2 テストショット2
2.7 ftp オンラインパスワードクラッキング
2.7.1 RealSecure Network Engine 1 ログ
ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType
55036,2000/04/20 15:05:31,FTP_User,6,2433,21,2433,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,2,No,00:C0:F6:B3:0F:12,,00:20:18:64:5C:E8,,0,, 1,192.168.10.11,No,0
55037,2000/04/20 15:05:31,FTP_Pass,6,2433,21,2433,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,2,No,00:C0:F6:B3:0F:12,,00:20:18:64:5C:E8,,0,,1 ,192.168.10.11,No,0
55038,2000/04/20 15:05:31,FTP_Syst,6,2433,21,2433,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,3,No,00:C0:F6:B3:0F:12,,00:20:18:64:5C:E8,,0,,0 ,192.168.10.11,No,0
55039,2000/04/20 15:05:32,FTP_User,6,2434,21,2434,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,2,No,00:C0:F6:B3:0F:12,,00:20:18:64:5C:E8,,0,, 1,192.168.10.11,No,0
55040,2000/04/20 15:05:32,FTP_Pass,6,2434,21,2434,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,2,No,00:C0:F6:B3:0F:12,,00:20:18:64:5C:E8,,0,,1 ,192.168.10.11,No,0
55041,2000/04/20 15:05:32,FTP_Syst,6,2434,21,2434,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,3,No,00:C0:F6:B3:0F:12,,00:20:18:64:5C:E8,,0,,0 ,192.168.10.11,No,0
55042,2000/04/20 15:05:33,FTP_User,6,2435,21,2435,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,2,No,00:C0:F6:B3:0F:12,,00:20:18:64:5C:E8,,0,, 1,192.168.10.11,No,0
55043,2000/04/20 15:05:33,FTP_Pass,6,2435,21,2435,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,2,No,00:C0:F6:B3:0F:12,,00:20:18:64:5C:E8,,0,,1 ,192.168.10.11,No,0
55044,2000/04/20 15:05:34,FTP_Syst,6,2435,21,2435,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,3,No,00:C0:F6:B3:0F:12,,00:20:18:64:5C:E8,,0,,0 ,192.168.10.11,No,0
55045,2000/04/20 15:05:35,FTP_User,6,2436,21,2436,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,2,No,00:C0:F6:B3:0F:12,,00:20:18:64:5C:E8,,0,, 1,192.168.10.11,No,0
:
(snip 856 records) :
55902,2000/04/20 15:09:18,FTP_Syst,6,2725,21,2725,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,No,00:C0:F6:B3:0F:12,,00:20:18:64:5C:E8,,0,,0 ,192.168.10.11,No,0
55903,2000/04/20 15:09:18,FTP_User,6,2726,21,2726,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,2,No,00:C0:F6:B3:0F:12,,00:20:18:64:5C:E8,,0,, 1,192.168.10.11,No,0
55904,2000/04/20 15:09:18,FTP_Pass,6,2726,21,2726,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,2,No,00:C0:F6:B3:0F:12,,00:20:18:64:5C:E8,,0,,1 ,192.168.10.11,No,0
55905,2000/04/20 15:09:18,FTP_Syst,6,2726,21,2726,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,No,00:C0:F6:B3:0F:12,,00:20:18:64:5C:E8,,0,,0 ,192.168.10.11,No,0
55906,2000/04/20 15:09:19,FTP_User,6,2727,21,2727,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,2,No,00:C0:F6:B3:0F:12,,00:20:18:64:5C:E8,,0,, 1,192.168.10.11,No,0
55907,2000/04/20 15:09:19,FTP_Pass,6,2727,21,2727,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,2,No,00:C0:F6:B3:0F:12,,00:20:18:64:5C:E8,,0,,1 ,192.168.10.11,No,0
55908,2000/04/20 15:09:19,FTP_Syst,6,2727,21,2727,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,No,00:C0:F6:B3:0F:12,,00:20:18:64:5C:E8,,0,,0 ,192.168.10.11,No,0
55909,2000/04/20 15:09:19,FTP_User,6,2728,21,2728,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,2,No,00:C0:F6:B3:0F:12,,00:20:18:64:5C:E8,,0,, 1,192.168.10.11,No,0
55910,2000/04/20 15:09:19,FTP_Pass,6,2728,21,2728,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,2,No,00:C0:F6:B3:0F:12,,00:20:18:64:5C:E8,,0,,1 ,192.168.10.11,No,0
55911,2000/04/20 15:09:19,FTP_Syst,6,2728,21,2728,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,No,00:C0:F6:B3:0F:12,,00:20:18:64:5C:E8,,0,,0 ,192.168.10.11,No,0
2.7.2 RealSecure Network Engine 2 ログ
ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType
51018,2000/04/20 15:05:31,FTP_User,6,2433,21,2433,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,2,No,00:20:18:64:5C:E6,,08:00:20:76:1E:EA,,0,,1 ,192.168.20.11,No,0
51019,2000/04/20 15:05:31,FTP_Pass,6,2433,21,2433,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,2,No,00:20:18:64:5C:E6,,08:00:20:76:1E:EA,,0,,1 ,192.168.20.11,No,0
51020,2000/04/20 15:05:31,FTP_Syst,6,2433,21,2433,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,3,No,00:20:18:64:5C:E6,,08:00:20:76:1E:EA,,0,,0 ,192.168.20.11,No,0
51021,2000/04/20 15:05:32,FTP_User,6,2434,21,2434,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,2,No,00:20:18:64:5C:E6,,08:00:20:76:1E:EA,,0,,1 ,192.168.20.11,No,0
51022,2000/04/20 15:05:32,FTP_Pass,6,2434,21,2434,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,2,No,00:20:18:64:5C:E6,,08:00:20:76:1E:EA,,0,,1 ,192.168.20.11,No,0
51023,2000/04/20 15:05:32,FTP_Syst,6,2434,21,2434,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,3,No,00:20:18:64:5C:E6,,08:00:20:76:1E:EA,,0,,0 ,192.168.20.11,No,0
51024,2000/04/20 15:05:34,FTP_User,6,2435,21,2435,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,2,No,00:20:18:64:5C:E6,,08:00:20:76:1E:EA,,0,,1 ,192.168.20.11,No,0
51025,2000/04/20 15:05:34,FTP_Pass,6,2435,21,2435,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,2,No,00:20:18:64:5C:E6,,08:00:20:76:1E:EA,,0,,1 ,192.168.20.11,No,0
51026,2000/04/20 15:05:34,FTP_Syst,6,2435,21,2435,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,3,No,00:20:18:64:5C:E6,,08:00:20:76:1E:EA,,0,,0 ,192.168.20.11,No,0
51027,2000/04/20 15:05:35,FTP_User,6,2436,21,2436,FTP,1728123052,34908352,172.16.1.103,192.168.20.2,,,,2,No,00:20:18:64:5C:E6,,08:00:20:76:1E:EA,,0,,1 ,192.168.20.11,No,0
:
(snip 856 records) :
51885,2000/04/20 15:09:18,FTP_Syst,6,2725,21,2725,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,No,00:20:18:64:5C:E6,,00:C0:26:26:E5:05,,0,,0, 192.168.20.11,No,0
51886,2000/04/20 15:09:18,FTP_User,6,2726,21,2726,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,2,No,00:20:18:64:5C:E6,,00:C0:26:26:E5:05,,0,,1 ,192.168.20.11,No,0
51887,2000/04/20 15:09:18,FTP_Pass,6,2726,21,2726,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,2,No,00:20:18:64:5C:E6,,00:C0:26:26:E5:05,,0,,1 ,192.168.20.11,No,0
51888,2000/04/20 15:09:18,FTP_Syst,6,2726,21,2726,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,No,00:20:18:64:5C:E6,,00:C0:26:26:E5:05,,0,,0, 192.168.20.11,No,0
51889,2000/04/20 15:09:19,FTP_User,6,2727,21,2727,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,2,No,00:20:18:64:5C:E6,,00:C0:26:26:E5:05,,0,,1 ,192.168.20.11,No,0
51890,2000/04/20 15:09:19,FTP_Pass,6,2727,21,2727,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,2,No,00:20:18:64:5C:E6,,00:C0:26:26:E5:05,,0,,1 ,192.168.20.11,No,0
51891,2000/04/20 15:09:19,FTP_Syst,6,2727,21,2727,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,No,00:20:18:64:5C:E6,,00:C0:26:26:E5:05,,0,,0, 192.168.20.11,No,0
51892,2000/04/20 15:09:19,FTP_User,6,2728,21,2728,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,2,No,00:20:18:64:5C:E6,,00:C0:26:26:E5:05,,0,,1 ,192.168.20.11,No,0
51893,2000/04/20 15:09:19,FTP_Pass,6,2728,21,2728,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,2,No,00:20:18:64:5C:E6,,00:C0:26:26:E5:05,,0,,1 ,192.168.20.11,No,0
51894,2000/04/20 15:09:19,FTP_Syst,6,2728,21,2728,FTP,1728123052,51685568,172.16.1.103,192.168.20.3,,,,3,No,00:20:18:64:5C:E6,,00:C0:26:26:E5:05,,0,,0, 192.168.20.11,No,0
2.7.3 FireWall-1 ログ
“No” “Date” “Time” “Inter.” “Origin” “Type” Action” “Service” “Source” “Destination” “Proto.” “Rule” “S_Port” “User” “SrcKeyID” “DstKeyID” “XlateSrc”
XlateDst” “XLateSPort” “XlateDPort” “Info.”
"20Apr2000" "15:05:31" "nei0" "fw" "log" "accept" "ftp" "attack1" "dmz-mail" "tcp" "5" "2433" "" "" "" "" "" "" "" " len 60"
"24317" "20Apr2000" "15:05:32" "nei0" "fw" "log" "accept" "ftp" "attack1" "dmz-mail" "tcp" "5" "2434" "" "" "" "" "" "" "" " len 60"
"24318" "20Apr2000" "15:05:33" "nei0" "fw" "log" "accept" "ftp" "attack1" "dmz-mail" "tcp" "5" "2435" "" "" "" "" "" "" "" " len 60"
"24319" "20Apr2000" "15:05:34" "nei0" "fw" "log" "accept" "ftp" "attack1" "dmz-mail" "tcp" "5" "2436" "" "" "" "" "" "" "" " len 60"
