kyrsjo Skrevet 30. september 2003 Del Skrevet 30. september 2003 Hva er dette? Date: 09/30 18:24:29 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.59.59:n/a -> 130.67.156.111:n/a References: 1 Har ca. 1000 av dem i min smoothwall IDS log. i tillegg har jeg et par av disse: Date: 09/30 18:23:10 Name: BAD TRAFFIC loopback traffic Priority: 2 Type: Potentially Bad Traffic IP info: 127.0.0.1:80 -> 130.67.156.111:1334 References: 1 Og en av disse: Date: 09/30 15:28:09 Name: MS-SQL Worm propagation attempt Priority: 2 Type: Misc Attack IP info: 208.211.19.57:1112 -> 130.67.144.7:1434 References: 1 Hva er disse? Lenke til kommentar
hda Skrevet 30. september 2003 Del Skrevet 30. september 2003 Er dette snort? Uansett, det er en grei start å starte med å se på /etc/snort/rules (evt hvilken sti du har valgt) for å se hvordan hver enkelt event trigges. Hva er dette?Date: 09/30 18:24:29 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.59.59:n/a -> 130.67.156.111:n/a References: 1 her er reglen fra /etc/snort/rules/icmp.rules: alert icmp $EXTERNAL_NET any -> $HOME_NET any (msg:"ICMP PING CyberKit 2.2 Windows"; content:"|aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa|";itype:8;depth:32; reference:arachnids,154; sid:483; classtype:misc-activity; rev:2;) sjekk http://www.snort.org/snort-db/sid.html?sid=483 eller http://www.whitehats.com/info/IDS154 for nærmere info. (jeg har forøvrig ingen sid 483 alerts) i tillegg har jeg et par av disse: Date: 09/30 18:23:10 Name: BAD TRAFFIC loopback traffic Priority: 2 Type: Potentially Bad Traffic IP info: 127.0.0.1:80 -> 130.67.156.111:1334 References: 1 http://www.snort.org/snort-db/sid.html?sid=1620 Og en av disse: Date: 09/30 15:28:09 Name: MS-SQL Worm propagation attempt Priority: 2 Type: Misc Attack IP info: 208.211.19.57:1112 -> 130.67.144.7:1434 References: 1 http://www.snort.org/snort-db/sid.html?sid=2003 (jeg har forøvrig 400 stk av denne, ikke noe problem så lenge du ikke kjører en upatchet utgave av MS-SQL...) Anbefaler at du tar deg tid til å legge inn acid/mysql+++ blir langt enklere å lese loggene via nettleseren. I tillegg er false positives ett nokså stort problem med snort, du kan med fordel sløyfe en del av default oppsettet hva angår enkelte regler. lykke til. Lenke til kommentar
hda Skrevet 30. september 2003 Del Skrevet 30. september 2003 overså dette. Hva er dette?ICMP PING CyberKit 2.2 Windows IP info: 130.67.59.59:n/a -> 130.67.156.111:n/a Har ca. 1000 av dem i min smoothwall IDS log. Fra samme ip /ip range? over hvor stort tidsrom? en dag, uke, måned, år? Lenke til kommentar
kyrsjo Skrevet 30. september 2003 Forfatter Del Skrevet 30. september 2003 Her har du hele dagens logg (be warned :-? ) Log: Date: 09/30 17:16:09 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.142.12:n/a -> 130.67.119.110:n/a References: 1 Date: 09/30 17:16:32 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.89.175:n/a -> 130.67.119.110:n/a References: 1 Date: 09/30 17:16:46 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.184.181:n/a -> 130.67.119.110:n/a References: 1 Date: 09/30 17:16:59 Name: BAD TRAFFIC loopback traffic Priority: 2 Type: Potentially Bad Traffic IP info: 127.0.0.1:80 -> 130.67.119.110:1994 References: 1 Date: 09/30 17:16:59 Name: BAD TRAFFIC loopback traffic Priority: 2 Type: Potentially Bad Traffic IP info: 127.0.0.1:80 -> 130.67.119.110:1994 References: 1 Date: 09/30 17:21:13 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 148.122.26.132:n/a -> 148.122.153.89:n/a References: 1 Date: 09/30 17:35:20 Name: BAD TRAFFIC loopback traffic Priority: 2 Type: Potentially Bad Traffic IP info: 127.0.0.1:80 -> 130.67.130.45:1307 References: 1 Date: 09/30 17:35:32 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.241.211:n/a -> 130.67.130.45:n/a References: 1 Date: 09/30 17:35:32 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.251.63:n/a -> 130.67.130.45:n/a References: 1 Date: 09/30 17:35:54 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.110.96:n/a -> 130.67.130.45:n/a References: 1 Date: 09/30 17:38:14 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.25.231:n/a -> 130.67.130.45:n/a References: 1 Date: 09/30 17:46:42 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.239.245:n/a -> 130.67.215.166:n/a References: 1 Date: 09/30 17:48:08 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.70.64:n/a -> 130.67.215.166:n/a References: 1 Date: 09/30 17:48:18 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.208.129:n/a -> 130.67.215.166:n/a References: 1 Date: 09/30 17:48:42 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.184.4:n/a -> 130.67.215.166:n/a References: 1 Date: 09/30 17:50:45 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.235.241:n/a -> 130.67.215.166:n/a References: 1 Date: 09/30 17:50:46 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.230.124:n/a -> 130.67.215.166:n/a References: 1 Date: 09/30 17:51:32 Name: BAD TRAFFIC loopback traffic Priority: 2 Type: Potentially Bad Traffic IP info: 127.0.0.1:80 -> 130.67.215.166:1525 References: 1 Date: 09/30 17:51:37 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.247.203:n/a -> 130.67.215.166:n/a References: 1 Date: 09/30 17:52:04 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.182.245:n/a -> 130.67.215.166:n/a References: 1 Date: 09/30 17:54:44 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.130.31:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 17:55:12 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.181.68:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 17:55:25 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.45.39:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 17:55:34 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.95.237:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 17:55:35 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.80.243:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 17:55:50 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.57.60:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 17:57:51 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.51.130:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 17:58:01 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.220.11:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 17:58:19 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.21.11:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 17:58:24 Name: BAD TRAFFIC loopback traffic Priority: 2 Type: Potentially Bad Traffic IP info: 127.0.0.1:80 -> 130.67.156.111:1603 References: 1 Date: 09/30 17:58:49 Name: BAD TRAFFIC loopback traffic Priority: 2 Type: Potentially Bad Traffic IP info: 127.0.0.1:80 -> 130.67.156.111:1392 References: 1 Date: 09/30 17:59:14 Name: BAD TRAFFIC loopback traffic Priority: 2 Type: Potentially Bad Traffic IP info: 127.0.0.1:80 -> 130.67.156.111:1859 References: 1 Date: 09/30 17:59:19 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.41.206:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 17:59:41 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.220.18:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:01:01 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.241.164:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:01:03 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.208.155:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:01:10 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.53.172:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:01:17 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.239.37:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:02:38 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.54.195:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:02:40 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 148.122.230.135:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:03:02 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.33.112:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:03:07 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.97.90:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:03:12 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.230.190:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:04:12 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.98.217:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:05:24 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.114.195:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:06:26 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.53.11:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:06:31 Name: BAD TRAFFIC loopback traffic Priority: 2 Type: Potentially Bad Traffic IP info: 127.0.0.1:80 -> 130.67.156.111:1846 References: 1 Date: 09/30 18:06:35 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.64.81.61:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:07:24 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.21.2:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:07:49 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.38.106:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:08:36 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.221.81:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:08:45 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.69.209:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:09:19 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.187.38:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:09:20 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.194.159:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:10:02 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.170.189:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:10:33 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.88.61:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:10:49 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.17.161:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:11:46 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.211.81:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:12:15 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.219.171:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:12:37 Name: BAD TRAFFIC loopback traffic Priority: 2 Type: Potentially Bad Traffic IP info: 127.0.0.1:80 -> 130.67.156.111:1170 References: 1 Date: 09/30 18:12:56 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.139.114:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:13:00 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.230.150:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:13:04 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.42.132:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:13:31 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.125.175:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:13:50 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.196.205:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:14:05 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.89.53:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:16:22 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.32.175:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:16:25 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.215.212:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:17:24 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.253.249:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:17:36 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.132.144:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:17:59 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.30.215:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:18:03 Name: BAD TRAFFIC loopback traffic Priority: 2 Type: Potentially Bad Traffic IP info: 127.0.0.1:80 -> 130.67.156.111:1334 References: 1 Date: 09/30 18:18:22 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.147.200:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:18:43 Name: BAD TRAFFIC loopback traffic Priority: 2 Type: Potentially Bad Traffic IP info: 127.0.0.1:80 -> 130.67.156.111:1846 References: 1 Date: 09/30 18:18:54 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.115.47:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:19:03 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.130.119:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:20:10 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.20.181:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:20:15 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.30.49:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:20:32 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.114.62:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:20:37 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.87.238:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:22:08 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.16.248:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:22:52 Name: BAD TRAFFIC loopback traffic Priority: 2 Type: Potentially Bad Traffic IP info: 127.0.0.1:80 -> 130.67.156.111:1247 References: 1 Date: 09/30 18:23:03 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.64.142.208:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:23:10 Name: BAD TRAFFIC loopback traffic Priority: 2 Type: Potentially Bad Traffic IP info: 127.0.0.1:80 -> 130.67.156.111:1334 References: 1 Date: 09/30 18:24:00 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.215.49:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:24:29 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.59.59:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:24:59 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.129.227:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:25:17 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.140.157:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:25:43 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.151.57:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:26:08 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.46.43:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:26:12 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.105.47:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:27:21 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.209.1:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:28:03 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.229.108:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:28:13 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.129.174:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:28:16 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.110.254:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:28:21 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.137.32:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:28:25 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.33.92:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:28:30 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.227.80:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:28:58 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.172.228:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:29:07 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.95.116:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:29:51 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.54.159:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:31:08 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.225.41:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:31:15 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.27.179:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:31:27 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.95.249:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:32:10 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.100.160:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:33:06 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.87.183:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:33:16 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.196.94:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:34:20 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.26.92:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:36:12 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.85.216:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:36:40 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.88.108:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 18:36:57 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.176.120:n/a -> 130.67.156.111:n/a References: 1 Date: 09/30 20:22:57 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.120.114:n/a -> 130.67.233.89:n/a References: 1 Date: 09/30 20:23:42 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.105.219:n/a -> 130.67.233.89:n/a References: 1 Date: 09/30 20:23:48 Name: BAD TRAFFIC loopback traffic Priority: 2 Type: Potentially Bad Traffic IP info: 127.0.0.1:80 -> 130.67.233.89:1460 References: 1 Date: 09/30 20:23:51 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.45.103:n/a -> 130.67.233.89:n/a References: 1 Date: 09/30 20:24:33 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.137.65:n/a -> 130.67.233.89:n/a References: 1 Date: 09/30 20:25:07 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.165.242:n/a -> 130.67.233.89:n/a References: 1 Date: 09/30 20:25:14 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.252.135:n/a -> 130.67.233.89:n/a References: 1 Date: 09/30 20:25:50 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.165.60:n/a -> 130.67.233.89:n/a References: 1 Date: 09/30 20:27:26 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.107.194:n/a -> 130.67.233.89:n/a References: 1 Date: 09/30 20:27:32 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.130.45:n/a -> 130.67.233.89:n/a References: 1 Date: 09/30 20:28:28 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.215.156:n/a -> 130.67.233.89:n/a References: 1 Date: 09/30 20:28:52 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.105.109:n/a -> 130.67.233.89:n/a References: 1 Date: 09/30 20:29:19 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.131.70:n/a -> 130.67.233.89:n/a References: 1 Date: 09/30 20:29:22 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.38.106:n/a -> 130.67.233.89:n/a References: 1 Date: 09/30 20:29:49 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.90.121:n/a -> 130.67.233.89:n/a References: 1 Date: 09/30 20:33:41 Name: BAD TRAFFIC loopback traffic Priority: 2 Type: Potentially Bad Traffic IP info: 127.0.0.1:80 -> 130.67.71.34:1115 References: 1 Date: 09/30 20:33:58 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.54.231:n/a -> 130.67.71.34:n/a References: 1 Date: 09/30 20:34:54 Name: BAD TRAFFIC loopback traffic Priority: 2 Type: Potentially Bad Traffic IP info: 127.0.0.1:80 -> 130.67.156.14:1880 References: 1 Date: 09/30 20:35:25 Name: BAD TRAFFIC loopback traffic Priority: 2 Type: Potentially Bad Traffic IP info: 127.0.0.1:80 -> 130.67.156.14:1637 References: 1 Date: 09/30 20:35:39 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.170.146:n/a -> 130.67.156.14:n/a References: 1 Date: 09/30 20:36:18 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.239.54:n/a -> 130.67.156.14:n/a References: 1 Date: 09/30 20:36:20 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.228.17:n/a -> 130.67.156.14:n/a References: 1 Date: 09/30 20:36:29 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.164.46:n/a -> 130.67.156.14:n/a References: 1 Date: 09/30 20:36:37 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.151.100:n/a -> 130.67.156.14:n/a References: 1 Date: 09/30 20:36:38 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.45.221:n/a -> 130.67.156.14:n/a References: 1 Date: 09/30 20:36:50 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.64.77.219:n/a -> 130.67.156.14:n/a References: 1 Date: 09/30 20:37:16 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.17.47:n/a -> 130.67.156.14:n/a References: 1 Date: 09/30 20:37:36 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.225.93:n/a -> 130.67.156.14:n/a References: 1 Date: 09/30 20:38:04 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.208.65:n/a -> 130.67.156.14:n/a References: 1 Date: 09/30 20:39:50 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.45.115:n/a -> 130.67.156.14:n/a References: 1 Date: 09/30 20:39:56 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.175.41:n/a -> 130.67.156.14:n/a References: 1 Date: 09/30 20:40:05 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.227.126:n/a -> 130.67.156.14:n/a References: 1 Date: 09/30 20:40:18 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.93.84:n/a -> 130.67.156.14:n/a References: 1 Date: 09/30 20:40:37 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.172.61:n/a -> 130.67.156.14:n/a References: 1 Date: 09/30 20:40:48 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.140.12:n/a -> 130.67.156.14:n/a References: 1 Date: 09/30 20:40:55 Name: BAD TRAFFIC loopback traffic Priority: 2 Type: Potentially Bad Traffic IP info: 127.0.0.1:80 -> 130.67.156.14:1864 References: 1 Date: 09/30 20:41:05 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.137.209:n/a -> 130.67.156.14:n/a References: 1 Date: 09/30 20:41:08 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.247.243:n/a -> 130.67.156.14:n/a References: 1 Date: 09/30 20:41:18 Name: ICMP PING CyberKit 2.2 Windows Priority: 3 Type: Misc activity IP info: 130.67.211.185:n/a -> 130.67.156.14:n/a References: 1 Lenke til kommentar
kyrsjo Skrevet 30. september 2003 Forfatter Del Skrevet 30. september 2003 Er søren meg ikke trygt å gå på nettet om dagen. Var ikke så skummelt med MS ICS ikke for det, grc ga meg en god grunn til å gjøre noe Lenke til kommentar
kyrsjo Skrevet 30. september 2003 Forfatter Del Skrevet 30. september 2003 http://www.sans.org/rr/papers/21/1059.pdf Dette ga den meg på denne: Date: 09/30 17:58:24 Name: BAD TRAFFIC loopback traffic Priority: 2 Type: Potentially Bad Traffic IP info: 127.0.0.1:80 -> 130.67.156.111:1603 References: 1 (trykke på linken references... fant det ut rett etter at jeg skrev inlegg nr. 1, men da hadde jeg ikke tid...) Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå