IDS Logs

Started by Mikestr, October 20, 2024, 10:53:16 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 20, 2024, 10:53:16 PM
Can anyone help me with this?   
Date
Severity
Process
Line
2024-10-20T14:39:51-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.70.173.118:6615 -> 192.168.1.5:31819   
2024-10-20T14:39:46-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 3.213.46.228:6502 -> 192.168.1.5:40532   
2024-10-20T14:39:41-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.70.173.118:6615 -> 192.168.1.5:60551   
2024-10-20T14:39:38-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.70.173.118:6615 -> 192.168.1.5:54574   
2024-10-20T14:39:32-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 52.41.117.235:6502 -> 192.168.1.5:17566   
2024-10-20T14:39:26-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.70.173.118:6615 -> 192.168.1.5:2059   
2024-10-20T14:39:22-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 52.41.117.235:6502 -> 192.168.1.5:31617   
2024-10-20T14:39:17-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.70.173.118:6615 -> 192.168.1.5:65030   
2024-10-20T14:39:10-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 52.41.117.235:6502 -> 192.168.1.5:42158   
2024-10-20T14:39:06-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.70.173.118:6615 -> 192.168.1.5:19340   
2024-10-20T14:39:01-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 52.41.117.235:6502 -> 192.168.1.5:28991   
2024-10-20T14:38:56-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.70.173.118:6615 -> 192.168.1.5:14753   
2024-10-20T14:38:48-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 52.41.117.235:6502 -> 192.168.1.5:40209   
2024-10-20T14:38:43-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.70.173.118:6615 -> 192.168.1.5:57313   
2024-10-20T14:38:37-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 52.41.117.235:6502 -> 192.168.1.5:63508   
2024-10-20T14:38:32-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.70.173.118:6615 -> 192.168.1.5:32665   
2024-10-20T14:38:28-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.70.173.118:6615 -> 192.168.1.5:43553   
2024-10-20T14:38:19-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 52.8.83.135:6502 -> 192.168.1.5:14483   
2024-10-20T14:38:14-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.70.173.118:6615 -> 192.168.1.5:32520   
2024-10-20T14:37:57-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 52.8.83.135:6502 -> 192.168.1.5:5190   
2024-10-20T14:37:53-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.70.173.118:6615 -> 192.168.1.5:50968   
2024-10-20T14:37:45-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 52.8.83.135:6502 -> 192.168.1.5:5612   
2024-10-20T14:37:40-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.70.173.118:6615 -> 192.168.1.5:1091   
2024-10-20T14:37:35-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 52.8.83.135:6502 -> 192.168.1.5:19851   
2024-10-20T14:37:29-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.70.173.118:6615 -> 192.168.1.5:29710   
2024-10-20T14:37:22-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 52.8.83.135:6502 -> 192.168.1.5:32752   
2024-10-20T14:37:17-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.70.173.118:6615 -> 192.168.1.5:25774   
2024-10-20T14:37:16-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 54.70.173.118:6615 -> 192.168.1.5:28121   
2024-10-20T14:37:08-06:00   Notice   suricata   [Drop] [1:2011540:7] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: Not Suspicious Traffic] [Priority: 3] {TCP} 44.224.252.72:6502 -> 192.168.1.5:15835
October 21, 2024, 03:07:36 AM #1
I don't know what it means and how to stop it.  I did set it to drop, before it said notify I think.
October 21, 2024, 03:45:27 AM #2
When I look up the IP's  they all point to amazon.
October 21, 2024, 07:56:23 AM #3
The internal system with IP address 192.168.1.5 is probably trying to get a certificate from the Letsencrypt demo CA.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Print
Go Up Pages1
User actions