SnortALog V2.4.0

IDS Statistics generated on Wed Aug 23 13:21:37 2006

SnortALog

The log begins at :	Aug 21 22:33:50
The log ends at :	Aug 22 09:22:08

Total of Lines in log file :	6558038


Total events in table :	1074179
Source IP recorded :	6945
Destination IP recorded :	7149

Host logger recorded :	1 with 1 interface(s)
Signatures recorded :	15
Classification recorded :	1
Severity recorded :	1
Portscan detected :	0

Domains File :	conf/domains
Number of domains :	267
Rules File :	conf/rules
Number of referenced rules :	2067

Legend :
	RED :	Dangerous connection (potentially bad, further investigation needed)
	GREEN :	Warning connection (strange, may need further intevestigation)
	BLACK :	Not dangerous alert

Distribution of attack methods

%	No	Attack	Priority	Severity
0.00	1	BLEEDING-EDGE P2P ed2k file request answer {tcp}	1	high
0.00	1	BLEEDING-EDGE P2P Ares traffic {tcp}	1	high
0.00	5	BLEEDING-EDGE P2P GnucDNA UDP Ultrapeer Traffic {udp}	1	high
0.00	6	BLEEDING-EDGE P2P Gnutella TCP Ultrapeer Traffic {tcp}	1	high
0.00	13	BLEEDING-EDGE P2P ed2k connection to server {tcp}	1	high
0.00	15	BLEEDING-EDGE P2P eDonkey Search {udp}	1	high
0.00	15	BLEEDING-EDGE P2P Kaaza Media desktop p2pnetworking.exe Activity {udp}	1	high
0.00	16	BLEEDING-EDGE P2P eDonkey File Status Request {tcp}	1	high
0.00	26	BLEEDING-EDGE P2P Ares GET {tcp}	1	high
0.05	554	BLEEDING-EDGE P2P LimeWire P2P Traffic {tcp}	1	high
0.15	1618	BLEEDING-EDGE P2P Gnutella Connect {tcp}	1	high
5.59	60073	BLEEDING-EDGE P2P BitTorrent Traffic {tcp}	1	high
8.90	95556	BLEEDING-EDGE P2P Overnet Server Announce {udp}	1	high
22.46	241244	BLEEDING-EDGE P2P Direct Connect Traffic (client-server) {tcp}	1	high
62.84	675036	BLEEDING-EDGE P2P BitTorrent peer sync {tcp}	1	high

Distribution of classification method

%	No	Classification	Severity
100.00	1074179	Potential Corporate Privacy Violation	high

Distribution of event by day

Day	Month	No	%	Graph
21	08	193023	17.97
22	08	881156	82.03

Distribution of attack by hour

Hour	No	%	Graph
0h	131785	12.27
1h	122386	11.39
2h	119526	11.13
3h	93971	8.75
4h	69816	6.50
5h	55738	5.19
6h	54346	5.06
7h	63180	5.88
8h	126035	11.73
9h	44373	4.13
22h	72301	6.73
23h	120722	11.24

