"blocks.log" - Views: 77 · Hits: 77 - Type: Public

09/27/2021-22:20:26.500509  [Block Src] [**] [1:2027757:5] ET DNS Query for .to TLD [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 10.10.20.199:49656
09/27/2021-22:25:40.088987  [Block Src] [**] [1:2210044:2] SURICATA STREAM Packet with invalid timestamp [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 87.21.208.2:16881
09/27/2021-22:25:40.088987  [Block Dst] [**] [1:2210044:2] SURICATA STREAM Packet with invalid timestamp [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.198:44711
09/27/2021-22:26:15.381852  [Block Dst] [**] [1:2210045:2] SURICATA STREAM Packet with invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.199:32400
09/27/2021-22:28:40.812891  [Block Src] [**] [1:2210038:2] SURICATA STREAM FIN out of window [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.51:40824
09/27/2021-22:28:40.812891  [Block Dst] [**] [1:2210038:2] SURICATA STREAM FIN out of window [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 81.74.224.43:443
09/27/2021-22:34:58.243992  [Block Src] [**] [1:2027757:5] ET DNS Query for .to TLD [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 10.10.20.198:58731
09/27/2021-22:35:13.258522  [Block Src] [**] [1:2027757:5] ET DNS Query for .to TLD [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 10.10.20.198:43287
09/27/2021-22:36:58.271773  [Block Src] [**] [1:2012811:7] ET DNS Query to a .tk domain - Likely Hostile [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 10.10.20.198:47607
09/27/2021-22:38:06.402599  [Block Src] [**] [1:2221010:1] SURICATA HTTP unable to match response to request [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 54.163.243.149:80
09/27/2021-22:38:21.358037  [Block Src] [**] [1:2210054:1] SURICATA STREAM excessive retransmissions [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 151.25.110.92:56589
09/27/2021-22:38:21.358037  [Block Dst] [**] [1:2210054:1] SURICATA STREAM excessive retransmissions [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.198:39659
09/27/2021-22:39:25.719207  [Block Src] [**] [1:2200075:2] SURICATA UDPv4 invalid checksum [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {UDP} 106.219.25.155:32178
09/27/2021-22:39:25.719207  [Block Dst] [**] [1:2200075:2] SURICATA UDPv4 invalid checksum [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {UDP} 10.10.20.198:6881
09/27/2021-22:49:06.421846  [Block Src] [**] [1:2210044:2] SURICATA STREAM Packet with invalid timestamp [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 151.101.242.27:443
09/27/2021-22:49:06.421846  [Block Dst] [**] [1:2210044:2] SURICATA STREAM Packet with invalid timestamp [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.51:45170
09/27/2021-22:50:35.438426  [Block Src] [**] [1:2210045:2] SURICATA STREAM Packet with invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.51:49962
09/27/2021-22:50:35.440373  [Block Dst] [**] [1:2210045:2] SURICATA STREAM Packet with invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 31.13.86.52:443
09/27/2021-22:52:36.699701  [Block Dst] [**] [1:2210045:2] SURICATA STREAM Packet with invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 23.246.51.163:443
09/27/2021-22:59:58.452153  [Block Src] [**] [1:2200076:2] SURICATA ICMPv4 invalid checksum [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {ICMP} 106.212.4.112:771
09/27/2021-22:59:58.452153  [Block Dst] [**] [1:2200076:2] SURICATA ICMPv4 invalid checksum [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {ICMP} 10.10.20.198:0
09/27/2021-23:53:08.669024  [Block Src] [**] [1:2018918:4] ET POLICY possible Xiaomi phone data leakage DNS [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {UDP} 10.10.20.52:3223
09/27/2021-23:53:13.675518  [Block Dst] [**] [1:2018918:4] ET POLICY possible Xiaomi phone data leakage DNS [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {UDP} 8.8.8.8:53
09/27/2021-23:55:04.864888  [Block Dst] [**] [1:2200030:2] SURICATA ICMPv6 unknown code [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {IPV6-ICMP} ff02:0000:0000:0000:0000:0000:0000:0002:134
09/28/2021-00:13:56.398131  [Block Src] [**] [1:2210038:2] SURICATA STREAM FIN out of window [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.52:47862
09/28/2021-00:13:56.398131  [Block Dst] [**] [1:2210038:2] SURICATA STREAM FIN out of window [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 34.194.255.230:5222
09/28/2021-04:15:00.131727  [Block Src] [**] [1:2210038:2] SURICATA STREAM FIN out of window [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.52:47906
09/28/2021-04:15:00.131727  [Block Dst] [**] [1:2210038:2] SURICATA STREAM FIN out of window [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 18.193.20.101:5222
09/28/2021-06:54:54.077290  [Block Src] [**] [1:2403324:69027] ET CINS Active Threat Intelligence Poor Reputation IP group 25 [**] [Classification: Misc Attack] [Priority: 2] {UDP} 37.187.107.54:8082
09/28/2021-06:54:54.077290  [Block Dst] [**] [1:2403324:69027] ET CINS Active Threat Intelligence Poor Reputation IP group 25 [**] [Classification: Misc Attack] [Priority: 2] {UDP} 10.10.20.198:6881
09/29/2021-13:19:43.385119  [Block Src] [**] [1:2210033:2] SURICATA STREAM FIN1 invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.23:54917
09/29/2021-13:31:42.075148  [Block Dst] [**] [1:2027761:4] ET POLICY SSL/TLS Certificate Observed (AnyDesk Remote Desktop Software) [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 10.10.20.21:52077
09/29/2021-13:33:06.130501  [Block Src] [**] [1:2403360:69123] ET CINS Active Threat Intelligence Poor Reputation IP group 61 [**] [Classification: Misc Attack] [Priority: 2] {UDP} 54.39.16.25:36039
09/29/2021-13:33:06.130501  [Block Dst] [**] [1:2403360:69123] ET CINS Active Threat Intelligence Poor Reputation IP group 61 [**] [Classification: Misc Attack] [Priority: 2] {UDP} 10.10.20.198:6881
09/29/2021-14:58:45.922389  [Block Src] [**] [1:2224003:1] SURICATA IKEv2 weak cryptographic parameters (PRF) [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {UDP} 2001:0000:338c:24f4:08eb:f3fd:b0d3:4c79:500
09/29/2021-15:06:41.527231  [Block Src] [**] [1:2018959:4] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 23.41.187.27:80
09/29/2021-15:06:41.527231  [Block Dst] [**] [1:2018959:4] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 10.10.20.22:61601
09/29/2021-16:04:17.335130  [Block Src] [**] [1:2027695:4] ET POLICY Observed Cloudflare DNS over HTTPS Domain (cloudflare-dns .com in TLS SNI) [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 10.10.20.222:63667
09/29/2021-16:04:17.335130  [Block Dst] [**] [1:2027695:4] ET POLICY Observed Cloudflare DNS over HTTPS Domain (cloudflare-dns .com in TLS SNI) [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 104.16.249.249:443
09/29/2021-16:37:04.298062  [Block Src] [**] [1:2210042:2] SURICATA STREAM TIMEWAIT ACK with wrong seq [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 179.113.55.83:6969
09/29/2021-16:37:04.298062  [Block Dst] [**] [1:2210042:2] SURICATA STREAM TIMEWAIT ACK with wrong seq [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.198:58697
09/29/2021-16:37:40.051141  [Block Src] [**] [1:2027390:4] ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent [**] [Classification: Unknown Traffic] [Priority: 3] {TCP} 10.10.20.21:49764
09/29/2021-16:37:40.051141  [Block Dst] [**] [1:2027390:4] ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent [**] [Classification: Unknown Traffic] [Priority: 3] {TCP} 23.194.176.88:80
09/29/2021-16:41:55.040477  [Block Src] [**] [1:2260002:1] SURICATA Applayer Detect protocol only one direction [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.22:58723
09/29/2021-16:42:02.627550  [Block Dst] [**] [1:2027761:4] ET POLICY SSL/TLS Certificate Observed (AnyDesk Remote Desktop Software) [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 10.10.20.21:56814
09/29/2021-18:34:48.234374  [Block Dst] [**] [1:2221045:1] SURICATA HTTP Unexpected Request body [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 52.73.37.46:80
09/29/2021-18:39:05.226093  [Block Src] [**] [1:2210054:1] SURICATA STREAM excessive retransmissions [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.50:41900
09/29/2021-18:39:05.226093  [Block Dst] [**] [1:2210054:1] SURICATA STREAM excessive retransmissions [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 31.13.86.49:5222
09/29/2021-18:40:17.826775  [Block Src] [**] [1:2210033:2] SURICATA STREAM FIN1 invalid ack [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.23:52217
09/29/2021-18:47:22.272362  [Block Dst] [**] [1:2210032:2] SURICATA STREAM FIN1 FIN with wrong seq [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.23:52217
09/29/2021-18:47:48.105998  [Block Dst] [**] [1:2210050:2] SURICATA STREAM reassembly overlap with different data [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 130.117.190.132:443
09/29/2021-19:18:51.505861  [Block Src] [**] [1:2210044:2] SURICATA STREAM Packet with invalid timestamp [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 40.114.178.124:443
09/29/2021-19:18:51.505861  [Block Dst] [**] [1:2210044:2] SURICATA STREAM Packet with invalid timestamp [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.53:45010
09/29/2021-19:27:56.665281  [Block Src] [**] [1:2210042:2] SURICATA STREAM TIMEWAIT ACK with wrong seq [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 31.13.86.4:443
09/29/2021-19:27:56.665281  [Block Dst] [**] [1:2210042:2] SURICATA STREAM TIMEWAIT ACK with wrong seq [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.10.20.51:48624
09/30/2021-09:39:16.154487  [Block Src] [**] [1:2027761:4] ET POLICY SSL/TLS Certificate Observed (AnyDesk Remote Desktop Software) [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 138.199.36.117:80
09/30/2021-09:39:16.154487  [Block Dst] [**] [1:2027761:4] ET POLICY SSL/TLS Certificate Observed (AnyDesk Remote Desktop Software) [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 10.10.20.21:50268
09/30/2021-10:52:46.688389  [Block Src] [**] [1:2027390:4] ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent [**] [Classification: Unknown Traffic] [Priority: 3] {TCP} 10.10.20.25:52519
09/30/2021-10:52:46.688389  [Block Dst] [**] [1:2027390:4] ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent [**] [Classification: Unknown Traffic] [Priority: 3] {TCP} 23.194.176.88:80