Snort mailing list archives

Previous By Date Next
Previous By Thread Next

help re losing internet connectivity (snort/pppd/pppoe related??)

From: "Greg Hauptmann" <greg.hauptmann.ruby () gmail com>
Date: Sun, 12 Oct 2008 14:56:33 +1000
Hi,


I've been occasionally losing internet connectivity. The ADSL connection
seems itself to be OK (per my ADSL modem D-LINK, DSL-504T, interface),
however either a router (www.clarkconnect.com, which terminates ppp
connection), or ADSL modem (in bridge mode) reboot seems to clear things.


"snort" seems to be restarting in the mix of things and I was hoping someone
could take a look at my logs below and see if they could spot anything? Logs
are below.  (REPEATING BITS REMOVED TO LOWER SIZE OF LOG)


Note, there are two points in the morning logs marked below.  One when I
restarted modem to fix issue, and 2nd time I restarted ClarkConnect router
to correct issue.


ROUTER LOG

================================================================================

Oct 12 08:32:41 home dhclient: DHCPREQUEST on eth0 to 10.1.1.1 port 67

Oct 12 08:32:41 home dnsmasq[3379]: DHCPREQUEST(lo) 10.1.1.200:07:e3:cc:eb:12

Oct 12 08:32:41 home dnsmasq[3379]: DHCPNAK(lo) 10.1.1.2 00:07:e3:cc:eb:12
address not available

Oct 12 08:32:48 home dhclient: DHCPREQUEST on eth0 to 10.1.1.1 port 67

Oct 12 08:32:48 home dnsmasq[3379]: DHCPREQUEST(lo) 10.1.1.200:07:e3:cc:eb:12

Oct 12 08:32:48 home dnsmasq[3379]: DHCPNAK(lo) 10.1.1.2 00:07:e3:cc:eb:12
address not available

   <<cut repeating bits to reduce size>

Oct 12 08:54:34 home dhclient: DHCPREQUEST on eth0 to 10.1.1.1 port 67

Oct 12 08:54:34 home dnsmasq[3379]: DHCPREQUEST(lo) 10.1.1.200:07:e3:cc:eb:12

Oct 12 08:54:34 home dnsmasq[3379]: DHCPNAK(lo) 10.1.1.2 00:07:e3:cc:eb:12
address not available

Oct 12 08:57:20 home dhclient: DHCPREQUEST on eth0 to 255.255.255.255 port
67

Oct 12 08:57:20 home dhclient: DHCPACK from 10.1.1.1

Oct 12 08:57:20 home dhclient: bound to 10.1.1.2 -- renewal in 1472 seconds.

Oct 12 09:21:52 home dhclient: DHCPREQUEST on eth0 to 10.1.1.1 port 67

Oct 12 09:21:52 home dnsmasq[3379]: DHCPREQUEST(lo) 10.1.1.200:07:e3:cc:eb:12

Oct 12 09:21:52 home dnsmasq[3379]: DHCPNAK(lo) 10.1.1.2 00:07:e3:cc:eb:12
address not available

   <<cut repeating bits to reduce size>

Oct 12 09:48:00 home dhclient: DHCPREQUEST on eth0 to 10.1.1.1 port 67

Oct 12 09:48:00 home dnsmasq[3379]: DHCPREQUEST(lo) 10.1.1.200:07:e3:cc:eb:12

Oct 12 09:48:00 home dnsmasq[3379]: DHCPNAK(lo) 10.1.1.2 00:07:e3:cc:eb:12
address not available

Oct 12 09:51:13 home dhclient: DHCPREQUEST on eth0 to 255.255.255.255 port
67

Oct 12 09:51:13 home dhclient: DHCPACK from 10.1.1.1

Oct 12 09:51:13 home dhclient: bound to 10.1.1.2 -- renewal in 1414 seconds.

Oct 12 10:01:19 home dnsmasq[3379]: DHCPDISCOVER(eth1) 00:12:5a:b9:1d:14

Oct 12 10:01:19 home dnsmasq[3379]: DHCPOFFER(eth1) 10.1.1.11100:12:5a:b9:1d:14

Oct 12 10:01:19 home dnsmasq[3379]: DHCPREQUEST(eth1)
10.1.1.11100:12:5a:b9:1d:14

Oct 12 10:01:19 home dnsmasq[3379]: DHCPACK(eth1) 10.1.1.11100:12:5a:b9:1d:14

   <<cut repeating bits to reduce size>

Oct 12 10:18:04 home dhclient: DHCPREQUEST on eth0 to 10.1.1.1 port 67

Oct 12 10:18:04 home dnsmasq[3379]: DHCPREQUEST(lo) 10.1.1.200:07:e3:cc:eb:12

Oct 12 10:18:04 home dnsmasq[3379]: DHCPNAK(lo) 10.1.1.2 00:07:e3:cc:eb:12
address not available

Oct 12 10:18:25 home pppd[1842]: No response to 5 echo-requests

Oct 12 10:18:25 home pppd[1842]: Serial link appears to be disconnected.

Oct 12 10:18:25 home pppd[1842]: Connect time 186.0 minutes.

Oct 12 10:18:25 home pppd[1842]: Sent 12656857 bytes, received 325184364
bytes.

Oct 12 10:18:25 home snort[3454]: pcap_loop: recvfrom: Network is down

Oct 12 10:18:25 home snort[3454]: Final Flow Statistics

Oct 12 10:18:25 home snort[3454]: Frag3 statistics:

Oct 12 10:18:25 home snort[3454]:         Total Fragments: 0

Oct 12 10:18:25 home snort[3454]:       Frags Reassembled: 0

Oct 12 10:18:25 home snort[3454]:                Discards: 0

Oct 12 10:18:25 home snort[3454]:           Memory Faults: 0

Oct 12 10:18:25 home snort[3454]:                Timeouts: 0

Oct 12 10:18:25 home snort[3454]:                Overlaps: 0

Oct 12 10:18:25 home snort[3454]:               Anomalies: 0

Oct 12 10:18:25 home snort[3454]:                  Alerts: 0

Oct 12 10:18:25 home snort[3454]:      FragTrackers Added: 0

Oct 12 10:18:25 home snort[3454]:     FragTrackers Dumped: 0

Oct 12 10:18:25 home snort[3454]: FragTrackers Auto Freed: 0

Oct 12 10:18:25 home snort[3454]:     Frag Nodes Inserted: 0

Oct 12 10:18:25 home snort[3454]:      Frag Nodes Deleted: 0

Oct 12 10:18:25 home snort[3454]:
===============================================================================

Oct 12 10:18:25 home snort[3454]: INFO => [Alert_FWsam](FWsamCheckOut)
Disconnecting from host 127.0.0.1.

Oct 12 10:18:25 home snort[3454]: Snort exiting

Oct 12 10:18:25 home kernel: device ppp0 left promiscuous mode

Oct 12 10:18:25 home kernel: audit(1223770705.685:5): dev=ppp0 prom=0
old_prom=256 auid=4294967295

Oct 12 10:18:25 home NET: /etc/sysconfig/network-scripts/ifdown-post :
updated /etc/resolv.conf

Oct 12 10:18:27 home dnsmasq[3379]: reading /etc/resolv.conf

Oct 12 10:18:27 home dnsmasq[3379]: ignoring nameserver 10.1.1.1 - local
interface

Oct 12 10:18:28 home adsl-stop: Killing pppd

Oct 12 10:18:28 home pppd[1842]: Terminating on signal 15

Oct 12 10:18:28 home adsl-stop: Killing adsl-connect

Oct 12 10:18:31 home pppd[1842]: Connection terminated.

Oct 12 10:18:31 home pppd[1842]: Modem hangup

Oct 12 10:18:33 home pppd[1842]: Terminating on signal 15

Oct 12 10:18:33 home pppd[1842]: Exit.

Oct 12 10:18:33 home pppoe[1856]: read (asyncReadFromPPP): Session 366:
Input/output error

Oct 12 10:18:33 home pppoe[1856]: Sent PADT

Oct 12 10:18:35 home dhclient: DHCPREQUEST on eth0 to 10.1.1.1 port 67

Oct 12 10:18:35 home dnsmasq[3379]: DHCPREQUEST(lo) 10.1.1.200:07:e3:cc:eb:12

Oct 12 10:18:35 home dnsmasq[3379]: DHCPNAK(lo) 10.1.1.2 00:07:e3:cc:eb:12
address not available

Oct 12 10:18:35 home pppd[16525]: pppd 2.4.3 started by root, uid 0

Oct 12 10:18:36 home pppd[16525]: Using interface ppp0

Oct 12 10:18:36 home pppd[16525]: Connect: ppp0 <--> /dev/pts/0

Oct 12 10:18:36 home pppoe[16526]: PPP session is 337

Oct 12 10:18:38 home pppd[16525]: PAP authentication succeeded

Oct 12 10:18:38 home pppd[16525]: local  IP address 123.233.121.32

Oct 12 10:18:38 home pppd[16525]: remote IP address 10.20.20.210

Oct 12 10:18:38 home pppd[16525]: primary   DNS address 203.12.160.35

Oct 12 10:18:38 home pppd[16525]: secondary DNS address 203.12.160.36

Oct 12 10:18:38 home NET: /etc/sysconfig/network-scripts/ifup-post : updated
/etc/resolv.conf

Oct 12 10:18:39 home firewall:  succeeded

Oct 12 10:18:40 home dnsmasq[3379]: reading /etc/resolv.conf

Oct 12 10:18:40 home dnsmasq[3379]: using nameserver 203.12.160.36#53

Oct 12 10:18:40 home dnsmasq[3379]: using nameserver 203.12.160.35#53

Oct 12 10:18:55 home firewall:  succeeded

Oct 12 10:19:06 home firewall:  succeeded

Oct 12 10:19:06 home snort: snort shutdown failed

Oct 12 10:19:07 home kernel: device ppp0 entered promiscuous mode

Oct 12 10:19:07 home kernel: audit(1223770747.015:6): dev=ppp0 prom=256
old_prom=0 auid=4294967295

Oct 12 10:19:07 home snort[17399]: Initializing daemon mode

Oct 12 10:19:07 home snort[17400]: PID path stat checked out ok, PID path
set to /var/run/

Oct 12 10:19:07 home snort[17400]: Writing PID "17400" to file
"/var/run//snort_ppp0.pid"

Oct 12 10:19:07 home snort[17400]: Parsing Rules file /etc/snort.conf

Oct 12 10:19:07 home snort[17400]: ,-----------[Flow
Config]----------------------

Oct 12 10:19:07 home snort[17400]: | Stats Interval:  0

Oct 12 10:19:07 home snort[17400]: | Hash Method:     2

Oct 12 10:19:07 home snort[17400]: | Memcap:          10485760

Oct 12 10:19:07 home snort[17400]: | Rows  :          4099

Oct 12 10:19:07 home snort[17400]: | Overhead Bytes:  16400(%0.16)

Oct 12 10:19:07 home snort: snort startup succeeded

Oct 12 10:19:07 home snort[17400]:
`----------------------------------------------

Oct 12 10:19:07 home snort[17400]: Frag3 global config:

Oct 12 10:19:07 home snort[17400]:     Max frags: 65536

Oct 12 10:19:07 home snort[17400]:     Fragment memory cap: 4194304 bytes

Oct 12 10:19:07 home snort[17400]: Frag3 engine config:

Oct 12 10:19:07 home snort[17400]:     Target-based policy: FIRST

Oct 12 10:19:07 home snort[17400]:     Fragment timeout: 60 seconds

Oct 12 10:19:07 home snort[17400]:     Fragment min_ttl:   1

Oct 12 10:19:07 home snort[17400]:     Fragment ttl_limit: 5

Oct 12 10:19:07 home snort[17400]:     Fragment Problems: 1

Oct 12 10:19:07 home snort[17400]:     Bound Addresses: 0.0.0.0/0.0.0.0

Oct 12 10:19:07 home snort[17400]: Stream4 config:

Oct 12 10:19:07 home snort[17400]:     Stateful inspection: ACTIVE

Oct 12 10:19:07 home snort[17400]:     Session statistics: INACTIVE

Oct 12 10:19:07 home snort[17400]:     Session timeout: 30 seconds

Oct 12 10:19:07 home snort[17400]:     Session memory cap: 8388608 bytes

Oct 12 10:19:07 home snort[17400]:     Session count max: 8192 sessions

Oct 12 10:19:07 home snort[17400]:     Session cleanup count: 5

Oct 12 10:19:07 home snort[17400]:     State alerts: INACTIVE

Oct 12 10:19:07 home snort[17400]:     Evasion alerts: INACTIVE

Oct 12 10:19:07 home snort[17400]:     Scan alerts: INACTIVE

Oct 12 10:19:07 home snort[17400]:     Log Flushed Streams: INACTIVE

Oct 12 10:19:07 home snort[17400]:     MinTTL: 1

Oct 12 10:19:07 home snort[17400]:     TTL Limit: 5

Oct 12 10:19:07 home snort[17400]:     Async Link: 0

Oct 12 10:19:07 home snort[17400]:     State Protection: 0

Oct 12 10:19:07 home snort[17400]:     Self preservation threshold: 50

Oct 12 10:19:07 home snort[17400]:     Self preservation period: 90

Oct 12 10:19:07 home snort[17400]:     Suspend threshold: 200

Oct 12 10:19:07 home snort[17400]:     Suspend period: 30

Oct 12 10:19:07 home snort[17400]:     Enforce TCP State: INACTIVE

Oct 12 10:19:07 home snort[17400]:     Midstream Drop Alerts: INACTIVE

Oct 12 10:19:07 home snort[17400]:     Server Data Inspection Limit: -1

Oct 12 10:19:07 home snort[17400]: WARNING /etc/snort.conf(373) =>
flush_behavior set in config file, using old static flushpoints (0)