"24320" "20Apr2000" "15:05:35" "nei0" "fw" "log" "accept" "ftp" "attack1" "dmz-mail" "tcp" "5" "2437" "" "" "" "" "" "" "" " len 60"
"24321" "20Apr2000" "15:05:36" "nei0" "fw" "log" "accept" "ftp" "attack1" "dmz-mail" "tcp" "5" "2438" "" "" "" "" "" "" "" " len 60"
"24322" "20Apr2000" "15:05:38" "nei0" "fw" "log" "accept" "ftp" "attack1" "dmz-mail" "tcp" "5" "2439" "" "" "" "" "" "" "" " len 60"
"24323" "20Apr2000" "15:05:38" "nei0" "fw" "log" "accept" "ftp" "attack1" "dmz-mail" "tcp" "5" "2440" "" "" "" "" "" "" "" " len 60"
"24324" "20Apr2000" "15:05:39" "nei0" "fw" "log" "accept" "ftp" "attack1" "dmz-mail" "tcp" "5" "2441" "" "" "" "" "" "" "" " len 60"
"24325" "20Apr2000" "15:05:41" "nei0" "fw" "log" "accept" "ftp" "attack1" "dmz-mail" "tcp" "5" "2442" "" "" "" "" "" "" "" " len 60"
:
(snip 275 records) :
"24603" "20Apr2000" "15:09:17" "nei0" "fw" "log" "accept" "ftp" "attack1" "dmz-www" "tcp" "6" "2719" "" "" "" "" "" "" "" " len 60"
"24604" "20Apr2000" "15:09:17" "nei0" "fw" "log" "accept" "ftp" "attack1" "dmz-www" "tcp" "6" "2720" "" "" "" "" "" "" "" " len 60"
"24605" "20Apr2000" "15:09:17" "nei0" "fw" "log" "accept" "ftp" "attack1" "dmz-www" "tcp" "6" "2721" "" "" "" "" "" "" "" " len 60"
"24606" "20Apr2000" "15:09:17" "nei0" "fw" "log" "accept" "ftp" "attack1" "dmz-www" "tcp" "6" "2722" "" "" "" "" "" "" "" " len 60"
"24607" "20Apr2000" "15:09:18" "nei0" "fw" "log" "accept" "ftp" "attack1" "dmz-www" "tcp" "6" "2723" "" "" "" "" "" "" "" " len 60"
"24608" "20Apr2000" "15:09:18" "nei0" "fw" "log" "accept" "ftp" "attack1" "dmz-www" "tcp" "6" "2724" "" "" "" "" "" "" "" " len 60"
"24609" "20Apr2000" "15:09:18" "nei0" "fw" "log" "accept" "ftp" "attack1" "dmz-www" "tcp" "6" "2725" "" "" "" "" "" "" "" " len 60"
"24610" "20Apr2000" "15:09:18" "nei0" "fw" "log" "accept" "ftp" "attack1" "dmz-www" "tcp" "6" "2726" "" "" "" "" "" "" "" " len 60"
"24611" "20Apr2000" "15:09:19" "nei0" "fw" "log" "accept" "ftp" "attack1" "dmz-www" "tcp" "6" "2727" "" "" "" "" "" "" "" " len 60"
"24612" "20Apr2000" "15:09:19" "nei0" "fw" "log" "accept" "ftp" "attack1" "dmz-www" "tcp" "6" "2728" "" "" "" "" "" "" "" " len 60"
2.7.4 RealSecure System Agent 1 ログ
ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddress Name,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,Destination EthernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType
46351,2000/04/20 15:05:32,Program_execution_started,254,65535,65535,65535,65535,2130706433,-1062726654,127.0.0.1,192.168.20.2,,,,3,No,00:00:00:00:00:
00,,00:00:00:00:00:00,,0,,10,192.168.20.2,No,1
46352,2000/04/20 15:05:32,Probing_of_important_files,254,65535,65535,65535,65535,2130706433,-1062726654,127.0.0.1,192.168.20.2,,,,1,No,00:00:00:00:00:
00,,00:00:00:00:00:00,,0,,9,192.168.20.2,No,1
46353,2000/04/20 15:05:32,Probing_of_important_files,254,65535,65535,65535,65535,2130706433,-1062726654,127.0.0.1,192.168.20.2,,,,1,No,00:00:00:00:00:
00,,00:00:00:00:00:00,,0,,9,192.168.20.2,No,1
46354,2000/04/20 15:05:32,Program_execution_started,254,65535,65535,65535,65535,2130706433,-1062726654,127.0.0.1,192.168.20.2,,,,3,No,00:00:00:00:00:
00,,00:00:00:00:00:00,,0,,10,192.168.20.2,No,1
46355,2000/04/20 15:05:32,Probing_of_important_files,254,65535,65535,65535,65535,2130706433,-1062726654,127.0.0.1,192.168.20.2,,,,1,No,00:00:00:00:00:
00,,00:00:00:00:00:00,,0,,9,192.168.20.2,No,1
46356,2000/04/20 15:05:32,Probing_of_important_files,254,65535,65535,65535,65535,2130706433,-1062726654,127.0.0.1,192.168.20.2,,,,1,No,00:00:00:00:00:
00,,00:00:00:00:00:00,,0,,9,192.168.20.2,No,1
46357,2000/04/20 15:05:32,Program_exited,254,65535,65535,65535,65535,2130706433,-1062726654,127.0.0.1,192.168.20.2,,,,3,No,00:00:00:00:00:00,,00:00:00 :00:00:00,,0,,10,192.168.20.2,No,1
46358,2000/04/20 15:05:33,Program_execution_started,254,65535,65535,65535,65535,2130706433,-1062726654,127.0.0.1,192.168.20.2,,,,3,No,00:00:00:00:00:
00,,00:00:00:00:00:00,,0,,10,192.168.20.2,No,1
