|
1
|
Final results after 35922602 events (99.7273105362073%)
|
|
2
|
{'Abusive.Spam_+++_Data:External:Policy_+++_*__+++_Backscatter_Report': 30,
|
|
3
|
'Abusive.Spam_+++_Data:External_+++_*__+++_Spam_Report': 75,
|
|
4
|
'Abusive.Spam_+++_Log:Statistical_+++_*__+++_Blacklisted_host': 41989,
|
|
5
|
'Anomaly.Connection_+++_Blacklist:Connection_+++_*__+++_Connection_to_blacklisted_host(s)': 513,
|
|
6
|
'Anomaly.Traffic:Fraud.UnauthorizedUsage:Test_+++_Relay_+++_*__+++_SMTP_anomaly': 413,
|
|
7
|
'Anomaly.Traffic:Test_+++_*__+++_*__+++_METACentre_-_possible_outgoing_attacks_-_CONTINUING_traffic_anomaly': 174,
|
|
8
|
'Anomaly.Traffic:Test_+++_*__+++_Incomplete_+++_METACentre_-_possible_incoming_attacks_-_CONTINUING_traffic_anomaly': 465,
|
|
9
|
'Anomaly.Traffic:Test_+++_*__+++_Incomplete_+++_METACentre_-_possible_incoming_attacks_-_DETECTED_traffic_anomaly': 144,
|
|
10
|
'Anomaly.Traffic:Test_+++_*__+++_Incomplete_+++_METACentre_-_possible_outgoing_attacks_-_CONTINUING_traffic_anomaly': 489,
|
|
11
|
'Anomaly.Traffic:Test_+++_*__+++_Incomplete_+++_METACentre_-_possible_outgoing_attacks_-_DETECTED_traffic_anomaly': 154,
|
|
12
|
"Anomaly.Traffic:Test_+++_*__+++_Incomplete_+++_x_(source_IP)_-_found_1_08359806027173_flows_(limit_'Flow-Cnt>=5000_or_Flow-Cnt>=1_and_Pkts-estimated>=300000')_within_period_of_5_seconds_Next_message_not_before_16_02_25_x_CET_+0100_in_case_of_continuous_anomaly_Notes_-_detector_uses_extrapolated_values_(bytes,_packets)_in_case_of_sampled_flows;_detector_fragments_long_(duration)_flows_into_5s_intervals_for_evaluation_purposes_": 1,
|
|
13
|
'Anomaly.Traffic_+++_*__+++_*__+++_Backbone_-_UDP_from_external_networks_to_internal_IPs,_packet_length>=1024,_targets_-_CONTINUING_traffic_anomaly': 3,
|
|
14
|
'Anomaly.Traffic_+++_*__+++_*__+++_Backbone_-_UDP_from_internal_IPs_to_external_networks,_packet_length>=1024,_sources_-_CONTINUING_traffic_anomaly': 4,
|
|
15
|
'Anomaly.Traffic_+++_*__+++_*__+++_TCP_SYN_against_internal_IP_address_ranges,_sources_-_CONTINUING_traffic_anomaly': 41,
|
|
16
|
'Anomaly.Traffic_+++_*__+++_*__+++_TCP_SYN_against_internal_IP_address_ranges_-_CONTINUING_traffic_anomaly': 4,
|
|
17
|
'Anomaly.Traffic_+++_*__+++_*__+++_TCP_SYN_against_internal_IP_address_ranges_-_DETECTED_traffic_anomaly': 3,
|
|
18
|
'Anomaly.Traffic_+++_*__+++_*__+++_TCP_SYN_from_internal_IP_address_ranges_-_CONTINUING_traffic_anomaly': 18,
|
|
19
|
'Anomaly.Traffic_+++_*__+++_Incomplete_+++_Backbone_-_UDP_from_external_networks_to_internal_IPs,_packet_length>=1024,_targets_-_CONTINUING_traffic_anomaly': 38,
|
|
20
|
'Anomaly.Traffic_+++_*__+++_Incomplete_+++_Backbone_-_UDP_from_external_networks_to_internal_IPs,_packet_length>=1024,_targets_-_DETECTED_traffic_anomaly': 9,
|
|
21
|
'Anomaly.Traffic_+++_*__+++_Incomplete_+++_Backbone_-_UDP_from_internal_IPs_to_external_networks,_packet_length>=1024,_sources_-_CONTINUING_traffic_anomaly': 212,
|
|
22
|
'Anomaly.Traffic_+++_*__+++_Incomplete_+++_Backbone_-_UDP_from_internal_IPs_to_external_networks,_packet_length>=1024,_sources_-_DETECTED_traffic_anomaly': 68,
|
|
23
|
'Anomaly.Traffic_+++_*__+++_Incomplete_+++_TCP_SYN_against_internal_IP_address_ranges,_sources_-_CONTINUING_traffic_anomaly': 17110,
|
|
24
|
'Anomaly.Traffic_+++_*__+++_Incomplete_+++_TCP_SYN_against_internal_IP_address_ranges,_sources_-_DETECTED_traffic_anomaly': 18201,
|
|
25
|
'Anomaly.Traffic_+++_*__+++_Incomplete_+++_TCP_SYN_against_internal_IP_address_ranges_-_CONTINUING_traffic_anomaly': 312,
|
|
26
|
'Anomaly.Traffic_+++_*__+++_Incomplete_+++_TCP_SYN_against_internal_IP_address_ranges_-_DETECTED_traffic_anomaly': 6,
|
|
27
|
'Anomaly.Traffic_+++_*__+++_Incomplete_+++_TCP_SYN_from_internal_IP_address_ranges_-_CONTINUING_traffic_anomaly': 5921,
|
|
28
|
'Anomaly.Traffic_+++_*__+++_Incomplete_+++_TCP_SYN_from_internal_IP_address_ranges_-_DETECTED_traffic_anomaly': 216,
|
|
29
|
'Anomaly.Traffic_+++_External:Policy_+++_*__+++_Unexpected_heavy_traffic': 269,
|
|
30
|
'Anomaly.Traffic_+++_External_+++_OriginSandbox_+++_Sandbox_URL': 3,
|
|
31
|
'Attempt.Exploit:Malware_+++_Connection:Honeypot:Recon_+++_*__+++_*': 2945,
|
|
32
|
'Attempt.Exploit:Test_+++_External:Relay_+++_*__+++_Blueliv_Crimeserver:_exploit': 55,
|
|
33
|
'Attempt.Exploit_+++_*__+++_*__+++_*': 7,
|
|
34
|
'Attempt.Exploit_+++_Connection:Honeypot:Recon_+++_*__+++_*': 42358,
|
|
35
|
'Attempt.Exploit_+++_Honeypot:Protocol_+++_*__+++_SIP_attack_classification:_call_test': 836,
|
|
36
|
'Attempt.Exploit_+++_Honeypot:Protocol_+++_*__+++_SIP_attack_classification:_opt_scan': 3,
|
|
37
|
'Attempt.Exploit_+++_Honeypot:Protocol_+++_*__+++_SIP_attack_classification:_opt_test': 464,
|
|
38
|
'Attempt.Exploit_+++_Honeypot:Protocol_+++_*__+++_SIP_attack_classification:_reg&call': 1,
|
|
39
|
'Attempt.Exploit_+++_Honeypot:Protocol_+++_*__+++_SIP_attack_classification:_reg_attempt': 9,
|
|
40
|
'Attempt.Exploit_+++_Honeypot:Protocol_+++_*__+++_SIP_attack_classification:_reg_test': 1,
|
|
41
|
'Attempt.Exploit_+++_Honeypot:Protocol_+++_*__+++_SIP_attack_classification:_reg_test_high': 4,
|
|
42
|
'Attempt.Exploit_+++_Honeypot:Protocol_+++_*__+++_SIP_attack_classification:_ukwSIP_noSIP': 8,
|
|
43
|
'Attempt.Login:Test_+++_External:Relay_+++_*__+++_BlockList_x_IP_reported_as_having_run_attacks_on_Joomlas,_Wordpress_and_other_Web-Logins_with_Brute-Force_Logins': 6395,
|
|
44
|
'Attempt.Login:Test_+++_Flow:Statistical_+++_*__+++_Multiple_unsuccessful_login_attempts_on_MS-WBT-SERVER': 186332,
|
|
45
|
'Attempt.Login:Test_+++_Flow:Statistical_+++_*__+++_Multiple_unsuccessful_login_attempts_on_SSH': 474101,
|
|
46
|
'Attempt.Login:Test_+++_Flow:Statistical_+++_*__+++_Multiple_unsuccessful_login_attempts_on_TELNET': 509505,
|
|
47
|
'Attempt.Login:Test_+++_Flow:Statistical_+++_*__+++_SSH_dictionary_bruteforce_attack': 35848,
|
|
48
|
'Attempt.Login:Test_+++_Relay_+++_*__+++_RDP_attack': 31,
|
|
49
|
'Attempt.Login:Test_+++_Relay_+++_*__+++_SSH_attack': 44,
|
|
50
|
'Attempt.Login:Test_+++_Relay_+++_*__+++_Web_form_authentication_attack': 29,
|
|
51
|
'Attempt.Login_+++_*__+++_*__+++_*': 29,
|
|
52
|
'Attempt.Login_+++_Connection:Honeypot:Recon_+++_*__+++_*': 38321,
|
|
53
|
'Attempt.Login_+++_External_+++_*__+++_Bruteforce': 161,
|
|
54
|
'Attempt.Login_+++_Flow:Statistical_+++_*__+++_SSH_dictionary_bruteforce_attack': 189255,
|
|
55
|
'Availability.DDoS_+++_Flow:Statistical_+++_Backscatter_+++_DNS_amplification': 1282,
|
|
56
|
'Availability.DoS:Test_+++_Flow:Statistical_+++_*__+++_Abnormally_high_number_of_TCP_SYN_packets_received_by_x_(probably_SYN_flood_attack)': 3,
|
|
57
|
'Availability.DoS:Test_+++_Flow:Statistical_+++_*__+++_Abnormally_high_number_of_packets_emmited_by_x_(probably_flooding_DoS_attack)': 2104,
|
|
58
|
'Availability.DoS:Test_+++_Flow:Statistical_+++_*__+++_Abnormally_high_number_of_packets_received_by_x_(probably_flooding_DoS_attack)': 6323,
|
|
59
|
'Availability.DoS:Test_+++_Relay_+++_*__+++_Denial_of_service_attack': 28,
|
|
60
|
'Availability.DoS_+++_External:Policy_+++_*__+++_DoS_Attack': 24,
|
|
61
|
'Availability.DoS_+++_Flow:Statistical_+++_*__+++_*': 2,
|
|
62
|
'Availability.DoS_+++_Flow:Statistical_+++_*__+++_Abnormally_high_number_of_TCP_SYN_packets_emitted_by_x_(probably_SYN_flood_attack)': 27,
|
|
63
|
'Availability.DoS_+++_Flow:Statistical_+++_*__+++_Abnormally_high_number_of_TCP_SYN_packets_received_by_x_(probably_SYN_flood_attack)': 60,
|
|
64
|
'Availability.DoS_+++_Flow:Statistical_+++_*__+++_Abnormally_high_number_of_packets_emitted_by_x_(probably_flooding_DoS_attack)': 214,
|
|
65
|
'Availability.DoS_+++_Flow:Statistical_+++_*__+++_Abnormally_high_number_of_packets_received_by_x_(probably_flooding_DoS_attack)': 7106,
|
|
66
|
'Availability.DoS_+++_Flow:Statistical_+++_*__+++_x_received_abnormally_high_number_of_large_DNS_replies_-_probably_a_victim_of_DNS_amplification_DoS_attack': 3449,
|
|
67
|
'Availability.DoS_+++_Flow:Statistical_+++_Backscatter_+++_DNS_amplification': 1774,
|
|
68
|
'Availability.DoS_+++_Flow:Statistical_+++_Backscatter_+++_x_sent_abnormally_high_number_of_large_DNS_replies_-_it_was_probably_misused_for_DNS_amplification_DoS_attack': 2339,
|
|
69
|
'Availibility.DDoS:Test_+++_*__+++_*__+++_DNS_amplification': 3826,
|
|
70
|
'Availibility.DDoS_+++_*__+++_*__+++_DNS_amplification': 217,
|
|
71
|
'Availibility.DDoS_+++_*__+++_Backscatter_+++_DNS_amplification': 801,
|
|
72
|
'Fraud.Phishing:Test_+++_External:Relay_+++_Phishing_+++_Blueliv_Crimeserver:_phishing': 14597,
|
|
73
|
'Intrusion.AdminCompromise:Test_+++_External:Relay_+++_*__+++_Blueliv_Crimeserver:_backdoor': 81,
|
|
74
