$ sudo psad -S
[sudo] password for mint:
[-] psad: pid file /var/run/psad/psadwatchd.pid does not exist for psadwatchd on mint
[+] psad (pid: 1179) %CPU: 0.0 %MEM: 0.6
Running since: Mon Oct 30 13:08:27 2017
Command line arguments: [none specified]
Alert email address(es): root@localhost
[+] Version: psad v2.2.3
[+] Top 50 signature matches:
[NONE]
[+] Top 25 attackers:
10.18.37.12 DL: 2, Packets: 53, Sig count: 0
172.16.197.127 DL: 2, Packets: 56, Sig count: 0
172.16.197.133 DL: 2, Packets: 34, Sig count: 0
172.16.197.184 DL: 2, Packets: 55, Sig count: 0
172.16.197.218 DL: 2, Packets: 34, Sig count: 0
172.16.197.67 DL: 2, Packets: 18, Sig count: 0
172.16.197.99 DL: 2, Packets: 16, Sig count: 0
172.16.197.119 DL: 1, Packets: 5, Sig count: 0
172.16.197.187 DL: 1, Packets: 6, Sig count: 0
172.16.197.221 DL: 1, Packets: 8, Sig count: 0
172.16.197.53 DL: 1, Packets: 5, Sig count: 0
172.16.197.65 DL: 1, Packets: 6, Sig count: 0
172.16.197.7 DL: 1, Packets: 6, Sig count: 0
172.16.197.82 DL: 1, Packets: 9, Sig count: 0
[+] Top 20 scanned ports:
[NONE]
[+] iptables log prefix counters:
"[UFW BLOCK]": 339
Total protocol packet counters:
[+] IP Status Detail:
SRC: 10.18.37.12, DL: 2, Dsts: 1, Pkts: 53, Total protocols: 1, Unique sigs: 0, Email alerts: 49
DST: 224.0.0.251
Total scanned IP protocols: 1, Chain: INPUT, Intf: enp2s0
SRC: 172.16.197.127, DL: 2, Dsts: 1, Pkts: 56, Total protocols: 1, Unique sigs: 0, Email alerts: 50, Local IP
DST: 224.0.0.251
Total scanned IP protocols: 1, Chain: INPUT, Intf: enp2s0
SRC: 172.16.197.133, DL: 2, Dsts: 1, Pkts: 34, Total protocols: 1, Unique sigs: 0, Email alerts: 30, Local IP
DST: 224.0.0.251
Total scanned IP protocols: 1, Chain: INPUT, Intf: enp2s0
SRC: 172.16.197.184, DL: 2, Dsts: 1, Pkts: 55, Total protocols: 1, Unique sigs: 0, Email alerts: 49, Local IP
DST: 224.0.0.251
Total scanned IP protocols: 1, Chain: INPUT, Intf: enp2s0
SRC: 172.16.197.218, DL: 2, Dsts: 1, Pkts: 34, Total protocols: 1, Unique sigs: 0, Email alerts: 30, Local IP
DST: 224.0.0.251
Total scanned IP protocols: 1, Chain: INPUT, Intf: enp2s0
SRC: 172.16.197.67, DL: 2, Dsts: 1, Pkts: 18, Total protocols: 1, Unique sigs: 0, Email alerts: 14, Local IP
DST: 224.0.0.251
Total scanned IP protocols: 1, Chain: INPUT, Intf: enp2s0
SRC: 172.16.197.99, DL: 2, Dsts: 1, Pkts: 16, Total protocols: 1, Unique sigs: 0, Email alerts: 12, Local IP
DST: 224.0.0.251
Total scanned IP protocols: 1, Chain: INPUT, Intf: enp2s0
SRC: 172.16.197.119, DL: 1, Dsts: 1, Pkts: 5, Total protocols: 1, Unique sigs: 0, Email alerts: 1, Local IP
DST: 224.0.0.251
Total scanned IP protocols: 1, Chain: INPUT, Intf: enp2s0
SRC: 172.16.197.187, DL: 1, Dsts: 1, Pkts: 6, Total protocols: 1, Unique sigs: 0, Email alerts: 2, Local IP
DST: 224.0.0.251
Total scanned IP protocols: 1, Chain: INPUT, Intf: enp2s0
SRC: 172.16.197.221, DL: 1, Dsts: 1, Pkts: 8, Total protocols: 1, Unique sigs: 0, Email alerts: 4, Local IP
DST: 224.0.0.251
Total scanned IP protocols: 1, Chain: INPUT, Intf: enp2s0
SRC: 172.16.197.53, DL: 1, Dsts: 1, Pkts: 5, Total protocols: 1, Unique sigs: 0, Email alerts: 1, Local IP
DST: 224.0.0.251
Total scanned IP protocols: 1, Chain: INPUT, Intf: enp2s0
SRC: 172.16.197.65, DL: 1, Dsts: 1, Pkts: 6, Total protocols: 1, Unique sigs: 0, Email alerts: 2, Local IP
DST: 224.0.0.251
Total scanned IP protocols: 1, Chain: INPUT, Intf: enp2s0
SRC: 172.16.197.7, DL: 1, Dsts: 1, Pkts: 6, Total protocols: 1, Unique sigs: 0, Email alerts: 2, Local IP
DST: 224.0.0.251
Total scanned IP protocols: 1, Chain: INPUT, Intf: enp2s0
SRC: 172.16.197.82, DL: 1, Dsts: 1, Pkts: 9, Total protocols: 1, Unique sigs: 0, Email alerts: 5, Local IP
DST: 224.0.0.251
Total scanned IP protocols: 1, Chain: INPUT, Intf: enp2s0
Total scan sources: 14
Total scan destinations: 1
[+] These results are available in: /var/log/psad/status.out
172.16.197.xx is my WAN IP segment given to me by my cable ISP.
So the “Top 25 attackers” are people who are trying to hack into my PC ?
I am a newbie to security, please elaborate.
According to komunity.komand.com/learn/article/network-security/… the Top 25 attacker is where the attacker’s IP appears….So in my result all those IP’s are trying to hack into my PC ?
Continue reading Need help with PSAD result [on hold]→