UDP(0) [**] 06/07-19:05:47.145797 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 79 connections across 1 hosts: TCP(79), UDP(0) [**] 06/07-19:05:51.079774 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 97 connections across 1 hosts: TCP(97), UDP(0) [**] 06/07-19:05:55.219951 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 89 connections across 1 hosts: TCP(89), UDP(0) [**] 06/07-19:05:59.010362 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 89 connections across 1 hosts: TCP(89), UDP(0) [**] 06/07-19:06:03.039949 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 104 connections across 1 hosts: TCP(104), UDP(0) [**] 06/07-19:06:07.201459 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 93 connections across 1 hosts: TCP(93), UDP(0) [**] 06/07-19:06:11.005582 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 101 connections across 1 hosts: TCP(101), UDP(0) [**] 06/07-19:06:15.113695 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 99 connections across 1 hosts: TCP(99), UDP(0) [**] 06/07-19:06:19.140510 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 105 connections across 1 hosts: TCP(105), UDP(0) [**] 06/07-19:06:23.006246 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 51 connections across 1 hosts: TCP(51), UDP(0) [**] 06/07-19:06:27.169590 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 61 connections across 1 hosts: TCP(61), UDP(0) [**] 06/07-19:06:31.020257 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 60 connections across 1 hosts: TCP(60), UDP(0) [**] 06/07-19:06:35.050670 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 72 connections across 1 hosts: TCP(72), UDP(0) [**] 06/07-19:06:39.211781 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 76 connections across 1 hosts: TCP(76), UDP(0) [**] 06/07-19:06:43.054398 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 75 connections across 1 hosts: TCP(75), UDP(0) [**] 06/07-19:06:47.112382 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 76 connections across 1 hosts: TCP(76), UDP(0) [**] 06/07-19:06:51.008264 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 69 connections across 1 hosts: TCP(69), UDP(0) [**] 06/07-19:06:55.112826 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 69 connections across 1 hosts: TCP(69), UDP(0) [**] 06/07-19:06:59.202084 [**] [100:1:1] spp_portscan: PORTSCAN DETECTED from 200.122.34.132 (THRESHOLD 4 connections exceeded in 0 seconds) [**] 06/07-19:07:02.162975 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 59 connections across 1 hosts: TCP(59), UDP(0) [**] 06/07-19:07:02.183392 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 59 connections across 1 hosts: TCP(59), UDP(0) [**] 06/07-19:07:02.484343 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 72 connections across 1 hosts: TCP(72), UDP(0) [**] 06/07-19:07:03.018615 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 72 connections across 1 hosts: TCP(72), UDP(0) [**] 06/07-19:07:06.216659 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 83 connections across 1 hosts: TCP(83), UDP(0) [**] 06/07-19:07:07.174519 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 70 connections across 1 hosts: TCP(70), UDP(0) [**] 06/07-19:07:10.006304 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 81 connections across 1 hosts: TCP(81), UDP(0) [**] 06/07-19:07:11.246644 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 77 connections across 1 hosts: TCP(77), UDP(0) [**] 06/07-19:07:14.127919 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 82 connections across 1 hosts: TCP(82), UDP(0) [**] 06/07-19:07:15.103997 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 83 connections across 1 hosts: TCP(83), UDP(0) [**] 06/07-19:07:18.053658 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 89 connections across 1 hosts: TCP(89), UDP(0) [**] 06/07-19:07:19.006104 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 90 connections across 1 hosts: TCP(90), UDP(0) [**] 06/07-19:07:22.128021 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 79 connections across 1 hosts: TCP(79), UDP(0) [**] 06/07-19:07:23.084244 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 89 connections across 1 hosts: TCP(89), UDP(0) [**] 06/07-19:07:26.009111 