SnortALog

IDS Statistics generated on Tue Sep 14 04:41:54 2010

SnortALog

The log begins at :	Jan 01 00:17:46
The log ends at :	Dec 31 23:55:45

Total of Lines in log file :	99420
Total of Logs Dropped :	198 (0.20%)


Total events in table :	16922
Source IP recorded :	935
Destination IP recorded :	5

Host logger recorded :	1 with 1 interface(s)
Signatures recorded :	41
Classification recorded :	12
Severity recorded :	4
Portscan detected :	0

Domains File :	conf/domains
Number of domains :	267
Rules File :	conf/rules
Number of referenced rules :	2226

Legend :
	RED :	Dangerous connection (potentially bad, further investigation needed)
	GREEN :	Warning connection (strange, may need further intevestigation)
	BLACK :	Not dangerous alert

Popularity of one source host

%	No	IP Source	Resolve	Domain
4.66	788	66.154.102.38	unresolved	Unresolved
4.15	703	192.168.24.52	unresolved	Unresolved
4.12	698	130.54.208.193	natto.kuee.kyoto-u.ac.jp	Japan
3.24	548	74.6.74.226	UNKNOWN-74-6-74-226.yahoo.com	.COM
2.17	367	68.142.250.92	UNKNOWN-68-142-250-92.yahoo.com	.COM
2.13	360	74.6.85.164	UNKNOWN-74-6-85-164.yahoo.com	.COM
1.86	315	72.30.103.92	kp227030.inktomisearch.com	.COM
1.63	275	74.6.74.213	UNKNOWN-74-6-74-213.yahoo.com	.COM
1.61	272	207.46.98.48	msnbot.msn.com	.COM
1.54	261	207.46.98.49	msnbot.msn.com	.COM
1.53	259	72.30.252.148	UNKNOWN-72-30-252-148.yahoo.com	.COM
1.39	235	207.46.98.47	msnbot.msn.com	.COM
1.27	215	74.6.74.187	UNKNOWN-74-6-74-187.yahoo.com	.COM
1.24	209	72.30.110.224	b5121162.yst.yahoo.net	.NET
1.19	202	72.30.226.199	ha7.ge-13-35.bas-1-con.ac2.yahoo.com	.COM
1.08	183	74.6.75.34	UNKNOWN-74-6-75-34.yahoo.com	.COM
1.00	170	74.6.65.238	UNKNOWN-74-6-65-238.yahoo.com	.COM
0.99	168	72.30.97.215	UNKNOWN-72-30-97-215.yahoo.com	.COM
0.95	160	72.30.102.22	UNKNOWN-72-30-102-22.yahoo.com	.COM
0.91	154	72.30.111.201	ge-1-0.bas1-1-con.ac2.yahoo.com	.COM
0.89	150	68.142.250.76	admin1.ops.dxs.yahoo.com	.COM
0.87	148	74.6.74.214	UNKNOWN-74-6-74-214.yahoo.com	.COM
0.87	147	74.6.74.170	UNKNOWN-74-6-74-170.yahoo.com	.COM
0.85	144	207.46.98.52	msnbot.msn.com	.COM
0.85	143	74.6.75.21	UNKNOWN-74-6-75-21.yahoo.com	.COM
0.85	143	65.214.44.135	unresolved	Unresolved
0.82	139	68.142.250.35	vl107.bas2-1-str.dxs.yahoo.com	.COM
0.80	136	72.30.252.85	UNKNOWN-72-30-252-85.yahoo.com	.COM
0.80	135	72.30.98.147	UNKNOWN-72-30-98-147.yahoo.com	.COM
0.74	125	72.30.98.27	mwp515001.inktomisearch.com	.COM

Popularity of one destination host

%	No	IP Destination	Resolve
99.82	16891	192.168.24.11	natsume.tuchiya.org
0.12	21	192.168.24.1	unresolved
0.02	4	192.168.24.10	hoozuki.tuchiya.org
0.02	3	210.236.178.117	dhcp178-116.ztv.ne.jp
0.01	1	131.112.174.57	gogh.pi.titech.ac.jp

Attacks from one host to any with same method

%	No	IP Source	Attack	Severity
4.66	788	66.154.102.38	WEB-MISC robots.txt access {tcp}	medium
3.24	548	74.6.74.226	WEB-MISC robots.txt access {tcp}	medium
2.53	428	130.54.208.193	IMAP fetch overflow attempt {tcp}	medium
2.17	367	68.142.250.92	WEB-MISC robots.txt access {tcp}	medium
2.13	360	74.6.85.164	WEB-MISC robots.txt access {tcp}	medium
1.94	328	192.168.24.52	(http_inspect) IIS UNICODE CODEPOINT ENCODING {tcp}	unknown
1.93	326	192.168.24.52	(http_inspect) BARE BYTE UNICODE ENCODING {tcp}	unknown
1.86	315	72.30.103.92	WEB-MISC robots.txt access {tcp}	medium
1.63	275	74.6.74.213	WEB-MISC robots.txt access {tcp}	medium
1.61	272	207.46.98.48	WEB-MISC robots.txt access {tcp}	medium
1.54	261	207.46.98.49	WEB-MISC robots.txt access {tcp}	medium
1.53	259	72.30.252.148	WEB-MISC robots.txt access {tcp}	medium
1.39	235	207.46.98.47	WEB-MISC robots.txt access {tcp}	medium
1.32	223	130.54.208.193	IMAP status overflow attempt {tcp}	medium
1.27	215	74.6.74.187	WEB-MISC robots.txt access {tcp}	medium
1.24	209	72.30.110.224	WEB-MISC robots.txt access {tcp}	medium
1.19	202	72.30.226.199	WEB-MISC robots.txt access {tcp}	medium
1.08	183	74.6.75.34	WEB-MISC robots.txt access {tcp}	medium
1.00	170	74.6.65.238	WEB-MISC robots.txt access {tcp}	medium
0.99	168	72.30.97.215	WEB-MISC robots.txt access {tcp}	medium
0.95	160	72.30.102.22	WEB-MISC robots.txt access {tcp}	medium
0.91	154	72.30.111.201	WEB-MISC robots.txt access {tcp}	medium
0.89	150	68.142.250.76	WEB-MISC robots.txt access {tcp}	medium
0.87	148	74.6.74.214	WEB-MISC robots.txt access {tcp}	medium
0.87	147	74.6.74.170	WEB-MISC robots.txt access {tcp}	medium
0.85	144	207.46.98.52	WEB-MISC robots.txt access {tcp}	medium
0.85	143	65.214.44.135	WEB-MISC robots.txt access {tcp}	medium
0.85	143	74.6.75.21	WEB-MISC robots.txt access {tcp}	medium
0.82	139	68.142.250.35	WEB-MISC robots.txt access {tcp}	medium
0.80	136	72.30.252.85	WEB-MISC robots.txt access {tcp}	medium