Attacks by hour

%	No	Hour	Attack
0.00	1	6h	BLEEDING-EDGE P2P Kaaza Media desktop p2pnetworking.exe Activity {udp}
0.00	1	4h	BLEEDING-EDGE P2P eDonkey File Status Request {tcp}
0.00	1	8h	BLEEDING-EDGE P2P Kaaza Media desktop p2pnetworking.exe Activity {udp}
0.00	1	3h	BLEEDING-EDGE P2P ed2k file request answer {tcp}
0.00	1	3h	BLEEDING-EDGE P2P Kaaza Media desktop p2pnetworking.exe Activity {udp}
0.00	1	22h	BLEEDING-EDGE P2P eDonkey Search {udp}
0.00	1	5h	BLEEDING-EDGE P2P Kaaza Media desktop p2pnetworking.exe Activity {udp}
0.00	1	22h	BLEEDING-EDGE P2P ed2k connection to server {tcp}
0.00	1	22h	BLEEDING-EDGE P2P Gnutella TCP Ultrapeer Traffic {tcp}
0.00	1	4h	BLEEDING-EDGE P2P ed2k connection to server {tcp}
0.00	1	23h	BLEEDING-EDGE P2P ed2k connection to server {tcp}
0.00	1	23h	BLEEDING-EDGE P2P Gnutella TCP Ultrapeer Traffic {tcp}
0.00	1	8h	BLEEDING-EDGE P2P eDonkey Search {udp}
0.00	1	3h	BLEEDING-EDGE P2P eDonkey Search {udp}
0.00	2	8h	BLEEDING-EDGE P2P Gnutella TCP Ultrapeer Traffic {tcp}
0.00	2	23h	BLEEDING-EDGE P2P eDonkey Search {udp}
0.00	2	7h	BLEEDING-EDGE P2P Gnutella Connect {tcp}
0.00	2	7h	BLEEDING-EDGE P2P ed2k connection to server {tcp}
0.00	2	6h	BLEEDING-EDGE P2P LimeWire P2P Traffic {tcp}
0.00	2	23h	BLEEDING-EDGE P2P eDonkey File Status Request {tcp}
0.00	2	1h	BLEEDING-EDGE P2P Kaaza Media desktop p2pnetworking.exe Activity {udp}
0.00	2	4h	BLEEDING-EDGE P2P eDonkey Search {udp}
0.00	2	7h	BLEEDING-EDGE P2P LimeWire P2P Traffic {tcp}
0.00	2	2h	BLEEDING-EDGE P2P Gnutella TCP Ultrapeer Traffic {tcp}
0.00	2	6h	BLEEDING-EDGE P2P Gnutella Connect {tcp}
0.00	2	7h	BLEEDING-EDGE P2P eDonkey Search {udp}
0.00	2	6h	BLEEDING-EDGE P2P eDonkey Search {udp}
0.00	3	1h	BLEEDING-EDGE P2P ed2k connection to server {tcp}
0.00	3	9h	BLEEDING-EDGE P2P LimeWire P2P Traffic {tcp}
0.00	3	4h	BLEEDING-EDGE P2P Kaaza Media desktop p2pnetworking.exe Activity {udp}
0.00	3	2h	BLEEDING-EDGE P2P ed2k connection to server {tcp}
0.00	4	4h	BLEEDING-EDGE P2P LimeWire P2P Traffic {tcp}
0.00	4	23h	BLEEDING-EDGE P2P Kaaza Media desktop p2pnetworking.exe Activity {udp}
0.00	4	2h	BLEEDING-EDGE P2P eDonkey Search {udp}
0.00	5	8h	BLEEDING-EDGE P2P GnucDNA UDP Ultrapeer Traffic {udp}
0.00	5	4h	BLEEDING-EDGE P2P Gnutella Connect {tcp}
0.00	5	1h	BLEEDING-EDGE P2P eDonkey File Status Request {tcp}
0.00	5	2h	BLEEDING-EDGE P2P eDonkey File Status Request {tcp}
0.00	26	8h	BLEEDING-EDGE P2P LimeWire P2P Traffic {tcp}
0.00	26	9h	BLEEDING-EDGE P2P Ares GET {tcp}
0.00	33	9h	BLEEDING-EDGE P2P Gnutella Connect {tcp}
0.00	42	3h	BLEEDING-EDGE P2P LimeWire P2P Traffic {tcp}
0.01	56	22h	BLEEDING-EDGE P2P LimeWire P2P Traffic {tcp}
0.01	73	1h	BLEEDING-EDGE P2P LimeWire P2P Traffic {tcp}
0.01	114	3h	BLEEDING-EDGE P2P Gnutella Connect {tcp}
0.01	132	2h	BLEEDING-EDGE P2P LimeWire P2P Traffic {tcp}
0.01	135	23h	BLEEDING-EDGE P2P LimeWire P2P Traffic {tcp}
0.01	137	1h	BLEEDING-EDGE P2P Gnutella Connect {tcp}
0.02	211	22h	BLEEDING-EDGE P2P Gnutella Connect {tcp}
0.02	258	8h	BLEEDING-EDGE P2P Gnutella Connect {tcp}
0.03	274	2h	BLEEDING-EDGE P2P Gnutella Connect {tcp}
0.04	393	23h	BLEEDING-EDGE P2P Gnutella Connect {tcp}
0.12	1253	9h	BLEEDING-EDGE P2P BitTorrent Traffic {tcp}
0.15	1619	22h	BLEEDING-EDGE P2P BitTorrent Traffic {tcp}
0.21	2258	7h	BLEEDING-EDGE P2P BitTorrent Traffic {tcp}
0.24	2603	9h	BLEEDING-EDGE P2P Overnet Server Announce {udp}
0.24	2628	8h	BLEEDING-EDGE P2P BitTorrent Traffic {tcp}
0.37	3970	22h	BLEEDING-EDGE P2P Overnet Server Announce {udp}
0.39	4154	6h	BLEEDING-EDGE P2P BitTorrent Traffic {tcp}
0.55	5899	23h	BLEEDING-EDGE P2P BitTorrent Traffic {tcp}
0.56	6057	4h	BLEEDING-EDGE P2P BitTorrent Traffic {tcp}
0.59	6335	1h	BLEEDING-EDGE P2P BitTorrent Traffic {tcp}
0.61	6564	4h	BLEEDING-EDGE P2P Overnet Server Announce {udp}
0.63	6814	2h	BLEEDING-EDGE P2P BitTorrent Traffic {tcp}
0.64	6841	23h	BLEEDING-EDGE P2P Overnet Server Announce {udp}
0.70	7491	5h	BLEEDING-EDGE P2P BitTorrent Traffic {tcp}
0.72	7766	6h	BLEEDING-EDGE P2P Overnet Server Announce {udp}
0.73	7822	2h	BLEEDING-EDGE P2P Overnet Server Announce {udp}
0.74	7911	3h	BLEEDING-EDGE P2P Overnet Server Announce {udp}
0.78	8405	5h	BLEEDING-EDGE P2P Overnet Server Announce {udp}
0.81	8690	3h	BLEEDING-EDGE P2P BitTorrent Traffic {tcp}
0.86	9191	9h	BLEEDING-EDGE P2P Direct Connect Traffic (client-server) {tcp}
0.92	9856	4h	BLEEDING-EDGE P2P Direct Connect Traffic (client-server) {tcp}
0.93	10015	8h	BLEEDING-EDGE P2P Overnet Server Announce {udp}
0.96	10318	3h	BLEEDING-EDGE P2P Direct Connect Traffic (client-server) {tcp}
0.97	10423	5h	BLEEDING-EDGE P2P Direct Connect Traffic (client-server) {tcp}
1.04	11188	1h	BLEEDING-EDGE P2P Overnet Server Announce {udp}
1.20	12895	6h	BLEEDING-EDGE P2P Direct Connect Traffic (client-server) {tcp}
1.23	13254	7h	BLEEDING-EDGE P2P Overnet Server Announce {udp}
1.55	16637	7h	BLEEDING-EDGE P2P Direct Connect Traffic (client-server) {tcp}
1.84	19797	22h	BLEEDING-EDGE P2P Direct Connect Traffic (client-server) {tcp}
1.88	20171	8h	BLEEDING-EDGE P2P Direct Connect Traffic (client-server) {tcp}
2.20	23639	2h	BLEEDING-EDGE P2P Direct Connect Traffic (client-server) {tcp}
2.74	29418	5h	BLEEDING-EDGE P2P BitTorrent peer sync {tcp}
2.75	29524	6h	BLEEDING-EDGE P2P BitTorrent peer sync {tcp}
2.89	31023	7h	BLEEDING-EDGE P2P BitTorrent peer sync {tcp}
2.90	31185	1h	BLEEDING-EDGE P2P Direct Connect Traffic (client-server) {tcp}
2.91	31264	9h	BLEEDING-EDGE P2P BitTorrent peer sync {tcp}
3.91	41969	23h	BLEEDING-EDGE P2P Direct Connect Traffic (client-server) {tcp}
4.34	46645	22h	BLEEDING-EDGE P2P BitTorrent peer sync {tcp}
4.41	47323	4h	BLEEDING-EDGE P2P BitTorrent peer sync {tcp}
6.10	65475	23h	BLEEDING-EDGE P2P BitTorrent peer sync {tcp}
6.23	66893	3h	BLEEDING-EDGE P2P BitTorrent peer sync {tcp}
6.84	73458	1h	BLEEDING-EDGE P2P BitTorrent peer sync {tcp}
7.52	80831	2h	BLEEDING-EDGE P2P BitTorrent peer sync {tcp}
8.65	92928	8h	BLEEDING-EDGE P2P BitTorrent peer sync {tcp}

Distribution of event by protocols

%	No	Protocols
91.10	978588	tcp
8.90	95591	udp

Main Stats
IP Src
IP Dst
Protocols
Hour
Days
Services
Source Log

IDS/IPS Stats
Attack by Src
Attack by Dst
Attack by Src and Dst
Attacks
Alert Severity
Alert Classification
Attacks by Services
Attacks by Hours


	powered by SnortALog © SnortALog 2000-2005