|
'Intrusion.AppCompromise:Intrusion.UserCompromise_+++_External_+++_*__+++_Compromised_website': 42,
|
|
75
|
'Intrusion.Botnet:Malware_+++_External_+++_Malware_+++_Botnet_Drone': 18513,
|
|
76
|
'Intrusion.Botnet:Test_+++_Blacklist:Flow_+++_CC:Botnet_+++_x_connected_to_x_which_is_on_Zeus_blacklist_': 58035,
|
|
77
|
'Intrusion.Botnet:Test_+++_Blacklist:Flow_+++_CC:Botnet_+++_x_which_is_on_Zeus_blacklist_connected_to_x_': 451469,
|
|
78
|
'Intrusion.Botnet:Test_+++_External:Relay_+++_CC_+++_Blueliv_Crimeserver:_c&c': 432,
|
|
79
|
'Intrusion.Botnet_+++_External_+++_*__+++_Bots': 122,
|
|
80
|
'Intrusion.Botnet_+++_External_+++_Botnet_+++_Botnet_Drone': 457,
|
|
81
|
'Intrusion.Botnet_+++_External_+++_CC_+++_Botnet_Command_and_Control': 54,
|
|
82
|
'Malware:Test_+++_External:Relay_+++_*__+++_Blueliv_Crimeserver:_malware': 201670,
|
|
83
|
'Other:Test_+++_Relay_+++_*__+++_Communication_with_blacklisted_hosts': 2199,
|
|
84
|
'Recon.Scanning:Test_+++_Flow:Statistical_+++_*__+++_Horizontal_port_scan': 5121,
|
|
85
|
'Recon.Scanning:Test_+++_Flow:Statistical_+++_*__+++_Vertical_scan_using_TCP_SYN': 308532,
|
|
86
|
'Recon.Scanning:Test_+++_Relay_+++_*__+++_Port_scanning': 136,
|
|
87
|
'Recon.Scanning_+++_*__+++_*__+++_*': 1675429,
|
|
88
|
'Recon.Scanning_+++_Connection:Honeypot:Recon_+++_*__+++_*': 108572,
|
|
89
|
'Recon.Scanning_+++_Connection:Tarpit_+++_*__+++_Connection_attempt': 23933703,
|
|
90
|
'Recon.Scanning_+++_Connection:Tarpit_+++_*__+++_Ping_scan': 1620071,
|
|
91
|
'Recon.Scanning_+++_Connection:Tarpit_+++_*__+++_SYN_ACK_scan_or_DOS_attack': 820378,
|
|
92
|
'Recon.Scanning_+++_External:Policy_+++_*__+++_Scanner': 55,
|
|
93
|
'Recon.Scanning_+++_Flow:Statistical_+++_*__+++_Horizontal_SYN_scan': 4107764,
|
|
94
|
'Recon.Scanning_+++_Flow:Statistical_+++_*__+++_Horizontal_port_scan': 961574,
|
|
95
|
'Recon_+++_Honeypot:Recon_+++_*__+++_*': 391,
|
|
96
|
'Test:information.UnauthorizedAccess_+++_Relay_+++_*__+++_DNS_traffic_anomaly': 318,
|
|
97
|
'Vulnerable.Config_+++_External:Recon_+++_*__+++_Scan_IPMI': 2660,
|
|
98
|
'Vulnerable.Config_+++_External:Recon_+++_*__+++_Scan_NTP': 5876,
|
|
99
|
'Vulnerable.Config_+++_External:Recon_+++_*__+++_Scan_NTPMONITOR': 89,
|
|
100
|
'Vulnerable.Config_+++_External:Recon_+++_*__+++_Scan_QOTD': 317,
|
|
101
|
'Vulnerable.Config_+++_External:Recon_+++_*__+++_Scan_SNMP': 2644,
|
|
102
|
'Vulnerable.Config_+++_External:Recon_+++_*__+++_Scan_SSDP': 4505,
|
|
103
|
'Vulnerable.Config_+++_External:Recon_+++_Backscatter_+++_Open_DNS_Resolver': 805,
|
|
104
|
'Vulnerable.Config_+++_External:Recon_+++_Backscatter_+++_Scan_CHARGEN': 46,
|
|
105
|
'Vulnerable.Config_+++_External:Recon_+++_Backscatter_+++_Scan_NETBIOS': 12713,
|
|
106
|
'Vulnerable.Config_+++_External_+++_*__+++_Open_DNS_Resolver': 19,
|
|
107
|
'Vulnerable_+++_External_+++_Proxy_+++_Proxy_server': 7}
|