Attacks to one host from any with same method

%	No	IP Destination	Attack	Severity
87.28	14770	192.168.24.11	WEB-MISC robots.txt access {tcp}	medium
2.78	470	192.168.24.11	IMAP fetch overflow attempt {tcp}	medium
2.54	430	192.168.24.11	(http_inspect) BARE BYTE UNICODE ENCODING {tcp}	unknown
2.05	347	192.168.24.11	(http_inspect) IIS UNICODE CODEPOINT ENCODING {tcp}	unknown
1.51	256	192.168.24.11	IMAP status overflow attempt {tcp}	medium
0.85	144	192.168.24.11	WEB-MISC Invalid HTTP Version String {tcp}	medium
0.50	85	192.168.24.11	WEB-IIS view source via translate header {tcp}	medium
0.50	84	192.168.24.11	ICMP Destination Unreachable Communication Administratively Prohibited {icmp}	low
0.32	54	192.168.24.11	(http_inspect) OVERSIZE CHUNK ENCODING {tcp}	unknown
0.29	49	192.168.24.11	(http_inspect) OVERSIZE REQUEST-URI DIRECTORY {tcp}	unknown
0.25	42	192.168.24.11	ICMP Destination Unreachable Communication Administratively Prohibited {udp}	low
0.22	38	192.168.24.11	WEB-MISC http directory traversal {tcp}	medium
0.10	17	192.168.24.11	NETBIOS SMB trans2open buffer overflow attempt {tcp}	high
0.09	16	192.168.24.1	(portscan) ICMP Sweep {proto255}	unknown
0.08	13	192.168.24.11	WEB-PHP test.php access {tcp}	medium
0.08	13	192.168.24.11	(snort_decoder) WARNING: TCP Data Offset is less than 5! {tcp}	unknown
0.05	9	192.168.24.11	WEB-MISC apache directory disclosure attempt {tcp}	medium
0.05	9	192.168.24.11	WEB-MISC Chunked-Encoding transfer attempt {tcp}	high
0.04	6	192.168.24.11	ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited {icmp}	low
0.04	6	192.168.24.11	WEB-FRONTPAGE /_vti_bin/ access {tcp}	medium
0.03	5	192.168.24.1	(portscan) ICMP Sweep {proto255}	medium
0.03	5	192.168.24.11	IMAP authenticate overflow attempt {tcp}	medium
0.02	4	192.168.24.11	WEB-PHP remote include path {tcp}	high
0.02	4	192.168.24.11	MS-SQL probe response overflow attempt {udp}	high
0.02	4	192.168.24.11	ATTACK-RESPONSES id check returned root {udp}	medium
0.02	4	192.168.24.11	(http_inspect) DOUBLE DECODING ATTACK {tcp}	unknown
0.02	4	192.168.24.10	ATTACK-RESPONSES id check returned root {udp}	medium
0.02	4	192.168.24.11	WEB-MISC cross site scripting attempt {tcp}	high
0.02	4	192.168.24.11	SNMP request udp {udp}	medium
0.02	3	192.168.24.11	(http_inspect) OVERSIZE CHUNK ENCODING {tcp}	medium

Attacks from a host to a destination

%	No	IP Source	IP Destination	Attack
4.66	788	66.154.102.38	192.168.24.11	WEB-MISC robots.txt access {tcp}
3.24	548	74.6.74.226	192.168.24.11	WEB-MISC robots.txt access {tcp}
2.53	428	130.54.208.193	192.168.24.11	IMAP fetch overflow attempt {tcp}
2.17	367	68.142.250.92	192.168.24.11	WEB-MISC robots.txt access {tcp}
2.13	360	74.6.85.164	192.168.24.11	WEB-MISC robots.txt access {tcp}
1.94	328	192.168.24.52	192.168.24.11	(http_inspect) IIS UNICODE CODEPOINT ENCODING {tcp}
1.93	326	192.168.24.52	192.168.24.11	(http_inspect) BARE BYTE UNICODE ENCODING {tcp}
1.86	315	72.30.103.92	192.168.24.11	WEB-MISC robots.txt access {tcp}
1.63	275	74.6.74.213	192.168.24.11	WEB-MISC robots.txt access {tcp}
1.61	272	207.46.98.48	192.168.24.11	WEB-MISC robots.txt access {tcp}
1.54	261	207.46.98.49	192.168.24.11	WEB-MISC robots.txt access {tcp}
1.53	259	72.30.252.148	192.168.24.11	WEB-MISC robots.txt access {tcp}
1.39	235	207.46.98.47	192.168.24.11	WEB-MISC robots.txt access {tcp}
1.32	223	130.54.208.193	192.168.24.11	IMAP status overflow attempt {tcp}
1.27	215	74.6.74.187	192.168.24.11	WEB-MISC robots.txt access {tcp}
1.24	209	72.30.110.224	192.168.24.11	WEB-MISC robots.txt access {tcp}
1.19	202	72.30.226.199	192.168.24.11	WEB-MISC robots.txt access {tcp}
1.08	183	74.6.75.34	192.168.24.11	WEB-MISC robots.txt access {tcp}
1.00	170	74.6.65.238	192.168.24.11	WEB-MISC robots.txt access {tcp}
0.99	168	72.30.97.215	192.168.24.11	WEB-MISC robots.txt access {tcp}
0.95	160	72.30.102.22	192.168.24.11	WEB-MISC robots.txt access {tcp}
0.91	154	72.30.111.201	192.168.24.11	WEB-MISC robots.txt access {tcp}
0.89	150	68.142.250.76	192.168.24.11	WEB-MISC robots.txt access {tcp}
0.87	148	74.6.74.214	192.168.24.11	WEB-MISC robots.txt access {tcp}
0.87	147	74.6.74.170	192.168.24.11	WEB-MISC robots.txt access {tcp}
0.85	144	207.46.98.52	192.168.24.11	WEB-MISC robots.txt access {tcp}
0.85	143	74.6.75.21	192.168.24.11	WEB-MISC robots.txt access {tcp}
0.85	143	65.214.44.135	192.168.24.11	WEB-MISC robots.txt access {tcp}
0.82	139	68.142.250.35	192.168.24.11	WEB-MISC robots.txt access {tcp}
0.80	136	72.30.252.85	192.168.24.11	WEB-MISC robots.txt access {tcp}

Distribution of attack methods

%	No	Attack	Priority	Severity
87.28	14770	WEB-MISC robots.txt access {tcp}	2	medium
2.78	470	IMAP fetch overflow attempt {tcp}	2	medium
2.54	430	(http_inspect) BARE BYTE UNICODE ENCODING {tcp}	2	unknown
2.05	347	(http_inspect) IIS UNICODE CODEPOINT ENCODING {tcp}	2	unknown
1.51	256	IMAP status overflow attempt {tcp}	2	medium
0.85	144	WEB-MISC Invalid HTTP Version String {tcp}	2	medium
0.50	85	WEB-IIS view source via translate header {tcp}	2	medium
0.50	84	ICMP Destination Unreachable Communication Administratively Prohibited {icmp}	3	low
0.31	53	(http_inspect) OVERSIZE CHUNK ENCODING {tcp}	2	unknown
0.29	49	(http_inspect) OVERSIZE REQUEST-URI DIRECTORY {tcp}	2	unknown
0.25	42	ICMP Destination Unreachable Communication Administratively Prohibited {udp}	3	low
0.22	38	WEB-MISC http directory traversal {tcp}	2	medium
0.10	17	NETBIOS SMB trans2open buffer overflow attempt {tcp}	1	high
0.09	16	(portscan) ICMP Sweep {proto255}	2	unknown
0.08	13	(snort_decoder) WARNING: TCP Data Offset is less than 5! {tcp}	2	unknown
0.08	13	WEB-PHP test.php access {tcp}	2	medium
0.05	9	WEB-MISC Chunked-Encoding transfer attempt {tcp}	1	high
0.05	9	WEB-MISC apache directory disclosure attempt {tcp}	2	medium
0.05	8	ATTACK-RESPONSES id check returned root {udp}	2	medium
0.04	6	ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited {icmp}	3	low
0.04	6	(portscan) ICMP Sweep {proto255}	2	medium
0.04	6	WEB-FRONTPAGE /_vti_bin/ access {tcp}	2	medium
0.03	5	IMAP authenticate overflow attempt {tcp}	2	medium
0.02	4	MS-SQL probe response overflow attempt {udp}	1	high
0.02	4	(http_inspect) DOUBLE DECODING ATTACK {tcp}	2	unknown
0.02	4	WEB-MISC cross site scripting attempt {tcp}	1	high
0.02	4	SNMP request udp {udp}	2	medium
0.02	4	WEB-PHP remote include path {tcp}	1	high
0.02	3	ATTACK-RESPONSES 403 Forbidden {tcp}	2	medium
0.02	3	ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited {tcp}	3	low
0.02	3	(http_inspect) OVERSIZE CHUNK ENCODING {tcp}	2	medium
0.02	3	WEB-MISC /etc/passwd {tcp}	2	medium
0.01	2	SNMP private access udp {udp}	2	medium
0.01	2	WEB-MISC WebDAV search access {tcp}	2	medium
0.01	2	SNMP public access udp {udp}	2	medium
0.01	1	WEB-MISC Cisco IOS HTTP configuration attempt {tcp}	1	high
0.01	1	WEB-MISC long basic authorization string {tcp}	2	medium
0.01	1	(http_inspect) BARE BYTE UNICODE ENCODING {tcp}	2	medium
0.01	1	(http_inspect) OVERSIZE REQUEST-URI DIRECTORY {tcp}	2	medium
0.01	1	(http_inspect) OVERSIZE CHUNK ENCODING {tcp}	3	unknown
0.01	1	(http_inspect) BARE BYTE UNICODE ENCODING {tcp}	1	high

Distribution of classification method

%	No	Classification	Severity
87.96	14884	access to a potentially vulnerable web application	medium
5.32	900	http_inspect	unknown
4.32	731	Misc Attack	medium
0.86	146	Detection of a non-standard protocol or event	medium
0.80	135	Misc activity	low
0.31	53	Attempted Information Leak	medium
0.11	19	Web Application Attack	high
0.10	17	Attempted Administrator Privilege Gain	high
0.08	13	snort_decoder	unknown
0.06	10	Attempted Denial of Service	medium
0.05	8	Potentially Bad Traffic	medium
0.02	4	Attempted User Privilege Gain	high

Distribution of event by severity

%	No	Severity
93.56	15832	medium
5.40	913	unknown
0.80	135	low
0.24	40	high

Distribution of event by day

Day	Month	No	%	Graph
1	03	46	0.27
1	07	60	0.35
1	12	46	0.27
1	10	48	0.28
1	08	23	0.14
1	11	42	0.25
1	01	54	0.32
1	05	93	0.55
1	09	27	0.16
1	02	65	0.38
1	06	58	0.34
2	01	46	0.27
2	07	50	0.30
2	03	53	0.31
2	09	43	0.25
2	05	99	0.59
2	02	48	0.28
2	06	70	0.41
2	12	45	0.27
2	08	36	0.21
2	11	38	0.22
2	10	52	0.31
3	01	57	0.34
3	05	126	0.74
3	12	39	0.23
3	09	36	0.21
3	08	24	0.14
3	07	55	0.33
3	03	43	0.25
3	10	58	0.34
3	06	69	0.41
3	11	35	0.21
3	02	66	0.39
4	10	66	0.39
4	08	22	0.13
4	03	33	0.20
4	12	39	0.23
4	05	92	0.54
4	09	46	0.27
4	02	65	0.38
4	06	56	0.33
4	01	40	0.24
4	07	47	0.28
4	11	30	0.18
5	02	58	0.34
5	10	50	0.30
5	05	101	0.60
5	01	61	0.36
5	06	62	0.37
5	07	55	0.33
5	11	45	0.27
5	08	37	0.22
5	03	43	0.25
5	09	42	0.25
5	12	41	0.24
6	07	51	0.30
6	08	43	0.25
6	12	31	0.18
6	09	36	0.21
6	11	39	0.23
6	05	99	0.59
6	02	88	0.52
6	06	83	0.49
6	10	48	0.28
6	01	27	0.16
7	07	36	0.21
7	01	67	0.40
7	06	63	0.37
7	09	35	0.21
7	11	32	0.19
7	12	25	0.15
7	10	41	0.24
7	08	54	0.32
7	05	95	0.56
7	02	95	0.56
8	11	33	0.20
8	09	37	0.22
8	10	32	0.19
8	02	62	0.37
8	08	59	0.35
8	12	41	0.24
8	07	50	0.30
8	06	76	0.45
8	05	74	0.44
8	01	41	0.24
9	07	40	0.24
9	02	63	0.37
9	08	32	0.19
9	10	29	0.17
9	09	44	0.26
9	05	84	0.50
9	01	72	0.43
9	12	35	0.21
9	06	52	0.31
9	11	31	0.18
10	09	44	0.26
10	05	82	0.48
10	02	36	0.21
10	12	55	0.33
10	06	45	0.27
10	11	31	0.18
10	07	44	0.26
10	10	23	0.14
10	08	48	0.28
10	01	42	0.25
11	05	60	0.35
11	01	46	0.27
11	09	39	0.23
11	07	46	0.27
11	06	61	0.36
11	02	60	0.35
11	11	45	0.27
11	10	28	0.17
11	08	27	0.16
11	12	42	0.25
12	05	97	0.57
12	10	23	0.14
12	06	59	0.35
12	07	49	0.29
12	01	46	0.27
12	11	42	0.25
12	02	70	0.41
12	08	24	0.14
12	09	25	0.15
12	12	51	0.30
13	06	49	0.29
13	05	82	0.48
13	11	41	0.24
13	02	56	0.33
13	10	28	0.17
13	09	35	0.21
13	01	55	0.33
13	08	17	0.10
13	12	64	0.38
13	07	41	0.24
14	08	25	0.15
14	10	33	0.20
14	05	112	0.66
14	02	83	0.49
