I'm puzzled by the following logs.
These are two separate machines. One is a Win7 machine a recently installed to do some idle gaming.
The second is a Macbook Air that also has a Win7 virtual machine that runs from time to time. I do not believe the Win7 VM was running at the time indicated so it would just be a straight MAC.
Could anyone help explain this?
08/12/2012 13:26 10.1.4.1 Win7 installed this week - updated - Copper Ethernet
09/12/2012 02:44 10.1.2.31 MacBook Air using wireless
Thanks,
D
These are two separate machines. One is a Win7 machine a recently installed to do some idle gaming.
The second is a Macbook Air that also has a Win7 virtual machine that runs from time to time. I do not believe the Win7 VM was running at the time indicated so it would just be a straight MAC.
Could anyone help explain this?
08/12/2012 13:26 10.1.4.1 Win7 installed this week - updated - Copper Ethernet
09/12/2012 02:44 10.1.2.31 MacBook Air using wireless
Thanks,
D
Code:
/var/log/ips/2012/12/ips-2012-12-09.log.gz:2012:12:09-13:26:47 wahine snort[6658]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="POLICY-OTHER dnstunnel v0.5 outbound traffic detected" group="241" srcip="10.1.4.1" dstip="10.1.1.2" proto="17" srcport="64137" dstport="53" sid="19471" class="Potential Corporate Privacy Violation" priority="1" generator="1" msgid="0"
/var/log/ips/2012/12/ips-2012-12-09.log.gz:2012:12:09-13:26:47 wahine snort[6658]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="POLICY-OTHER dnstunnel v0.5 outbound traffic detected" group="241" srcip="10.1.4.1" dstip="10.1.1.2" proto="17" srcport="64137" dstport="53" sid="19471" class="Potential Corporate Privacy Violation" priority="1" generator="1" msgid="0"
/var/log/ips/2012/12/ips-2012-12-09.log.gz:2012:12:09-13:26:47 wahine snort[6658]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="POLICY-OTHER dnstunnel v0.5 outbound traffic detected" group="241" srcip="10.1.4.1" dstip="10.1.1.2" proto="17" srcport="64137" dstport="53" sid="19471" class="Potential Corporate Privacy Violation" priority="1" generator="1" msgid="0"
/var/log/ips.log:2012:12:10-02:44:45 wahine snort[6658]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="POLICY-OTHER dnstunnel v0.5 outbound traffic detected" group="241" srcip="10.1.2.31" dstip="10.1.1.2" proto="17" srcport="60799" dstport="53" sid="19471" class="Potential Corporate Privacy Violation" priority="1" generator="1" msgid="0"
/var/log/ips.log:2012:12:10-02:44:45 wahine snort[6658]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="POLICY-OTHER dnstunnel v0.5 outbound traffic detected" group="241" srcip="10.1.2.31" dstip="10.1.1.2" proto="17" srcport="53686" dstport="53" sid="19471" class="Potential Corporate Privacy Violation" priority="1" generator="1" msgid="0"
/var/log/ips.log:2012:12:10-02:44:45 wahine snort[6658]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="POLICY-OTHER dnstunnel v0.5 outbound traffic detected" group="241" srcip="10.1.2.31" dstip="10.1.1.2" proto="17" srcport="63172" dstport="53" sid="19471" class="Potential Corporate Privacy Violation" priority="1" generator="1" msgid="0"
/var/log/ips.log:2012:12:10-02:44:45 wahine snort[6658]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="POLICY-OTHER dnstunnel v0.5 outbound traffic detected" group="241" srcip="10.1.2.31" dstip="10.1.1.2" proto="17" srcport="60865" dstport="53" sid="19471" class="Potential Corporate Privacy Violation" priority="1" generator="1" msgid="0"