Oct 12 10:19:07 home snort[17400]: Stream4_reassemble config:

Oct 12 10:19:07 home snort[17400]:     Server reassembly: INACTIVE

Oct 12 10:19:07 home snort[17400]:     Client reassembly: ACTIVE

Oct 12 10:19:07 home snort[17400]:     Reassembler alerts: ACTIVE

Oct 12 10:19:07 home snort[17400]:     Zero out flushed packets: INACTIVE

Oct 12 10:19:07 home snort[17400]:     Flush stream on alert: INACTIVE

Oct 12 10:19:07 home snort[17400]:     flush_data_diff_size: 500

Oct 12 10:19:07 home snort[17400]:     Reassembler Packet Preferance : Favor
Old

Oct 12 10:19:07 home snort[17400]:     Packet Sequence Overlap Limit: -1

Oct 12 10:19:07 home snort[17400]:     Flush behavior: Small (<255 bytes)

Oct 12 10:19:07 home snort[17400]:     Ports: 21 23 25 42 53 80 110 111 135
136 137 139 143 445 513 1433 1521 3306

Oct 12 10:19:07 home snort[17400]:     Emergency Ports: 21 23 25 42 53 80
110 111 135 136 137 139 143 445 513 1433 1521 3306

Oct 12 10:19:07 home snort[17400]: rpc_decode arguments:

Oct 12 10:19:07 home snort[17400]:     Ports to decode RPC on: 111 32771

Oct 12 10:19:07 home snort[17400]:     alert_fragments: INACTIVE

Oct 12 10:19:07 home snort[17400]:     alert_large_fragments: ACTIVE

Oct 12 10:19:07 home snort[17400]:     alert_incomplete: ACTIVE

Oct 12 10:19:07 home snort[17400]:     alert_multiple_requests: ACTIVE

Oct 12 10:19:07 home snort[17400]: telnet_decode arguments:

Oct 12 10:19:07 home snort[17400]:     Ports to decode telnet on: 21 23 25
119

Oct 12 10:19:07 home snort[17400]: Portscan Detection Config:

Oct 12 10:19:07 home snort[17400]:     Detect Protocols:  TCP UDP ICMP IP

Oct 12 10:19:07 home snort[17400]:     Detect Scan Type:  portscan portsweep
decoy_portscan distributed_portscan

Oct 12 10:19:07 home snort[17400]:     Sensitivity Level: Low

Oct 12 10:19:07 home snort[17400]:     Memcap (in bytes): 10000000

Oct 12 10:19:07 home snort[17400]:     Number of Nodes:   36900

Oct 12 10:19:07 home snort[17400]:

Oct 12 10:19:07 home snort[17400]: INFO => [Alert_FWsam](FWsamCheckIn)
Connected to host 127.0.0.1.

Oct 12 10:19:07 home snort[17400]: Warning: flowbits key
'community_uri.size.1050' is set but not ever checked.

Oct 12 10:19:07 home snort[17400]:

Oct 12 10:19:07 home snort[17400]:
+-----------------------[thresholding-config]----------------------------------

Oct 12 10:19:07 home snort[17400]: | memory-cap : 1048576 bytes

Oct 12 10:19:07 home snort[17400]:
+-----------------------[thresholding-global]----------------------------------

Oct 12 10:19:07 home snort[17400]: | none

Oct 12 10:19:07 home snort[17400]:
+-----------------------[thresholding-local]-----------------------------------

Oct 12 10:19:07 home snort[17400]: | gen-id=1      sig-id=3527
type=Limit     tracking=dst count=5   seconds=60

Oct 12 10:19:07 home snort[17400]: | gen-id=1      sig-id=100000877
type=Limit     tracking=src count=1   seconds=300

Oct 12 10:19:07 home snort[17400]: | gen-id=1      sig-id=2000049
type=Limit     tracking=dst count=1   seconds=60

Oct 12 10:19:07 home snort[17400]: | gen-id=1      sig-id=100000161
type=Both      tracking=dst count=100 seconds=60

Oct 12 10:19:07 home snort[17400]: | gen-id=1      sig-id=100000160
type=Both      tracking=src count=300 seconds=60

Oct 12 10:19:07 home snort[17400]: | gen-id=1      sig-id=100000208
type=Threshold tracking=src count=50  seconds=60

Oct 12 10:19:07 home snort[17400]: | gen-id=1      sig-id=3000001
type=Threshold tracking=src count=6   seconds=30

Oct 12 10:19:07 home snort[17400]: | gen-id=1      sig-id=2523
type=Both      tracking=dst count=10  seconds=10

Oct 12 10:19:07 home snort[17400]: | gen-id=1      sig-id=2275
type=Threshold tracking=dst count=5   seconds=60

Oct 12 10:19:07 home snort[17400]: | gen-id=1      sig-id=2000031
type=Limit     tracking=dst count=1   seconds=60

Oct 12 10:19:07 home snort[17400]: | gen-id=1      sig-id=2000048
type=Limit     tracking=dst count=1   seconds=60

Oct 12 10:19:07 home snort[17400]: | gen-id=1      sig-id=2496
type=Both      tracking=dst count=20  seconds=60

Oct 12 10:19:07 home snort[17400]: | gen-id=1      sig-id=100000162
type=Both      tracking=src count=100 seconds=60

Oct 12 10:19:07 home snort[17400]: | gen-id=1      sig-id=3000002
type=Threshold tracking=src count=6   seconds=30

Oct 12 10:19:07 home snort[17400]: | gen-id=1      sig-id=2001906
type=Both      tracking=src count=5   seconds=60

Oct 12 10:19:07 home snort[17400]: | gen-id=1      sig-id=100000159
type=Both      tracking=src count=100 seconds=60

Oct 12 10:19:08 home snort[17400]: | gen-id=1      sig-id=100000158
type=Both      tracking=src count=100 seconds=60

Oct 12 10:19:08 home snort[17400]: | gen-id=1      sig-id=100000163
type=Both      tracking=src count=100 seconds=60

Oct 12 10:19:08 home snort[17400]: | gen-id=1      sig-id=3152
type=Threshold tracking=src count=5   seconds=2

Oct 12 10:19:08 home snort[17400]: | gen-id=1      sig-id=3273
type=Threshold tracking=src count=5   seconds=2

Oct 12 10:19:08 home snort[17400]: | gen-id=1      sig-id=2494
type=Both      tracking=dst count=20  seconds=60

Oct 12 10:19:08 home snort[17400]: | gen-id=1      sig-id=2495
type=Both      tracking=dst count=20  seconds=60

Oct 12 10:19:08 home snort[17400]:
+-----------------------[suppression]------------------------------------------

Oct 12 10:19:08 home snort[17400]: | none

Oct 12 10:19:08 home snort[17400]:
-------------------------------------------------------------------------------

Oct 12 10:19:08 home snort[17400]: Rule application order:
->activation->dynamic->drop->alert->pass->log

Oct 12 10:19:08 home snort[17400]: Log directory = /var/log/snort

Oct 12 10:19:08 home snort[17400]: Snort initialization completed
successfully (pid=17400)

Oct 12 10:19:09 home dhclient: DHCPREQUEST on eth0 to 10.1.1.1 port 67

Oct 12 10:19:09 home dnsmasq[3379]: DHCPREQUEST(lo) 10.1.1.200:07:e3:cc:eb:12

Oct 12 10:19:09 home dnsmasq[3379]: DHCPNAK(lo) 10.1.1.2 00:07:e3:cc:eb:12
address not available

   <<cut repeating bits to reduce size>

Oct 12 10:43:56 home dhclient: DHCPREQUEST on eth0 to 255.255.255.255 port
67

Oct 12 10:43:56 home dhclient: DHCPACK from 10.1.1.1

Oct 12 10:43:56 home dhclient: bound to 10.1.1.2 -- renewal in 1514 seconds.

   <<cut repeating bits to reduce size>

Oct 12 11:15:21 home dhclient: DHCPREQUEST on eth0 to 10.1.1.1 port 67

Oct 12 11:15:21 home dnsmasq[3379]: DHCPREQUEST(lo) 10.1.1.200:07:e3:cc:eb:12

Oct 12 11:15:21 home dnsmasq[3379]: DHCPNAK(lo) 10.1.1.2 00:07:e3:cc:eb:12
address not available

Oct 12 11:16:01 home kernel: e100: eth0: e100_watchdog: link down

Oct 12 11:16:11 home kernel: e100: eth0: e100_watchdog: link up, 100Mbps,
full-duplex

Oct 12 11:16:32 home dhclient: DHCPREQUEST on eth0 to 10.1.1.1 port 67

Oct 12 11:16:32 home dnsmasq[3379]: DHCPREQUEST(lo) 10.1.1.200:07:e3:cc:eb:12

Oct 12 11:16:32 home dnsmasq[3379]: DHCPNAK(lo) 10.1.1.2 00:07:e3:cc:eb:12
address not available

Oct 12 11:16:53 home dnsmasq[3379]: DHCPDISCOVER(eth1) 00:12:5a:b9:1d:14

Oct 12 11:16:53 home dnsmasq[3379]: DHCPOFFER(eth1) 10.1.1.11100:12:5a:b9:1d:14

Oct 12 11:16:53 home dnsmasq[3379]: DHCPREQUEST(eth1)
10.1.1.11100:12:5a:b9:1d:14

Oct 12 11:16:53 home dnsmasq[3379]: DHCPACK(eth1) 10.1.1.11100:12:5a:b9:1d:14

Oct 12 11:17:26 home adsl-stop: Killing pppd

Oct 12 11:17:26 home pppd[16525]: Terminating on signal 15

Oct 12 11:17:26 home pppd[16525]: Connect time 58.8 minutes.

Oct 12 11:17:26 home pppd[16525]: Sent 242498 bytes, received 470452 bytes.

Oct 12 11:17:26 home snort[17400]: pcap_loop: recvfrom: Network is down

Oct 12 11:17:26 home snort[17400]: Final Flow Statistics

Oct 12 11:17:26 home snort[17400]: Frag3 statistics:

Oct 12 11:17:26 home snort[17400]:         Total Fragments: 0

Oct 12 11:17:26 home snort[17400]:       Frags Reassembled: 0

Oct 12 11:17:26 home snort[17400]:                Discards: 0

Oct 12 11:17:26 home snort[17400]:           Memory Faults: 0

Oct 12 11:17:26 home snort[17400]:                Timeouts: 0

Oct 12 11:17:26 home snort[17400]:                Overlaps: 0

Oct 12 11:17:26 home snort[17400]:               Anomalies: 0

Oct 12 11:17:26 home snort[17400]:                  Alerts: 0

Oct 12 11:17:26 home snort[17400]:      FragTrackers Added: 0

Oct 12 11:17:26 home snort[17400]:     FragTrackers Dumped: 0

Oct 12 11:17:26 home snort[17400]: FragTrackers Auto Freed: 0

Oct 12 11:17:26 home snort[17400]:     Frag Nodes Inserted: 0

Oct 12 11:17:26 home snort[17400]:      Frag Nodes Deleted: 0

Oct 12 11:17:26 home snort[17400]:
===============================================================================

Oct 12 11:17:26 home snort[17400]: INFO => [Alert_FWsam](FWsamCheckOut)
Disconnecting from host 127.0.0.1.

Oct 12 11:17:26 home snort[17400]: Snort exiting

Oct 12 11:17:26 home kernel: device ppp0 left promiscuous mode

Oct 12 11:17:26 home kernel: audit(1223774246.763:7): dev=ppp0 prom=0
old_prom=256 auid=4294967295

Oct 12 11:17:26 home adsl-stop: Killing adsl-connect

Oct 12 11:17:26 home NET: /etc/sysconfig/network-scripts/ifdown-post :
updated /etc/resolv.conf

Oct 12 11:17:29 home dnsmasq[3379]: reading /etc/resolv.conf

Oct 12 11:17:29 home dnsmasq[3379]: ignoring nameserver 10.1.1.1 - local
interface

Oct 12 11:17:31 home pppd[16525]: Terminating on signal 15

Oct 12 11:17:32 home pppd[16525]: Connection terminated.

