voilà mon log IPCOP de la journée. Une journée normale.
IPCop IDS snort log
Date: 16 Mars
Date: 03/16 00:53:41
Name: WEB-MISC webdav search access
Priority: 2
Type: access to a potentially vulnerable web application
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 1070
Refs:
Date: 03/16 08:39:41
Name: WEB-CGI redirect access
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 895
Refs:
Date: 03/16 08:39:59
Name: WEB-PHP read_body.php access attempt
Priority: 2
Type: access to a potentially vulnerable web application
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 1997
Refs:
Date: 03/16 08:40:13
Name: WEB-PHP read_body.php access attempt
Priority: 2
Type: access to a potentially vulnerable web application
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 1997
Refs:
Date: 03/16 09:43:05
Name: WEB-CGI redirect access
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 895
Refs:
Date: 03/16 11:26:05
Name: MS-SQL Worm propagation attempt
Priority: 2
Type: Misc Attack
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 2003
Refs:
Date: 03/16 11:30:40
Name: WEB-CGI redirect access
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 895
Refs:
Date: 03/16 12:15:57
Name: MS-SQL Worm propagation attempt
Priority: 2
Type: Misc Attack
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 2003
Refs:
Date: 03/16 13:17:24
Name: SCAN Proxy (8080) attempt
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 620
Refs:
Date: 03/16 13:17:27
Name: SCAN Proxy (8080) attempt
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 620
Refs:
Date: 03/16 13:17:30
Name: SCAN Proxy (8080) attempt
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 620
Refs:
Date: 03/16 13:17:31
Name: SCAN SOCKS Proxy attempt
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 615
Refs:
Date: 03/16 13:17:32
Name: SCAN Squid Proxy attempt
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 618
Refs:
Date: 03/16 13:17:34
Name: SCAN Proxy (8080) attempt
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 620
Refs:
Date: 03/16 13:17:34
Name: SCAN SOCKS Proxy attempt
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 615
Refs:
Date: 03/16 13:17:35
Name: SCAN Squid Proxy attempt
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 618
Refs:
Date: 03/16 13:17:37
Name: SCAN Proxy (8080) attempt
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 620
Refs:
Date: 03/16 13:17:37
Name: SCAN SOCKS Proxy attempt
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 615
Refs:
Date: 03/16 13:17:38
Name: SCAN Squid Proxy attempt
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 618
Refs:
Date: 03/16 13:17:40
Name: SCAN Proxy (8080) attempt
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 620
Refs:
Date: 03/16 13:17:41
Name: SCAN SOCKS Proxy attempt
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 615
Refs:
Date: 03/16 13:17:42
Name: SCAN Squid Proxy attempt
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 618
Refs:
Date: 03/16 13:17:44
Name: SCAN SOCKS Proxy attempt
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 615
Refs:
Date: 03/16 13:17:45
Name: SCAN Squid Proxy attempt
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 618
Refs:
Date: 03/16 13:17:46
Name: SCAN Proxy (8080) attempt
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 620
Refs:
Date: 03/16 13:17:47
Name: SCAN SOCKS Proxy attempt
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 615
Refs:
Date: 03/16 13:17:48
Name: SCAN Squid Proxy attempt
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 618
Refs:
Date: 03/16 13:17:53
Name: SCAN SOCKS Proxy attempt
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 615
Refs:
Date: 03/16 13:17:54
Name: SCAN Squid Proxy attempt
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 618
Refs:
Date: 03/16 19:44:00
Name: WEB-CGI redirect access
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 895
Refs:
Date: 03/16 20:44:08
Name: WEB-CGI redirect access
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 895
Refs:
Date: 03/16 20:44:43
Name: WEB-PHP read_body.php access attempt
Priority: 2
Type: access to a potentially vulnerable web application
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 1997
Refs:
Date: 03/16 20:45:35
Name: WEB-PHP content-disposition
Priority: 1
Type: Web Application Attack
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 1425
Refs:
Date: 03/16 20:45:35
Name: WEB-PHP content-disposition
Priority: 1
Type: Web Application Attack
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 1425
Refs:
Date: 03/16 20:45:36
Name: WEB-PHP content-disposition
Priority: 1
Type: Web Application Attack
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 1425
Refs:
Date: 03/16 20:45:39
Name: WEB-PHP content-disposition
Priority: 1
Type: Web Application Attack
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 1425
Refs:
Date: 03/16 20:45:40
Name: WEB-PHP content-disposition
Priority: 1
Type: Web Application Attack
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 1425
Refs:
Date: 03/16 20:45:40
Name: WEB-PHP content-disposition
Priority: 1
Type: Web Application Attack
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 1425
Refs:
Date: 03/16 20:51:50
Name: WEB-PHP content-disposition
Priority: 1
Type: Web Application Attack
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 1425
Refs:
Date: 03/16 20:51:50
Name: WEB-PHP content-disposition
Priority: 1
Type: Web Application Attack
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 1425
Refs:
Date: 03/16 20:51:50
Name: WEB-PHP content-disposition
Priority: 1
Type: Web Application Attack
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 1425
Refs:
Date: 03/16 20:51:51
Name: WEB-PHP content-disposition
Priority: 1
Type: Web Application Attack
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 1425
Refs:
Date: 03/16 21:18:29
Name: WEB-CGI redirect access
Priority: 2
Type: Attempted Information Leak
IP Info: xxx.xxx.xx.xx -> 10.0.0.20
SID: 895
Refs: