M M M
NIC
alert NIDS Snort alert tcp 192.168.0.0/24 any -> $HTTP_SERVER 80 (msg: HTTP Access Detected";) alert tcp 192.168.0.0/24 any $HTTP_SERVER -> 80 oinkmaster Oink M M ANNEX PC-UNIX DSU M KIU L3
Web alert ACIDBIONS ANNEX ANNEX ANNEX-WatchDog Watchdog PC-UNIXANNEX ANNEX Perl PC-UNIX ANNEX Watchdog ping Postfix MTA Mail Transfer Agent)
ALL OK snort OK mysql OK apache NG postfix OK ANNEX ERROR Apache NG ANNEX PC-UNIX snort mysql apache postfix PC-UNIXANNEX ANNEXPC-UNIX ALL OK dhcpd OK squid OK apache NG bind OK ANNEX ERROR apache NG dhcpd squid apache bind ANNEX PC-UNIX ANNEX 4 8 Snort 8 NIC OS 8 9 PC-UNIX ANNEX L3 PC(A)
ANNEX 7 8 92 914 52 1 5 1 20 1 30 107 11 63 PC alert UPnP alert alert PC SNMP BIONS SNMP alert alert KIU 10 ANNEX 2 NIC 3 OS
URL
1. Snort (local.rules) 2. (bad-traffic.rules) 3. (exploit.rules) 4. (scan.rules) 5. Finger (finger.rules) 6. FTP (ftp.rules) 7. Telnet (telnet.rules) 8. RPC (rpc.rules) 9. Rsh,rlogin,rexec (rservices.rules) 10. DoS (dos.rules) 11. DdoS (ddos.rules) 12. DNS (dns.rules) 13. TFTP (tftp.rules) 14. CGI (weg-cgi.rules) 15. ColdFusion Web (web-coldfusion.rules) 16. IIS (web-iis.rules) 17. Frontpage Server Extension (web-frontpage.rules) 18. Web (web-misc.rules) 19. Web (web-client.rules) 20. PHP (web-php.rules) 21. Microsoft SQL Server (sql.rules) 22. X (x11.rules) 23. ICMP (icmp.rules) 24. NetBIOS (netbios.rules) 25. (misc.rules) 26. (attack-responses.rules) 27. Oracle (oracle.rules) 28. MySQL (mysql.rules) 29. SNMP (snmp.rules) 30. SMTP (smtp.rules) 31. IMAP (imap.rules) 32. POP2 (pop2.rules) 33. POP3 (pop3.rules) 34. NNTP (nntp.rules) 35. Snort IDS (other-ids.rules) 36. Web (web-attacks.rules) 37. (backdoor.rules) 38. (shellcode.rules) 39. (policy.rules) 40. (porn.rules) 41. (info.rules) 42. ICMP (icmp-info.rules) 43. SMTP (virus.rules) 44. AIM,ICQ,IRC (chat.rules) 45. Quick Time MPEG (multimedia.rules) 46. Kazaa P2P (p2p.rules) 47. Snort (experimental.rules) 48. (deleted.rules) IDS -Snort&Tripwire -
: [PC-UNIX:Critical] (tsuchis-e) (Thu, 13 Jan 2005 20:50:00 +0900 (JST)) : PC-UNIX [annex@bsd.tsuchis-e.kashiwa.ed.jp] : annex-admin@kiu.ad.jp ---------------------------------- ----------------- date : 2005/01/13-20:50:00 host : tsuchis-e IP address : 10.108.72.2 school domain : tsuchis-e.tsuchis-e.kashiwa.ed.jp Message: ANNEX [PING TEST] ANNEX:10.108.72.3 L3SWITCH:10.108.72.1 ping OK [DAEMON CHECK] syslogd is running inetd is running cron is running named is running squid is running snmpd is running dhcpd is running [DISK SIZE CHECK] MAX:95 / OK /tmp OK /usr OK /var OK [SERVER SERVICE PORT CHECK] service 21(ftpd): OK! service 23(telnetd): OK! service 25(smtpd): OK! [SERVER DAEMON CHECK] syslogd OK! inetd OK! cron OK! httpd NG! rl0 OK! rl1 OK! postfix OK! mysqld OK! [MAIL] ERROR MAIL. --- Annex Watch Dog Center annex-admin@kiu.ad.jp Annex ver1.4 (C) Kyoichiro Shibasaki 2004
AlertSCAN UPnP service discover attempt UPnPUniversal Plug and Play Windows98 Windows Me WindowsXP UPnP 2001 12 WindowsXP Windows98/Me XP IP IP UPnP Alert UPnP TCP/IP UPnP LAN DHCP UPnP BaseBand Private Windows PC Newsletter Windows XP UPnP BaseBand Private Windows PC Newsletter http://www.baseband.ne.jp/free/bff120-20011224.html