Oct 12 11:17:32 home pppd[16525]: Modem hangup

Oct 12 11:17:34 home pppd[9884]: pppd 2.4.3 started by root, uid 0

Oct 12 11:17:34 home pppd[9884]: Using interface ppp0

Oct 12 11:17:34 home pppd[9884]: Connect: ppp0 <--> /dev/pts/2

Oct 12 11:17:34 home pppoe[9885]: PPP session is 31

Oct 12 11:17:36 home pppd[9884]: PAP authentication succeeded

Oct 12 11:17:36 home pppd[9884]: local  IP address 123.233.121.32

Oct 12 11:17:36 home pppd[9884]: remote IP address 10.20.20.210

Oct 12 11:17:36 home pppd[9884]: primary   DNS address 203.12.160.35

Oct 12 11:17:36 home pppd[9884]: secondary DNS address 203.12.160.36

Oct 12 11:17:36 home NET: /etc/sysconfig/network-scripts/ifup-post : updated
/etc/resolv.conf

Oct 12 11:17:36 home firewall:  succeeded

Oct 12 11:17:37 home pppd[16525]: Exit.

Oct 12 11:17:37 home pppoe[16526]: read (asyncReadFromPPP): Session 337:
Input/output error

Oct 12 11:17:37 home pppoe[16526]: Sent PADT

Oct 12 11:17:47 home dnsmasq[3379]: reading /etc/resolv.conf

Oct 12 11:17:47 home dnsmasq[3379]: using nameserver 203.12.160.36#53

Oct 12 11:17:47 home dnsmasq[3379]: using nameserver 203.12.160.35#53

Oct 12 11:17:53 home firewall:  succeeded

Oct 12 11:18:04 home firewall:  succeeded

Oct 12 11:18:04 home snort: snort shutdown failed

Oct 12 11:18:05 home kernel: device ppp0 entered promiscuous mode

Oct 12 11:18:05 home kernel: audit(1223774285.080:8): dev=ppp0 prom=256
old_prom=0 auid=4294967295

Oct 12 11:18:05 home snort[10663]: Initializing daemon mode

Oct 12 11:18:05 home snort[10664]: PID path stat checked out ok, PID path
set to /var/run/

Oct 12 11:18:05 home snort[10664]: Writing PID "10664" to file
"/var/run//snort_ppp0.pid"

Oct 12 11:18:05 home snort[10664]: Parsing Rules file /etc/snort.conf

Oct 12 11:18:05 home snort[10664]: ,-----------[Flow
Config]----------------------

Oct 12 11:18:05 home snort[10664]: | Stats Interval:  0

Oct 12 11:18:05 home snort[10664]: | Hash Method:     2

Oct 12 11:18:05 home snort[10664]: | Memcap:          10485760

Oct 12 11:18:05 home snort[10664]: | Rows  :          4099

Oct 12 11:18:05 home snort[10664]: | Overhead Bytes:  16400(%0.16)

Oct 12 11:18:05 home snort[10664]:
`----------------------------------------------

Oct 12 11:18:05 home snort[10664]: Frag3 global config:

Oct 12 11:18:05 home snort[10664]:     Max frags: 65536

Oct 12 11:18:05 home snort[10664]:     Fragment memory cap: 4194304 bytes

Oct 12 11:18:05 home snort[10664]: Frag3 engine config:

Oct 12 11:18:05 home snort[10664]:     Target-based policy: FIRST

Oct 12 11:18:05 home snort[10664]:     Fragment timeout: 60 seconds

Oct 12 11:18:05 home snort[10664]:     Fragment min_ttl:   1

Oct 12 11:18:05 home snort: snort startup succeeded

Oct 12 11:18:05 home snort[10664]:     Fragment ttl_limit: 5

Oct 12 11:18:05 home snort[10664]:     Fragment Problems: 1

Oct 12 11:18:05 home snort[10664]:     Bound Addresses: 0.0.0.0/0.0.0.0

Oct 12 11:18:05 home snort[10664]: Stream4 config:

Oct 12 11:18:05 home snort[10664]:     Stateful inspection: ACTIVE

Oct 12 11:18:05 home snort[10664]:     Session statistics: INACTIVE

Oct 12 11:18:05 home snort[10664]:     Session timeout: 30 seconds

Oct 12 11:18:05 home snort[10664]:     Session memory cap: 8388608 bytes

Oct 12 11:18:05 home snort[10664]:     Session count max: 8192 sessions

Oct 12 11:18:05 home snort[10664]:     Session cleanup count: 5

Oct 12 11:18:05 home snort[10664]:     State alerts: INACTIVE

Oct 12 11:18:05 home snort[10664]:     Evasion alerts: INACTIVE

Oct 12 11:18:05 home snort[10664]:     Scan alerts: INACTIVE

Oct 12 11:18:05 home snort[10664]:     Log Flushed Streams: INACTIVE

Oct 12 11:18:05 home snort[10664]:     MinTTL: 1

Oct 12 11:18:05 home snort[10664]:     TTL Limit: 5

Oct 12 11:18:05 home snort[10664]:     Async Link: 0

Oct 12 11:18:05 home snort[10664]:     State Protection: 0

Oct 12 11:18:05 home snort[10664]:     Self preservation threshold: 50

Oct 12 11:18:05 home snort[10664]:     Self preservation period: 90

Oct 12 11:18:05 home snort[10664]:     Suspend threshold: 200

Oct 12 11:18:05 home snort[10664]:     Suspend period: 30

Oct 12 11:18:05 home snort[10664]:     Enforce TCP State: INACTIVE

Oct 12 11:18:05 home snort[10664]:     Midstream Drop Alerts: INACTIVE

Oct 12 11:18:05 home snort[10664]:     Server Data Inspection Limit: -1

Oct 12 11:18:05 home snort[10664]: WARNING /etc/snort.conf(373) =>
flush_behavior set in config file, using old static flushpoints (0)

Oct 12 11:18:05 home snort[10664]: Stream4_reassemble config:

Oct 12 11:18:05 home snort[10664]:     Server reassembly: INACTIVE

Oct 12 11:18:05 home snort[10664]:     Client reassembly: ACTIVE

Oct 12 11:18:05 home snort[10664]:     Reassembler alerts: ACTIVE

Oct 12 11:18:05 home snort[10664]:     Zero out flushed packets: INACTIVE

Oct 12 11:18:05 home snort[10664]:     Flush stream on alert: INACTIVE

Oct 12 11:18:05 home snort[10664]:     flush_data_diff_size: 500

Oct 12 11:18:05 home snort[10664]:     Reassembler Packet Preferance : Favor
Old

Oct 12 11:18:05 home snort[10664]:     Packet Sequence Overlap Limit: -1

Oct 12 11:18:05 home snort[10664]:     Flush behavior: Small (<255 bytes)

Oct 12 11:18:05 home snort[10664]:     Ports: 21 23 25 42 53 80 110 111 135
136 137 139 143 445 513 1433 1521 3306

Oct 12 11:18:05 home snort[10664]:     Emergency Ports: 21 23 25 42 53 80
110 111 135 136 137 139 143 445 513 1433 1521 3306

Oct 12 11:18:05 home snort[10664]: rpc_decode arguments:

Oct 12 11:18:05 home snort[10664]:     Ports to decode RPC on: 111 32771

Oct 12 11:18:05 home snort[10664]:     alert_fragments: INACTIVE

Oct 12 11:18:05 home snort[10664]:     alert_large_fragments: ACTIVE

Oct 12 11:18:05 home snort[10664]:     alert_incomplete: ACTIVE

Oct 12 11:18:05 home snort[10664]:     alert_multiple_requests: ACTIVE

Oct 12 11:18:05 home snort[10664]: telnet_decode arguments:

Oct 12 11:18:05 home snort[10664]:     Ports to decode telnet on: 21 23 25
119

Oct 12 11:18:05 home snort[10664]: Portscan Detection Config:

Oct 12 11:18:05 home snort[10664]:     Detect Protocols:  TCP UDP ICMP IP

Oct 12 11:18:05 home snort[10664]:     Detect Scan Type:  portscan portsweep
decoy_portscan distributed_portscan

Oct 12 11:18:05 home snort[10664]:     Sensitivity Level: Low

Oct 12 11:18:05 home snort[10664]:     Memcap (in bytes): 10000000

Oct 12 11:18:05 home snort[10664]:     Number of Nodes:   36900

Oct 12 11:18:05 home snort[10664]:

Oct 12 11:18:05 home snort[10664]: INFO => [Alert_FWsam](FWsamCheckIn)
Connected to host 127.0.0.1.

Oct 12 11:18:05 home snort[10664]: Warning: flowbits key
'community_uri.size.1050' is set but not ever checked.

Oct 12 11:18:05 home snort[10664]:

Oct 12 11:18:05 home snort[10664]:
+-----------------------[thresholding-config]----------------------------------

Oct 12 11:18:05 home snort[10664]: | memory-cap : 1048576 bytes

Oct 12 11:18:05 home snort[10664]:
+-----------------------[thresholding-global]----------------------------------

Oct 12 11:18:05 home snort[10664]: | none

Oct 12 11:18:05 home snort[10664]:
+-----------------------[thresholding-local]-----------------------------------

Oct 12 11:18:05 home snort[10664]: | gen-id=1      sig-id=2495
type=Both      tracking=dst count=20  seconds=60

Oct 12 11:18:05 home snort[10664]: | gen-id=1      sig-id=2000048
type=Limit     tracking=dst count=1   seconds=60

Oct 12 11:18:05 home snort[10664]: | gen-id=1      sig-id=2523
type=Both      tracking=dst count=10  seconds=10

Oct 12 11:18:05 home snort[10664]: | gen-id=1      sig-id=100000159
type=Both      tracking=src count=100 seconds=60

Oct 12 11:18:05 home snort[10664]: | gen-id=1      sig-id=3273
type=Threshold tracking=src count=5   seconds=2

Oct 12 11:18:05 home snort[10664]: | gen-id=1      sig-id=2275
type=Threshold tracking=dst count=5   seconds=60

Oct 12 11:18:05 home snort[10664]: | gen-id=1      sig-id=100000161
type=Both      tracking=dst count=100 seconds=60

Oct 12 11:18:05 home snort[10664]: | gen-id=1      sig-id=2001906
type=Both      tracking=src count=5   seconds=60

Oct 12 11:18:05 home snort[10664]: | gen-id=1      sig-id=100000158
type=Both      tracking=src count=100 seconds=60

Oct 12 11:18:05 home snort[10664]: | gen-id=1      sig-id=100000877
type=Limit     tracking=src count=1   seconds=300

Oct 12 11:18:05 home snort[10664]: | gen-id=1      sig-id=100000163
type=Both      tracking=src count=100 seconds=60

Oct 12 11:18:05 home snort[10664]: | gen-id=1      sig-id=100000160
type=Both      tracking=src count=300 seconds=60

Oct 12 11:18:05 home snort[10664]: | gen-id=1      sig-id=3152
type=Threshold tracking=src count=5   seconds=2

Oct 12 11:18:05 home snort[10664]: | gen-id=1      sig-id=2496
type=Both      tracking=dst count=20  seconds=60

Oct 12 11:18:05 home snort[10664]: | gen-id=1      sig-id=2494
type=Both      tracking=dst count=20  seconds=60

Oct 12 11:18:05 home snort[10664]: | gen-id=1      sig-id=2000049
type=Limit     tracking=dst count=1   seconds=60

Oct 12 11:18:05 home snort[10664]: | gen-id=1      sig-id=3000002
type=Threshold tracking=src count=6   seconds=30

Oct 12 11:18:05 home snort[10664]: | gen-id=1      sig-id=3527
type=Limit     tracking=dst count=5   seconds=60

Oct 12 11:18:05 home snort[10664]: | gen-id=1      sig-id=100000162
type=Both      tracking=src count=100 seconds=60

Oct 12 11:18:05 home snort[10664]: | gen-id=1      sig-id=100000208
type=Threshold tracking=src count=50  seconds=60

Oct 12 11:18:05 home snort[10664]: | gen-id=1      sig-id=3000001
type=Threshold tracking=src count=6   seconds=30

Oct 12 11:18:05 home snort[10664]: | gen-id=1      sig-id=2000031
type=Limit     tracking=dst count=1   seconds=60

Oct 12 11:18:05 home snort[10664]:
+-----------------------[suppression]------------------------------------------

Oct 12 11:18:05 home snort[10664]: | none

Oct 12 11:18:05 home snort[10664]:
-------------------------------------------------------------------------------

Oct 12 11:18:05 home snort[10664]: Rule application order:
->activation->dynamic->drop->alert->pass->log

Oct 12 11:18:05 home snort[10664]: Log directory = /var/log/snort

Oct 12 11:18:06 home snort[10664]: Snort initialization completed
successfully (pid=10664)

Oct 12 11:19:52 home dhclient: DHCPREQUEST on eth0 to 10.1.1.1 port 67

Oct 12 11:19:52 home dnsmasq[3379]: DHCPREQUEST(lo) 10.1.1.200:07:e3:cc:eb:12

Oct 12 11:19:52 home dnsmasq[3379]: DHCPNAK(lo) 10.1.1.2 00:07:e3:cc:eb:12
address not available

   <<cut repeating bits to reduce size>

Oct 12 11:35:39 home dhclient: DHCPREQUEST on eth0 to 10.1.1.1 port 67

Oct 12 11:35:39 home dnsmasq[3379]: DHCPREQUEST(lo) 10.1.1.200:07:e3:cc:eb:12

Oct 12 11:35:39 home dnsmasq[3379]: DHCPNAK(lo) 10.1.1.2 00:07:e3:cc:eb:12
address not available

Oct 12 11:36:42 home dhclient: DHCPREQUEST on eth0 to 255.255.255.255 port
67

Oct 12 11:36:42 home dhclient: DHCPNAK from 10.1.1.1

Oct 12 11:36:42 home dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port
67 interval 6

Oct 12 11:36:43 home dhclient: DHCPOFFER from 10.1.1.1

Oct 12 11:36:43 home dhclient: DHCPREQUEST on eth0 to 255.255.255.255 port
67

Oct 12 11:36:44 home dhclient: DHCPACK from 10.1.1.1

Oct 12 11:36:44 home NET: /sbin/dhclient-script : updated /etc/resolv.conf

Oct 12 11:36:44 home dhclient: bound to 10.1.1.2 -- renewal in 1707 seconds.

Oct 12 11:36:53 home dnsmasq[3379]: reading /etc/resolv.conf

Oct 12 11:36:53 home dnsmasq[3379]: ignoring nameserver 10.1.1.1 - local
interface

Oct 12 12:05:11 home dhclient: DHCPREQUEST on eth0 to 10.1.1.1 port 67

Oct 12 12:05:11 home dnsmasq[3379]: DHCPREQUEST(lo) 10.1.1.200:07:e3:cc:eb:12

Oct 12 12:05:11 home dnsmasq[3379]: DHCPNAK(lo) 10.1.1.2 00:07:e3:cc:eb:12
address not available

   <<cut repeating bits to reduce size>

Oct 12 12:21:23 home dhclient: DHCPREQUEST on eth0 to 10.1.1.1 port 67

Oct 12 12:21:23 home dnsmasq[3379]: DHCPREQUEST(lo) 10.1.1.200:07:e3:cc:eb:12

Oct 12 12:21:23 home dnsmasq[3379]: DHCPNAK(lo) 10.1.1.2 00:07:e3:cc:eb:12
address not available

Oct 12 12:21:26 home dnsmasq[3379]: DHCPREQUEST(eth1) 10.1.1.400:0a:e4:d2:2d:f0

Oct 12 12:21:26 home dnsmasq[3379]: DHCPACK(eth1) 10.1.1.4 00:0a:e4:d2:2d:f0
fredslaptop

Oct 12 12:21:45 home dhclient: DHCPREQUEST on eth0 to 10.1.1.1 port 67

Oct 12 12:21:45 home dnsmasq[3379]: DHCPREQUEST(lo) 10.1.1.200:07:e3:cc:eb:12

Oct 12 12:21:45 home dnsmasq[3379]: DHCPNAK(lo) 10.1.1.2 00:07:e3:cc:eb:12
address not available

Oct 12 12:22:30 home dnsmasq[3379]: DHCPINFORM(eth1) 10.1.1.400:0a:e4:d2:2d:f0

Oct 12 12:22:30 home dnsmasq[3379]: DHCPACK(eth1) 10.1.1.4 00:0a:e4:d2:2d:f0
fredslaptop

Oct 12 12:22:33 home dnsmasq[3379]: DHCPINFORM(eth1) 10.1.1.400:0a:e4:d2:2d:f0

Oct 12 12:22:33 home dnsmasq[3379]: DHCPACK(eth1) 10.1.1.4 00:0a:e4:d2:2d:f0
fredslaptop

Oct 12 12:22:44 home dhclient: DHCPREQUEST on eth0 to 10.1.1.1 port 67

Oct 12 12:22:44 home dnsmasq[3379]: DHCPREQUEST(lo) 10.1.1.200:07:e3:cc:eb:12

Oct 12 12:22:44 home dnsmasq[3379]: DHCPNAK(lo) 10.1.1.2 00:07:e3:cc:eb:12
address not available

Oct 12 12:23:22 home dhclient: DHCPREQUEST on eth0 to 10.1.1.1 port 67

Oct 12 12:23:22 home dnsmasq[3379]: DHCPREQUEST(lo) 10.1.1.200:07:e3:cc:eb:12

Oct 12 12:23:22 home dnsmasq[3379]: DHCPNAK(lo) 10.1.1.2 00:07:e3:cc:eb:12
address not available

Oct 12 12:24:26 home dhclient: DHCPREQUEST on eth0 to 10.1.1.1 port 67

Oct 12 12:24:26 home dnsmasq[3379]: DHCPREQUEST(lo) 10.1.1.200:07:e3:cc:eb:12

Oct 12 12:24:26 home dnsmasq[3379]: DHCPNAK(lo) 10.1.1.2 00:07:e3:cc:eb:12
address not available

Oct 12 12:25:48 home sshd(pam_unix)[3273]: session opened for user root by
(uid=0)

Oct 12 12:26:22 home kernel: e100: eth0: e100_watchdog: link down

Oct 12 12:26:23 home dhclient: DHCPREQUEST on eth0 to 10.1.1.1 port 67

Oct 12 12:26:23 home dnsmasq[3379]: DHCPREQUEST(lo) 10.1.1.200:07:e3:cc:eb:12

Oct 12 12:26:23 home dnsmasq[3379]: DHCPNAK(lo) 10.1.1.2 00:07:e3:cc:eb:12
address not available

Oct 12 12:26:30 home kernel: e100: eth0: e100_watchdog: link up, 100Mbps,
full-duplex

Oct 12 12:26:57 home dhclient: DHCPREQUEST on eth0 to 10.1.1.1 port 67

Oct 12 12:26:57 home dnsmasq[3379]: DHCPREQUEST(lo) 10.1.1.200:07:e3:cc:eb:12

Oct 12 12:26:57 home dnsmasq[3379]: DHCPNAK(lo) 10.1.1.2 00:07:e3:cc:eb:12
address not available

Oct 12 12:28:16 home pppd[9884]: No response to 5 echo-requests

Oct 12 12:28:16 home pppd[9884]: Serial link appears to be disconnected.

Oct 12 12:28:16 home pppd[9884]: Connect time 70.7 minutes.

Oct 12 12:28:16 home pppd[9884]: Sent 184987 bytes, received 449269 bytes.

Oct 12 12:28:16 home snort[10664]: pcap_loop: recvfrom: Network is down

Oct 12 12:28:16 home snort[10664]: Final Flow Statistics

Oct 12 12:28:16 home snort[10664]: Frag3 statistics:

Oct 12 12:28:16 home snort[10664]:         Total Fragments: 0

Oct 12 12:28:16 home snort[10664]:       Frags Reassembled: 0

Oct 12 12:28:16 home snort[10664]:                Discards: 0

Oct 12 12:28:16 home snort[10664]:           Memory Faults: 0

Oct 12 12:28:16 home snort[10664]:                Timeouts: 0

Oct 12 12:28:16 home snort[10664]:                Overlaps: 0

Oct 12 12:28:16 home snort[10664]:               Anomalies: 0

Oct 12 12:28:16 home snort[10664]:                  Alerts: 0

Oct 12 12:28:16 home snort[10664]:      FragTrackers Added: 0

Oct 12 12:28:16 home snort[10664]:     FragTrackers Dumped: 0

Oct 12 12:28:16 home snort[10664]: FragTrackers Auto Freed: 0

Oct 12 12:28:16 home snort[10664]:     Frag Nodes Inserted: 0

Oct 12 12:28:16 home snort[10664]:      Frag Nodes Deleted: 0

Oct 12 12:28:16 home snort[10664]:
===============================================================================

Oct 12 12:28:16 home snort[10664]: INFO => [Alert_FWsam](FWsamCheckOut)
Disconnecting from host 127.0.0.1.

Oct 12 12:28:16 home kernel: device ppp0 left promiscuous mode

Oct 12 12:28:16 home kernel: audit(1223778496.384:9): dev=ppp0 prom=0
old_prom=256 auid=4294967295

Oct 12 12:28:16 home snort[10664]: Snort exiting

Oct 12 12:28:16 home NET: /etc/sysconfig/network-scripts/ifdown-post :
updated /etc/resolv.conf

Oct 12 12:28:19 home dnsmasq[3379]: reading /etc/resolv.conf

Oct 12 12:28:19 home dnsmasq[3379]: ignoring nameserver 10.1.1.1 - local
interface

Oct 12 12:28:21 home dhclient: DHCPREQUEST on eth0 to 10.1.1.1 port 67

Oct 12 12:28:21 home dnsmasq[3379]: DHCPREQUEST(lo) 10.1.1.200:07:e3:cc:eb:12

Oct 12 12:28:21 home dnsmasq[3379]: DHCPNAK(lo) 10.1.1.2 00:07:e3:cc:eb:12
address not available

Oct 12 12:28:22 home pppd[9884]: Connection terminated.

Oct 12 12:28:22 home pppd[9884]: Modem hangup

Oct 12 12:28:23 home adsl-stop: Killing pppd

Oct 12 12:28:23 home pppd[9884]: Terminating on signal 15

Oct 12 12:28:23 home pppd[9884]: Exit.

Oct 12 12:28:23 home pppoe[9885]: read (asyncReadFromPPP): Session 31:
Input/output error

Oct 12 12:28:23 home pppoe[9885]: Sent PADT

Oct 12 12:28:23 home adsl-connect: ADSL connection lost; attempting
re-connection.

Oct 12 12:28:23 home adsl-stop: Killing adsl-connect

Oct 12 12:28:30 home pppd[3489]: pppd 2.4.3 started by root, uid 0

Oct 12 12:28:30 home pppd[3489]: Using interface ppp0

Oct 12 12:28:30 home pppd[3489]: Connect: ppp0 <--> /dev/pts/2

Oct 12 12:28:30 home pppoe[3490]: PPP session is 31

Oct 12 12:28:32 home pppd[3489]: PAP authentication succeeded

Oct 12 12:28:32 home pppd[3489]: local  IP address 123.233.121.32

Oct 12 12:28:32 home pppd[3489]: remote IP address 10.20.20.210

Oct 12 12:28:32 home pppd[3489]: primary   DNS address 203.12.160.35

Oct 12 12:28:32 home pppd[3489]: secondary DNS address 203.12.160.36

Oct 12 12:28:32 home NET: /etc/sysconfig/network-scripts/ifup-post : updated
/etc/resolv.conf

Oct 12 12:28:33 home firewall:  succeeded

Oct 12 12:28:40 home dnsmasq[3379]: reading /etc/resolv.conf

Oct 12 12:28:40 home dnsmasq[3379]: using nameserver 203.12.160.36#53

Oct 12 12:28:40 home dnsmasq[3379]: using nameserver 203.12.160.35#53

Oct 12 12:28:49 home firewall:  succeeded

Oct 12 12:29:00 home firewall:  succeeded

Oct 12 12:29:01 home snort: snort shutdown failed

Oct 12 12:29:01 home kernel: device ppp0 entered promiscuous mode

Oct 12 12:29:01 home kernel: audit(1223778541.246:10): dev=ppp0 prom=256
old_prom=0 auid=4294967295

Oct 12 12:29:01 home snort[4338]: Initializing daemon mode

Oct 12 12:29:01 home snort[4339]: PID path stat checked out ok, PID path set
to /var/run/

Oct 12 12:29:01 home snort[4339]: Writing PID "4339" to file
"/var/run//snort_ppp0.pid"

Oct 12 12:29:01 home snort[4339]: Parsing Rules file /etc/snort.conf

Oct 12 12:29:01 home snort[4339]: ,-----------[Flow
Config]----------------------

Oct 12 12:29:01 home snort[4339]: | Stats Interval:  0

Oct 12 12:29:01 home snort[4339]: | Hash Method:     2

Oct 12 12:29:01 home snort[4339]: | Memcap:          10485760

Oct 12 12:29:01 home snort[4339]: | Rows  :          4099

Oct 12 12:29:01 home snort[4339]: | Overhead Bytes:  16400(%0.16)

Oct 12 12:29:01 home snort[4339]:
`----------------------------------------------

Oct 12 12:29:01 home snort[4339]: Frag3 global config:

Oct 12 12:29:01 home snort[4339]:     Max frags: 65536

Oct 12 12:29:01 home snort[4339]:     Fragment memory cap: 4194304 bytes

Oct 12 12:29:01 home snort[4339]: Frag3 engine config:

Oct 12 12:29:01 home snort[4339]:     Target-based policy: FIRST

Oct 12 12:29:01 home snort[4339]:     Fragment timeout: 60 seconds

Oct 12 12:29:01 home snort[4339]:     Fragment min_ttl:   1

Oct 12 12:29:01 home snort[4339]:     Fragment ttl_limit: 5

Oct 12 12:29:01 home snort[4339]:     Fragment Problems: 1

Oct 12 12:29:01 home snort: snort startup succeeded

Oct 12 12:29:01 home snort[4339]:     Bound Addresses: 0.0.0.0/0.0.0.0

Oct 12 12:29:01 home snort[4339]: Stream4 config:

Oct 12 12:29:01 home snort[4339]:     Stateful inspection: ACTIVE

Oct 12 12:29:01 home snort[4339]:     Session statistics: INACTIVE

Oct 12 12:29:01 home snort[4339]:     Session timeout: 30 seconds

Oct 12 12:29:01 home snort[4339]:     Session memory cap: 8388608 bytes

Oct 12 12:29:01 home snort[4339]:     Session count max: 8192 sessions

Oct 12 12:29:01 home snort[4339]:     Session cleanup count: 5

Oct 12 12:29:01 home snort[4339]:     State alerts: INACTIVE

Oct 12 12:29:01 home snort[4339]:     Evasion alerts: INACTIVE

Oct 12 12:29:01 home snort[4339]:     Scan alerts: INACTIVE

Oct 12 12:29:01 home snort[4339]:     Log Flushed Streams: INACTIVE

Oct 12 12:29:01 home snort[4339]:     MinTTL: 1

Oct 12 12:29:01 home snort[4339]:     TTL Limit: 5

Oct 12 12:29:01 home snort[4339]:     Async Link: 0

Oct 12 12:29:01 home snort[4339]:     State Protection: 0

Oct 12 12:29:01 home snort[4339]:     Self preservation threshold: 50

Oct 12 12:29:01 home snort[4339]:     Self preservation period: 90

Oct 12 12:29:01 home snort[4339]:     Suspend threshold: 200

Oct 12 12:29:01 home snort[4339]:     Suspend period: 30

Oct 12 12:29:01 home snort[4339]:     Enforce TCP State: INACTIVE

Oct 12 12:29:01 home snort[4339]:     Midstream Drop Alerts: INACTIVE

Oct 12 12:29:01 home snort[4339]:     Server Data Inspection Limit: -1

Oct 12 12:29:01 home snort[4339]: WARNING /etc/snort.conf(373) =>
flush_behavior set in config file, using old static flushpoints (0)

Oct 12 12:29:01 home snort[4339]: Stream4_reassemble config:

Oct 12 12:29:01 home snort[4339]:     Server reassembly: INACTIVE

Oct 12 12:29:01 home snort[4339]:     Client reassembly: ACTIVE

Oct 12 12:29:01 home snort[4339]:     Reassembler alerts: ACTIVE

Oct 12 12:29:01 home snort[4339]:     Zero out flushed packets: INACTIVE

Oct 12 12:29:01 home snort[4339]:     Flush stream on alert: INACTIVE

Oct 12 12:29:01 home snort[4339]:     flush_data_diff_size: 500

Oct 12 12:29:01 home snort[4339]:     Reassembler Packet Preferance : Favor
Old

Oct 12 12:29:01 home snort[4339]:     Packet Sequence Overlap Limit: -1

Oct 12 12:29:01 home snort[4339]:     Flush behavior: Small (<255 bytes)

Oct 12 12:29:01 home snort[4339]:     Ports: 21 23 25 42 53 80 110 111 135
136 137 139 143 445 513 1433 1521 3306

Oct 12 12:29:01 home snort[4339]:     Emergency Ports: 21 23 25 42 53 80 110
111 135 136 137 139 143 445 513 1433 1521 3306

Oct 12 12:29:01 home snort[4339]: rpc_decode arguments:

Oct 12 12:29:01 home snort[4339]:     Ports to decode RPC on: 111 32771

Oct 12 12:29:01 home snort[4339]:     alert_fragments: INACTIVE

Oct 12 12:29:01 home snort[4339]:     alert_large_fragments: ACTIVE

Oct 12 12:29:01 home snort[4339]:     alert_incomplete: ACTIVE

Oct 12 12:29:01 home snort[4339]:     alert_multiple_requests: ACTIVE

Oct 12 12:29:01 home snort[4339]: telnet_decode arguments:

Oct 12 12:29:01 home snort[4339]:     Ports to decode telnet on: 21 23 25
119

Oct 12 12:29:01 home snort[4339]: Portscan Detection Config:

Oct 12 12:29:01 home snort[4339]:     Detect Protocols:  TCP UDP ICMP IP

Oct 12 12:29:01 home snort[4339]:     Detect Scan Type:  portscan portsweep
decoy_portscan distributed_portscan

Oct 12 12:29:01 home snort[4339]:     Sensitivity Level: Low

Oct 12 12:29:01 home snort[4339]:     Memcap (in bytes): 10000000

Oct 12 12:29:01 home snort[4339]:     Number of Nodes:   36900

Oct 12 12:29:01 home snort[4339]:

Oct 12 12:29:01 home snort[4339]: INFO => [Alert_FWsam](FWsamCheckIn)
Connected to host 127.0.0.1.

Oct 12 12:29:01 home snort[4339]: Warning: flowbits key
'community_uri.size.1050' is set but not ever checked.

Oct 12 12:29:01 home snort[4339]:

Oct 12 12:29:01 home snort[4339]:
+-----------------------[thresholding-config]----------------------------------

Oct 12 12:29:01 home snort[4339]: | memory-cap : 1048576 bytes

Oct 12 12:29:01 home snort[4339]:
+-----------------------[thresholding-global]----------------------------------

Oct 12 12:29:01 home snort[4339]: | none

Oct 12 12:29:01 home snort[4339]:
+-----------------------[thresholding-local]-----------------------------------

Oct 12 12:29:01 home snort[4339]: | gen-id=1      sig-id=2275
type=Threshold tracking=dst count=5   seconds=60

Oct 12 12:29:01 home snort[4339]: | gen-id=1      sig-id=3527
type=Limit     tracking=dst count=5   seconds=60

Oct 12 12:29:01 home snort[4339]: | gen-id=1      sig-id=3000001
type=Threshold tracking=src count=6   seconds=30

Oct 12 12:29:01 home snort[4339]: | gen-id=1      sig-id=3273
type=Threshold tracking=src count=5   seconds=2

Oct 12 12:29:01 home snort[4339]: | gen-id=1      sig-id=2496
type=Both      tracking=dst count=20  seconds=60

Oct 12 12:29:01 home snort[4339]: | gen-id=1      sig-id=3000002
type=Threshold tracking=src count=6   seconds=30

Oct 12 12:29:01 home snort[4339]: | gen-id=1      sig-id=2000048
type=Limit     tracking=dst count=1   seconds=60

Oct 12 12:29:01 home snort[4339]: | gen-id=1      sig-id=3152
type=Threshold tracking=src count=5   seconds=2

Oct 12 12:29:01 home snort[4339]: | gen-id=1      sig-id=2000049
type=Limit     tracking=dst count=1   seconds=60

Oct 12 12:29:01 home snort[4339]: | gen-id=1      sig-id=100000159
type=Both      tracking=src count=100 seconds=60

Oct 12 12:29:01 home snort[4339]: | gen-id=1      sig-id=2523
type=Both      tracking=dst count=10  seconds=10

Oct 12 12:29:01 home snort[4339]: | gen-id=1      sig-id=100000877
type=Limit     tracking=src count=1   seconds=300

Oct 12 12:29:01 home snort[4339]: | gen-id=1      sig-id=2001906
type=Both      tracking=src count=5   seconds=60

Oct 12 12:29:01 home snort[4339]: | gen-id=1      sig-id=100000163
type=Both      tracking=src count=100 seconds=60

Oct 12 12:29:01 home snort[4339]: | gen-id=1      sig-id=2000031
type=Limit     tracking=dst count=1   seconds=60

Oct 12 12:29:01 home snort[4339]: | gen-id=1      sig-id=2494
type=Both      tracking=dst count=20  seconds=60

Oct 12 12:29:01 home snort[4339]: | gen-id=1      sig-id=2495
type=Both      tracking=dst count=20  seconds=60

Oct 12 12:29:01 home snort[4339]: | gen-id=1      sig-id=100000161
type=Both      tracking=dst count=100 seconds=60

Oct 12 12:29:01 home snort[4339]: | gen-id=1      sig-id=100000158
type=Both      tracking=src count=100 seconds=60

Oct 12 12:29:01 home snort[4339]: | gen-id=1      sig-id=100000160
type=Both      tracking=src count=300 seconds=60

Oct 12 12:29:01 home snort[4339]: | gen-id=1      sig-id=100000162
type=Both      tracking=src count=100 seconds=60

Oct 12 12:29:01 home snort[4339]: | gen-id=1      sig-id=100000208
type=Threshold tracking=src count=50  seconds=60

Oct 12 12:29:01 home snort[4339]:
+-----------------------[suppression]------------------------------------------

Oct 12 12:29:01 home snort[4339]: | none

Oct 12 12:29:01 home snort[4339]:
-------------------------------------------------------------------------------

Oct 12 12:29:01 home snort[4339]: Rule application order:
->activation->dynamic->drop->alert->pass->log

Oct 12 12:29:01 home snort[4339]: Log directory = /var/log/snort

Oct 12 12:29:02 home snort[4339]: Snort initialization completed
successfully (pid=4339)

Oct 12 12:30:06 home dhclient: DHCPREQUEST on eth0 to 255.255.255.255 port
67

Oct 12 12:30:06 home dhclient: DHCPNAK from 10.1.1.1

Oct 12 12:30:06 home dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port
67 interval 8

Oct 12 12:30:08 home dhclient: DHCPOFFER from 10.1.1.1

Oct 12 12:30:08 home dhclient: DHCPREQUEST on eth0 to 255.255.255.255 port
67

Oct 12 12:30:08 home dhclient: DHCPACK from 10.1.1.1

Oct 12 12:30:08 home NET: /sbin/dhclient-script : updated /etc/resolv.conf

Oct 12 12:30:08 home dhclient: bound to 10.1.1.2 -- renewal in 1761 seconds.

Oct 12 12:30:11 home dnsmasq[3379]: reading /etc/resolv.conf

Oct 12 12:30:11 home dnsmasq[3379]: ignoring nameserver 10.1.1.1 - local
interface

Oct 12 12:37:51 home sshd(pam_unix)[26534]: session opened for user root by
(uid=0)

Oct 12 12:38:15 home collabnet_subversion:  succeeded



=== RESTARTED MODEM TO GET CONNECTIVITY WORKING  ===



Oct 12 12:45:46 home kernel: e100: eth0: e100_watchdog: link down

Oct 12 12:45:52 home kernel: e100: eth0: e100_watchdog: link up, 100Mbps,
full-duplex

Oct 12 12:47:19 home adsl-stop: Killing pppd

Oct 12 12:47:19 home pppd[3489]: Terminating on signal 15

Oct 12 12:47:19 home pppd[3489]: Connect time 18.8 minutes.

Oct 12 12:47:19 home pppd[3489]: Sent 226009 bytes, received 801744 bytes.

Oct 12 12:47:19 home snort[4339]: pcap_loop: recvfrom: Network is down

Oct 12 12:47:19 home snort[4339]: Final Flow Statistics

Oct 12 12:47:19 home snort[4339]: Frag3 statistics:

Oct 12 12:47:19 home snort[4339]:         Total Fragments: 0

Oct 12 12:47:19 home snort[4339]:       Frags Reassembled: 0

Oct 12 12:47:19 home snort[4339]:                Discards: 0

Oct 12 12:47:19 home snort[4339]:           Memory Faults: 0

Oct 12 12:47:19 home snort[4339]:                Timeouts: 0

Oct 12 12:47:19 home snort[4339]:                Overlaps: 0

Oct 12 12:47:19 home snort[4339]:               Anomalies: 0

Oct 12 12:47:19 home snort[4339]:                  Alerts: 0

Oct 12 12:47:19 home snort[4339]:      FragTrackers Added: 0

Oct 12 12:47:19 home snort[4339]:     FragTrackers Dumped: 0

Oct 12 12:47:19 home snort[4339]: FragTrackers Auto Freed: 0

Oct 12 12:47:19 home snort[4339]:     Frag Nodes Inserted: 0

Oct 12 12:47:19 home adsl-stop: Killing adsl-connect

Oct 12 12:47:19 home snort[4339]:      Frag Nodes Deleted: 0

Oct 12 12:47:19 home snort[4339]:
===============================================================================

Oct 12 12:47:19 home snort[4339]: INFO => [Alert_FWsam](FWsamCheckOut)
Disconnecting from host 127.0.0.1.

Oct 12 12:47:19 home snort[4339]: Snort exiting

Oct 12 12:47:19 home kernel: device ppp0 left promiscuous mode

Oct 12 12:47:19 home kernel: audit(1223779639.400:11): dev=ppp0 prom=0
old_prom=256 auid=4294967295

Oct 12 12:47:19 home NET: /etc/sysconfig/network-scripts/ifdown-post :
updated /etc/resolv.conf

Oct 12 12:47:24 home pppd[3489]: Terminating on signal 15

Oct 12 12:47:24 home dnsmasq[3379]: reading /etc/resolv.conf

Oct 12 12:47:24 home dnsmasq[3379]: ignoring nameserver 10.1.1.1 - local
interface

Oct 12 12:47:25 home pppd[3489]: Connection terminated.