14	07	48	0.28
14	09	30	0.18
14	11	47	0.28
14	12	64	0.38
14	06	53	0.31
14	01	28	0.17
15	07	42	0.25
15	05	120	0.71
15	06	69	0.41
15	12	45	0.27
15	08	35	0.21
15	02	46	0.27
15	10	39	0.23
15	01	49	0.29
15	11	43	0.25
15	09	29	0.17
16	10	33	0.20
16	07	41	0.24
16	02	54	0.32
16	12	53	0.31
16	01	65	0.38
16	11	35	0.21
16	06	78	0.46
16	09	23	0.14
16	05	93	0.55
16	08	40	0.24
17	09	29	0.17
17	04	17	0.10
17	06	48	0.28
17	07	36	0.21
17	11	37	0.22
17	05	146	0.86
17	02	65	0.38
17	10	37	0.22
17	08	28	0.17
17	12	44	0.26
17	01	49	0.29
18	01	39	0.23
18	09	51	0.30
18	05	162	0.96
18	06	42	0.25
18	02	52	0.31
18	10	51	0.30
18	07	48	0.28
18	11	61	0.36
18	04	44	0.26
18	08	22	0.13
18	12	72	0.43
19	04	48	0.28
19	12	73	0.43
19	01	47	0.28
19	05	93	0.55
19	07	40	0.24
19	02	51	0.30
19	11	39	0.23
19	10	37	0.22
19	06	55	0.33
19	08	23	0.14
19	09	51	0.30
20	01	24	0.14
20	05	93	0.55
20	09	29	0.17
20	02	45	0.27
20	10	27	0.16
20	04	54	0.32
20	06	65	0.38
20	07	38	0.22
20	11	38	0.22
20	08	33	0.20
20	12	71	0.42
21	01	32	0.19
21	04	59	0.35
21	11	40	0.24
21	05	152	0.90
21	06	59	0.35
21	12	82	0.48
21	02	49	0.29
21	07	53	0.31
21	08	24	0.14
21	10	26	0.15
21	09	24	0.14
22	06	64	0.38
22	09	30	0.18
22	12	70	0.41
22	10	39	0.23
22	07	37	0.22
22	01	15	0.09
22	08	25	0.15
22	05	174	1.03
22	04	61	0.36
22	02	60	0.35
22	11	33	0.20
23	10	35	0.21
23	04	57	0.34
23	02	22	0.13
23	08	31	0.18
23	07	39	0.23
23	01	18	0.11
23	06	76	0.45
23	12	60	0.35
23	05	138	0.82
23	09	31	0.18
23	11	30	0.18
24	08	21	0.12
24	11	41	0.24
24	07	30	0.18
24	02	45	0.27
24	12	47	0.28
24	06	63	0.37
24	05	122	0.72
24	01	49	0.29
24	04	68	0.40
24	09	32	0.19
24	10	41	0.24
25	10	29	0.17
25	09	35	0.21
25	02	34	0.20
25	08	37	0.22
25	12	59	0.35
25	01	60	0.35
25	07	37	0.22
25	06	50	0.30
25	05	302	1.78
25	11	34	0.20
25	04	80	0.47
26	12	52	0.31
26	05	287	1.70
26	07	31	0.18
26	02	47	0.28
26	01	67	0.40
26	09	39	0.23
26	06	62	0.37
26	08	31	0.18
26	11	37	0.22
26	04	101	0.60
26	10	29	0.17
27	04	90	0.53
27	12	53	0.31
27	02	52	0.31
27	06	56	0.33
27	05	153	0.90
27	10	31	0.18
27	09	27	0.16
27	08	20	0.12
27	01	88	0.52
27	07	39	0.23
27	11	41	0.24
28	06	54	0.32
28	11	30	0.18
28	12	66	0.39
28	07	37	0.22
28	02	59	0.35
28	08	31	0.18
28	04	69	0.41
28	01	77	0.46
28	05	120	0.71
28	09	38	0.22
28	10	32	0.19
29	05	56	0.33
29	12	45	0.27
29	08	33	0.20
29	06	45	0.27
29	10	56	0.33
29	04	57	0.34
29	07	38	0.22
29	11	32	0.19
29	09	53	0.31
29	01	59	0.35
30	12	32	0.19
30	06	55	0.33
30	09	35	0.21
30	07	44	0.26
30	04	80	0.47
30	11	35	0.21
30	10	35	0.21
30	01	57	0.34
30	08	29	0.17
30	05	67	0.40
31	10	27	0.16
31	05	38	0.22
31	07	29	0.17
31	08	35	0.21
31	01	59	0.35
31	12	59	0.35