46359,2000/04/20 15:05:33,Probing_of_important_files,254,65535,65535,65535,65535,2130706433,-1062726654,127.0.0.1,192.168.20.2,,,,1,No,00:00:00:00:00:
00,,00:00:00:00:00:00,,0,,9,192.168.20.2,No,1
46360,2000/04/20 15:05:33,Probing_of_important_files,254,65535,65535,65535,65535,2130706433,-1062726654,127.0.0.1,192.168.20.2,,,,1,No,00:00:00:00:00:
00,,00:00:00:00:00:00,,0,,9,192.168.20.2,No,1 (snip)
47253,2000/04/20 15:08:07,Successful_login,254,65535,65535,65535,65535,2130706433,-1062726654,127.0.0.1,192.168.20.2,,,,3,No,00:00:00:00:00:00,,00:00:0 47253,2000/04/20 15:08:07,Successful_login,254,65535,65535,65535,65535,2130706433,-1062726654,127.0.0.1,192.168.20.2,,,,3,No,00:00:00:00:00:00,,00:00:0 47253,2000/04/20 15:08:07,Successful_login,254,65535,65535,65535,65535,2130706433,-1062726654,127.0.0.1,192.168.20.2,,,,3,No,00:00:00:00:00:00,,00:00:0 47253,2000/04/20 15:08:07,Successful_login,254,65535,65535,65535,65535,2130706433,-1062726654,127.0.0.1,192.168.20.2,,,,3,No,00:00:00:00:00:00,,00:00:0 0:00:00:00,,0,,8,192.168.20.2,No,1
0:00:00:00,,0,,8,192.168.20.2,No,1 0:00:00:00,,0,,8,192.168.20.2,No,1 0:00:00:00,,0,,8,192.168.20.2,No,1 (snip)
47323,2000/04/20 15:08:19,Probing_of_important_files,254,65535,65535,65535,65535,2130706433,-1062726654,127.0.0.1,192.168.20.2,,,,1,No,00:00:00:00:00:
00,,00:00:00:00:00:00,,0,,9,192.168.20.2,No,1
47324,2000/04/20 15:08:19,Program_execution_started,254,65535,65535,65535,65535,2130706433,-1062726654,127.0.0.1,192.168.20.2,,,,3,No,00:00:00:00:00:
00,,00:00:00:00:00:00,,0,,10,192.168.20.2,No,1
47325,2000/04/20 15:08:19,Probing_of_important_files,254,65535,65535,65535,65535,2130706433,-1062726654,127.0.0.1,192.168.20.2,,,,1,No,00:00:00:00:00:
00,,00:00:00:00:00:00,,0,,9,192.168.20.2,No,1
47326,2000/04/20 15:08:19,Program_exited,254,65535,65535,65535,65535,2130706433,-1062726654,127.0.0.1,192.168.20.2,,,,3,No,00:00:00:00:00:00,,00:00:00 :00:00:00,,0,,10,192.168.20.2,No,1
47327,2000/04/20 15:08:20,Program_execution_started,254,65535,65535,65535,65535,2130706433,-1062726654,127.0.0.1,192.168.20.2,,,,3,No,00:00:00:00:00:
00,,00:00:00:00:00:00,,0,,10,192.168.20.2,No,1
47328,2000/04/20 15:08:20,Probing_of_important_files,254,65535,65535,65535,65535,2130706433,-1062726654,127.0.0.1,192.168.20.2,,,,1,No,00:00:00:00:00:
00,,00:00:00:00:00:00,,0,,9,192.168.20.2,No,1
47329,2000/04/20 15:08:20,Probing_of_important_files,254,65535,65535,65535,65535,2130706433,-1062726654,127.0.0.1,192.168.20.2,,,,1,No,00:00:00:00:00:
00,,00:00:00:00:00:00,,0,,9,192.168.20.2,No,1
47330,2000/04/20 15:08:20,Program_execution_started,254,65535,65535,65535,65535,2130706433,-1062726654,127.0.0.1,192.168.20.2,,,,3,No,00:00:00:00:00:
00,,00:00:00:00:00:00,,0,,10,192.168.20.2,No,1
47331,2000/04/20 15:08:20,Probing_of_important_files,254,65535,65535,65535,65535,2130706433,-1062726654,127.0.0.1,192.168.20.2,,,,1,No,00:00:00:00:00:
00,,00:00:00:00:00:00,,0,,9,192.168.20.2,No,1
47332,2000/04/20 15:08:20,Program_exited,254,65535,65535,65535,65535,2130706433,-1062726654,127.0.0.1,192.168.20.2,,,,3,No,00:00:00:00:00:00,,00:00:00 :00:00:00,,0,,10,192.168.20.2,No,1
2.7.5 RealSecure System Agent 2 ログ
ID,EventDate,EventName,ProtocolID,SourcePort,DestinationPort,SourcePortName,DestinationPortName,SourceAddress,DestinationAddress,SourceAddressN ame,DestinationAddressName,TCPFlags,ICMPType,ICMPCode,EventPriority,KillActionSpecified,SourceEthernetAddr,SourceEthernetVendor,DestinationEth ernetAddr,DestinationEthernetVendor,RawDataLen,RawData,DecodePairCount,EngineIP,Pulled,EngineType
45591,2000/04/20 15:08:47,Failed_login-bad_username_or_password,254,65535,65535,65535,65535,16777343,51685568,127.0.0.1,192.168.20.3,,,,3,No,00:00:00:
00:00:00,,00:00:00:00:00:00,,0,,6,192.168.20.3,No,1
45592,2000/04/20 15:08:48,Failed_login-bad_username_or_password,254,65535,65535,65535,65535,16777343,51685568,127.0.0.1,192.168.20.3,,,,3,No,00:00:00:
00:00:00,,00:00:00:00:00:00,,0,,6,192.168.20.3,No,1