Oct 12 12:47:25 home pppd[3489]: Modem hangup

Oct 12 12:47:26 home pppd[28773]: pppd 2.4.3 started by root, uid 0

Oct 12 12:47:26 home pppd[28773]: Using interface ppp0

Oct 12 12:47:26 home pppd[28773]: Connect: ppp0 <--> /dev/pts/4

Oct 12 12:47:26 home pppoe[28774]: PPP session is 31

Oct 12 12:47:28 home pppd[28773]: PAP authentication succeeded

Oct 12 12:47:28 home pppd[28773]: local  IP address 123.233.121.32

Oct 12 12:47:28 home pppd[28773]: remote IP address 10.20.20.210

Oct 12 12:47:28 home pppd[28773]: primary   DNS address 203.12.160.35

Oct 12 12:47:28 home pppd[28773]: secondary DNS address 203.12.160.36

Oct 12 12:47:28 home NET: /etc/sysconfig/network-scripts/ifup-post : updated
/etc/resolv.conf

Oct 12 12:47:29 home firewall:  succeeded

Oct 12 12:47:30 home pppd[3489]: Exit.

Oct 12 12:47:30 home pppoe[3490]: read (asyncReadFromPPP): Session 31:
Input/output error

Oct 12 12:47:30 home pppoe[3490]: Sent PADT

Oct 12 12:47:37 home dnsmasq[3379]: reading /etc/resolv.conf

Oct 12 12:47:37 home dnsmasq[3379]: using nameserver 203.12.160.36#53

Oct 12 12:47:37 home dnsmasq[3379]: using nameserver 203.12.160.35#53

Oct 12 12:47:45 home firewall:  succeeded

Oct 12 12:48:07 home adsl-stop: Killing pppd

Oct 12 12:48:07 home pppd[28773]: Terminating on signal 15

Oct 12 12:48:07 home pppd[28773]: Connect time 0.7 minutes.

Oct 12 12:48:07 home pppd[28773]: Sent 179 bytes, received 0 bytes.

Oct 12 12:48:07 home adsl-stop: Killing adsl-connect

Oct 12 12:48:07 home NET: /etc/sysconfig/network-scripts/ifdown-post :
updated /etc/resolv.conf

Oct 12 12:48:12 home pppd[28773]: Terminating on signal 15

Oct 12 12:48:13 home pppd[28773]: Connection terminated.

Oct 12 12:48:13 home pppd[28773]: Modem hangup

Oct 12 12:48:14 home dnsmasq[3379]: reading /etc/resolv.conf

Oct 12 12:48:14 home dnsmasq[3379]: ignoring nameserver 10.1.1.1 - local
interface

Oct 12 12:48:14 home pppd[29351]: pppd 2.4.3 started by root, uid 0

Oct 12 12:48:14 home pppd[29351]: Using interface ppp0

Oct 12 12:48:14 home pppd[29351]: Connect: ppp0 <--> /dev/pts/2

Oct 12 12:48:14 home pppoe[29352]: PPP session is 31

Oct 12 12:48:16 home pppd[29351]: PAP authentication succeeded

Oct 12 12:48:16 home pppd[29351]: local  IP address 123.233.121.32

Oct 12 12:48:16 home pppd[29351]: remote IP address 10.20.20.210

Oct 12 12:48:16 home pppd[29351]: primary   DNS address 203.12.160.35

Oct 12 12:48:16 home pppd[29351]: secondary DNS address 203.12.160.36

Oct 12 12:48:16 home NET: /etc/sysconfig/network-scripts/ifup-post : updated
/etc/resolv.conf

Oct 12 12:48:17 home firewall:  succeeded

Oct 12 12:48:18 home pppd[28773]: Exit.

Oct 12 12:48:18 home pppoe[28774]: read (asyncReadFromPPP): Session 31:
Input/output error

Oct 12 12:48:18 home pppoe[28774]: Sent PADT

Oct 12 12:48:23 home dnsmasq[3379]: reading /etc/resolv.conf

Oct 12 12:48:23 home dnsmasq[3379]: using nameserver 203.12.160.36#53

Oct 12 12:48:23 home dnsmasq[3379]: using nameserver 203.12.160.35#53

Oct 12 12:48:54 home adsl-stop: Killing pppd

Oct 12 12:48:54 home pppd[29351]: Terminating on signal 15

Oct 12 12:48:54 home pppd[29351]: Connect time 0.7 minutes.

Oct 12 12:48:54 home pppd[29351]: Sent 179 bytes, received 0 bytes.

Oct 12 12:48:54 home adsl-stop: Killing adsl-connect

Oct 12 12:48:54 home NET: /etc/sysconfig/network-scripts/ifdown-post :
updated /etc/resolv.conf

Oct 12 12:48:59 home pppd[29351]: Terminating on signal 15

Oct 12 12:49:00 home dnsmasq[3379]: reading /etc/resolv.conf

Oct 12 12:49:00 home dnsmasq[3379]: ignoring nameserver 10.1.1.1 - local
interface

Oct 12 12:49:00 home pppd[29351]: Connection terminated.

Oct 12 12:49:00 home pppd[29351]: Modem hangup

Oct 12 12:49:01 home pppd[29728]: pppd 2.4.3 started by root, uid 0

Oct 12 12:49:01 home pppd[29728]: Using interface ppp0

Oct 12 12:49:01 home pppd[29728]: Connect: ppp0 <--> /dev/pts/4

Oct 12 12:49:01 home pppoe[29729]: PPP session is 31

Oct 12 12:49:04 home pppd[29728]: PAP authentication succeeded

Oct 12 12:49:04 home pppd[29728]: local  IP address 123.233.121.32

Oct 12 12:49:04 home pppd[29728]: remote IP address 10.20.20.210

Oct 12 12:49:04 home pppd[29728]: primary   DNS address 203.12.160.35

Oct 12 12:49:04 home pppd[29728]: secondary DNS address 203.12.160.36

Oct 12 12:49:04 home NET: /etc/sysconfig/network-scripts/ifup-post : updated
/etc/resolv.conf

Oct 12 12:49:04 home firewall:  succeeded

Oct 12 12:49:05 home pppd[29351]: Exit.

Oct 12 12:49:05 home pppoe[29352]: read (asyncReadFromPPP): Session 31:
Input/output error

Oct 12 12:49:05 home pppoe[29352]: Sent PADT

Oct 12 12:49:16 home dnsmasq[3379]: reading /etc/resolv.conf

Oct 12 12:49:16 home dnsmasq[3379]: using nameserver 203.12.160.36#53

Oct 12 12:49:16 home dnsmasq[3379]: using nameserver 203.12.160.35#53

Oct 12 12:49:41 home adsl-stop: Killing pppd

Oct 12 12:49:41 home pppd[29728]: Terminating on signal 15

Oct 12 12:49:41 home pppd[29728]: Connect time 0.7 minutes.

Oct 12 12:49:41 home pppd[29728]: Sent 179 bytes, received 0 bytes.

Oct 12 12:49:41 home adsl-stop: Killing adsl-connect

Oct 12 12:49:41 home NET: /etc/sysconfig/network-scripts/ifdown-post :
updated /etc/resolv.conf

Oct 12 12:49:46 home pppd[29728]: Terminating on signal 15

Oct 12 12:49:46 home dnsmasq[3379]: reading /etc/resolv.conf

Oct 12 12:49:46 home dnsmasq[3379]: ignoring nameserver 10.1.1.1 - local
interface

Oct 12 12:49:47 home pppd[29728]: Connection terminated.

Oct 12 12:49:47 home pppd[29728]: Modem hangup

Oct 12 12:49:49 home pppd[30104]: pppd 2.4.3 started by root, uid 0

Oct 12 12:49:49 home pppd[30104]: Using interface ppp0

Oct 12 12:49:49 home pppd[30104]: Connect: ppp0 <--> /dev/pts/2

Oct 12 12:49:49 home pppoe[30105]: PPP session is 660

Oct 12 12:49:51 home pppd[30104]: PAP authentication succeeded

Oct 12 12:49:51 home pppd[30104]: local  IP address 123.233.121.32

Oct 12 12:49:51 home pppd[30104]: remote IP address 10.20.20.210

Oct 12 12:49:51 home pppd[30104]: primary   DNS address 203.12.160.35

Oct 12 12:49:51 home pppd[30104]: secondary DNS address 203.12.160.36

Oct 12 12:49:51 home NET: /etc/sysconfig/network-scripts/ifup-post : updated
/etc/resolv.conf

Oct 12 12:49:51 home firewall:  succeeded

Oct 12 12:49:52 home pppd[29728]: Exit.

Oct 12 12:49:52 home pppoe[29729]: read (asyncReadFromPPP): Session 31:
Input/output error

Oct 12 12:49:52 home pppoe[29729]: Sent PADT

Oct 12 12:49:54 home dnsmasq[3379]: reading /etc/resolv.conf

Oct 12 12:49:54 home dnsmasq[3379]: using nameserver 203.12.160.36#53

Oct 12 12:49:54 home dnsmasq[3379]: using nameserver 203.12.160.35#53


Oct 12 12:50:18 home firewall:  succeeded

Oct 12 12:50:19 home snort: snort shutdown failed

Oct 12 12:50:19 home kernel: device ppp0 entered promiscuous mode

Oct 12 12:50:19 home kernel: audit(1223779819.589:12): dev=ppp0 prom=256
old_prom=0 auid=4294967295

Oct 12 12:50:19 home snort[30884]: Initializing daemon mode

Oct 12 12:50:19 home snort[30885]: PID path stat checked out ok, PID path
set to /var/run/

Oct 12 12:50:19 home snort[30885]: Writing PID "30885" to file
"/var/run//snort_ppp0.pid"

Oct 12 12:50:19 home snort[30885]: Parsing Rules file /etc/snort.conf

Oct 12 12:50:19 home snort[30885]: ,-----------[Flow
Config]----------------------

Oct 12 12:50:19 home snort[30885]: | Stats Interval:  0

Oct 12 12:50:19 home snort[30885]: | Hash Method:     2

Oct 12 12:50:19 home snort[30885]: | Memcap:          10485760

Oct 12 12:50:19 home snort[30885]: | Rows  :          4099

Oct 12 12:50:19 home snort[30885]: | Overhead Bytes:  16400(%0.16)

Oct 12 12:50:19 home snort[30885]:
`----------------------------------------------

Oct 12 12:50:19 home snort[30885]: Frag3 global config:

Oct 12 12:50:19 home snort[30885]:     Max frags: 65536

Oct 12 12:50:19 home snort[30885]:     Fragment memory cap: 4194304 bytes

Oct 12 12:50:19 home snort[30885]: Frag3 engine config:

Oct 12 12:50:19 home snort[30885]:     Target-based policy: FIRST

Oct 12 12:50:19 home snort[30885]:     Fragment timeout: 60 seconds

Oct 12 12:50:19 home snort[30885]:     Fragment min_ttl:   1

Oct 12 12:50:19 home snort[30885]:     Fragment ttl_limit: 5

Oct 12 12:50:19 home snort[30885]:     Fragment Problems: 1

Oct 12 12:50:19 home snort[30885]:     Bound Addresses: 0.0.0.0/0.0.0.0

Oct 12 12:50:19 home snort[30885]: Stream4 config:

Oct 12 12:50:19 home snort: snort startup succeeded

Oct 12 12:50:19 home snort[30885]:     Stateful inspection: ACTIVE

Oct 12 12:50:19 home snort[30885]:     Session statistics: INACTIVE

Oct 12 12:50:19 home snort[30885]:     Session timeout: 30 seconds

Oct 12 12:50:19 home snort[30885]:     Session memory cap: 8388608 bytes

Oct 12 12:50:19 home snort[30885]:     Session count max: 8192 sessions

Oct 12 12:50:19 home snort[30885]:     Session cleanup count: 5

Oct 12 12:50:19 home snort[30885]:     State alerts: INACTIVE

Oct 12 12:50:19 home snort[30885]:     Evasion alerts: INACTIVE

Oct 12 12:50:19 home snort[30885]:     Scan alerts: INACTIVE

Oct 12 12:50:19 home snort[30885]:     Log Flushed Streams: INACTIVE

Oct 12 12:50:19 home snort[30885]:     MinTTL: 1

Oct 12 12:50:19 home snort[30885]:     TTL Limit: 5

Oct 12 12:50:19 home snort[30885]:     Async Link: 0

Oct 12 12:50:19 home snort[30885]:     State Protection: 0

Oct 12 12:50:19 home snort[30885]:     Self preservation threshold: 50

Oct 12 12:50:19 home snort[30885]:     Self preservation period: 90

Oct 12 12:50:19 home snort[30885]:     Suspend threshold: 200

Oct 12 12:50:19 home snort[30885]:     Suspend period: 30

Oct 12 12:50:19 home snort[30885]:     Enforce TCP State: INACTIVE

Oct 12 12:50:19 home snort[30885]:     Midstream Drop Alerts: INACTIVE

Oct 12 12:50:19 home snort[30885]:     Server Data Inspection Limit: -1

Oct 12 12:50:19 home snort[30885]: WARNING /etc/snort.conf(373) =>
flush_behavior set in config file, using old static flushpoints (0)

