<?xml version="1.0" encoding="GB2312"?>
<root>
<Sample Name="VenusIDS">sub:TDS_MS-SQL_口令弱;se:30;sr:192.168.3.144;sport:0;dest:192.168.3.44;dport:0;proto:null;param:用户名称=sa;用户口令=123456;;time:2005-4-19_11:46:35</Sample>
<Sample Name="VenusAuditS">Jan 9 10:04:53 192.168.4.185 VENUS_AUDIT: type=sign time=2006-01-09 10:12:43 engine_ip=192.168.4.125 src_ip=192.168.3.166 dst_ip=192.168.4.123 src_port=23 dst_port=1052 src_mac=00:02:b3:3e:e9:ed dst_mac=00:0e:0c:5e:7b:f1 trans_proto_id=5 rule_id=187 proto_id=10 start_time=0 end_time=0 user_id=10 user_type=0 policy_id=93 service_role_id=99 evt_set_id=100 action_mode=1 alarm_mode=1 log_level=1 param_len=44 param=Telnet=root enginaix hello slowaction exit;</Sample>
<Sample Name="VenusAuditP">Jan 9 10:26:04 192.168.4.185 VENUS_AUDIT: type=audit time=2006-01-09 10:24:32 engine_ip=192.168.4.125 src_ip=192.168.4.123 dst_ip=192.168.3.166 src_port=1785 dst_port=23 src_mac=00:0e:0c:5e:7b:f1 dst_mac=00:02:b3:3e:e9:ed user_id=10 user_type=0 service_role_id=99 proto_id=10 action_mode=1 alarm_mode=1 log_level=1 param_len=14 param=Telnet输入=ls;</Sample>
<Sample Name="Topsec4000">id=firewall time="2005-07-29 10:57:16" fw=TOPSEC pri=3 recorder=kernel type=ids proto=TCP rule=deny src=192.168.25.1 sport=59393 dst=192.168.25.2 dport=80 smac=00:10:f3:04:77:db</Sample>
<Sample Name="Topsec4000Adm">May 30 18:38:06 fw_proxy:id=firewall time="2005-5-30 18:38:6" fw=192.168.1.116 pri=4 type=mgmt recorder=fw_proxy msg=ShellCmd(): fork() ERROR</Sample>
<Sample Name="NetScreenTraffic">ns204: NetScreen device_id=ns204 [No Name]system-notification-00257(traffic): start_time="2005-11-15 16:27:55" duration=4 policy_id=5 service=tcp/port:501 proto=6 src zone=V1-Untrust dst zone=V1-Trust action=Permit sent=198 rcvd=192 src=192.168.24.165 dst=192.168.24.233 src_port=1573 dst_port=501 src-xlated ip=192.168.24.165 port=1573</Sample>
<Sample Name="NetScreenAdm">ns204: NetScreen device_id=ns204 [No Name] (2005-12-20 192.168.3.22) alert-00027 login failures occurred for user root from IP address 192.168.24.110:8080</Sample>
<Sample Name="Fortinet-1">date=2005-07-25,time=09:25:26,device_id=APS3012801012028,log_id=0001000002,type=traffic,subtype=session,pri=notice,SN=7590956,duration=180,policyid=1,proto=17,service=53/udp,status=accept,src=192.168.3.123,srcname=192.168.3.123,dst=202.106.0.20,dstname=202.106.0.20,src_int=internal,dst_int=external,sent=60,rcvd=181,sent_pkt=1,rcvd_pkt=1,src_port=4664,dst_port=53,vpn=n/a,tran_ip=211.167.237.137,tran_port=39540,</Sample>
<Sample Name="Fortinet-2">date=2005-07-25,time=09:25:26,device_id=APS3012801012028,log_id=0400000000,type=ids,subtype=detection,pri=alert,attack_id=287113220,,src=192.168.25.1,dst=192.168.25.3,src_port=43323,dst_port=161,src_int=n/a,dst_int=n/a,status=detected,proto=17,service=161/udp,msg="SNMP public access udp[Reference: http://www.fortinet.com/ids/ID287113220]"</Sample>
<Sample Name="Kill">发现DOShunt病毒在 C:\SHARE\ATOZVIRUS.病毒包\DOSHUNTE\DOSHUNTE.COM. 机器: TESTFORKILL, 用户: 系统. 文件状态: 已感染</Sample>
<Sample Name="Solaris">sshd[23538]: Received disconnect from ::ffff:192.168.17.50: 11: Disconnect requested by Windows SSH Client.</Sample>
<Sample Name="Snort">snort: [122:19:0] (portscan) UDP Portsweep {PROTO255} 192.168.17.253 -> 192.168.17.50</Sample>
<Sample Name="Linux">xinetd[3469]: START: cvspserver pid=16386 from=192.168.17.188</Sample>
<Sample Name="PIX">%PIX-7-710005: UDP request discarded from 192.168.24.181/137 to inside:192.168.24.255/netbios-ns</Sample>
<Sample Name="Huawei"><189>Jun 7 05:22:03 2003 Quidway IFNET/6/UPDOWN:Line protocol on interface Ethernet0/0/0, changed state to UP</Sample>
<Sample Name="绿盟NIPS1">NIDS 中联绿盟信息技术(北京)有限公司 冰之眼入侵检测系统V3 131073 192.168.1.201 192.168.1.107 00:11:25:83:93:5C 00:07:E9:10:7A:BE FTP服务anonymous匿名用户认证 失败 失败 VENQLkZUUG5TZjBDdXNDblNmMEN1c1VTRVI9YW5vbnltb3Vz 网络监控类功能 事件监控 低 高 FTP</Sample>
<Sample Name="绿盟NIPS2">NIDS 中联绿盟信息技术(北京)有限公司 冰之眼入侵检测系统V3 131073 192.168.1.201 192.168.1.107 00:11:25:83:93:5C 00:07:E9:10:7A:BE Windows SMB枚举系统用户帐号列表操作 未知 QW55blNmMEN1c0M= 信息收集类攻击 事件监控 中 高 Samba</Sample>
<Sample Name=""></Sample>
</root>