45593,2000/04/20 15:08:48,Failed_login-bad_username_or_password,254,65535,65535,65535,65535,16777343,51685568,127.0.0.1,192.168.20.3,,,,3,No,00:00:00:
00:00:00,,00:00:00:00:00:00,,0,,6,192.168.20.3,No,1
45594,2000/04/20 15:08:49,Failed_login-bad_username_or_password,254,65535,65535,65535,65535,16777343,51685568,127.0.0.1,192.168.20.3,,,,3,No,00:00:00:
00:00:00,,00:00:00:00:00:00,,0,,6,192.168.20.3,No,1
45595,2000/04/20 15:08:49,Failed_login-bad_username_or_password,254,65535,65535,65535,65535,16777343,51685568,127.0.0.1,192.168.20.3,,,,3,No,00:00:00:
00:00:00,,00:00:00:00:00:00,,0,,6,192.168.20.3,No,1
45596,2000/04/20 15:08:49,Brute_force_login_attack,254,65535,65535,65535,65535,16777343,51685568,127.0.0.1,192.168.20.3,,,,1,No,00:00:00:00:00:00,,00:00:
45596,2000/04/20 15:08:49,Brute_force_login_attack,254,65535,65535,65535,65535,16777343,51685568,127.0.0.1,192.168.20.3,,,,1,No,00:00:00:00:00:00,,00:00:
45596,2000/04/20 15:08:49,Brute_force_login_attack,254,65535,65535,65535,65535,16777343,51685568,127.0.0.1,192.168.20.3,,,,1,No,00:00:00:00:00:00,,00:00:
45596,2000/04/20 15:08:49,Brute_force_login_attack,254,65535,65535,65535,65535,16777343,51685568,127.0.0.1,192.168.20.3,,,,1,No,00:00:00:00:00:00,,00:00:
00:00:00:00,,0,,2,192.168.20.3,No,1 00:00:00:00,,0,,2,192.168.20.3,No,1 00:00:00:00,,0,,2,192.168.20.3,No,1 00:00:00:00,,0,,2,192.168.20.3,No,1
45597,2000/04/20 15:08:49,Failed_login-bad_username_or_password,254,65535,65535,65535,65535,16777343,51685568,127.0.0.1,192.168.20.3,,,,3,No,00:00:00:
00:00:00,,00:00:00:00:00:00,,0,,6,192.168.20.3,No,1
45598,2000/04/20 15:08:49,Failed_login-bad_username_or_password,254,65535,65535,65535,65535,16777343,51685568,127.0.0.1,192.168.20.3,,,,3,No,00:00:00:
00:00:00,,00:00:00:00:00:00,,0,,6,192.168.20.3,No,1
45599,2000/04/20 15:08:49,Failed_login-bad_username_or_password,254,65535,65535,65535,65535,16777343,51685568,127.0.0.1,192.168.20.3,,,,3,No,00:00:00:
00:00:00,,00:00:00:00:00:00,,0,,6,192.168.20.3,No,1
45600,2000/04/20 15:08:50,Failed_login-bad_username_or_password,254,65535,65535,65535,65535,16777343,51685568,127.0.0.1,192.168.20.3,,,,3,No,00:00:00:
00:00:00,,00:00:00:00:00:00,,0,,6,192.168.20.3,No,1 :
:(snip) :
45719,2000/04/20 15:09:17,Failed_login-bad_username_or_password,254,65535,65535,65535,65535,16777343,51685568,127.0.0.1,192.168.20.3,,,,3,No,00:00:00:
00:00:00,,00:00:00:00:00:00,,0,,6,192.168.20.3,No,1
45720,2000/04/20 15:09:17,Successful_login,254,65535,65535,65535,65535,16777343,51685568,127.0.0.1,192.168.20.3,,,,3,No,00:00:00:00:00:00,,00:00:00:00:00:
45720,2000/04/20 15:09:17,Successful_login,254,65535,65535,65535,65535,16777343,51685568,127.0.0.1,192.168.20.3,,,,3,No,00:00:00:00:00:00,,00:00:00:00:00:
45720,2000/04/20 15:09:17,Successful_login,254,65535,65535,65535,65535,16777343,51685568,127.0.0.1,192.168.20.3,,,,3,No,00:00:00:00:00:00,,00:00:00:00:00:
45720,2000/04/20 15:09:17,Successful_login,254,65535,65535,65535,65535,16777343,51685568,127.0.0.1,192.168.20.3,,,,3,No,00:00:00:00:00:00,,00:00:00:00:00:
00,,0,,6,192.168.20.3,No,1 00,,0,,6,192.168.20.3,No,1 00,,0,,6,192.168.20.3,No,1 00,,0,,6,192.168.20.3,No,1
45721,2000/04/20 15:09:17,Brute_force_login_likely_successful,254,65535,65535,65535,65535,16777343,51685568,127.0.0.1,192.168.20.3,,,,1,No,00:00:00:00:00 45721,2000/04/20 15:09:17,Brute_force_login_likely_successful,254,65535,65535,65535,65535,16777343,51685568,127.0.0.1,192.168.20.3,,,,1,No,00:00:00:00:00 45721,2000/04/20 15:09:17,Brute_force_login_likely_successful,254,65535,65535,65535,65535,16777343,51685568,127.0.0.1,192.168.20.3,,,,1,No,00:00:00:00:00 45721,2000/04/20 15:09:17,Brute_force_login_likely_successful,254,65535,65535,65535,65535,16777343,51685568,127.0.0.1,192.168.20.3,,,,1,No,00:00:00:00:00 :00,,00:00:00:00:00:00,,0,,3,192.168.20.3,No,1
:00,,00:00:00:00:00:00,,0,,3,192.168.20.3,No,1 :00,,00:00:00:00:00:00,,0,,3,192.168.20.3,No,1 :00,,00:00:00:00:00:00,,0,,3,192.168.20.3,No,1
45722,2000/04/20 15:09:17,Failed_login-bad_username_or_password,254,65535,65535,65535,65535,16777343,51685568,127.0.0.1,192.168.20.3,,,,3,No,00:00:00:
