[23/Oct/2010 12:49:22] IPS: Packet drop, severity: High, Rule ID: 1:2002196 ET MALWARE Casalemedia Spyware Reporting URL Visited 2, proto:TCP, ip/port:95.30.117.146:52216 (crazy.gene.ru, user:manager) -> 92.123.68.9:80

[29/Oct/2010 16:24:36] IPS: Alert, severity: Medium, Rule ID: 1:2003020 ET POLICY TLS/SSL Encrypted Application Data on Unusual Port, proto:TCP, ip/port:95.30.117.170:63763 (crazy.gene.ru, user:manager) -> 94.25.148.228:44333

[31/Oct/2010 14:58:07] IPS: Alert, severity: Medium, Rule ID: 1:2007571 ET POLICY Remote Desktop Connection via non RDP Port, proto:TCP, ip/port:95.30.117.244:53626 (crazy.gene.ru, user:manager) -> 94.25.148.228:8002

[26/Nov/2010 22:41:08] IPS: Packet drop, severity: High, Rule ID: 1:2008411 ET TROJAN LDPinch SMTP Password Report with mail client The Bat!, proto:TCP, ip/port:172.16.101.2:59605 (insider.concorde.ru, user:Firewall) -> 87.250.250.89:25

[29/Nov/2010 16:27:22] IPS: Packet drop, severity: High, Rule ID: 1:2011765 ET MALWARE eval(function(p a c k e d) JavaScript from ngix Detected - Likely Hostile, proto:TCP, ip/port:217.25.226.106:80 -> 172.16.101.2:51075 (user:insider)

[30/Dec/2010 16:33:37] IPS: Alert, severity: Medium, Rule ID: 1:2001803 ET POLICY ICQ Status Change (2), proto:TCP, ip/port:192.168.101.57:51395 (Golf.concorde.ru, user:K.Klimenko@concorde.ru) -> 205.188.4.12:5190 (bos-d060a-rdr1.blue.aol.com)

[30/Dec/2010 15:16:50] IPS: Alert, severity: Low, Rule ID: 1:2002992 ET SCAN Rapid POP3 Connections - Possible Brute Force Attack, proto:TCP, ip/port:217.13.127.237:56886 -> 172.16.101.2:110 (insider.concorde.ru, user:manager@concorde.ru)

[26/Jan/2011 15:56:14] IPS: Packet drop, severity: High, Rule ID: 1:2003607 ET MALWARE Cnzz.com/Baidu Related Spyware Stat Reporting, proto:TCP, ip/port:192.168.101.52:65176 (Bravo.concorde.ru, user:V.Shokarev@concorde.ru) -> 172.16.101.1:3128

[26/Jan/2011 18:47:25] IPS: Packet drop, severity: High, Rule ID: 1:2003620 ET MALWARE 51yes.com Spyware Reporting User Activity, proto:TCP, ip/port:192.168.101.52:53172 (Bravo.concorde.ru, user:V.Shokarev@concorde.ru) -> 172.16.101.1:3128

01/Feb/2011 09:26:18] IPS: Alert, severity: Low, Rule ID: 1:2011411 ET DNS DNS Query for Suspicious .co.kr Domain, proto:UDP, ip/port:192.168.1.2:57443 (outsider.concorde.ru, user:outsider) -> 94.25.208.74:53

[07/Feb/2011 15:24:45] IPS: Alert, severity: Medium, Rule ID: 116:254 snort_decoder: WARNING: ICMP Original IP Payload > 576 bytes!, proto:ICMP, ip:172.16.101.2 (insider.concorde.ru, user:Firewall) -> 85.218.29.73, type:3 code:1

[13/Feb/2011 00:12:35] IPS: Packet drop, severity: Blacklist, Rule ID: 1:2520008 ET TOR Known Tor Exit Node TCP Traffic (5), proto:TCP, ip/port:137.56.163.46:56585 -> 109.195.52.235:4899 (crazy.gene.ru, user:manager)

[10/Mar/2011 06:25:01] IPS: Alert, severity: Low, Rule ID: 1:373 GPL ICMP_INFO PING Flowpoint2200 or Network Management Software, proto:ICMP, ip:59.46.177.66 -> 109.73.10.30 (outsider.concorde.ru, user:outsider), type:8 code:0

[10/Mar/2011 06:25:01] IPS: Alert, severity: Low, Rule ID: 1:368 GPL ICMP_INFO PING BSDtype, proto:ICMP, ip:59.46.177.66 -> 109.73.10.30 (outsider.concorde.ru, user:outsider), type:8 code:0

[10/Mar/2011 06:25:01] IPS: Alert, severity: Low, Rule ID: 1:366 GPL ICMP_INFO PING *NIX, proto:ICMP, ip:59.46.177.66 -> 109.73.10.30 (outsider.concorde.ru, user:outsider), type:8 code:0

[10/Mar/2011 12:50:06] IPS: Packet drop, severity: Medium, Rule ID: 116:47 snort_decoder: TCP Data Offset is longer than payload!, proto:TCP, ip/port:91.205.41.75:0 -> 109.73.10.30:0 (outsider.concorde.ru, user:outsider)

[20/Mar/2011 08:58:23] IPS: Packet drop, severity: High, Rule ID: 1:2003615 ET VIRUS WinUpack Modified PE Header Outbound, proto:TCP, ip/port:188.235.5.180:24263 (crazy.gene.ru, user:manager) -> 109.66.35.77:57406

[03/Apr/2011 18:45:47] IPS: Packet drop, severity: Low, Rule ID: 1:2010715 ET SCAN ZmEu exploit scanner, proto:TCP, ip/port:50.16.89.166:46336 (ec2-50-16-89-166.compute-1.amazonaws.com) -> 192.168.1.16:80 (crazy.gene.ru, user:manager)
[01/Apr/2014 23:21:34] IPS: Packet drop, severity: Low, Rule ID: 1:2012936 emerging-scan.rules @ kerio-low-drop.rules-ET SCAN ZmEu Scanner User-Agent Inbound, proto:TCP, ip/port:107.155.65.34:35592 -> 192.168.88.100:80 (model.gene.ru, user:admin)

[03/Apr/2011 11:39:55] IPS: Packet drop, severity: Low, Rule ID: 1:2012204 ET SCAN Modified Sipvicious Sundayddr Scanner, proto:UDP, ip/port:221.130.119.174:5060 -> 192.168.3.16:5060 (crazy.gene.ru, user:manager)

[03/Apr/2011 08:28:04] IPS: Packet drop, severity: Medium, Rule ID: 125:3 ftp_pp: FTP parameter length overflow, proto:TCP, ip/port:178.124.81.250:54345 -> 192.168.1.16:21 (crazy.gene.ru, user:manager)

[02/Apr/2011 02:57:16] IPS: Packet drop, severity: Medium, Rule ID: 1:2003466 ET WEB_SERVER PHP Attack Tool Morfeus F Scanner, proto:TCP, ip/port:74.54.205.122:53629 (7a.cd.364a.static.theplanet.com) -> 192.168.1.16:80 (crazy.gene.ru, user:manager)

[31/Mar/2011 14:29:21] IPS: Packet drop, severity: High, Rule ID: 1:2011765 ET MALWARE eval(function(p a c k e d) JavaScript from nginx Detected - Likely Hostile, proto:TCP, ip/port:80.93.48.35:80 (80.93.48.35.peterhost.ru) -> 10.10.101.2:28795 (outsider.concorde.ru, user:outsider)

[28/Mar/2011 11:39:01] IPS: Alert, severity: High, Rule ID: 1:653 GPL SHELLCODE x86 0x90 unicode NOOP, proto:TCP, ip/port:95.100.3.235:80 -> 10.10.101.2:27172 (outsider.concorde.ru, user:outsider)

[25/Mar/2011 23:01:45] IPS: Packet drop, severity: High, Rule ID: 1:2003287 ET MALWARE SOCKSv5 UDP Proxy Inbound Connect Request (Linux Source), proto:UDP, ip/port:188.235.8.116:56453 -> 109.73.10.30:44333 (outsider.concorde.ru, user:outsider)

[25/Mar/2011 15:47:34] IPS: Packet drop, severity: High, Rule ID: 1:2003620 ET MALWARE 51yes.com Spyware Reporting User Activity, proto:TCP, ip/port:10.10.101.2:8312 (outsider.concorde.ru, user:outsider) -> 221.181.73.215:80

[25/Mar/2011 11:31:06] IPS: Alert, severity: Low, Rule ID: 1:2011408 ET DNS DNS Query for Suspicious .com.cn Domain, proto:UDP, ip/port:109.73.10.30:53732 (outsider.concorde.ru, user:outsider) -> 83.220.35.98:53

[23/Mar/2011 20:20:09] IPS: Alert, severity: Medium, Rule ID: 1:2011354 ET CURRENT_EVENTS Driveby bredolab request to a .ru 8080 URI, proto:TCP, ip/port:10.10.101.2:2868 (outsider.concorde.ru, user:outsider) -> 89.108.99.17:8080 (cdp1.agava.net)

[23/Mar/2011 20:20:10] IPS: Alert, severity: Medium, Rule ID: 1:2012263 ET WEB_CLIENT Hex Obfuscation of Script Tag % Encoding, proto:TCP, ip/port:89.108.105.11:80 (f2.c3.agava.net) -> 10.10.101.2:2880 (outsider.concorde.ru, user:outsider)

[23/Mar/2011 05:31:13] IPS: Packet drop, severity: High, Rule ID: 1:2001795 ET DOS Excessive SMTP MAIL-FROM DDoS, proto:TCP, ip/port:190.209.47.174:12966 -> 109.73.10.30:25 (outsider.concorde.ru, user:outsider)

06/Apr/2011 16:30:15] IPS: Packet drop, severity: Medium, Rule ID: 1:100000186 GPL WEB_SERVER WEB-PHP phpinfo access, proto:TCP, ip/port:50.56.83.99:55135 (50-56-83-99.static.cloud-ips.com) -> 192.168.1.16:80 (crazy.gene.ru, user:manager)

[06/Apr/2011 16:30:21] IPS: Packet drop, severity: Medium, Rule ID: 1:2002997 ET WEB_SERVER PHP Remote File Inclusion (monster list http), proto:TCP, ip/port:50.56.83.99:43895 (50-56-83-99.static.cloud-ips.com) -> 192.168.1.16:80 (crazy.gene.ru, user:manager)

[08/Apr/2011 09:43:29] IPS: Packet drop, severity: Medium, Rule ID: 1:2010902 ET WEB_SPECIFIC_APPS phpMyAdmin Remote Code Execution Proof of Concept (p=), proto:TCP, ip/port:194.79.157.171:33513 (gretacrimee-157-171.cnt.nerim.net) -> 192.168.1.16:80 (crazy.gene.ru, user:manager)

[09/Apr/2011 20:50:17] IPS: Packet drop, severity: High, Rule ID: 1:2009702 ET POLICY DNS Update From External net, proto:UDP, ip/port:38.229.1.73:47483 -> 109.73.10.30:53 (outsider.concorde.ru, user:outsider)

[18/Jan/2012 14:35:08] IPS: Packet drop, severity: Blacklist, Rule ID: 1:2401998 ET DROP Gene AntiKerio Block Listed Source, proto:TCP, ip/port:139.24.213.54:7289 -> 195.113.184.57:443


[05/Apr/2014 03:13:42] IPS: Packet drop, severity: Medium, Rule ID: 1:2016977 emerging-web_server.rules @ kerio-medium-drop.rules-ET WEB_SERVER allow_url_include PHP config option in uri, proto:TCP, ip/port:193.169.22.122:44392 -> 192.168.88.100:80 (model.gene.ru, user:admin)
[05/Apr/2014 03:13:42] IPS: Packet drop, severity: Medium, Rule ID: 1:2016978 emerging-web_server.rules @ kerio-medium-drop.rules-ET WEB_SERVER safe_mode PHP config option in uri, proto:TCP, ip/port:193.169.22.122:44392 -> 192.168.88.100:80 (model.gene.ru, user:admin)
[05/Apr/2014 03:13:42] IPS: Packet drop, severity: Medium, Rule ID: 1:2016979 emerging-web_server.rules @ kerio-medium-drop.rules-ET WEB_SERVER suhosin.simulation PHP config option in uri, proto:TCP, ip/port:193.169.22.122:44392 -> 192.168.88.100:80 (model.gene.ru, user:admin)
[05/Apr/2014 03:14:43] IPS: Packet drop, severity: Medium, Rule ID: 1:2016980 emerging-web_server.rules @ kerio-medium-drop.rules-ET WEB_SERVER disable_functions PHP config option in uri, proto:TCP, ip/port:193.169.22.122:44449 -> 192.168.88.100:80 (model.gene.ru, user:admin)

[04/Apr/2014 12:23:27] IPS: Packet drop, severity: Blacklist, Rule ID: 1:2520004 ET TOR Known Tor Exit Node TCP Traffic group 3, proto:TCP, ip/port:109.163.234.5:21944 -> 192.168.88.100:80 (model.gene.ru, user:admin)
[04/Apr/2014 12:23:27] IPS: Packet drop, severity: Blacklist, Rule ID: 1:2522004 ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 3, proto:TCP, ip/port:109.163.234.5:21944 -> 192.168.88.100:80 (model.gene.ru, user:admin)