Distribution of attack by hour

Hour	No	%	Graph
0h	695	4.11
1h	656	3.88
2h	644	3.81
3h	654	3.86
4h	654	3.86
5h	637	3.76
6h	696	4.11
7h	714	4.22
8h	784	4.63
9h	731	4.32
10h	720	4.25
11h	674	3.98
12h	721	4.26
13h	695	4.11
14h	677	4.00
15h	667	3.94
16h	649	3.84
17h	673	3.98
18h	645	3.81
19h	665	3.93
20h	682	4.03
21h	737	4.36
22h	925	5.47
23h	925	5.47

Attacks by hour

%	No	Hour	Attack
3.97	672	10h	WEB-MISC robots.txt access {tcp}
3.92	663	7h	WEB-MISC robots.txt access {tcp}
3.81	645	3h	WEB-MISC robots.txt access {tcp}
3.79	641	6h	WEB-MISC robots.txt access {tcp}
3.78	639	22h	WEB-MISC robots.txt access {tcp}
3.74	633	12h	WEB-MISC robots.txt access {tcp}
3.71	627	2h	WEB-MISC robots.txt access {tcp}
3.69	625	13h	WEB-MISC robots.txt access {tcp}
3.69	624	19h	WEB-MISC robots.txt access {tcp}
3.68	623	4h	WEB-MISC robots.txt access {tcp}
3.65	618	20h	WEB-MISC robots.txt access {tcp}
3.65	617	5h	WEB-MISC robots.txt access {tcp}
3.62	613	23h	WEB-MISC robots.txt access {tcp}
3.59	608	8h	WEB-MISC robots.txt access {tcp}
3.59	607	11h	WEB-MISC robots.txt access {tcp}
3.58	606	21h	WEB-MISC robots.txt access {tcp}
3.58	605	15h	WEB-MISC robots.txt access {tcp}
3.53	598	1h	WEB-MISC robots.txt access {tcp}
3.50	593	17h	WEB-MISC robots.txt access {tcp}
3.49	591	18h	WEB-MISC robots.txt access {tcp}
3.46	586	0h	WEB-MISC robots.txt access {tcp}
3.44	582	14h	WEB-MISC robots.txt access {tcp}
3.42	578	16h	WEB-MISC robots.txt access {tcp}
3.40	576	9h	WEB-MISC robots.txt access {tcp}
0.94	159	23h	(http_inspect) IIS UNICODE CODEPOINT ENCODING {tcp}
0.81	137	8h	IMAP fetch overflow attempt {tcp}
0.77	130	22h	(http_inspect) BARE BYTE UNICODE ENCODING {tcp}
0.72	122	22h	(http_inspect) IIS UNICODE CODEPOINT ENCODING {tcp}
0.66	111	23h	(http_inspect) BARE BYTE UNICODE ENCODING {tcp}
0.61	103	9h	IMAP fetch overflow attempt {tcp}

Distribution of event by destination port

%	No	Destination Port
95.14	16099	80
4.32	731	143
0.25	42	3/13
0.10	17	139
0.08	13	0
0.05	8	161
0.02	3	3/10
0.01	2	32768
0.01	2	1025
0.01	1	51922
0.01	1	51885
0.01	1	51944

Attacks to one destination port

%	No	Port	Attack
87.28	14770	80	WEB-MISC robots.txt access {tcp}
2.78	470	143	IMAP fetch overflow attempt {tcp}
2.55	432	80	(http_inspect) BARE BYTE UNICODE ENCODING {tcp}
2.05	347	80	(http_inspect) IIS UNICODE CODEPOINT ENCODING {tcp}
1.51	256	143	IMAP status overflow attempt {tcp}
0.85	144	80	WEB-MISC Invalid HTTP Version String {tcp}
0.50	85	80	WEB-IIS view source via translate header {tcp}
0.34	57	80	(http_inspect) OVERSIZE CHUNK ENCODING {tcp}
0.30	50	80	(http_inspect) OVERSIZE REQUEST-URI DIRECTORY {tcp}
0.25	42	80	ICMP Destination Unreachable Communication Administratively Prohibited {udp}
0.25	42	3/13	ICMP Destination Unreachable Communication Administratively Prohibited {icmp}
0.25	42	80	ICMP Destination Unreachable Communication Administratively Prohibited {icmp}
0.22	38	80	WEB-MISC http directory traversal {tcp}
0.13	22	80	(portscan) ICMP Sweep {proto255}
0.10	17	139	NETBIOS SMB trans2open buffer overflow attempt {tcp}
0.08	13	0	(snort_decoder) WARNING: TCP Data Offset is less than 5! {tcp}
0.08	13	80	WEB-PHP test.php access {tcp}
0.05	9	80	WEB-MISC apache directory disclosure attempt {tcp}
0.05	9	80	WEB-MISC Chunked-Encoding transfer attempt {tcp}
0.05	8	80	ATTACK-RESPONSES id check returned root {udp}
0.04	6	80	WEB-FRONTPAGE /_vti_bin/ access {tcp}
0.03	5	143	IMAP authenticate overflow attempt {tcp}
0.02	4	80	WEB-PHP remote include path {tcp}
0.02	4	80	(http_inspect) DOUBLE DECODING ATTACK {tcp}
0.02	4	161	SNMP request udp {udp}
0.02	4	80	WEB-MISC cross site scripting attempt {tcp}
0.02	3	3/10	ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited {icmp}
0.02	3	80	ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited {icmp}
0.02	3	80	WEB-MISC /etc/passwd {tcp}
0.02	3	80	ICMP Destination Unreachable Communication with Destination Host is Administratively Prohibited {tcp}

Popularity of one domain

%	No	Domain
46.63	436	.COM
20.96	196	Unresolved
14.33	134	Japan
10.16	95	.NET
1.71	16	Seychelles
1.18	11	Poland
0.53	5	Brazil
0.32	3	France
0.32	3	Thailand
0.32	3	US Educational
0.32	3	Italy
0.21	2	Russian Federation
0.21	2	.ORG
0.21	2	Germany
0.21	2
0.21	2	Switzerland
0.21	2	Pakistan
0.21	2	Argentina
0.11	1	Portugal
0.11	1	China
0.11	1	Spain
0.11	1	Malaysia
0.11	1	Romania
0.11	1	India
0.11	1	Singapore
0.11	1	Czech Republic
0.11	1	US Military
0.11	1	Chile
0.11	1	Dominican Republic
0.11	1	Greece

Distribution of event by protocols

%	No	Protocols
98.96	16746	tcp
0.53	90	icmp
0.37	62	udp
0.13	22	proto255

Main Stats
IP Src
IP Dst
Protocols
Hour
Days
Services
Source Log

IDS/IPS Stats
Attack by Src
Attack by Dst
Attack by Src and Dst
Attacks
Alert Severity
Alert Classification
Attacks by Services
Attacks by Hours


	powered by SnortALog © SnortALog 2000-2005