00:00:00,,00:00:00:00:00:00,,0,,6,192.168.20.3,No,1
45723,2000/04/20 15:09:17,Failed_login-bad_username_or_password,254,65535,65535,65535,65535,16777343,51685568,127.0.0.1,192.168.20.3,,,,3,No,00:00:00:
00:00:00,,00:00:00:00:00:00,,0,,6,192.168.20.3,No,1
45724,2000/04/20 15:09:18,Failed_login-bad_username_or_password,254,65535,65535,65535,65535,16777343,51685568,127.0.0.1,192.168.20.3,,,,3,No,00:00:00:
00:00:00,,00:00:00:00:00:00,,0,,6,192.168.20.3,No,1
45725,2000/04/20 15:09:18,Failed_login-bad_username_or_password,254,65535,65535,65535,65535,16777343,51685568,127.0.0.1,192.168.20.3,,,,3,No,00:00:00:
00:00:00,,00:00:00:00:00:00,,0,,6,192.168.20.3,No,1
45726,2000/04/20 15:09:18,Failed_login-bad_username_or_password,254,65535,65535,65535,65535,16777343,51685568,127.0.0.1,192.168.20.3,,,,3,No,00:00:00:
00:00:00,,00:00:00:00:00:00,,0,,6,192.168.20.3,No,1
45727,2000/04/20 15:09:18,Failed_login-bad_username_or_password,254,65535,65535,65535,65535,16777343,51685568,127.0.0.1,192.168.20.3,,,,3,No,00:00:00:
00:00:00,,00:00:00:00:00:00,,0,,6,192.168.20.3,No,1
45728,2000/04/20 15:09:19,Failed_login-bad_username_or_password,254,65535,65535,65535,65535,16777343,51685568,127.0.0.1,192.168.20.3,,,,3,No,00:00:00:
00:00:00,,00:00:00:00:00:00,,0,,6,192.168.20.3,No,1
45729,2000/04/20 15:09:19,Failed_login-bad_username_or_password,254,65535,65535,65535,65535,16777343,51685568,127.0.0.1,192.168.20.3,,,,3,No,00:00:00:
00:00:00,,00:00:00:00:00:00,,0,,6,192.168.20.3,No,1
45730,2000/04/20 15:09:19,Failed_login-bad_username_or_password,254,65535,65535,65535,65535,16777343,51685568,127.0.0.1,192.168.20.3,,,,3,No,00:00:00:
00:00:00,,00:00:00:00:00:00,,0,,6,192.168.20.3,No,1
45731,2000/04/20 15:09:19,Failed_login-bad_username_or_password,254,65535,65535,65535,65535,16777343,51685568,127.0.0.1,192.168.20.3,,,,3,No,00:00:00:
00:00:00,,00:00:00:00:00:00,,0,,6,192.168.20.3,No,1
45732,2000/04/20 15:09:19,Failed_login-bad_username_or_password,254,65535,65535,65535,65535,16777343,51685568,127.0.0.1,192.168.20.3,,,,3,No,00:00:00:
00:00:00,,00:00:00:00:00:00,,0,,6,192.168.20.3,No,1
45733,2000/04/20 15:09:24,Failed_login-bad_username_or_password,254,65535,65535,65535,65535,16777343,51685568,127.0.0.1,192.168.20.3,,,,3,No,00:00:00:
00:00:00,,00:00:00:00:00:00,,0,,6,192.168.20.3,No,1
2.7.6 Syslog
Apr 20 15:05:31 mail inetd[364]: ftp[1556] from 172.16.1.103 2433
Apr 20 15:05:31 mail ftpd[1556]: FTPD: connection from attack1 at Thu Apr 20 15:05:31 2000 Apr 20 15:05:31 mail ftpd[1556]: <--- 220
Apr 20 15:05:31 mail ftpd[1556]: mail FTP server (SunOS 5.6) ready.
Apr 20 15:05:31 mail ftpd[1556]: FTPD: command: USER adm Apr 20 15:05:31 mail ftpd[1556]: <--- 331
Apr 20 15:05:31 mail ftpd[1556]: Password required for adm.
Apr 20 15:05:31 mail ftpd[1556]: FTPD: command: PASS <passwd>
Apr 20 15:05:31 mail ftpd[1556]: pam_authenticate: error Authentication failed Apr 20 15:05:31 mail ftpd[1556]: <--- 530
Apr 20 15:05:31 mail ftpd[1556]: Login incorrect.
Apr 20 15:05:31 mail ftpd[1556]: FTPD: command: SYST Apr 20 15:05:31 mail ftpd[1556]: <--- 215
Apr 20 15:05:31 mail ftpd[1556]: UNIX Type: L8 Version: SUNOS Apr 20 15:05:31 mail ftpd[1556]: FTPD: command: QUIT Apr 20 15:05:31 mail ftpd[1556]: <--- 221
Apr 20 15:05:31 mail ftpd[1556]: Goodbye.
(snip)
Apr 20 15:08:06 mail in.ftpd[1696]: connect from attack1 Apr 20 15:08:06 mail inetd[364]: ftp[1696] from 172.16.1.103 2573
Apr 20 15:08:06 mail ftpd[1696]: FTPD: connection from attack1 at Thu Apr 20 15:08:06 2000 Apr 20 15:08:06 mail ftpd[1696]: <--- 220
Apr 20 15:08:06 mail ftpd[1696]: mail FTP server (SunOS 5.6) ready.
Apr 20 15:08:06 mail ftpd[1696]: FTPD: command: USER test Apr 20 15:08:06 mail ftpd[1696]: <--- 331
Apr 20 15:08:06 mail ftpd[1696]: Password required for test.
Apr 20 15:08:06 mail ftpd[1696]: FTPD: command: PASS <passwd>
Apr 20 15:08:06 mail ftpd[1696]: <--- 230
Apr 20 15:08:06 mail ftpd[1696]: User test logged in.
Apr 20 15:08:06 mail ftpd[1696]: FTPD: command: SYST Apr 20 15:08:06 mail ftpd[1696]: <--- 215
Apr 20 15:08:06 mail ftpd[1696]: UNIX Type: L8 Version: SUNOS Apr 20 15:08:06 mail ftpd[1696]: FTPD: command: QUIT Apr 20 15:08:06 mail ftpd[1696]: <--- 221
Apr 20 15:08:06 mail ftpd[1696]: Goodbye.
(snip)
Apr 20 15:08:19 mail in.ftpd[1708]: connect from attack1 Apr 20 15:08:19 mail inetd[364]: ftp[1708] from 172.16.1.103 2585
Apr 20 15:08:19 mail ftpd[1708]: FTPD: connection from attack1 at Thu Apr 20 15:08:19 2000 Apr 20 15:08:19 mail ftpd[1708]: <--- 220
Apr 20 15:08:19 mail ftpd[1708]: mail FTP server (SunOS 5.6) ready.
Apr 20 15:08:19 mail ftpd[1708]: FTPD: command: USER webmaster Apr 20 15:08:19 mail ftpd[1708]: <--- 331
Apr 20 15:08:19 mail ftpd[1708]: Password required for webmaster.
Apr 20 15:08:19 mail ftpd[1708]: FTPD: command: PASS <passwd>
Apr 20 15:08:19 mail ftpd[1708]: <--- 530 Apr 20 15:08:19 mail ftpd[1708]: Login incorrect.
Apr 20 15:08:19 mail ftpd[1708]: FTPD: command: SYST Apr 20 15:08:19 mail ftpd[1708]: <--- 215
Apr 20 15:08:19 mail ftpd[1708]: UNIX Type: L8 Version: SUNOS Apr 20 15:08:19 mail ftpd[1708]: FTPD: command: QUIT Apr 20 15:08:19 mail ftpd[1708]: <--- 221
Apr 20 15:08:19 mail ftpd[1708]: Goodbye.
2.7.7 last ログ
2.7.8 IIS FTP サーバアクセスログ
172.16.1.103, adm, 00/04/20, 15:08:47, MSFTPSVC1, WWW, 192.168.20.3, 0, 0, 0, 331, 0, [7]USER, adm, -, 172.16.1.103, -, 00/04/20, 15:08:47, MSFTPSVC1, WWW, 192.168.20.3, 30, 0, 0, 530, 1326, [7]PASS, -, -, 172.16.1.103, -, 00/04/20, 15:08:47, MSFTPSVC1, WWW, 192.168.20.3, 0, 0, 0, 530, 0, [7]QUIT, -, -, 172.16.1.103, adm, 00/04/20, 15:08:47, MSFTPSVC1, WWW, 192.168.20.3, 0, 0, 0, 331, 0, [8]USER, adm, -, 172.16.1.103, -, 00/04/20, 15:08:47, MSFTPSVC1, WWW, 192.168.20.3, 0, 0, 0, 530, 1326, [8]PASS, -, -, 172.16.1.103, -, 00/04/20, 15:08:47, MSFTPSVC1, WWW, 192.168.20.3, 0, 0, 0, 530, 0, [8]QUIT, -, -, 172.16.1.103, adm, 00/04/20, 15:08:47, MSFTPSVC1, WWW, 192.168.20.3, 0, 0, 0, 331, 0, [9]USER, adm, -, 172.16.1.103, -, 00/04/20, 15:08:47, MSFTPSVC1, WWW, 192.168.20.3, 10, 0, 0, 530, 1326, [9]PASS, -, -, 172.16.1.103, -, 00/04/20, 15:08:47, MSFTPSVC1, WWW, 192.168.20.3, 0, 0, 0, 530, 0, [9]QUIT, -, -, 172.16.1.103, adm, 00/04/20, 15:08:47, MSFTPSVC1, WWW, 192.168.20.3, 0, 0, 0, 331, 0, [10]USER, adm, -, (‘snip)
172.16.1.103, test, 00/04/20, 15:09:15, MSFTPSVC1, WWW, 192.168.20.3, 0, 0, 0, 331, 0, [135]USER, test, -, 172.16.1.103, -, 00/04/20, 15:09:15, MSFTPSVC1, WWW, 192.168.20.3, 40, 0, 0, 530, 1326, [135]PASS, -, -, 172.16.1.103, -, 00/04/20, 15:09:15, MSFTPSVC1, WWW, 192.168.20.3, 0, 0, 0, 530, 0, [135]QUIT, -, -, 172.16.1.103, test, 00/04/20, 15:09:16, MSFTPSVC1, WWW, 192.168.20.3, 0, 0, 0, 331, 0, [136]USER, test, -, 172.16.1.103, -, 00/04/20, 15:09:16, MSFTPSVC1, WWW, 192.168.20.3, 10, 0, 0, 530, 1326, [136]PASS, -, -, 172.16.1.103, -, 00/04/20, 15:09:16, MSFTPSVC1, WWW, 192.168.20.3, 0, 0, 0, 530, 0, [136]QUIT, -, -, 172.16.1.103, test, 00/04/20, 15:09:16, MSFTPSVC1, WWW, 192.168.20.3, 0, 0, 0, 331, 0, [137]USER, test, -, 172.16.1.103, test, 00/04/20, 15:09:16, MSFTPSVC1, WWW, 192.168.20.3, 0, 0, 0, 331, 0, [137]USER, test, -, 172.16.1.103, test, 00/04/20, 15:09:16, MSFTPSVC1, WWW, 192.168.20.3, 0, 0, 0, 331, 0, [137]USER, test, -, 172.16.1.103, test, 00/04/20, 15:09:16, MSFTPSVC1, WWW, 192.168.20.3, 0, 0, 0, 331, 0, [137]USER, test, -, 172.16.1.103, test, 00/04/20, 15:09:16, MSFTPSVC1, WWW, 192.168.20.3, 20, 0, 0, 230, 0, [137]PASS, -, -, 172.16.1.103, test, 00/04/20, 15:09:16, MSFTPSVC1, WWW, 192.168.20.3, 20, 0, 0, 230, 0, [137]PASS, -, -, 172.16.1.103, test, 00/04/20, 15:09:16, MSFTPSVC1, WWW, 192.168.20.3, 20, 0, 0, 230, 0, [137]PASS, -, -, 172.16.1.103, test, 00/04/20, 15:09:16, MSFTPSVC1, WWW, 192.168.20.3, 20, 0, 0, 230, 0, [137]PASS, -, -, 172.16.1.103, test, 00/04/20, 15:09:16, MSFTPSVC1, WWW, 192.168.20.3, 0, 0, 0, 215, 0, [137]QUIT, -, -, (snip)
172.16.1.103, webmaster, 00/04/20, 15:09:18, MSFTPSVC1, WWW, 192.168.20.3, 0, 0, 0, 331, 0, [147]USER, webmaster, -, 172.16.1.103, -, 00/04/20, 15:09:18, MSFTPSVC1, WWW, 192.168.20.3, 0, 0, 0, 530, 1326, [147]PASS, -, -,
172.16.1.103, -, 00/04/20, 15:09:18, MSFTPSVC1, WWW, 192.168.20.3, 0, 0, 0, 530, 0, [147]QUIT, -, -,
172.16.1.103, webmaster, 00/04/20, 15:09:18, MSFTPSVC1, WWW, 192.168.20.3, 0, 0, 0, 331, 0, [148]USER, webmaster, -, 172.16.1.103, -, 00/04/20, 15:09:18, MSFTPSVC1, WWW, 192.168.20.3, 30, 0, 0, 530, 1326, [148]PASS, -, -,
172.16.1.103, -, 00/04/20, 15:09:18, MSFTPSVC1, WWW, 192.168.20.3, 0, 0, 0, 530, 0, [148]QUIT, -, -,
172.16.1.103, webmaster, 00/04/20, 15:09:18, MSFTPSVC1, WWW, 192.168.20.3, 0, 0, 0, 331, 0, [149]USER, webmaster, -, 172.16.1.103, -, 00/04/20, 15:09:18, MSFTPSVC1, WWW, 192.168.20.3, 0, 0, 0, 530, 1326, [149]PASS, -, -,
172.16.1.103, -, 00/04/20, 15:09:18, MSFTPSVC1, WWW, 192.168.20.3, 0, 0, 0, 530, 0, [149]QUIT, -, -,
test ftp attack1 Thu Apr 20 15:08 - 15:08 (00:00)
2.7.9 イベントログ
2000/04/20,15:09:19,MSFTPSVC,警告,なし,100,N/A,WWW,次のエラーのため、サーバーは Windows NT アカウント 'webmaster' をログオンできませんでした:
Logon failure: unknown user name or bad password. このデータはエラー コードです。
2000/04/20,15:09:19,MSFTPSVC,警告,なし,100,N/A,WWW,次のエラーのため、サーバーは Windows NT アカウント 'webmaster' をログオンできませんでした:
Logon failure: unknown user name or bad password. このデータはエラー コードです。
2000/04/20,15:09:18,MSFTPSVC,警告,なし,100,N/A,WWW,次のエラーのため、サーバーは Windows NT アカウント 'webmaster' をログオンできませんでした:
Logon failure: unknown user name or bad password. このデータはエラー コードです。
2000/04/20,15:09:18,MSFTPSVC,警告,なし,100,N/A,WWW,次のエラーのため、サーバーは Windows NT アカウント 'webmaster' をログオンできませんでした:
Logon failure: unknown user name or bad password. このデータはエラー コードです。
2000/04/20,15:09:18,MSFTPSVC,警告,なし,100,N/A,WWW,次のエラーのため、サーバーは Windows NT アカウント 'webmaster' をログオンできませんでした:
Logon failure: unknown user name or bad password. このデータはエラー コードです。
(‘snip)
2000/04/20,15:08:48,MSFTPSVC,警告,なし,100,N/A,WWW,次のエラーのため、サーバーは Windows NT アカウント 'adm' をログオンできませんでした: Logo n failure: unknown user name or bad password. このデータはエラー コードです。
2000/04/20,15:08:48,MSFTPSVC,警告,なし,100,N/A,WWW,次のエラーのため、サーバーは Windows NT アカウント 'adm' をログオンできませんでした: Logo n failure: unknown user name or bad password. このデータはエラー コードです。
2000/04/20,15:08:48,MSFTPSVC,警告,なし,100,N/A,WWW,次のエラーのため、サーバーは Windows NT アカウント 'adm' をログオンできませんでした: Logo n failure: unknown user name or bad password. このデータはエラー コードです。
2000/04/20,15:08:48,MSFTPSVC,警告,なし,100,N/A,WWW,次のエラーのため、サーバーは Windows NT アカウント 'adm' をログオンできませんでした: Logo n failure: unknown user name or bad password. このデータはエラー コードです。
2000/04/20,15:08:47,MSFTPSVC,警告,なし,100,N/A,WWW,次のエラーのため、サーバーは Windows NT アカウント 'adm' をログオンできませんでした: Logo n failure: unknown user name or bad password. このデータはエラー コードです。
2000/04/20,15:08:47,MSFTPSVC,警告,なし,100,N/A,WWW,次のエラーのため、サーバーは Windows NT アカウント 'adm' をログオンできませんでした: Logo n failure: unknown user name or bad password. このデータはエラー コードです。