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 90 connections across 1 hosts: TCP(90), UDP(0) [**] 06/07-19:07:27.245675 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 83 connections across 1 hosts: TCP(83), UDP(0) [**] 06/07-19:07:30.125180 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 89 connections across 1 hosts: TCP(89), UDP(0) [**] 06/07-19:07:31.047224 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 85 connections across 1 hosts: TCP(85), UDP(0) [**] 06/07-19:07:34.009243 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 94 connections across 1 hosts: TCP(94), UDP(0) [**] 06/07-19:07:35.011459 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 323 connections across 1 hosts: TCP(323), UDP(0) [**] 06/07-19:07:38.021060 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 314 connections across 1 hosts: TCP(314), UDP(0) [**] 06/07-19:07:39.453072 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 57 connections across 1 hosts: TCP(57), UDP(0) [**] 06/07-19:07:42.542197 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 30 connections across 1 hosts: TCP(30), UDP(0) [**] 06/07-19:07:43.164239 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 38 connections across 1 hosts: TCP(38), UDP(0) [**] 06/07-19:07:46.265257 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 40 connections across 1 hosts: TCP(40), UDP(0) [**] 06/07-19:07:47.503893 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 41 connections across 1 hosts: TCP(41), UDP(0) [**] 06/07-19:07:50.005516 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 41 connections across 1 hosts: TCP(41), UDP(0) [**] 06/07-19:07:51.224831 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 40 connections across 1 hosts: TCP(40), UDP(0) [**] 06/07-19:07:54.325506 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 42 connections across 1 hosts: TCP(42), UDP(0) [**] 06/07-19:07:55.003943 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 34 connections across 1 hosts: TCP(34), UDP(0) [**] 06/07-19:07:58.476315 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 33 connections across 1 hosts: TCP(33), UDP(0) [**] 06/07-19:07:59.099774 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 34 connections across 1 hosts: TCP(34), UDP(0) [**] 06/07-19:08:02.224095 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 43 connections across 1 hosts: TCP(43), UDP(0) [**] 06/07-19:08:03.454702 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 35 connections across 1 hosts: TCP(35), UDP(0) [**] 06/07-19:08:06.301819 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 34 connections across 1 hosts: TCP(34), UDP(0) [**] 06/07-19:08:07.007122 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 37 connections across 1 hosts: TCP(37), UDP(0) [**] 06/07-19:08:10.047387 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 38 connections across 1 hosts: TCP(38), UDP(0) [**] 06/07-19:08:11.287245 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 47 connections across 1 hosts: TCP(47), UDP(0) [**] 06/07-19:08:14.387506 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 37 connections across 1 hosts: TCP(37), UDP(0) [**] 06/07-19:08:15.009122 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 45 connections across 1 hosts: TCP(45), UDP(0) [**] 06/07-19:08:18.107346 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 47 connections across 1 hosts: TCP(47), UDP(0) [**] 06/07-19:08:19.346387 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 47 connections across 1 hosts: TCP(47), UDP(0) [**] 06/07-19:08:22.450333 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 45 connections across 1 hosts: TCP(45), UDP(0) [**] 06/07-19:08:23.070520 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 39 connections across 1 hosts: TCP(39), UDP(0) [**] 06/07-19:08:26.188681 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 50 connections across 1 hosts: TCP(50), UDP(0) [**] 06/07-19:08:27.429097 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 51 connections across 1 hosts: TCP(51), UDP(0) [**] 06/07-19:08:30.530020 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 40 connections across 1 hosts: TCP(40), UDP(0) [**] 06/07-19:08:31.149388 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 49 connections across 1 hosts: TCP(49), UDP(0) [**] 06/07-19:08:34.249743 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 51 connections across 1 hosts: TCP(51), UDP(0) [**] 06/07-19:08:35.489667 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 48 connections across 1 hosts: TCP(48), UDP(0) [**] 06/07-19:08:38.101062 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 48 connections across 1 hosts: TCP(48), UDP(0) [**] 06/07-19:08:39.471900 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 48 connections across 1 hosts: TCP(48), UDP(0) [**] 06/07-19:08:42.030761 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 50 connections across 1 hosts: TCP(50), UDP(0) [**] 06/07-19:08:43.193430 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 45 connections across 1 hosts: TCP(45), UDP(0) [**] 06/07-19:08:46.293344 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 55 connections across 1 hosts: TCP(55), UDP(0) [**] 06/07-19:08:47.532818 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 43 connections across 1 hosts: TCP(43), UDP(0) [**] 06/07-19:08:50.013330 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 43 connections across 1 hosts: TCP(43), UDP(0) [**] 06/07-19:08:51.253565 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 55 connections across 1 hosts: TCP(55), UDP(0) [**] 06/07-19:08:54.414653 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 47 connections across 1 hosts: TCP(47), UDP(0) [**] 06/07-19:08:55.006290 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 52 connections across 1 hosts: TCP(52), UDP(0) [**] 06/07-19:08:58.290793 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 53 connections across 1 hosts: TCP(53), UDP(0) [**] 06/07-19:08:59.532772 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 53 connections across 1 hosts: TCP(53), UDP(0) [**] 06/07-19:09:02.014465 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 53 connections across 1 hosts: TCP(53), UDP(0) [**] 06/07-19:09:03.253924 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 55 connections across 1 hosts: TCP(55), UDP(0) [**] 06/07-19:09:06.355011 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 53 connections across 1 hosts: TCP(53), UDP(0) [**] 06/07-19:09:07.006488 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 45 connections across 1 hosts: TCP(45), UDP(0) [**] 06/07-19:09:10.075276 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 53 connections across 1 hosts: TCP(53), UDP(0) [**] 06/07-19:09:11.313007 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 48 connections across 1 hosts: TCP(48), UDP(0) [**] 06/07-19:09:14.087166 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 45 connections across 1 hosts: TCP(45), UDP(0) [**] 06/07-19:09:15.224737 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 58 connections across 1 hosts: TCP(58), UDP(0) [**] 06/07-19:09:18.326416 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 54 connections across 1 hosts: TCP(54), UDP(0) [**] 06/07-19:09:19.008267 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 57 connections across 1 hosts: TCP(57), UDP(0) [**] 06/07-19:09:22.046879 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 58 connections across 1 hosts: TCP(58), UDP(0) [**] 06/07-19:09:23.286062 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 59 connections across 1 hosts: TCP(59), UDP(0) [**] 06/07-19:09:26.386671 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 57 connections across 1 hosts: TCP(57), UDP(0) [**] 06/07-19:09:27.006024 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 45 connections across 1 hosts: TCP(45), UDP(0) [**] 06/07-19:09:30.364157 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 56 connections across 1 hosts: TCP(56), UDP(0) [**] 06/07-19:09:31.009150 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 47 connections across 1 hosts: TCP(47), UDP(0) [**] 06/07-19:09:34.088324 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 58 connections across 1 hosts: TCP(58), UDP(0) [**] 06/07-19:09:35.333910 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 63 connections across 1 hosts: TCP(63), UDP(0) [**] 06/07-19:09:38.429496 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 49 connections across 1 hosts: TCP(49), UDP(0) [**] 06/07-19:09:39.046973 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 48 connections across 1 hosts: TCP(48), UDP(0) [**] 06/07-19:09:42.149256 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 34 connections across 1 hosts: TCP(34), UDP(0) [**] 06/07-19:09:43.386310 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 31 connections across 1 hosts: TCP(31), UDP(0) [**] 06/07-19:09:46.488161 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 39 connections across 1 hosts: TCP(39), UDP(0) [**] 06/07-19:09:47.106826 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 31 connections across 1 hosts: TCP(31), UDP(0) [**] 06/07-19:09:50.197979 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 40 connections across 1 hosts: TCP(40), UDP(0) [**] 06/07-19:09:51.437746 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 40 connections across 1 hosts: TCP(40), UDP(0) [**] 06/07-19:09:54.537487 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 31 connections across 1 hosts: TCP(31), UDP(0) [**] 06/07-19:09:55.158077 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 40 connections across 1 hosts: TCP(40), UDP(0) [**] 06/07-19:09:58.256780 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 42 connections across 1 hosts: TCP(42), UDP(0) [**] 06/07-19:09:59.505096 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 42 connections across 1 hosts: TCP(42), UDP(0) [**] 06/07-19:10:02.089874 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 42 connections across 1 hosts: TCP(42), UDP(0) [**] 06/07-19:10:03.438482 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 43 connections across 1 hosts: TCP(43), UDP(0) [**] 06/07-19:10:06.538807 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 43 connections across 1 hosts: TCP(43), UDP(0) [**] 06/07-19:10:07.192455 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 34 connections across 1 hosts: TCP(34), UDP(0) [**] 06/07-19:10:10.259692 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 44 connections across 1 hosts: TCP(44), UDP(0) [**] 06/07-19:10:11.504978 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 38 connections across 1 hosts: TCP(38), UDP(0) [**] 06/07-19:10:14.006357 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 34 connections across 1 hosts: TCP(34), UDP(0) [**] 06/07-19:10:15.223557 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 46 connections across 1 hosts: TCP(46), UDP(0) [**] 06/07-19:10:18.319009 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 46 connections across 1 hosts: TCP(46), UDP(0) [**] 06/07-19:10:19.018733 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 47 connections across 1 hosts: TCP(47), UDP(0) [**] 06/07-19:10:22.043838 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 48 connections across 1 hosts: TCP(48), UDP(0) [**] 06/07-19:10:23.283391 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 46 connections across 1 hosts: TCP(46), UDP(0) [**] 06/07-19:10:26.013896 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 46 connections across 1 hosts: TCP(46), UDP(0) [**] 06/07-19:10:27.240816 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 47 connections across 1 hosts: TCP(47), UDP(0) [**] 06/07-19:10:30.392042 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 47 connections across 1 hosts: TCP(47), UDP(0) [**] 06/07-19:10:31.003833 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 37 connections across 1 hosts: TCP(37), UDP(0) [**] 06/07-19:10:34.100151 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 48 connections across 1 hosts: TCP(48), UDP(0) [**] 06/07-19:10:35.399526 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 51 connections across 1 hosts: TCP(51), UDP(0) [**] 06/07-19:10:38.444418 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 40 connections across 1 hosts: TCP(40), UDP(0) [**] 06/07-19:10:39.079853 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 51 connections across 1 hosts: TCP(51), UDP(0) [**] 06/07-19:10:42.165375 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 51 connections across 1 hosts: TCP(51), UDP(0) [**] 06/07-19:10:43.623869 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 50 connections across 1 hosts: TCP(50), UDP(0) [**] 06/07-19:10:46.185770 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 50 connections across 1 hosts: TCP(50), UDP(0) [**] 06/07-19:10:47.430167 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 52 connections across 1 hosts: TCP(52), UDP(0) [**] 06/07-19:10:50.528751 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 51 connections across 1 hosts: TCP(51), UDP(0) [**] 06/07-19:10:51.172239 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 40 connections across 1 hosts: TCP(40), UDP(0) [**] 06/07-19:10:54.251588 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 53 connections across 1 hosts: TCP(53), UDP(0) [**] 06/07-19:10:55.492145 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 49 connections across 1 hosts: TCP(49), UDP(0) [**] 06/07-19:10:58.012013 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 43 connections across 1 hosts: TCP(43), UDP(0) [**] 06/07-19:10:59.207773 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 51 connections across 1 hosts: TCP(51), UDP(0) [**] 06/07-19:11:02.011670 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 42 connections across 1 hosts: TCP(42), UDP(0) [**] 06/07-19:11:03.194739 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 56 connections across 1 hosts: TCP(56), UDP(0) [**] 06/07-19:11:06.290824 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 56 connections across 1 hosts: TCP(56), UDP(0) [**] 06/07-19:11:07.632323 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 55 connections across 1 hosts: TCP(55), UDP(0) [**] 06/07-19:11:10.010885 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 55 connections across 1 hosts: TCP(55), UDP(0) [**] 06/07-19:11:11.253928 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 56 connections across 1 hosts: TCP(56), UDP(0) [**] 06/07-19:11:14.384014 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 55 connections across 1 hosts: TCP(55), UDP(0) [**] 06/07-19:11:15.016696 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 43 connections across 1 hosts: TCP(43), UDP(0) [**] 06/07-19:11:18.073147 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 50 connections across 1 hosts: TCP(50), UDP(0) [**] 06/07-19:11:19.313401 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 59 connections across 1 hosts: TCP(59), UDP(0) [**] 06/07-19:11:22.412646 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 46 connections across 1 hosts: TCP(46), UDP(0) [**] 06/07-19:11:23.140077 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 59 connections across 1 hosts: TCP(59), UDP(0) [**] 06/07-19:11:26.130605 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 60 connections across 1 hosts: TCP(60), UDP(0) [**] 06/07-19:11:27.374069 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 60 connections across 1 hosts: TCP(60), UDP(0) [**] 06/07-19:11:30.517396 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 59 connections across 1 hosts: TCP(59), UDP(0) [**] 06/07-19:11:31.093003 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 46 connections across 1 hosts: TCP(46), UDP(0) [**] 06/07-19:11:34.226802 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 60 connections across 1 hosts: TCP(60), UDP(0) [**] 06/07-19:11:35.485081 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 60 connections across 1 hosts: TCP(60), UDP(0) [**] 06/07-19:11:38.005456 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 46 connections across 1 hosts: TCP(46), UDP(0) [**] 06/07-19:11:39.172272 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 60 connections across 1 hosts: TCP(60), UDP(0) [**] 06/07-19:11:42.275407 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 60 connections across 1 hosts: TCP(60), UDP(0) [**] 06/07-19:11:43.517105 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 61 connections across 1 hosts: TCP(61), UDP(0) [**] 06/07-19:11:46.136805 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 62 connections across 1 hosts: TCP(62), UDP(0) [**] 06/07-19:11:47.236882 [**] [111:12:1] (spp_stream4) NMAP FINGERPRINT (stateful) detection [**] [**] [111:12:1] (spp_stream4) NMAP FINGERPRINT (stateful) detection [**] 06/07-19:11:49.107996 200.122.34.132:37445 -> 200.122.34.55:21 TCP TTL:40 TOS:0x0 ID:24618 IpLen:20 DgmLen:60 ***A**** Seq: 0xA24EF40D Ack: 0x0 Win: 0x1000 TcpLen: 40 TCP Options (5) => 06/07-19:11:49.107996 200.122.34.132:37445 -> 200.122.34.55:21 TCP TTL:40 TOS:0x0 ID:24618 IpLen:20 DgmLen:60 ***A**** Seq: 0xA24EF40D Ack: 0x0 Win: 0x1000 TcpLen: 40 TCP Options (5) => WS: 10 NOP MSS: 265 TS: 1061109567 0 EOL WS: 10 TCP Options => NOP MSS: 265 TS: 1061109567 0 EOL [**] [111:10:1] (spp_stream4) STEALTH ACTIVITY (XMAS scan) detection [**] 06/07-19:11:49.129030 200.122.34.132:37448 -> 200.122.34.55:2 TCP TTL:40 TOS:0x0 ID:4747 IpLen:20 DgmLen:60 **U*P**F Seq: 0xA24EF40D Ack: 0x0 Win: 0x1000 TcpLen: 40 UrgPtr: 0x0 TCP Options (5) => WS: 10 NOP MSS: 265 TS: 1061109567 0 EOL [**] [111:10:1] (spp_stream4) STEALTH ACTIVITY (XMAS scan) detection [**] 06/07-19:11:49.129030 200.122.34.132:37448 -> 200.122.34.55:2 TCP TTL:40 TOS:0x0 ID:4747 IpLen:20 DgmLen:60 **U*P**F Seq: 0xA24EF40D Ack: 0x0 Win: 0x1000 TcpLen: 40 UrgPtr: 0x0 TCP Options (5) => WS: 10 NOP MSS: 265 TS: 1061109567 0 EOL [**] [111:9:1] (spp_stream4) STEALTH ACTIVITY (NULL scan) detection [**] 06/07-19:11:52.259791 200.122.34.132:37443 -> 200.122.34.55:21 TCP TTL:40 TOS:0x0 ID:15165 IpLen:20 DgmLen:60 ******** Seq: 0xA24EF40D Ack: 0x0 Win: 0x1000 TcpLen: 40 TCP Options (5) => WS: 10 NOP MSS: 265 TS: 1061109567 0 EOL [**] [111:9:1] (spp_stream4) STEALTH ACTIVITY (NULL scan) detection [**] 06/07-19:11:52.259791 200.122.34.132:37443 -> 200.122.34.55:21 TCP TTL:40 TOS:0x0 ID:15165 IpLen:20 DgmLen:60 ******** Seq: 0xA24EF40D Ack: 0x0 Win: 0x1000 TcpLen: 40 TCP Options (5) => WS: 10 NOP MSS: 265 TS: 1061109567 0 EOL [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 25 connections across 1 hosts: TCP(25), UDP(0) STEALTH [**] 06/07-19:11:53.896212 [**] [111:10:1] (spp_stream4) STEALTH ACTIVITY (XMAS scan) detection [**] 06/07-19:11:52.279219 200.122.34.132:37448 -> 200.122.34.55:2 TCP TTL:40 TOS:0x0 ID:51359 IpLen:20 DgmLen:60 **U*P**F Seq: 0xA24EF40D Ack: 0x0 Win: 0x1000 TcpLen: 40 UrgPtr: 0x0 TCP Options (5) => WS: 10 NOP MSS: 265 TS: 1061109567 0 EOL [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 39 connections across 1 hosts: TCP(39), UDP(0) STEALTH [**] 06/07-19:11:54.415460 [**] [111:10:1] (spp_stream4) STEALTH ACTIVITY (XMAS scan) detection [**] 06/07-19:11:52.279219 200.122.34.132:37448 -> 200.122.34.55:2 TCP TTL:40 TOS:0x0 ID:51359 IpLen:20 DgmLen:60 **U*P**F Seq: 0xA24EF40D Ack: 0x0 Win: 0x1000 TcpLen: 40 UrgPtr: 0x0 TCP Options (5) => WS: 10 NOP MSS: 265 TS: 1061109567 0 EOL [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 3 connections across 1 hosts: TCP(3), UDP(0) STEALTH [**] 06/07-19:11:56.010473 [**] [100:2:1] spp_portscan: portscan status from 200.122.34.132: 3 connections across 1 hosts: TCP(3), UDP(0) STEALTH [**] 06/07-19:11:56.011949 [**] [100:3:1] spp_portscan: End of portscan from 200.122.34.132: TOTAL time(417s) hosts(1) TCP(6327) UDP(0) STEALTH [**] 06/07-19:12:19.482373 [**] [100:3:1] spp_portscan: End of portscan from 200.122.34.132: TOTAL time(303s) hosts(1) TCP(4076) UDP(0) STEALTH [**] 06/07-19:12:19.521541 Franco Catena http://www.surson.com.br tel 011-55390073 cel:82021562 MSN: facdavilla () hotmail com ICQ: 24755602 [Este email está livre de vírus] Verificado por AVG Anti-Vírus (http://www.grisoft.com). Version: 7.0.245 / Virus Database: 263.1.2 - Release Date: 7/6/2004 -- Mensagens enviadas estão livres de vírus. Verificado por AVG Anti-Vírus (http://www.grisoft.com). Version: 7.0.250 / Virus Database: 263.1.2 - Release Date: 7/6/2004 ------------------------------------------------------- This SF.Net email is sponsored by: GNOME Foundation Hackers Unite! GUADEC: The world's #1 Open Source Desktop Event. GNOME Users and Developers European Conference, 28-30th June in Norway http://2004/guadec.org _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Taps, Rx Only Cables & Hubs - Which one(s)? Jim Richards (Jun 08)
- Re: Taps, Rx Only Cables & Hubs - Which one(s)? Rich Adamson (Jun 08)
- Re: Taps, Rx Only Cables & Hubs - Which one(s)? Matt Kettler (Jun 08)
- Snort + Guardian + Acid dont run Franco Catena (Jun 09)
- Re: Snort + Guardian + Acid dont run Alejandro Flores (Jun 09)
- Re: Snort + Guardian + Acid dont run pvm (Jun 09)
- Snort + Guardian + Acid dont run Franco Catena (Jun 09)
- <Possible follow-ups>
- Taps, Rx Only Cables & Hubs - Which one(s)? Jim Richards (Jun 08)
- Taps, Rx Only Cables & Hubs - Which one(s)? Jim Richards (Jun 08)
- RE: Taps, Rx Only Cables & Hubs - Which one(s)? Mike Walter (Jun 08)