Oct 12 12:50:19 home snort[30885]: Stream4_reassemble config:

Oct 12 12:50:19 home snort[30885]:     Server reassembly: INACTIVE

Oct 12 12:50:19 home snort[30885]:     Client reassembly: ACTIVE

Oct 12 12:50:19 home snort[30885]:     Reassembler alerts: ACTIVE

Oct 12 12:50:19 home snort[30885]:     Zero out flushed packets: INACTIVE

Oct 12 12:50:19 home snort[30885]:     Flush stream on alert: INACTIVE

Oct 12 12:50:19 home snort[30885]:     flush_data_diff_size: 500

Oct 12 12:50:19 home snort[30885]:     Reassembler Packet Preferance : Favor
Old

Oct 12 12:50:19 home snort[30885]:     Packet Sequence Overlap Limit: -1

Oct 12 12:50:19 home snort[30885]:     Flush behavior: Small (<255 bytes)

Oct 12 12:50:19 home snort[30885]:     Ports: 21 23 25 42 53 80 110 111 135
136 137 139 143 445 513 1433 1521 3306

Oct 12 12:50:19 home snort[30885]:     Emergency Ports: 21 23 25 42 53 80
110 111 135 136 137 139 143 445 513 1433 1521 3306

Oct 12 12:50:19 home snort[30885]: rpc_decode arguments:

Oct 12 12:50:19 home snort[30885]:     Ports to decode RPC on: 111 32771

Oct 12 12:50:19 home snort[30885]:     alert_fragments: INACTIVE

Oct 12 12:50:19 home snort[30885]:     alert_large_fragments: ACTIVE

Oct 12 12:50:19 home snort[30885]:     alert_incomplete: ACTIVE

Oct 12 12:50:19 home snort[30885]:     alert_multiple_requests: ACTIVE

Oct 12 12:50:19 home snort[30885]: telnet_decode arguments:

Oct 12 12:50:19 home snort[30885]:     Ports to decode telnet on: 21 23 25
119

Oct 12 12:50:19 home snort[30885]: Portscan Detection Config:

Oct 12 12:50:19 home snort[30885]:     Detect Protocols:  TCP UDP ICMP IP

Oct 12 12:50:19 home snort[30885]:     Detect Scan Type:  portscan portsweep
decoy_portscan distributed_portscan

Oct 12 12:50:19 home snort[30885]:     Sensitivity Level: Low

Oct 12 12:50:19 home snort[30885]:     Memcap (in bytes): 10000000

Oct 12 12:50:19 home snort[30885]:     Number of Nodes:   36900

Oct 12 12:50:19 home snort[30885]:

Oct 12 12:50:19 home snort[30885]: INFO => [Alert_FWsam](FWsamCheckIn)
Connected to host 127.0.0.1.

Oct 12 12:50:20 home snort[30885]: Warning: flowbits key
'community_uri.size.1050' is set but not ever checked.

Oct 12 12:50:20 home snort[30885]:

Oct 12 12:50:20 home snort[30885]:
+-----------------------[thresholding-config]----------------------------------

Oct 12 12:50:20 home snort[30885]: | memory-cap : 1048576 bytes

Oct 12 12:50:20 home snort[30885]:
+-----------------------[thresholding-global]----------------------------------

Oct 12 12:50:20 home snort[30885]: | none

Oct 12 12:50:20 home snort[30885]:
+-----------------------[thresholding-local]-----------------------------------

Oct 12 12:50:20 home snort[30885]: | gen-id=1      sig-id=100000877
type=Limit     tracking=src count=1   seconds=300

Oct 12 12:50:20 home snort[30885]: | gen-id=1      sig-id=2001906
type=Both      tracking=src count=5   seconds=60

Oct 12 12:50:20 home snort[30885]: | gen-id=1      sig-id=2523
type=Both      tracking=dst count=10  seconds=10

Oct 12 12:50:20 home snort[30885]: | gen-id=1      sig-id=100000160
type=Both      tracking=src count=300 seconds=60

Oct 12 12:50:20 home snort[30885]: | gen-id=1      sig-id=100000159
type=Both      tracking=src count=100 seconds=60

Oct 12 12:50:20 home snort[30885]: | gen-id=1      sig-id=3527
type=Limit     tracking=dst count=5   seconds=60

Oct 12 12:50:20 home snort[30885]: | gen-id=1      sig-id=100000158
type=Both      tracking=src count=100 seconds=60

Oct 12 12:50:20 home snort[30885]: | gen-id=1      sig-id=2000048
type=Limit     tracking=dst count=1   seconds=60

Oct 12 12:50:20 home snort[30885]: | gen-id=1      sig-id=100000208
type=Threshold tracking=src count=50  seconds=60

Oct 12 12:50:20 home snort[30885]: | gen-id=1      sig-id=3000001
type=Threshold tracking=src count=6   seconds=30

Oct 12 12:50:20 home snort[30885]: | gen-id=1      sig-id=2496
type=Both      tracking=dst count=20  seconds=60

Oct 12 12:50:20 home snort[30885]: | gen-id=1      sig-id=2495
type=Both      tracking=dst count=20  seconds=60

Oct 12 12:50:20 home snort[30885]: | gen-id=1      sig-id=3152
type=Threshold tracking=src count=5   seconds=2

Oct 12 12:50:20 home snort[30885]: | gen-id=1      sig-id=2275
type=Threshold tracking=dst count=5   seconds=60

Oct 12 12:50:20 home snort[30885]: | gen-id=1      sig-id=100000163
type=Both      tracking=src count=100 seconds=60

Oct 12 12:50:20 home snort[30885]: | gen-id=1      sig-id=2494
type=Both      tracking=dst count=20  seconds=60

Oct 12 12:50:20 home snort[30885]: | gen-id=1      sig-id=100000162
type=Both      tracking=src count=100 seconds=60

Oct 12 12:50:20 home snort[30885]: | gen-id=1      sig-id=2000031
type=Limit     tracking=dst count=1   seconds=60

Oct 12 12:50:20 home snort[30885]: | gen-id=1      sig-id=100000161
type=Both      tracking=dst count=100 seconds=60

Oct 12 12:50:20 home snort[30885]: | gen-id=1      sig-id=3273
type=Threshold tracking=src count=5   seconds=2

Oct 12 12:50:20 home snort[30885]: | gen-id=1      sig-id=2000049
type=Limit     tracking=dst count=1   seconds=60

Oct 12 12:50:20 home snort[30885]: | gen-id=1      sig-id=3000002
type=Threshold tracking=src count=6   seconds=30

Oct 12 12:50:20 home snort[30885]:
+-----------------------[suppression]------------------------------------------

Oct 12 12:50:20 home snort[30885]: | none

Oct 12 12:50:20 home snort[30885]:
-------------------------------------------------------------------------------

Oct 12 12:50:20 home snort[30885]: Rule application order:
->activation->dynamic->drop->alert->pass->log

Oct 12 12:50:20 home snort[30885]: Log directory = /var/log/snort

Oct 12 12:50:20 home snort[30885]: Snort initialization completed
successfully (pid=30885)


Oct 12 12:54:29 home dnsmasq[3379]: DHCPREQUEST(eth1) 10.1.1.300:0a:e4:d2:2d:f0

Oct 12 12:54:29 home dnsmasq[3379]: DHCPNAK(eth1) 10.1.1.3 00:0a:e4:d2:2d:f0
lease not found

Oct 12 12:54:30 home dnsmasq[3379]: DHCPDISCOVER(eth1) 00:0a:e4:d2:2d:f0

Oct 12 12:54:30 home dnsmasq[3379]: DHCPOFFER(eth1) 10.1.1.400:0a:e4:d2:2d:f0

Oct 12 12:54:30 home dnsmasq[3379]: DHCPREQUEST(eth1) 10.1.1.400:0a:e4:d2:2d:f0

Oct 12 12:54:30 home dnsmasq[3379]: DHCPACK(eth1) 10.1.1.4 00:0a:e4:d2:2d:f0
fredslaptop

Oct 12 12:59:29 home dhclient: DHCPREQUEST on eth0 to 10.1.1.1 port 67

Oct 12 12:59:29 home dnsmasq[3379]: DHCPREQUEST(lo) 10.1.1.200:07:e3:cc:eb:12

Oct 12 12:59:29 home dnsmasq[3379]: DHCPNAK(lo) 10.1.1.2 00:07:e3:cc:eb:12
address not available

   <<cut repeating bits to reduce size>

Oct 12 13:10:24 home dhclient: DHCPREQUEST on eth0 to 10.1.1.1 port 67

Oct 12 13:10:24 home dnsmasq[3379]: DHCPREQUEST(lo) 10.1.1.200:07:e3:cc:eb:12

Oct 12 13:10:24 home dnsmasq[3379]: DHCPNAK(lo) 10.1.1.2 00:07:e3:cc:eb:12
address not available

Oct 12 13:10:35 home dnsmasq[3379]: DHCPINFORM(eth1) 10.1.1.15900:16:e6:4f:a9:26

Oct 12 13:10:35 home dnsmasq[3379]: DHCPACK(eth1)
10.1.1.15900:16:e6:4f:a9:26 greg-6b5fc2d66f

Oct 12 13:10:38 home dnsmasq[3379]: DHCPINFORM(eth1) 10.1.1.15900:16:e6:4f:a9:26

Oct 12 13:10:38 home dnsmasq[3379]: DHCPACK(eth1)
10.1.1.15900:16:e6:4f:a9:26 greg-6b5fc2d66f

Oct 12 13:10:52 home dhclient: DHCPREQUEST on eth0 to 10.1.1.1 port 67

Oct 12 13:10:52 home dnsmasq[3379]: DHCPREQUEST(lo) 10.1.1.200:07:e3:cc:eb:12

Oct 12 13:10:52 home dnsmasq[3379]: DHCPNAK(lo) 10.1.1.2 00:07:e3:cc:eb:12
address not available

   <<cut repeating bits to reduce size>

Oct 12 13:13:10 home dhclient: DHCPREQUEST on eth0 to 10.1.1.1 port 67

Oct 12 13:13:10 home dnsmasq[3379]: DHCPREQUEST(lo) 10.1.1.200:07:e3:cc:eb:12

Oct 12 13:13:10 home dnsmasq[3379]: DHCPNAK(lo) 10.1.1.2 00:07:e3:cc:eb:12
address not available

Oct 12 13:13:14 home dnsmasq[3379]: DHCPREQUEST(eth1)
10.1.1.15900:16:e6:4f:a9:26

Oct 12 13:13:14 home dnsmasq[3379]: DHCPACK(eth1)
10.1.1.15900:16:e6:4f:a9:26 greg-6b5fc2d66f

Oct 12 13:13:18 home dhclient: DHCPREQUEST on eth0 to 10.1.1.1 port 67

Oct 12 13:13:18 home dnsmasq[3379]: DHCPREQUEST(lo) 10.1.1.200:07:e3:cc:eb:12

Oct 12 13:13:18 home dnsmasq[3379]: DHCPNAK(lo) 10.1.1.2 00:07:e3:cc:eb:12
address not available

Oct 12 13:13:20 home dnsmasq[3379]: DHCPREQUEST(eth1)
10.1.1.10800:19:e3:dc:d0:a5

Oct 12 13:13:20 home dnsmasq[3379]: DHCPACK(eth1)
10.1.1.10800:19:e3:dc:d0:a5 AppleTV

Oct 12 13:13:25 home dnsmasq[3379]: DHCPREQUEST(eth1)
10.1.1.19800:0e:08:ce:1b:ab

Oct 12 13:13:25 home dnsmasq[3379]: DHCPACK(eth1)
10.1.1.19800:0e:08:ce:1b:ab SipuraSPA

Oct 12 13:13:28 home dhclient: DHCPREQUEST on eth0 to 10.1.1.1 port 67

Oct 12 13:13:28 home dnsmasq[3379]: DHCPREQUEST(lo) 10.1.1.200:07:e3:cc:eb:12

Oct 12 13:13:28 home dnsmasq[3379]: DHCPNAK(lo) 10.1.1.2 00:07:e3:cc:eb:12
address not available

Oct 12 13:13:42 home dhclient: DHCPREQUEST on eth0 to 10.1.1.1 port 67

Oct 12 13:13:42 home dnsmasq[3379]: DHCPREQUEST(lo) 10.1.1.200:07:e3:cc:eb:12

Oct 12 13:13:42 home dnsmasq[3379]: DHCPNAK(lo) 10.1.1.2 00:07:e3:cc:eb:12
address not available

   <<cut repeating bits to reduce size>

Oct 12 13:20:39 home dhclient: DHCPREQUEST on eth0 to 10.1.1.1 port 67

Oct 12 13:20:39 home dnsmasq[3379]: DHCPREQUEST(lo) 10.1.1.200:07:e3:cc:eb:12

Oct 12 13:20:39 home dnsmasq[3379]: DHCPNAK(lo) 10.1.1.2 00:07:e3:cc:eb:12
address not available

Oct 12 13:21:44 home dhclient: DHCPREQUEST on eth0 to 10.1.1.1 port 67

Oct 12 13:21:44 home dnsmasq[3379]: DHCPREQUEST(lo) 10.1.1.200:07:e3:cc:eb:12

Oct 12 13:21:44 home dnsmasq[3379]: DHCPNAK(lo) 10.1.1.2 00:07:e3:cc:eb:12
address not available

Oct 12 13:23:05 home dhclient: DHCPREQUEST on eth0 to 255.255.255.255 port
67

Oct 12 13:23:05 home dhclient: DHCPNAK from 10.1.1.1

Oct 12 13:23:05 home dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port
67 interval 5

Oct 12 13:23:07 home dhclient: DHCPOFFER from 10.1.1.1

Oct 12 13:23:07 home dhclient: DHCPREQUEST on eth0 to 255.255.255.255 port
67

Oct 12 13:23:07 home dhclient: DHCPACK from 10.1.1.1


<<  CONNECTIVITY ISSUE AGAIN AROUND THIS TIME - COULD HAVE BEEN EARLIER >>


Oct 12 13:23:07 home NET: /sbin/dhclient-script : updated /etc/resolv.conf

Oct 12 13:23:07 home dhclient: bound to 10.1.1.2 -- renewal in 1427 seconds.

Oct 12 13:23:19 home dnsmasq[3379]: reading /etc/resolv.conf

Oct 12 13:23:19 home dnsmasq[3379]: ignoring nameserver 10.1.1.1 - local
interface

Oct 12 13:23:48 home dnsmasq[3379]: DHCPREQUEST(eth1)
10.1.1.14500:17:f2:f1:ab:58

Oct 12 13:23:48 home dnsmasq[3379]: DHCPACK(eth1)
10.1.1.14500:17:f2:f1:ab:58 Macintosh-2

Oct 12 13:46:43 home dnsmasq[3379]: DHCPREQUEST(eth1) 10.1.1.400:0a:e4:d2:2d:f0

Oct 12 13:46:43 home dnsmasq[3379]: DHCPACK(eth1) 10.1.1.4 00:0a:e4:d2:2d:f0
fredslaptop

Oct 12 13:46:54 home dhclient: DHCPREQUEST on eth0 to 10.1.1.1 port 67

Oct 12 13:46:54 home dnsmasq[3379]: DHCPREQUEST(lo) 10.1.1.200:07:e3:cc:eb:12

Oct 12 13:46:54 home dnsmasq[3379]: DHCPNAK(lo) 10.1.1.2 00:07:e3:cc:eb:12
address not available

   <<cut repeating bits to reduce size>

Oct 12 13:48:15 home dhclient: DHCPREQUEST on eth0 to 10.1.1.1 port 67

Oct 12 13:48:15 home dnsmasq[3379]: DHCPREQUEST(lo) 10.1.1.200:07:e3:cc:eb:12

Oct 12 13:48:15 home dnsmasq[3379]: DHCPNAK(lo) 10.1.1.2 00:07:e3:cc:eb:12
address not available

Oct 12 13:48:30 home dhclient: DHCPREQUEST on eth0 to 10.1.1.1 port 67

Oct 12 13:48:30 home dnsmasq[3379]: DHCPREQUEST(lo) 10.1.1.200:07:e3:cc:eb:12

Oct 12 13:48:30 home dnsmasq[3379]: DHCPNAK(lo) 10.1.1.2 00:07:e3:cc:eb:12
address not available


<< RESTARTED CLARK CONNECTED THIS TIME, AND THIS GOT CONNECTIVITY WORKING
AGAIN >>




MODEM LOGS

================================================================================

<< SECTION 1 - LEADING UP TO THE POINT I FOUND CONNECTIVITY DOWN >>

Jan 1 12:00:12> NTP Polling Timer for DHCP Started succesfully.

Jan 1 12:00:12> DSL Polling Timer Started succesfully.

Jan 1 12:00:12> Firewall NAT service started

Jan 1 12:00:15> starting on port 80

Jan 1 12:00:15> netfilter PSD loaded - (c) astaro AG

Jan 1 12:00:15> Initializing the WAN Bridge.

Jan 1 12:00:15> Please set the MAC Address for the WAN Bridge.

Jan 1 12:00:15> Set the Environment variable 'wan_br_mac'.

Jan 1 12:00:15> xx.xx.xx.xx.xx.xx

Jan 1 12:00:15> Mounted root (squashfs filesystem) readonly.

Jan 1 12:00:15> Mounted devfs on /dev

Jan 1 12:00:15> 64k freed

Jan 1 12:00:15> Algorithmics/MIPS FPU Emulator v1.5

Jan 1 12:00:15> registered device TI Avalanche SAR

Jan 1 12:00:15> Ohio250(7200/7100A2) detected

Jan 1 12:00:15> DSP binary filesize = 356930 bytes

Jan 1 12:00:15> env var DSL_BIT_TMODE is set

Jan 1 12:00:15> Setting mode to 0xffff

Jan 1 12:00:15> version:[6.00.01.00]

Jan 1 12:00:15> Disable_igmp_snooping_register!!!

Jan 1 12:00:15> Setting mode to 0xffff

Jan 1 12:00:15> Default Asymmetric MTU for nas0 1500

Jan 1 12:00:15> Registering protocol inspector: 0x94175218 for
VCC:0x9425ca00

Jan 1 12:00:15> Default Asymmetric MTU for br0 1500

Jan 1 12:00:16> Bridge Created: br0

Jan 1 12:00:16> 2

Jan 1 12:00:16> Bridge Created: br1

Jan 1 12:00:16> Bridge Interface Added: eth0

Jan 1 12:00:17> Bridge Interface Added: nas0

Jan 1 12:00:17> Add Bridge Iface Error: 1

Jan 1 12:00:17> Duplicate Bridge Iface: nas0

Jan 1 12:00:17> Default Asymmetric MTU for br1 1500

Jan 1 12:00:17> 2

Jan 1 12:00:22> DSL Carrier is down


Jan 1 12:01:50> DSL in Sync

Jan 1 12:01:52> DSL Carrier is up

Jan 1 12:01:52> sar read trained mode (5)(ADSL_2plus)

Jan 1 12:01:53> pingStat 2, oamHdr 230 result 0

Jan 1 12:01:53> pingStat 2, oamHdr 200 result 0

Jan 1 12:01:53> pingStat 2, oamHdr 280 result 0

Jan 1 12:01:53> pingStat 2, oamHdr 240 result 0

Jan 1 12:01:53> pingStat 2, oamHdr 260 result 0

Jan 1 12:01:53> pingStat 2, oamHdr 600 result 0

Jan 1 12:01:53> pingStat 2, oamHdr 230 result 0

Jan 1 12:01:53> pingStat 2, oamHdr 800230 result 0

Jan 1 12:01:53> pingStat 2, oamHdr 2B0 result 0

Jan 1 12:01:53> pingStat 2, oamHdr 330 result 0

Jan 1 12:01:53> pingStat 2, oamHdr 3B0 result 0

Jan 1 12:01:53> pingStat 2, oamHdr 8002B0 result 0

Jan 1 12:01:53> pingStat 2, oamHdr 800330 result 0

Jan 1 12:01:53> pingStat 2, oamHdr 8003B0 result 0

Jan 1 12:01:53> get 0xF at Addr 0xA30085B0


Jan 1 12:08:44> get 0xF at Addr 0xA30085B0

Jan 1 12:08:44> get 0xF at Addr 0xA30085B0

Jan 1 12:08:44> get 0xF at Addr 0xA30085B0

Jan 1 12:08:44> get 0xF at Addr 0xA30085B0

Jan 1 12:08:44> get 0xF at Addr 0xA30085B0

Jan 1 12:08:44> get 0xF at Addr 0xA30085B0

Jan 1 12:08:44> get 0xF at Addr 0xA30085B0



<< INTERNET CONNECTIVITY STOPS - NOTHING IN MODEM LOG REALLY>>



<< RESTART ADSL MODEM >>


Jan 1 12:00:12> NTP Polling Timer for DHCP Started succesfully.

Jan 1 12:00:12> DSL Polling Timer Started succesfully.

Jan 1 12:00:12> Firewall NAT service started

Jan 1 12:00:15> starting on port 80

Jan 1 12:00:15> netfilter PSD loaded - (c) astaro AG

Jan 1 12:00:15> Initializing the WAN Bridge.

Jan 1 12:00:15> Please set the MAC Address for the WAN Bridge.

Jan 1 12:00:15> Set the Environment variable 'wan_br_mac'.

Jan 1 12:00:15> xx.xx.xx.xx.xx.xx

Jan 1 12:00:15> Mounted root (squashfs filesystem) readonly.

Jan 1 12:00:15> Mounted devfs on /dev

Jan 1 12:00:15> 64k freed

Jan 1 12:00:15> Algorithmics/MIPS FPU Emulator v1.5

Jan 1 12:00:15> registered device TI Avalanche SAR

Jan 1 12:00:15> Ohio250(7200/7100A2) detected

Jan 1 12:00:15> DSP binary filesize = 356930 bytes

Jan 1 12:00:15> env var DSL_BIT_TMODE is set

Jan 1 12:00:15> Setting mode to 0xffff

Jan 1 12:00:15> version:[6.00.01.00]

Jan 1 12:00:15> Disable_igmp_snooping_register!!!

Jan 1 12:00:15> Setting mode to 0xffff

Jan 1 12:00:15> Default Asymmetric MTU for nas0 1500

Jan 1 12:00:15> Registering protocol inspector: 0x94175218 for
VCC:0x9425ca00

Jan 1 12:00:15> Default Asymmetric MTU for br0 1500

Jan 1 12:00:16> Bridge Created: br0

Jan 1 12:00:16> 2

Jan 1 12:00:16> Bridge Created: br1

Jan 1 12:00:16> Bridge Interface Added: eth0

Jan 1 12:00:17> Bridge Interface Added: nas0

Jan 1 12:00:17> Add Bridge Iface Error: 1

Jan 1 12:00:17> Duplicate Bridge Iface: nas0

Jan 1 12:00:17> Default Asymmetric MTU for br1 1500

Jan 1 12:00:17> 2

Jan 1 12:00:22> DSL Carrier is down

Jan 1 12:01:02> DSL in Sync

Jan 1 12:01:02> DSL Carrier is up

Jan 1 12:01:02> sar read trained mode (5)(ADSL_2plus)

Jan 1 12:01:03> pingStat 2, oamHdr 230 result 0

Jan 1 12:01:03> pingStat 2, oamHdr 200 result 0

Jan 1 12:01:03> pingStat 2, oamHdr 280 result 0

Jan 1 12:01:03> pingStat 2, oamHdr 240 result 0

Jan 1 12:01:03> pingStat 2, oamHdr 260 result 0

Jan 1 12:01:03> pingStat 2, oamHdr 600 result 0

Jan 1 12:01:03> pingStat 2, oamHdr 230 result 0

Jan 1 12:01:03> pingStat 2, oamHdr 800230 result 0

Jan 1 12:01:03> pingStat 2, oamHdr 2B0 result 0

Jan 1 12:01:03> pingStat 2, oamHdr 330 result 0

Jan 1 12:01:03> pingStat 2, oamHdr 3B0 result 0

Jan 1 12:01:03> pingStat 2, oamHdr 8002B0 result 0

Jan 1 12:01:03> pingStat 2, oamHdr 800330 result 0

Jan 1 12:01:03> pingStat 2, oamHdr 8003B0 result 0

Jan 1 12:01:03> get 0xF at Addr 0xA30085B0

Jan 1 12:01:52> get 0xF at Addr 0xA30085B0

Jan 1 12:01:52> get 0xF at Addr 0xA30085B0

Jan 1 12:01:52> get 0xF at Addr 0xA30085B0

Jan 1 12:01:52> get 0xF at Addr 0xA30085B0

Jan 1 12:01:52> get 0xF at Addr 0xA30085B0

Jan 1 12:01:52> get 0xF at Addr 0xA30085B0

Jan 1 12:01:52> get 0xF at Addr 0xA30085B0


MODEM DETAILS

==============

D-LINK, MODEL = DSL-504T

MODE = ADSL2+(MULTI-MODE)



ADSL status shows the ADSL physical layer status.

ADSL Firmware Version:            6.00.01.00 - 6.00.01.00 - 6.00.04.00 Annex
A - 01.07.2b - 0.54

ADSL Software Version:             V3.02B01T01.AU-A.20061225

Line State         Connected

Modulation        ADSL_2plus

Annex Mode      Annex A

Max Tx Power   -38 dBm/Hz


SNR Margin

Downstream 9dB

Upstream 8dB


Line Attenuation

Downstream 32dB

Upstream 16dB


Data Rate

Downstream 10306kbps

Upstream 1023kbps

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: