常用的加密类型有几种,RSA支持ssh1和ssh2类型的通讯,而DSA和RCDSA仅支持ssh2类型的通讯,而且根据FIPS 186-2的指定DSA仅支持1024位的加密。
例如,如果我们仅运行:
代码: 全选
# ssh-keygen这里介绍两个参数, -t 参数是指type, 也就是加密类型为rsa, -b 参数是指用多少位生成密钥(key),
我们这里以rsa密钥为例,假设要为一个web服务器192.168.2.35来生成OpenSSH登录密钥,首先先用ssh-keygen生成一对rsa密钥,加密位数为2048。你可以输入
代码: 全选
# ssh-keygen -t rsa -b 2048代码: 全选
# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
fe:50:41:44:57:e8:4d:f0:58:b8:31:2f:22:8d:3f:74 root@gobsd.org
The key's randomart image is:
+--[ RSA 2048]----+
| o+ o=o |
| . .=+. |
| o...B. |
| o +.E o |
| S+.o . |
| . .o |
| o . |
| o |
| . |
+-----------------+
#
这样会在当前用户的home目录里生成一对密钥(key)—— 私钥id_rsa和公钥id_rsa.pub:
代码: 全选
# cd ~/.ssh
# pwd
/root/.ssh
# ls -la
total 28
drwx------ 2 root wheel 512 Nov 28 10:40 .
drwx------ 3 root wheel 512 Nov 27 23:57 ..
-rw------- 1 root wheel 4021 Nov 28 10:40 id_rsa
-rw-r--r-- 1 root wheel 895 Nov 28 10:40 id_rsa.pub
-rw-r--r-- 1 root wheel 808 Nov 28 02:20 known_hosts
代码: 全选
# rm id_rsa
# mv id_rsa.pub authorized_keys估计多数会员都知道了怎样从另一台OpenBSD主机上登录到这个设置密钥的web服务器(192.168.2.35), 但是为了方便不太熟悉的会员,我在这里简要说一下,我们假设想从另一台主机登录到这个需要密钥认证的服务器。先在另一台主机上生成认证密钥:
代码: 全选
# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
4d:e6:3e:19:3f:fa:77:c6:ac:f7:67:46:52:cb:58:c4 root@9971.us
The key's randomart image is:
+--[ RSA 2048]----+
| . |
| E |
| o . |
| = ..|
| S + +..|
| . + ..o.|
| + o = |
| o .. X|
| .....B+|
+-----------------+
# cd ~/.ssh
# ls -la
total 20
drwx------ 2 root wheel 512 Nov 28 05:35 .
drwx------ 3 root wheel 512 Nov 28 05:35 ..
-rw------- 1 root wheel 1766 Nov 28 05:36 id_rsa
-rw-r--r-- 1 root wheel 399 Nov 28 05:36 id_rsa.pub
-rw-r--r-- 1 root wheel 394 Nov 28 05:18 known_hosts
#
将公钥文件id_rsa.pub文件传到web服务器所在的机器上
代码: 全选
# scp ~/.ssh/id_rsa.pub root@192.168.2.35:
root@192.168.2.35's password:
id_rsa.pub 100% 399 0.4KB/s 00:00
#
因为目前还未禁止使用密码验证登录,所以我们可以ssh到web服务器上将传过来的另一台主机的公钥文件加入到 ~/.ssh/authorized_keys里,用下面的命令:
代码: 全选
# ssh root@192.168.2.35
......
# cat id_rsa.pub >> ~/.ssh/authorized_keys
我们再退出192,168.2.35的登录, 并在另一台主机上再次进行登录尝试:
代码: 全选
# ssh root@192.168.2.35
Enter passphrase for key '/root/.ssh/id_rsa':
Last login: Sun Nov 28 13:39:29 2010 from 192.168.8.12
OpenBSD 4.8-stable (GENERIC) #0: Sun Nov 28 00:50:23 CST 2010
Welcome to OpenBSD: The proactively secure Unix-like operating system.
Please use the sendbug(1) utility to report bugs in the system.
Before reporting a bug, please try to reproduce it with the latest
version of the code. With bug reports, please try to ensure that
enough information to reproduce the problem is enclosed, and if a
known fix for it exists, include that as well.
#
我们这里再说明一下在Windows里如何操作,首先先说明某些windows下的sftp客户端对加密位数有限制, 我知道的目前可以用密钥进行认证sftp客户端有两个(如果您知道其他的请补充),winscp和flashfxp, 前面也是大家熟悉的软件了,我介绍一下后一款软件如何设置。这里假设我们要远程登录的web服务器IP地址为192.168.2.35,点击Site Manager,出现如下画面:
点击Connection选项卡,点击Key Manager
会出现一个认证管理界面,里面一个已经存在加密证书是我这里已经有的,如果你是第一次设置,这里应该是空的,点击import
命名一个Common Name(我们这里用gobsd.org),然后选择你刚才导出的私钥文件,并输入加密短语并save:
点击apply,将设置内容保存在该站点的配置里,这样下次就不用再次设置了。
flashfxp的设置到此就结束了,记住只有4.0以上的版本才支持RSA的密钥认证方式,3.X的版本仅支持sftp密码认证方式。
下面说一下,Windows下的远程ssh工具PuTTY系列。因为PuTTY的密钥格式与OpenSSH自己生成的不同,我们需要先用PuTTY Key Generator将ssh-keygen生成私钥转化为PuTTY自己的格式,在Windows下运行PUTTYGEN.exe这个文件,加密类型和位数不用填写,该软件可以自动判别出来。点击load
我们选择生成的私钥文件id_rsa, 导入的文件类型要选择all files才可以。
这个画面表示私钥导入成功
输入加密短语后,选择save private key
我们将这个PuTTY格式的密钥文件命名为web.ppk,点击save
然后运行PuTTY.exe,进行ssh连接客户端设置。在Hostname处输入IP地址或域名
切换到左边ssh选项下的auth项,该项表示认证方式,点击Browse..., 选择刚生成的PuTYY格式的密钥web.ppk:
切换回Session,并保存,这样不必每次都重新导入短语。
都设置好后,点击Open尝试一下。
代码: 全选
login as: root
Authenticating with public key "imported-openssh-key"
Passphrase for key "imported-openssh-key":
Last login: Sun Nov 28 09:55:43 2010 from 192.168.8.8
OpenBSD 4.8-stable (GENERIC) #0: Sun Nov 28 00:50:23 CST 2010
Welcome to OpenBSD: The proactively secure Unix-like operating system.
Please use the sendbug(1) utility to report bugs in the system.
Before reporting a bug, please try to reproduce it with the latest
version of the code. With bug reports, please try to ensure that
enough information to reproduce the problem is enclosed, and if a
known fix for it exists, include that as well.
#
加固ssh安全登录,既然是web服务器,你可能想让他更安全一些,目前linux使用的OpenSSH有的还是4.X的版本,我们在OpenBSD上可以享用高版本,目前4.8自带的版本为OpenSSH5.6。
首先,如果你愿意,可以修改OpenSSH的登录也端口,除了22,自己随便设置,编辑 /etc/ssh/sshd_config 这个文件,将
代码: 全选
#Port 22
代码: 全选
Port 2022然后禁用密码认证方式,将
代码: 全选
# PasswordAuthentication yes
代码: 全选
PasswordAuthentication no
在OpenBSD中wheel组的成员可以使用su(1)命令变成root,所以你可以将一个用户加入到wheel组,然后这个用户可以执行su命令将身份转换为root。例如,将一个已经存在的用户9971加到wheel组内,你只需修改 /etc/group 文件就可以将用户9971添加到"wheel"组。还有一个方法是在用adduser(8)新添加一个用户时, 您可以在系统询问"Invite user into other groups:"时将这个用户添加到wheel组, 系统会修改您的/etc/group文件, 看起来就像这样:
代码: 全选
wheel:*:0:root, 9971接下来是禁止root登录,将
代码: 全选
#PermitRootLogin yes
代码: 全选
PermitRootLogin no
还可以将最大登录尝试次数修改一下,例如我们修改为3次,将
代码: 全选
#MaxAuthTries 6
代码: 全选
MaxAuthTries 3
如果你愿意的话,还可以配合chroot OpenSSH一起使用。自己网上找资料吧,这里不再赘述了。
利用PF阻止欺骗者
利用PF阻止OpenSSH暴力密码破解,我这里的PF配置文件是 /etc/gobsd.org ,所以:
代码: 全选
# vi /etc/gobsd.org代码: 全选
table <bruteforce> persist
block quick from <bruteforce>
..............................................................................
pass quick proto {tcp udp} to port ssh\
keep state (max-src-conn 100,max-src-conn-rate 15/5,\
overload <bruteforce> flush global)
代码: 全选
# pfctl -t bruteforce -T expire 99710此外还可以利用PF限制SSH的登录IP地址段等。
最后友情提示一下,如果你正在升级或更新,并已经安装了新内核,请先编译好用户岛后、再进行创建密钥的工作,否则可能生成的密钥无法使用。
茶余饭后看看网上某些人的表演也是一种消遣,下面的log是我在2009年的记录的,为了验证OpenSSH密码的强度,当时并没有修改默认的OpenSSH端口,而且并没有设置RSA或DSA密钥,仅用PF规则对反复尝试暴力破解OpenSSH密码进行了限制,此外当时web服务器的IP地址是192.168.1.35,为了配合本篇文章,特意将地址全部修改为192.168.2.35, 特此说明:
代码: 全选
Oct 29 15:41:53.234860 rule 5/(match) pass in on re1: 78.129.203.130.44637 > 192.168.2.35.22: S 42168388:42168388(0) win 65535 <mss 1452,nop,nop,sackOK>
Oct 29 17:03:00.593456 rule 5/(match) pass in on re1: 78.129.203.130.48939 > 192.168.2.35.22: S 3835272401:3835272401(0) win 5840 <mss 1452> (DF)
Oct 29 17:03:03.335396 rule 5/(match) pass in on re1: 78.129.203.130.49162 > 192.168.2.35.22: S 3850033388:3850033388(0) win 5840 <mss 1452> (DF)
Oct 29 17:03:04.736428 rule 5/(match) pass in on re1: 78.129.203.130.49289 > 192.168.2.35.22: S 3846935941:3846935941(0) win 5840 <mss 1452> (DF)
Oct 29 17:03:06.124476 rule 5/(match) pass in on re1: 78.129.203.130.49390 > 192.168.2.35.22: S 3839762190:3839762190(0) win 5840 <mss 1452> (DF)
Oct 29 17:03:07.503950 rule 5/(match) pass in on re1: 78.129.203.130.49506 > 192.168.2.35.22: S 3849054164:3849054164(0) win 5840 <mss 1452> (DF)
Oct 29 17:03:08.870662 rule 5/(match) pass in on re1: 78.129.203.130.49627 > 192.168.2.35.22: S 3852427920:3852427920(0) win 5840 <mss 1452> (DF)
Oct 29 17:03:10.394701 rule 5/(match) pass in on re1: 78.129.203.130.49753 > 192.168.2.35.22: S 3845103012:3845103012(0) win 5840 <mss 1452> (DF)
Oct 29 17:03:11.795342 rule 5/(match) pass in on re1: 78.129.203.130.49862 > 192.168.2.35.22: S 3844162955:3844162955(0) win 5840 <mss 1452> (DF)
Oct 29 17:03:13.161297 rule 5/(match) pass in on re1: 78.129.203.130.49978 > 192.168.2.35.22: S 3858922886:3858922886(0) win 5840 <mss 1452> (DF)
Oct 29 17:03:14.533576 rule 5/(match) pass in on re1: 78.129.203.130.50106 > 192.168.2.35.22: S 3850543029:3850543029(0) win 5840 <mss 1452> (DF)
Oct 29 17:03:16.101035 rule 5/(match) pass in on re1: 78.129.203.130.50227 > 192.168.2.35.22: S 3858326177:3858326177(0) win 5840 <mss 1452> (DF)
Oct 29 17:03:17.500742 rule 5/(match) pass in on re1: 78.129.203.130.50342 > 192.168.2.35.22: S 3852789790:3852789790(0) win 5840 <mss 1452> (DF)
Oct 29 17:03:18.872800 rule 5/(match) pass in on re1: 78.129.203.130.50460 > 192.168.2.35.22: S 3850839969:3850839969(0) win 5840 <mss 1452> (DF)
Oct 29 17:03:20.248067 rule 5/(match) pass in on re1: 78.129.203.130.50574 > 192.168.2.35.22: S 3854578590:3854578590(0) win 5840 <mss 1452> (DF)
Oct 29 17:03:21.730243 rule 5/(match) pass in on re1: 78.129.203.130.50683 > 192.168.2.35.22: S 3862612599:3862612599(0) win 5840 <mss 1452> (DF)
Oct 29 17:03:23.131168 rule 5/(match) pass in on re1: 78.129.203.130.50790 > 192.168.2.35.22: S 3870535224:3870535224(0) win 5840 <mss 1452> (DF)
Oct 29 17:03:24.527403 rule 5/(match) pass in on re1: 78.129.203.130.50906 > 192.168.2.35.22: S 3860611615:3860611615(0) win 5840 <mss 1452> (DF)
Oct 29 17:03:25.900437 rule 5/(match) pass in on re1: 78.129.203.130.51016 > 192.168.2.35.22: S 3857647266:3857647266(0) win 5840 <mss 1452> (DF)
Oct 29 17:03:27.291265 rule 5/(match) pass in on re1: 78.129.203.130.51128 > 192.168.2.35.22: S 3862195770:3862195770(0) win 5840 <mss 1452> (DF)
Oct 29 17:03:28.671486 rule 5/(match) pass in on re1: 78.129.203.130.51237 > 192.168.2.35.22: S 3866677786:3866677786(0) win 5840 <mss 1452> (DF)
Oct 29 17:03:30.209134 rule 5/(match) pass in on re1: 78.129.203.130.51359 > 192.168.2.35.22: S 3873058527:3873058527(0) win 5840 <mss 1452> (DF)
Oct 29 17:03:31.584881 rule 5/(match) pass in on re1: 78.129.203.130.51459 > 192.168.2.35.22: S 3873616350:3873616350(0) win 5840 <mss 1452> (DF)
Oct 29 17:03:32.962989 rule 5/(match) pass in on re1: 78.129.203.130.51558 > 192.168.2.35.22: S 3879117589:3879117589(0) win 5840 <mss 1452> (DF)
Oct 29 17:03:34.348744 rule 5/(match) pass in on re1: 78.129.203.130.51679 > 192.168.2.35.22: S 3868022401:3868022401(0) win 5840 <mss 1452> (DF)
Oct 29 17:03:35.728216 rule 5/(match) pass in on re1: 78.129.203.130.51786 > 192.168.2.35.22: S 3868828370:3868828370(0) win 5840 <mss 1452> (DF)
Oct 29 17:03:37.655095 rule 5/(match) pass in on re1: 78.129.203.130.51932 > 192.168.2.35.22: S 3871683116:3871683116(0) win 5840 <mss 1452> (DF)
Oct 29 17:03:39.030865 rule 5/(match) pass in on re1: 78.129.203.130.52037 > 192.168.2.35.22: S 3875364205:3875364205(0) win 5840 <mss 1452> (DF)
Oct 29 17:03:40.426828 rule 5/(match) pass in on re1: 78.129.203.130.52163 > 192.168.2.35.22: S 3883538384:3883538384(0) win 5840 <mss 1452> (DF)
Oct 29 17:03:41.825775 rule 5/(match) pass in on re1: 78.129.203.130.52260 > 192.168.2.35.22: S 3885518149:3885518149(0) win 5840 <mss 1452> (DF)
Oct 29 17:03:43.283592 rule 5/(match) pass in on re1: 78.129.203.130.52379 > 192.168.2.35.22: S 3884123516:3884123516(0) win 5840 <mss 1452> (DF)
Oct 29 17:03:44.743393 rule 5/(match) pass in on re1: 78.129.203.130.52491 > 192.168.2.35.22: S 3886615162:3886615162(0) win 5840 <mss 1452> (DF)
Oct 29 17:03:46.480830 rule 5/(match) pass in on re1: 78.129.203.130.52627 > 192.168.2.35.22: S 3880582707:3880582707(0) win 5840 <mss 1452> (DF)
Oct 29 17:03:48.270355 rule 5/(match) pass in on re1: 78.129.203.130.52763 > 192.168.2.35.22: S 3886545292:3886545292(0) win 5840 <mss 1452> (DF)
Oct 29 17:03:50.016121 rule 5/(match) pass in on re1: 78.129.203.130.52915 > 192.168.2.35.22: S 3888176139:3888176139(0) win 5840 <mss 1452> (DF)
Oct 29 17:03:52.228048 rule 5/(match) pass in on re1: 78.129.203.130.53066 > 192.168.2.35.22: S 3890318865:3890318865(0) win 5840 <mss 1452> (DF)
Oct 29 17:03:53.934762 rule 5/(match) pass in on re1: 78.129.203.130.53206 > 192.168.2.35.22: S 3890626263:3890626263(0) win 5840 <mss 1452> (DF)
Oct 29 17:04:10.385524 rule 5/(match) pass in on re1: 78.129.203.130.53789 > 192.168.2.35.22: S 3903706486:3903706486(0) win 5840 <mss 1452> (DF)
Oct 30 03:11:19.400849 rule 5/(match) pass in on re1: 68.167.41.234.55463 > 192.168.2.35.22: S 1015784038:1015784038(0) win 5840 <mss 1380,sackOK,timestamp 233515772[|tcp]> (DF)
Oct 30 03:12:25.126470 rule 5/(match) pass in on re1: 68.167.41.234.6418 > 192.168.2.35.22: S 4072076376:4072076376(0) win 5840 <mss 1380,sackOK,timestamp 233522331[|tcp]> (DF)
Oct 30 03:12:26.238718 rule 5/(match) pass in on re1: 68.167.41.234.55222 > 192.168.2.35.22: S 283085786:283085786(0) win 5840 <mss 1380,sackOK,timestamp 233522455[|tcp]> (DF)
Oct 30 03:12:27.216627 rule 5/(match) pass in on re1: 68.167.41.234.23207 > 192.168.2.35.22: S 748158596:748158596(0) win 5840 <mss 1380,sackOK,timestamp 233522553[|tcp]> (DF)
Oct 30 03:12:31.691131 rule 5/(match) pass in on re1: 68.167.41.234.1387 > 192.168.2.35.22: S 136980015:136980015(0) win 5840 <mss 1380,sackOK,timestamp 233523000[|tcp]> (DF)
Oct 30 03:12:32.640608 rule 5/(match) pass in on re1: 68.167.41.234.26880 > 192.168.2.35.22: S 1107718803:1107718803(0) win 5840 <mss 1380,sackOK,timestamp 233523095[|tcp]> (DF)
Oct 30 03:12:33.778132 rule 5/(match) pass in on re1: 68.167.41.234.38348 > 192.168.2.35.22: S 98844509:98844509(0) win 5840 <mss 1380,sackOK,timestamp 233523209[|tcp]> (DF)
Oct 30 03:12:35.072574 rule 5/(match) pass in on re1: 68.167.41.234.48600 > 192.168.2.35.22: S 533809159:533809159(0) win 5840 <mss 1380,sackOK,timestamp 233523338[|tcp]> (DF)
Oct 30 03:12:36.716902 rule 5/(match) pass in on re1: 68.167.41.234.23781 > 192.168.2.35.22: S 1080762182:1080762182(0) win 5840 <mss 1380,sackOK,timestamp 233523503[|tcp]> (DF)
Oct 30 03:12:41.246583 rule 5/(match) pass in on re1: 68.167.41.234.34088 > 192.168.2.35.22: S 320182888:320182888(0) win 5840 <mss 1380,sackOK,timestamp 233523956[|tcp]> (DF)
Oct 30 03:12:46.665363 rule 5/(match) pass in on re1: 68.167.41.234.8122 > 192.168.2.35.22: S 882555348:882555348(0) win 5840 <mss 1380,sackOK,timestamp 233524498[|tcp]> (DF)
Oct 30 03:12:49.235117 rule 5/(match) pass in on re1: 68.167.41.234.49497 > 192.168.2.35.22: S 4282949775:4282949775(0) win 5840 <mss 1380,sackOK,timestamp 233524754[|tcp]> (DF)
Oct 30 03:12:51.726203 rule 5/(match) pass in on re1: 68.167.41.234.22695 > 192.168.2.35.22: S 882722792:882722792(0) win 5840 <mss 1380,sackOK,timestamp 233525004[|tcp]> (DF)
Oct 30 03:12:52.660460 rule 5/(match) pass in on re1: 68.167.41.234.17199 > 192.168.2.35.22: S 1422806966:1422806966(0) win 5840 <mss 1380,sackOK,timestamp 233525097[|tcp]> (DF)
Oct 30 03:12:55.199380 rule 5/(match) pass in on re1: 68.167.41.234.47500 > 192.168.2.35.22: S 823259341:823259341(0) win 5840 <mss 1380,sackOK,timestamp 233525351[|tcp]> (DF)
Oct 30 03:12:56.284896 rule 5/(match) pass in on re1: 68.167.41.234.4545 > 192.168.2.35.22: S 1204573211:1204573211(0) win 5840 <mss 1380,sackOK,timestamp 233525460[|tcp]> (DF)
Oct 30 03:12:57.725795 rule 5/(match) pass in on re1: 68.167.41.234.46716 > 192.168.2.35.22: S 4000145321:4000145321(0) win 5840 <mss 1380,sackOK,timestamp 233525603[|tcp]> (DF)
Oct 30 03:12:58.645509 rule 5/(match) pass in on re1: 68.167.41.234.10006 > 192.168.2.35.22: S 4238810178:4238810178(0) win 5840 <mss 1380,sackOK,timestamp 233525696[|tcp]> (DF)
Oct 30 03:12:59.582430 rule 5/(match) pass in on re1: 68.167.41.234.24825 > 192.168.2.35.22: S 997159791:997159791(0) win 5840 <mss 1380,sackOK,timestamp 233525790[|tcp]> (DF)
Oct 30 03:13:00.632046 rule 5/(match) pass in on re1: 68.167.41.234.63218 > 192.168.2.35.22: S 979976372:979976372(0) win 5840 <mss 1380,sackOK,timestamp 233525894[|tcp]> (DF)
Oct 30 03:13:01.756996 rule 5/(match) pass in on re1: 68.167.41.234.38863 > 192.168.2.35.22: S 129765577:129765577(0) win 5840 <mss 1380,sackOK,timestamp 233526007[|tcp]> (DF)
Oct 30 03:13:02.834118 rule 5/(match) pass in on re1: 68.167.41.234.4424 > 192.168.2.35.22: S 1141685218:1141685218(0) win 5840 <mss 1380,sackOK,timestamp 233526115[|tcp]> (DF)
Oct 30 03:13:03.800196 rule 5/(match) pass in on re1: 68.167.41.234.39347 > 192.168.2.35.22: S 147341764:147341764(0) win 5840 <mss 1380,sackOK,timestamp 233526211[|tcp]> (DF)
Oct 30 03:13:04.892857 rule 5/(match) pass in on re1: 68.167.41.234.21091 > 192.168.2.35.22: S 1737451369:1737451369(0) win 5840 <mss 1380,sackOK,timestamp 233526320[|tcp]> (DF)
Oct 30 03:13:06.000380 rule 5/(match) pass in on re1: 68.167.41.234.52816 > 192.168.2.35.22: S 1233397516:1233397516(0) win 5840 <mss 1380,sackOK,timestamp 233526431[|tcp]> (DF)
Oct 30 03:13:06.954848 rule 5/(match) pass in on re1: 68.167.41.234.64243 > 192.168.2.35.22: S 1448515679:1448515679(0) win 5840 <mss 1380,sackOK,timestamp 233526527[|tcp]> (DF)
Oct 30 03:13:07.959278 rule 5/(match) pass in on re1: 68.167.41.234.45720 > 192.168.2.35.22: S 1322691888:1322691888(0) win 5840 <mss 1380,sackOK,timestamp 233526627[|tcp]> (DF)
Oct 30 03:13:09.163581 rule 5/(match) pass in on re1: 68.167.41.234.14637 > 192.168.2.35.22: S 1154046803:1154046803(0) win 5840 <mss 1380,sackOK,timestamp 233526735[|tcp]> (DF)
Oct 30 03:13:10.117100 rule 5/(match) pass in on re1: 68.167.41.234.42500 > 192.168.2.35.22: S 489104689:489104689(0) win 5840 <mss 1380,sackOK,timestamp 233526843[|tcp]> (DF)
Oct 30 03:13:11.125227 rule 5/(match) pass in on re1: 68.167.41.234.63735 > 192.168.2.35.22: S 499762152:499762152(0) win 5840 <mss 1380,sackOK,timestamp 233526944[|tcp]> (DF)
Oct 30 03:13:13.646401 rule 5/(match) pass in on re1: 68.167.41.234.19168 > 192.168.2.35.22: S 430513018:430513018(0) win 5840 <mss 1380,sackOK,timestamp 233527196[|tcp]> (DF)
Oct 30 03:13:14.601889 rule 5/(match) pass in on re1: 68.167.41.234.6252 > 192.168.2.35.22: S 1739677448:1739677448(0) win 5840 <mss 1380,sackOK,timestamp 233527291[|tcp]> (DF)
Oct 30 03:13:15.589627 rule 5/(match) pass in on re1: 68.167.41.234.1603 > 192.168.2.35.22: S 895862830:895862830(0) win 5840 <mss 1380,sackOK,timestamp 233527390[|tcp]> (DF)
Oct 30 03:13:16.806944 rule 5/(match) pass in on re1: 68.167.41.234.5906 > 192.168.2.35.22: S 1314935530:1314935530(0) win 5840 <mss 1380,sackOK,timestamp 233527512[|tcp]> (DF)
Oct 30 03:13:21.240592 rule 5/(match) pass in on re1: 68.167.41.234.16694 > 192.168.2.35.22: S 1454442853:1454442853(0) win 5840 <mss 1380,sackOK,timestamp 233527956[|tcp]> (DF)
Oct 30 03:13:22.317237 rule 5/(match) pass in on re1: 68.167.41.234.12140 > 192.168.2.35.22: S 918405635:918405635(0) win 5840 <mss 1380,sackOK,timestamp 233528063[|tcp]> (DF)
Oct 30 03:13:23.314611 rule 5/(match) pass in on re1: 68.167.41.234.1140 > 192.168.2.35.22: S 973903231:973903231(0) win 5840 <mss 1380,sackOK,timestamp 233528162[|tcp]> (DF)
Oct 30 03:13:25.856435 rule 5/(match) pass in on re1: 68.167.41.234.21139 > 192.168.2.35.22: S 584143364:584143364(0) win 5840 <mss 1380,sackOK,timestamp 233528417[|tcp]> (DF)
Oct 30 03:13:26.801823 rule 5/(match) pass in on re1: 68.167.41.234.31340 > 192.168.2.35.22: S 1064352405:1064352405(0) win 5840 <mss 1380,sackOK,timestamp 233528511[|tcp]> (DF)
Oct 30 03:13:27.824457 rule 5/(match) pass in on re1: 68.167.41.234.45180 > 192.168.2.35.22: S 82158196:82158196(0) win 5840 <mss 1380,sackOK,timestamp 233528614[|tcp]> (DF)
Oct 30 03:13:28.846781 rule 5/(match) pass in on re1: 68.167.41.234.40373 > 192.168.2.35.22: S 421530855:421530855(0) win 5840 <mss 1380,sackOK,timestamp 233528716[|tcp]> (DF)
Oct 30 03:13:30.101980 rule 5/(match) pass in on re1: 68.167.41.234.15053 > 192.168.2.35.22: S 490000586:490000586(0) win 5840 <mss 1380,sackOK,timestamp 233528841[|tcp]> (DF)
Nov 03 00:16:16.104451 rule 5/(match) pass in on re1: 60.199.248.136.65024 > 192.168.2.35.22: S 2139492908:2139492908(0) win 65535 <mss 1452,nop,nop,sackOK>
Nov 03 00:23:48.085187 rule 5/(match) pass in on re1: 60.199.248.136.54889 > 192.168.2.35.22: S 1883288057:1883288057(0) win 5840 <mss 1452,sackOK,timestamp 3127184251[|tcp]> (DF)
Nov 03 00:23:50.348150 rule 5/(match) pass in on re1: 60.199.248.136.55121 > 192.168.2.35.22: S 1890464207:1890464207(0) win 5840 <mss 1452,sackOK,timestamp 3127184813[|tcp]> (DF)
Nov 03 00:23:52.654420 rule 5/(match) pass in on re1: 60.199.248.136.55354 > 192.168.2.35.22: S 1898388046:1898388046(0) win 5840 <mss 1452,sackOK,timestamp 3127185390[|tcp]> (DF)
Nov 03 00:23:54.902492 rule 5/(match) pass in on re1: 60.199.248.136.55593 > 192.168.2.35.22: S 1892719533:1892719533(0) win 5840 <mss 1452,sackOK,timestamp 3127185953[|tcp]> (DF)
Nov 03 00:23:57.445584 rule 5/(match) pass in on re1: 60.199.248.136.55862 > 192.168.2.35.22: S 1901959771:1901959771(0) win 5840 <mss 1452,sackOK,timestamp 3127186587[|tcp]> (DF)
Nov 03 00:23:59.836171 rule 5/(match) pass in on re1: 60.199.248.136.56136 > 192.168.2.35.22: S 1908859749:1908859749(0) win 5840 <mss 1452,sackOK,timestamp 3127187188[|tcp]> (DF)
Nov 03 00:24:01.955818 rule 5/(match) pass in on re1: 60.199.248.136.56367 > 192.168.2.35.22: S 1909590896:1909590896(0) win 5840 <mss 1452,sackOK,timestamp 3127187715[|tcp]> (DF)
Nov 03 00:24:04.529697 rule 5/(match) pass in on re1: 60.199.248.136.56633 > 192.168.2.35.22: S 1908142253:1908142253(0) win 5840 <mss 1452,sackOK,timestamp 3127188358[|tcp]> (DF)
Nov 03 00:24:06.802511 rule 5/(match) pass in on re1: 60.199.248.136.56894 > 192.168.2.35.22: S 1916006509:1916006509(0) win 5840 <mss 1452,sackOK,timestamp 3127188929[|tcp]> (DF)
Nov 03 00:24:08.892527 rule 5/(match) pass in on re1: 60.199.248.136.57121 > 192.168.2.35.22: S 1903879975:1903879975(0) win 5840 <mss 1452,sackOK,timestamp 3127189449[|tcp]> (DF)
Nov 03 00:24:11.023445 rule 5/(match) pass in on re1: 60.199.248.136.57367 > 192.168.2.35.22: S 1914709443:1914709443(0) win 5840 <mss 1452,sackOK,timestamp 3127189984[|tcp]> (DF)
Nov 03 00:24:13.091299 rule 5/(match) pass in on re1: 60.199.248.136.57583 > 192.168.2.35.22: S 1913995573:1913995573(0) win 5840 <mss 1452,sackOK,timestamp 3127190498[|tcp]> (DF)
Nov 03 00:24:15.232080 rule 5/(match) pass in on re1: 60.199.248.136.57802 > 192.168.2.35.22: S 1919452010:1919452010(0) win 5840 <mss 1452,sackOK,timestamp 3127191034[|tcp]> (DF)
Nov 03 00:24:17.367935 rule 5/(match) pass in on re1: 60.199.248.136.58006 > 192.168.2.35.22: S 1917988048:1917988048(0) win 5840 <mss 1452,sackOK,timestamp 3127191567[|tcp]> (DF)
Nov 03 00:24:19.520309 rule 5/(match) pass in on re1: 60.199.248.136.58212 > 192.168.2.35.22: S 1928905016:1928905016(0) win 5840 <mss 1452,sackOK,timestamp 3127192105[|tcp]> (DF)
Nov 03 00:35:26.187133 rule 5/(match) pass in on re1: 200.35.146.176.7100 > 192.168.2.35.22: S 1472701225:1472701225(0) win 65535 <mss 1452,nop,nop,sackOK>
Nov 03 00:38:38.302813 rule 5/(match) pass in on re1: 200.35.146.176.35761 > 192.168.2.35.22: S 1608995657:1608995657(0) win 5840 <mss 1452,sackOK,timestamp 455993061[|tcp]> (DF)
Nov 03 00:38:40.316223 rule 5/(match) pass in on re1: 200.35.146.176.35970 > 192.168.2.35.22: S 1600785421:1600785421(0) win 5840 <mss 1452,sackOK,timestamp 455995073[|tcp]> (DF)
Nov 03 00:38:41.557942 rule 5/(match) pass in on re1: 200.35.146.176.36118 > 192.168.2.35.22: S 1608529394:1608529394(0) win 5840 <mss 1452,sackOK,timestamp 455996315[|tcp]> (DF)
Nov 03 00:38:42.811248 rule 5/(match) pass in on re1: 200.35.146.176.36268 > 192.168.2.35.22: S 1612177540:1612177540(0) win 5840 <mss 1452,sackOK,timestamp 455997569[|tcp]> (DF)
Nov 03 00:38:44.038357 rule 5/(match) pass in on re1: 200.35.146.176.36425 > 192.168.2.35.22: S 1604781643:1604781643(0) win 5840 <mss 1452,sackOK,timestamp 455998793[|tcp]> (DF)
Nov 03 00:38:45.276773 rule 5/(match) pass in on re1: 200.35.146.176.36538 > 192.168.2.35.22: S 1614402273:1614402273(0) win 5840 <mss 1452,sackOK,timestamp 456000035[|tcp]> (DF)
Nov 03 00:38:46.521334 rule 5/(match) pass in on re1: 200.35.146.176.36676 > 192.168.2.35.22: S 1603161800:1603161800(0) win 5840 <mss 1452,sackOK,timestamp 456001279[|tcp]> (DF)
Nov 03 00:38:47.753460 rule 5/(match) pass in on re1: 200.35.146.176.36845 > 192.168.2.35.22: S 1608066052:1608066052(0) win 5840 <mss 1452,sackOK,timestamp 456002512[|tcp]> (DF)
Nov 03 00:38:48.987343 rule 5/(match) pass in on re1: 200.35.146.176.54114 > 192.168.2.35.22: S 1630569455:1630569455(0) win 5840 <mss 1452,sackOK,timestamp 456003746[|tcp]> (DF)
Nov 03 00:38:50.216821 rule 5/(match) pass in on re1: 200.35.146.176.54262 > 192.168.2.35.22: S 1627008128:1627008128(0) win 5840 <mss 1452,sackOK,timestamp 456004976[|tcp]> (DF)
Nov 03 00:38:51.462823 rule 5/(match) pass in on re1: 200.35.146.176.54391 > 192.168.2.35.22: S 1632967927:1632967927(0) win 5840 <mss 1452,sackOK,timestamp 456006222[|tcp]> (DF)
Nov 03 00:38:52.710484 rule 5/(match) pass in on re1: 200.35.146.176.54542 > 192.168.2.35.22: S 1630677495:1630677495(0) win 5840 <mss 1452,sackOK,timestamp 456007470[|tcp]> (DF)
Nov 03 00:38:54.213929 rule 5/(match) pass in on re1: 200.35.146.176.54713 > 192.168.2.35.22: S 1638664004:1638664004(0) win 5840 <mss 1452,sackOK,timestamp 456008974[|tcp]> (DF)
Nov 03 00:38:55.753139 rule 5/(match) pass in on re1: 200.35.146.176.54853 > 192.168.2.35.22: S 1644478691:1644478691(0) win 5840 <mss 1452,sackOK,timestamp 456010513[|tcp]> (DF)
Nov 03 00:38:57.257603 rule 5/(match) pass in on re1: 200.35.146.176.55024 > 192.168.2.35.22: S 1645527216:1645527216(0) win 5840 <mss 1452,sackOK,timestamp 456012018[|tcp]> (DF)
Nov 03 00:38:58.496774 rule 5/(match) pass in on re1: 200.35.146.176.55152 > 192.168.2.35.22: S 1645270914:1645270914(0) win 5840 <mss 1452,sackOK,timestamp 456013257[|tcp]> (DF)
Nov 03 00:38:59.740888 rule 5/(match) pass in on re1: 200.35.146.176.55283 > 192.168.2.35.22: S 1636878125:1636878125(0) win 5840 <mss 1452,sackOK,timestamp 456014502[|tcp]> (DF)
Nov 03 00:39:00.967069 rule 5/(match) pass in on re1: 200.35.146.176.55412 > 192.168.2.35.22: S 1641675451:1641675451(0) win 5840 <mss 1452,sackOK,timestamp 456015728[|tcp]> (DF)
Nov 03 00:39:02.199219 rule 5/(match) pass in on re1: 200.35.146.176.55529 > 192.168.2.35.22: S 1648754993:1648754993(0) win 5840 <mss 1452,sackOK,timestamp 456016961[|tcp]> (DF)
Nov 03 00:39:03.426673 rule 5/(match) pass in on re1: 200.35.146.176.55671 > 192.168.2.35.22: S 1650422643:1650422643(0) win 5840 <mss 1452,sackOK,timestamp 456018188[|tcp]> (DF)
Nov 03 00:39:04.668903 rule 5/(match) pass in on re1: 200.35.146.176.55798 > 192.168.2.35.22: S 1643478442:1643478442(0) win 5840 <mss 1452,sackOK,timestamp 456019431[|tcp]> (DF)
Nov 03 00:39:05.901990 rule 5/(match) pass in on re1: 200.35.146.176.55908 > 192.168.2.35.22: S 1638537482:1638537482(0) win 5840 <mss 1452,sackOK,timestamp 456020664[|tcp]> (DF)
Nov 03 00:39:07.128344 rule 5/(match) pass in on re1: 200.35.146.176.56036 > 192.168.2.35.22: S 1642418009:1642418009(0) win 5840 <mss 1452,sackOK,timestamp 456021891[|tcp]> (DF)
Nov 03 00:39:08.356682 rule 5/(match) pass in on re1: 200.35.146.176.56160 > 192.168.2.35.22: S 1654010752:1654010752(0) win 5840 <mss 1452,sackOK,timestamp 456023119[|tcp]> (DF)
Nov 03 00:39:09.590530 rule 5/(match) pass in on re1: 200.35.146.176.56301 > 192.168.2.35.22: S 1642520567:1642520567(0) win 5840 <mss 1452,sackOK,timestamp 456024353[|tcp]> (DF)
Nov 03 00:39:10.841152 rule 5/(match) pass in on re1: 200.35.146.176.56410 > 192.168.2.35.22: S 1655797644:1655797644(0) win 5840 <mss 1452,sackOK,timestamp 456025604[|tcp]> (DF)
Nov 03 00:39:12.068333 rule 5/(match) pass in on re1: 200.35.146.176.56534 > 192.168.2.35.22: S 1653810901:1653810901(0) win 5840 <mss 1452,sackOK,timestamp 456026832[|tcp]> (DF)
Nov 03 00:39:13.307888 rule 5/(match) pass in on re1: 200.35.146.176.56670 > 192.168.2.35.22: S 1656153742:1656153742(0) win 5840 <mss 1452,sackOK,timestamp 456028072[|tcp]> (DF)
Nov 03 00:39:14.538102 rule 5/(match) pass in on re1: 200.35.146.176.56792 > 192.168.2.35.22: S 1648401560:1648401560(0) win 5840 <mss 1452,sackOK,timestamp 456029302[|tcp]> (DF)
Nov 04 02:05:46.800501 rule 5/(match) pass in on re1: 72.73.100.19.51699 > 192.168.2.35.22: S 2870312601:2870312601(0) win 5840 <mss 1452,sackOK,timestamp 2809917199[|tcp]> (DF)
Nov 04 02:08:28.402148 rule 5/(match) pass in on re1: 72.73.100.19.37400 > 192.168.2.35.22: S 3036592379:3036592379(0) win 5840 <mss 1452,sackOK,timestamp 2810078870[|tcp]> (DF)
Nov 04 02:08:29.891654 rule 5/(match) pass in on re1: 72.73.100.19.37430 > 192.168.2.35.22: S 3046637303:3046637303(0) win 5840 <mss 1452,sackOK,timestamp 2810080391[|tcp]> (DF)
Nov 04 02:08:31.325589 rule 5/(match) pass in on re1: 72.73.100.19.37461 > 192.168.2.35.22: S 3044456808:3044456808(0) win 5840 <mss 1452,sackOK,timestamp 2810081831[|tcp]> (DF)
Nov 04 02:08:32.891059 rule 5/(match) pass in on re1: 72.73.100.19.37504 > 192.168.2.35.22: S 3036953543:3036953543(0) win 5840 <mss 1452,sackOK,timestamp 2810083376[|tcp]> (DF)
Nov 04 02:08:34.151308 rule 5/(match) pass in on re1: 72.73.100.19.37537 > 192.168.2.35.22: S 3046968557:3046968557(0) win 5840 <mss 1452,sackOK,timestamp 2810084653[|tcp]> (DF)
Nov 04 02:08:35.425122 rule 5/(match) pass in on re1: 72.73.100.19.37570 > 192.168.2.35.22: S 3039736916:3039736916(0) win 5840 <mss 1452,sackOK,timestamp 2810085918[|tcp]> (DF)
Nov 04 02:08:36.753541 rule 5/(match) pass in on re1: 72.73.100.19.37606 > 192.168.2.35.22: S 3042640489:3042640489(0) win 5840 <mss 1452,sackOK,timestamp 2810087259[|tcp]> (DF)
Nov 04 02:08:37.995795 rule 5/(match) pass in on re1: 72.73.100.19.37634 > 192.168.2.35.22: S 3048304372:3048304372(0) win 5840 <mss 1452,sackOK,timestamp 2810088494[|tcp]> (DF)
Nov 04 02:08:38.510280 rule 5/(match) pass in on re1: 72.73.100.19.37679 > 192.168.2.35.22: S 3045979533:3045979533(0) win 5840 <mss 1452,sackOK,timestamp 2810088932[|tcp]> (DF)
Nov 04 02:08:40.004052 rule 5/(match) pass in on re1: 72.73.100.19.37723 > 192.168.2.35.22: S 3050179832:3050179832(0) win 5840 <mss 1452,sackOK,timestamp 2810090356[|tcp]> (DF)
Nov 04 02:08:41.008246 rule 5/(match) pass in on re1: 72.73.100.19.37756 > 192.168.2.35.22: S 3056027381:3056027381(0) win 5840 <mss 1452,sackOK,timestamp 2810091357[|tcp]> (DF)
Nov 04 02:08:41.667843 rule 5/(match) pass in on re1: 72.73.100.19.37800 > 192.168.2.35.22: S 3057975437:3057975437(0) win 5840 <mss 1452,sackOK,timestamp 2810091986[|tcp]> (DF)
Nov 04 02:08:42.634613 rule 5/(match) pass in on re1: 72.73.100.19.37836 > 192.168.2.35.22: S 3047148570:3047148570(0) win 5840 <mss 1452,sackOK,timestamp 2810092830[|tcp]> (DF)
Nov 04 02:08:44.179158 rule 5/(match) pass in on re1: 72.73.100.19.37880 > 192.168.2.35.22: S 3050216796:3050216796(0) win 5840 <mss 1452,sackOK,timestamp 2810094376[|tcp]> (DF)
Nov 04 02:08:45.587917 rule 5/(match) pass in on re1: 72.73.100.19.37919 > 192.168.2.35.22: S 3054911095:3054911095(0) win 5840 <mss 1452,sackOK,timestamp 2810095798[|tcp]> (DF)
Nov 04 02:08:46.564585 rule 5/(match) pass in on re1: 72.73.100.19.37942 > 192.168.2.35.22: S 3049419543:3049419543(0) win 5840 <mss 1452,sackOK,timestamp 2810096831[|tcp]> (DF)
Nov 04 02:08:47.787842 rule 5/(match) pass in on re1: 72.73.100.19.37978 > 192.168.2.35.22: S 3054050672:3054050672(0) win 5840 <mss 1452,sackOK,timestamp 2810098039[|tcp]> (DF)
Nov 04 02:08:49.155969 rule 5/(match) pass in on re1: 72.73.100.19.38022 > 192.168.2.35.22: S 3063036303:3063036303(0) win 5840 <mss 1452,sackOK,timestamp 2810099330[|tcp]> (DF)
Nov 04 02:08:50.057979 rule 5/(match) pass in on re1: 72.73.100.19.38047 > 192.168.2.35.22: S 3060208383:3060208383(0) win 5840 <mss 1452,sackOK,timestamp 2810100261[|tcp]> (DF)
Nov 04 02:08:51.418957 rule 5/(match) pass in on re1: 72.73.100.19.38082 > 192.168.2.35.22: S 3070132107:3070132107(0) win 5840 <mss 1452,sackOK,timestamp 2810101649[|tcp]> (DF)
Nov 04 02:08:51.833110 rule 5/(match) pass in on re1: 72.73.100.19.38123 > 192.168.2.35.22: S 3070499913:3070499913(0) win 5840 <mss 1452,sackOK,timestamp 2810102033[|tcp]> (DF)
Nov 04 02:08:53.121928 rule 5/(match) pass in on re1: 72.73.100.19.38175 > 192.168.2.35.22: S 3063199537:3063199537(0) win 5840 <mss 1452,sackOK,timestamp 2810103158[|tcp]> (DF)
Nov 04 02:08:54.139740 rule 5/(match) pass in on re1: 72.73.100.19.38196 > 192.168.2.35.22: S 3063846293:3063846293(0) win 5840 <mss 1452,sackOK,timestamp 2810104195[|tcp]> (DF)
Nov 04 02:08:55.117604 rule 5/(match) pass in on re1: 72.73.100.19.38274 > 192.168.2.35.22: S 3071691777:3071691777(0) win 5840 <mss 1452,sackOK,timestamp 2810105114[|tcp]> (DF)
Nov 04 02:08:56.030444 rule 5/(match) pass in on re1: 72.73.100.19.38293 > 192.168.2.35.22: S 3075154323:3075154323(0) win 5840 <mss 1452,sackOK,timestamp 2810106003[|tcp]> (DF)
Nov 04 02:08:56.915646 rule 5/(match) pass in on re1: 72.73.100.19.38321 > 192.168.2.35.22: S 3066454846:3066454846(0) win 5840 <mss 1452,sackOK,timestamp 2810106754[|tcp]> (DF)
Nov 04 02:08:58.569878 rule 5/(match) pass in on re1: 72.73.100.19.38364 > 192.168.2.35.22: S 3071926532:3071926532(0) win 5840 <mss 1452,sackOK,timestamp 2810108466[|tcp]> (DF)
Nov 04 02:08:59.929803 rule 5/(match) pass in on re1: 72.73.100.19.38378 > 192.168.2.35.22: S 3094355819:3094355819(0) win 5840 <mss 1452,sackOK,timestamp 2810109956[|tcp]> (DF)
Nov 04 02:09:01.057258 rule 5/(match) pass in on re1: 72.73.100.19.38427 > 192.168.2.35.22: S 3088424573:3088424573(0) win 5840 <mss 1452,sackOK,timestamp 2810111023[|tcp]> (DF)
Nov 04 02:09:01.672443 rule 5/(match) pass in on re1: 72.73.100.19.38448 > 192.168.2.35.22: S 3096068244:3096068244(0) win 5840 <mss 1452,sackOK,timestamp 2810111696[|tcp]> (DF)
Nov 04 02:09:02.731877 rule 5/(match) pass in on re1: 72.73.100.19.38495 > 192.168.2.35.22: S 3086214809:3086214809(0) win 5840 <mss 1452,sackOK,timestamp 2810112597[|tcp]> (DF)
Nov 04 02:09:04.519079 rule 5/(match) pass in on re1: 72.73.100.19.38531 > 192.168.2.35.22: S 3085302027:3085302027(0) win 5840 <mss 1452,sackOK,timestamp 2810114480[|tcp]> (DF)
Nov 04 02:09:05.232901 rule 5/(match) pass in on re1: 72.73.100.19.38576 > 192.168.2.35.22: S 3092908157:3092908157(0) win 5840 <mss 1452,sackOK,timestamp 2810115139[|tcp]> (DF)
Nov 04 02:09:06.086605 rule 5/(match) pass in on re1: 72.73.100.19.38612 > 192.168.2.35.22: S 3097367509:3097367509(0) win 5840 <mss 1452,sackOK,timestamp 2810115978[|tcp]> (DF)
Nov 04 02:09:07.268946 rule 5/(match) pass in on re1: 72.73.100.19.38651 > 192.168.2.35.22: S 3087569651:3087569651(0) win 5840 <mss 1452,sackOK,timestamp 2810117044[|tcp]> (DF)
Nov 04 02:09:08.143559 rule 5/(match) pass in on re1: 72.73.100.19.38667 > 192.168.2.35.22: S 3092409504:3092409504(0) win 5840 <mss 1452,sackOK,timestamp 2810118009[|tcp]> (DF)
Nov 04 02:09:08.418504 rule 5/(match) pass in on re1: 72.73.100.19.38705 > 192.168.2.35.22: S 3091041614:3091041614(0) win 5840 <mss 1452,sackOK,timestamp 2810118192[|tcp]> (DF)
Nov 04 02:09:09.462949 rule 5/(match) pass in on re1: 72.73.100.19.38763 > 192.168.2.35.22: S 3093549528:3093549528(0) win 5840 <mss 1452,sackOK,timestamp 2810119146[|tcp]> (DF)
Nov 04 02:09:11.788478 rule 5/(match) pass in on re1: 72.73.100.19.38802 > 192.168.2.35.22: S 3097336096:3097336096(0) win 5840 <mss 1452,sackOK,timestamp 2810121447[|tcp]> (DF)
Nov 04 02:09:12.858243 rule 5/(match) pass in on re1: 72.73.100.19.38833 > 192.168.2.35.22: S 3101533633:3101533633(0) win 5840 <mss 1452,sackOK,timestamp 2810122501[|tcp]> (DF)
Nov 04 02:09:13.711471 rule 5/(match) pass in on re1: 72.73.100.19.38856 > 192.168.2.35.22: S 3101924011:3101924011(0) win 5840 <mss 1452,sackOK,timestamp 2810123465[|tcp]> (DF)
Nov 04 02:09:14.917469 rule 5/(match) pass in on re1: 72.73.100.19.38897 > 192.168.2.35.22: S 3094266044:3094266044(0) win 5840 <mss 1452,sackOK,timestamp 2810124650[|tcp]> (DF)
Nov 04 02:09:15.918303 rule 5/(match) pass in on re1: 72.73.100.19.38915 > 192.168.2.35.22: S 3100119477:3100119477(0) win 5840 <mss 1452,sackOK,timestamp 2810125626[|tcp]> (DF)
Nov 04 02:09:16.279527 rule 5/(match) pass in on re1: 72.73.100.19.38933 > 192.168.2.35.22: S 3108785650:3108785650(0) win 5840 <mss 1452,sackOK,timestamp 2810125951[|tcp]> (DF)
Nov 04 02:09:17.302701 rule 5/(match) pass in on re1: 72.73.100.19.38974 > 192.168.2.35.22: S 3101607770:3101607770(0) win 5840 <mss 1452,sackOK,timestamp 2810126954[|tcp]> (DF)
Nov 04 02:09:18.615109 rule 5/(match) pass in on re1: 72.73.100.19.39041 > 192.168.2.35.22: S 3108337393:3108337393(0) win 5840 <mss 1452,sackOK,timestamp 2810128247[|tcp]> (DF)
Nov 04 02:09:19.735144 rule 5/(match) pass in on re1: 72.73.100.19.39077 > 192.168.2.35.22: S 3109171125:3109171125(0) win 5840 <mss 1452,sackOK,timestamp 2810129345[|tcp]> (DF)
Nov 04 02:09:21.164457 rule 5/(match) pass in on re1: 72.73.100.19.39111 > 192.168.2.35.22: S 3109266623:3109266623(0) win 5840 <mss 1452,sackOK,timestamp 2810130637[|tcp]> (DF)
Nov 04 02:09:22.068101 rule 5/(match) pass in on re1: 72.73.100.19.39131 > 192.168.2.35.22: S 3104841820:3104841820(0) win 5840 <mss 1452,sackOK,timestamp 2810131599[|tcp]> (DF)
Nov 04 02:09:23.548346 rule 5/(match) pass in on re1: 72.73.100.19.39168 > 192.168.2.35.22: S 3118034214:3118034214(0) win 5840 <mss 1452,sackOK,timestamp 2810133104[|tcp]> (DF)
Nov 04 02:09:24.542721 rule 5/(match) pass in on re1: 72.73.100.19.39188 > 192.168.2.35.22: S 3110870516:3110870516(0) win 5840 <mss 1452,sackOK,timestamp 2810134204[|tcp]> (DF)
Nov 04 02:09:24.975889 rule 5/(match) pass in on re1: 72.73.100.19.39204 > 192.168.2.35.22: S 3120162434:3120162434(0) win 5840 <mss 1452,sackOK,timestamp 2810134575[|tcp]> (DF)
Nov 04 02:09:25.980327 rule 3/(match) block in on re1: 72.73.100.19.39228 > 192.168.2.35.22: S 3114940699:3114940699(0) win 5840 <mss 1452,sackOK,timestamp 2810135583[|tcp]> (DF)
Nov 04 02:09:27.190352 rule 3/(match) block in on re1: 72.73.100.19.39262 > 192.168.2.35.22: S 3107533081:3107533081(0) win 5840 <mss 1452,sackOK,timestamp 2810136905[|tcp]> (DF)
Nov 04 02:09:28.152904 rule 3/(match) block in on re1: 72.73.100.19.39287 > 192.168.2.35.22: S 3116726808:3116726808(0) win 5840 <mss 1452,sackOK,timestamp 2810137925[|tcp]> (DF)
Nov 04 02:09:28.875422 rule 3/(match) block in on re1: 72.73.100.19.39228 > 192.168.2.35.22: S 3114940699:3114940699(0) win 5840 <mss 1452,sackOK,timestamp 2810138583[|tcp]> (DF)
Nov 04 02:09:29.311125 rule 3/(match) block in on re1: 72.73.100.19.39321 > 192.168.2.35.22: S 3117215271:3117215271(0) win 5840 <mss 1452,sackOK,timestamp 2810139013[|tcp]> (DF)
Nov 04 02:09:29.931755 rule 3/(match) block in on re1: 72.73.100.19.39333 > 192.168.2.35.22: S 3117034650:3117034650(0) win 5840 <mss 1452,sackOK,timestamp 2810139739[|tcp]> (DF)
Nov 04 02:09:30.087950 rule 3/(match) block in on re1: 72.73.100.19.39262 > 192.168.2.35.22: S 3107533081:3107533081(0) win 5840 <mss 1452,sackOK,timestamp 2810139905[|tcp]> (DF)
Nov 04 02:09:31.126216 rule 3/(match) block in on re1: 72.73.100.19.39287 > 192.168.2.35.22: S 3116726808:3116726808(0) win 5840 <mss 1452,sackOK,timestamp 2810140925[|tcp]> (DF)
Nov 04 02:09:31.266887 rule 3/(match) block in on re1: 72.73.100.19.39370 > 192.168.2.35.22: S 3120671337:3120671337(0) win 5840 <mss 1452,sackOK,timestamp 2810141073[|tcp]> (DF)
Nov 04 02:09:31.592139 rule 3/(match) block in on re1: 72.73.100.19.39411 > 192.168.2.35.22: S 3124212236:3124212236(0) win 5840 <mss 1452,sackOK,timestamp 2810141350[|tcp]> (DF)
Nov 04 02:09:32.267441 rule 3/(match) block in on re1: 72.73.100.19.39321 > 192.168.2.35.22: S 3117215271:3117215271(0) win 5840 <mss 1452,sackOK,timestamp 2810142013[|tcp]> (DF)
Nov 04 02:09:33.011524 rule 3/(match) block in on re1: 72.73.100.19.39333 > 192.168.2.35.22: S 3117034650:3117034650(0) win 5840 <mss 1452,sackOK,timestamp 2810142739[|tcp]> (DF)
Nov 04 02:09:34.458263 rule 3/(match) block in on re1: 72.73.100.19.39370 > 192.168.2.35.22: S 3120671337:3120671337(0) win 5840 <mss 1452,sackOK,timestamp 2810144073[|tcp]> (DF)
Nov 04 02:09:34.517088 rule 3/(match) block in on re1: 72.73.100.19.39188 > 192.168.2.35.22: . ack 1268399907 win 1460 <nop,nop,timestamp 2810144144 429327626,[|tcp]> (DF)
Nov 04 02:09:34.594678 rule 3/(match) block in on re1: 72.73.100.19.39188 > 192.168.2.35.22: F 0:0(0) ack 1 win 1460 <nop,nop,timestamp 2810144206 429327626> (DF)
Nov 04 02:09:34.750221 rule 3/(match) block in on re1: 72.73.100.19.39411 > 192.168.2.35.22: S 3124212236:3124212236(0) win 5840 <mss 1452,sackOK,timestamp 2810144350[|tcp]> (DF)
Nov 04 02:09:34.957197 rule 3/(match) block in on re1: 72.73.100.19.39204 > 192.168.2.35.22: . ack 1634707777 win 1460 <nop,nop,timestamp 2810144574 3654561616,[|tcp]> (DF)
Nov 04 02:09:34.965928 rule 3/(match) block in on re1: 72.73.100.19.39204 > 192.168.2.35.22: F 0:0(0) ack 1 win 1460 <nop,nop,timestamp 2810144577 3654561616> (DF)
Nov 04 02:09:34.967916 rule 3/(match) block in on re1: 72.73.100.19.39228 > 192.168.2.35.22: S 3114940699:3114940699(0) win 5840 <mss 1452,sackOK,timestamp 2810144583[|tcp]> (DF)
Nov 04 02:09:36.245749 rule 3/(match) block in on re1: 72.73.100.19.39262 > 192.168.2.35.22: S 3107533081:3107533081(0) win 5840 <mss 1452,sackOK,timestamp 2810145905[|tcp]> (DF)
Nov 04 02:09:37.199934 rule 3/(match) block in on re1: 72.73.100.19.39287 > 192.168.2.35.22: S 3116726808:3116726808(0) win 5840 <mss 1452,sackOK,timestamp 2810146925[|tcp]> (DF)
Nov 04 02:09:37.315950 rule 3/(match) block in on re1: 72.73.100.19.39188 > 192.168.2.35.22: F 0:0(0) ack 1 win 1460 <nop,nop,timestamp 2810147041 429327626> (DF)
Nov 04 02:09:37.886723 rule 3/(match) block in on re1: 72.73.100.19.39204 > 192.168.2.35.22: F 0:0(0) ack 1 win 1460 <nop,nop,timestamp 2810147621 3654561616> (DF)
Nov 04 02:09:38.299074 rule 3/(match) block in on re1: 72.73.100.19.39321 > 192.168.2.35.22: S 3117215271:3117215271(0) win 5840 <mss 1452,sackOK,timestamp 2810148013[|tcp]> (DF)
Nov 04 02:09:39.054408 rule 3/(match) block in on re1: 72.73.100.19.39333 > 192.168.2.35.22: S 3117034650:3117034650(0) win 5840 <mss 1452,sackOK,timestamp 2810148739[|tcp]> (DF)
Nov 04 02:09:40.387079 rule 3/(match) block in on re1: 72.73.100.19.39370 > 192.168.2.35.22: S 3120671337:3120671337(0) win 5840 <mss 1452,sackOK,timestamp 2810150073[|tcp]> (DF)
Nov 04 02:09:40.634595 rule 3/(match) block in on re1: 72.73.100.19.39411 > 192.168.2.35.22: S 3124212236:3124212236(0) win 5840 <mss 1452,sackOK,timestamp 2810150350[|tcp]> (DF)
Nov 04 02:09:41.798207 rule 3/(match) block in on re1: 72.73.100.19.39738 > 192.168.2.35.22: S 3122186066:3122186066(0) win 5840 <mss 1452,sackOK,timestamp 2810151404[|tcp]> (DF)
Nov 04 02:09:43.244553 rule 3/(match) block in on re1: 72.73.100.19.39188 > 192.168.2.35.22: F 0:0(0) ack 1 win 1460 <nop,nop,timestamp 2810152711 429327626> (DF)
Nov 04 02:09:44.248049 rule 3/(match) block in on re1: 72.73.100.19.39204 > 192.168.2.35.22: F 0:0(0) ack 1 win 1460 <nop,nop,timestamp 2810153709 3654561616> (DF)
Nov 04 02:09:44.987698 rule 3/(match) block in on re1: 72.73.100.19.39738 > 192.168.2.35.22: S 3122186066:3122186066(0) win 5840 <mss 1452,sackOK,timestamp 2810154404[|tcp]> (DF)
Nov 04 02:09:46.844910 rule 3/(match) block in on re1: 72.73.100.19.39188 > 192.168.2.35.22: . ack 1 win 1460 <nop,nop,timestamp 2810156147 429327650,[|tcp]> (DF)
Nov 04 02:09:47.310013 rule 3/(match) block in on re1: 72.73.100.19.39204 > 192.168.2.35.22: . ack 1 win 1460 <nop,nop,timestamp 2810156589 3654561640,[|tcp]> (DF)
Nov 04 02:09:50.761272 rule 3/(match) block in on re1: 72.73.100.19.39738 > 192.168.2.35.22: S 3122186066:3122186066(0) win 5840 <mss 1452,sackOK,timestamp 2810160404[|tcp]> (DF)
Nov 04 02:09:54.415341 rule 3/(match) block in on re1: 72.73.100.19.39188 > 192.168.2.35.22: F 0:0(0) ack 1 win 1460 <nop,nop,timestamp 2810164051 429327650> (DF)
Nov 04 02:09:56.309789 rule 3/(match) block in on re1: 72.73.100.19.39204 > 192.168.2.35.22: F 0:0(0) ack 1 win 1460 <nop,nop,timestamp 2810165885 3654561640> (DF)
Nov 04 02:10:10.042835 rule 3/(match) block in on re1: 72.73.100.19.39188 > 192.168.2.35.22: . ack 1 win 1460 <nop,nop,timestamp 2810180155 429327698,[|tcp]> (DF)
Nov 04 02:10:10.438063 rule 3/(match) block in on re1: 72.73.100.19.39204 > 192.168.2.35.22: . ack 1 win 1460 <nop,nop,timestamp 2810180586 3654561688,[|tcp]> (DF)
Nov 04 02:10:16.634601 rule 3/(match) block in on re1: 72.73.100.19.39188 > 192.168.2.35.22: F 0:0(0) ack 1 win 1460 <nop,nop,timestamp 2810186731 429327698> (DF)
Nov 04 02:10:20.115188 rule 3/(match) block in on re1: 72.73.100.19.39204 > 192.168.2.35.22: F 0:0(0) ack 1 win 1460 <nop,nop,timestamp 2810190237 3654561688> (DF)
Nov 04 02:11:01.752327 rule 3/(match) block in on re1: 72.73.100.19.39188 > 192.168.2.35.22: F 0:0(0) ack 1 win 1460 <nop,nop,timestamp 2810232091 429327698> (DF)
Nov 04 02:11:09.024135 rule 3/(match) block in on re1: 72.73.100.19.39204 > 192.168.2.35.22: F 0:0(0) ack 1 win 1460 <nop,nop,timestamp 2810238941 3654561688> (DF)
Nov 04 02:12:32.556336 rule 3/(match) block in on re1: 72.73.100.19.39188 > 192.168.2.35.22: F 0:0(0) ack 1 win 1460 <nop,nop,timestamp 2810322811 429327698> (DF)
Nov 04 02:12:46.232608 rule 3/(match) block in on re1: 72.73.100.19.39204 > 192.168.2.35.22: F 0:0(0) ack 1 win 1460 <nop,nop,timestamp 2810336349 3654561688> (DF)
Nov 04 02:14:04.674018 rule 3/(match) block in on re1: 72.73.100.19.39228 > 192.168.2.35.22: R 3114940700:3114940700(0) win 5840
Nov 04 02:14:04.674456 rule 3/(match) block in on re1: 72.73.100.19.39262 > 192.168.2.35.22: R 3107533082:3107533082(0) win 5840
Nov 04 02:14:08.673982 rule 3/(match) block in on re1: 72.73.100.19.39287 > 192.168.2.35.22: R 3116726809:3116726809(0) win 5840
Nov 04 02:14:08.674437 rule 3/(match) block in on re1: 72.73.100.19.39321 > 192.168.2.35.22: R 3117215272:3117215272(0) win 5840
Nov 04 02:14:08.674823 rule 3/(match) block in on re1: 72.73.100.19.39333 > 192.168.2.35.22: R 3117034651:3117034651(0) win 5840
Nov 04 02:14:08.675208 rule 3/(match) block in on re1: 72.73.100.19.39370 > 192.168.2.35.22: R 3120671338:3120671338(0) win 5840
Nov 04 02:14:08.675588 rule 3/(match) block in on re1: 72.73.100.19.39411 > 192.168.2.35.22: R 3124212237:3124212237(0) win 5840
Nov 04 02:14:20.673545 rule 3/(match) block in on re1: 72.73.100.19.39738 > 192.168.2.35.22: R 3122186067:3122186067(0) win 5840
Nov 04 02:17:00.668650 rule 3/(match) block in on re1: 72.73.100.19.39188 > 192.168.2.35.22: R 3110870518:3110870518(0) win 1460
Nov 04 02:17:16.668119 rule 3/(match) block in on re1: 72.73.100.19.39204 > 192.168.2.35.22: R 3120162436:3120162436(0) win 1460
Nov 05 06:11:20.811557 rule 5/(match) pass in on re1: 64.18.145.194.37426 > 192.168.2.35.22: S 1834868543:1834868543(0) win 65535 <mss 1452,nop,nop,sackOK>
Nov 05 06:28:58.703268 rule 5/(match) pass in on re1: 64.18.145.194.40714 > 192.168.2.35.22: S 1289582676:1289582676(0) win 5840 <mss 1452,sackOK,timestamp 761872236[|tcp]> (DF)
Nov 05 06:28:59.536641 rule 5/(match) pass in on re1: 64.18.145.194.40804 > 192.168.2.35.22: S 1285487876:1285487876(0) win 5840 <mss 1452,sackOK,timestamp 761873068[|tcp]> (DF)
Nov 05 06:29:00.313213 rule 5/(match) pass in on re1: 64.18.145.194.40887 > 192.168.2.35.22: S 1278698146:1278698146(0) win 5840 <mss 1452,sackOK,timestamp 761873847[|tcp]> (DF)
Nov 05 06:29:01.209065 rule 5/(match) pass in on re1: 64.18.145.194.41003 > 192.168.2.35.22: S 1290328599:1290328599(0) win 5840 <mss 1452,sackOK,timestamp 761874743[|tcp]> (DF)
Nov 05 06:29:01.986628 rule 5/(match) pass in on re1: 64.18.145.194.41081 > 192.168.2.35.22: S 1280226623:1280226623(0) win 5840 <mss 1452,sackOK,timestamp 761875519[|tcp]> (DF)
Nov 05 06:29:02.764666 rule 5/(match) pass in on re1: 64.18.145.194.41167 > 192.168.2.35.22: S 1289311569:1289311569(0) win 5840 <mss 1452,sackOK,timestamp 761876298[|tcp]> (DF)
Nov 05 06:29:03.552979 rule 5/(match) pass in on re1: 64.18.145.194.41275 > 192.168.2.35.22: S 1293536334:1293536334(0) win 5840 <mss 1452,sackOK,timestamp 761877085[|tcp]> (DF)
Nov 05 06:29:04.322033 rule 5/(match) pass in on re1: 64.18.145.194.41364 > 192.168.2.35.22: S 1295597137:1295597137(0) win 5840 <mss 1452,sackOK,timestamp 761877856[|tcp]> (DF)
Nov 05 06:29:05.218865 rule 5/(match) pass in on re1: 64.18.145.194.41478 > 192.168.2.35.22: S 1282085418:1282085418(0) win 5840 <mss 1452,sackOK,timestamp 761878752[|tcp]> (DF)
Nov 05 06:29:05.993347 rule 5/(match) pass in on re1: 64.18.145.194.41562 > 192.168.2.35.22: S 1293330863:1293330863(0) win 5840 <mss 1452,sackOK,timestamp 761879526[|tcp]> (DF)
Nov 05 06:29:06.774007 rule 5/(match) pass in on re1: 64.18.145.194.41650 > 192.168.2.35.22: S 1286360436:1286360436(0) win 5840 <mss 1452,sackOK,timestamp 761880307[|tcp]> (DF)
Nov 05 06:29:07.671825 rule 5/(match) pass in on re1: 64.18.145.194.41748 > 192.168.2.35.22: S 1290233834:1290233834(0) win 5840 <mss 1452,sackOK,timestamp 761881205[|tcp]> (DF)
Nov 05 06:29:08.444541 rule 5/(match) pass in on re1: 64.18.145.194.41835 > 192.168.2.35.22: S 1286549424:1286549424(0) win 5840 <mss 1452,sackOK,timestamp 761881978[|tcp]> (DF)
Nov 05 06:29:09.235676 rule 5/(match) pass in on re1: 64.18.145.194.41937 > 192.168.2.35.22: S 1296055107:1296055107(0) win 5840 <mss 1452,sackOK,timestamp 761882769[|tcp]> (DF)
Nov 05 06:29:10.140730 rule 5/(match) pass in on re1: 64.18.145.194.42044 > 192.168.2.35.22: S 1300098109:1300098109(0) win 5840 <mss 1452,sackOK,timestamp 761883676[|tcp]> (DF)
Nov 05 06:29:10.924946 rule 5/(match) pass in on re1: 64.18.145.194.42124 > 192.168.2.35.22: S 1299126317:1299126317(0) win 5840 <mss 1452,sackOK,timestamp 761884458[|tcp]> (DF)
Nov 05 06:29:11.703263 rule 5/(match) pass in on re1: 64.18.145.194.42205 > 192.168.2.35.22: S 1288717349:1288717349(0) win 5840 <mss 1452,sackOK,timestamp 761885238[|tcp]> (DF)
Nov 05 06:29:12.476147 rule 5/(match) pass in on re1: 64.18.145.194.42306 > 192.168.2.35.22: S 1294817673:1294817673(0) win 5840 <mss 1452,sackOK,timestamp 761886010[|tcp]> (DF)
Nov 05 06:29:13.274134 rule 5/(match) pass in on re1: 64.18.145.194.42388 > 192.168.2.35.22: S 1304217758:1304217758(0) win 5840 <mss 1452,sackOK,timestamp 761886810[|tcp]> (DF)
Nov 05 06:29:14.055447 rule 5/(match) pass in on re1: 64.18.145.194.42466 > 192.168.2.35.22: S 1297197401:1297197401(0) win 5840 <mss 1452,sackOK,timestamp 761887590[|tcp]> (DF)
Nov 05 06:29:14.974230 rule 5/(match) pass in on re1: 64.18.145.194.42554 > 192.168.2.35.22: S 1298928545:1298928545(0) win 5840 <mss 1452,sackOK,timestamp 761888510[|tcp]> (DF)
Nov 05 06:29:15.741208 rule 5/(match) pass in on re1: 64.18.145.194.42636 > 192.168.2.35.22: S 1305142385:1305142385(0) win 5840 <mss 1452,sackOK,timestamp 761889277[|tcp]> (DF)
Nov 05 06:29:16.513259 rule 5/(match) pass in on re1: 64.18.145.194.42712 > 192.168.2.35.22: S 1296183982:1296183982(0) win 5840 <mss 1452,sackOK,timestamp 761890048[|tcp]> (DF)
Nov 05 06:29:17.284480 rule 5/(match) pass in on re1: 64.18.145.194.42786 > 192.168.2.35.22: S 1307926835:1307926835(0) win 5840 <mss 1452,sackOK,timestamp 761890819[|tcp]> (DF)
Nov 05 06:29:18.074101 rule 5/(match) pass in on re1: 64.18.145.194.42887 > 192.168.2.35.22: S 1306569595:1306569595(0) win 5840 <mss 1452,sackOK,timestamp 761891610[|tcp]> (DF)
Nov 05 06:29:18.965476 rule 5/(match) pass in on re1: 64.18.145.194.42975 > 192.168.2.35.22: S 1305563574:1305563574(0) win 5840 <mss 1452,sackOK,timestamp 761892502[|tcp]> (DF)
Nov 05 06:29:19.743544 rule 5/(match) pass in on re1: 64.18.145.194.43063 > 192.168.2.35.22: S 1301278416:1301278416(0) win 5840 <mss 1452,sackOK,timestamp 761893279[|tcp]> (DF)
Nov 05 06:29:20.514005 rule 5/(match) pass in on re1: 64.18.145.194.43144 > 192.168.2.35.22: S 1304901753:1304901753(0) win 5840 <mss 1452,sackOK,timestamp 761894049[|tcp]> (DF)
Nov 05 06:29:21.294255 rule 5/(match) pass in on re1: 64.18.145.194.43221 > 192.168.2.35.22: S 1299606208:1299606208(0) win 5840 <mss 1452,sackOK,timestamp 761894830[|tcp]> (DF)
Nov 05 06:29:22.072863 rule 5/(match) pass in on re1: 64.18.145.194.43305 > 192.168.2.35.22: S 1304510894:1304510894(0) win 5840 <mss 1452,sackOK,timestamp 761895610[|tcp]> (DF)
Nov 05 06:29:22.844472 rule 5/(match) pass in on re1: 64.18.145.194.43374 > 192.168.2.35.22: S 1314544564:1314544564(0) win 5840 <mss 1452,sackOK,timestamp 761896380[|tcp]> (DF)
Nov 05 06:29:23.622119 rule 5/(match) pass in on re1: 64.18.145.194.43462 > 192.168.2.35.22: S 1310766833:1310766833(0) win 5840 <mss 1452,sackOK,timestamp 761897159[|tcp]> (DF)
Nov 05 06:29:24.523750 rule 5/(match) pass in on re1: 64.18.145.194.43552 > 192.168.2.35.22: S 1308986468:1308986468(0) win 5840 <mss 1452,sackOK,timestamp 761898060[|tcp]> (DF)
Nov 05 06:29:25.315893 rule 5/(match) pass in on re1: 64.18.145.194.43643 > 192.168.2.35.22: S 1314896215:1314896215(0) win 5840 <mss 1452,sackOK,timestamp 761898852[|tcp]> (DF)
Nov 05 06:29:26.107504 rule 5/(match) pass in on re1: 64.18.145.194.43716 > 192.168.2.35.22: S 1304366833:1304366833(0) win 5840 <mss 1452,sackOK,timestamp 761899645[|tcp]> (DF)
Nov 05 06:29:26.894443 rule 5/(match) pass in on re1: 64.18.145.194.43798 > 192.168.2.35.22: S 1308954365:1308954365(0) win 5840 <mss 1452,sackOK,timestamp 761900431[|tcp]> (DF)
Nov 05 06:29:27.682828 rule 5/(match) pass in on re1: 64.18.145.194.43897 > 192.168.2.35.22: S 1305118690:1305118690(0) win 5840 <mss 1452,sackOK,timestamp 761901219[|tcp]> (DF)
Nov 05 06:29:28.454721 rule 5/(match) pass in on re1: 64.18.145.194.43987 > 192.168.2.35.22: S 1320930867:1320930867(0) win 5840 <mss 1452,sackOK,timestamp 761901993[|tcp]> (DF)
Nov 05 06:29:29.358534 rule 5/(match) pass in on re1: 64.18.145.194.44080 > 192.168.2.35.22: S 1316250724:1316250724(0) win 5840 <mss 1452,sackOK,timestamp 761902896[|tcp]> (DF)
Nov 05 06:29:30.144105 rule 5/(match) pass in on re1: 64.18.145.194.44160 > 192.168.2.35.22: S 1318481617:1318481617(0) win 5840 <mss 1452,sackOK,timestamp 761903682[|tcp]> (DF)
Nov 05 06:29:30.935245 rule 5/(match) pass in on re1: 64.18.145.194.44237 > 192.168.2.35.22: S 1314441375:1314441375(0) win 5840 <mss 1452,sackOK,timestamp 761904472[|tcp]> (DF)
Nov 05 06:29:31.701725 rule 5/(match) pass in on re1: 64.18.145.194.44323 > 192.168.2.35.22: S 1322015718:1322015718(0) win 5840 <mss 1452,sackOK,timestamp 761905240[|tcp]> (DF)
Nov 05 06:29:32.478764 rule 5/(match) pass in on re1: 64.18.145.194.44394 > 192.168.2.35.22: S 1321705550:1321705550(0) win 5840 <mss 1452,sackOK,timestamp 761906016[|tcp]> (DF)
Nov 05 06:29:33.253857 rule 5/(match) pass in on re1: 64.18.145.194.44481 > 192.168.2.35.22: S 1319230791:1319230791(0) win 5840 <mss 1452,sackOK,timestamp 761906791[|tcp]> (DF)
Nov 05 06:29:34.044772 rule 5/(match) pass in on re1: 64.18.145.194.44559 > 192.168.2.35.22: S 1316460023:1316460023(0) win 5840 <mss 1452,sackOK,timestamp 761907582[|tcp]> (DF)
Nov 05 06:29:34.823387 rule 5/(match) pass in on re1: 64.18.145.194.44645 > 192.168.2.35.22: S 1312965403:1312965403(0) win 5840 <mss 1452,sackOK,timestamp 761908363[|tcp]> (DF)
Nov 05 06:29:35.593517 rule 5/(match) pass in on re1: 64.18.145.194.44731 > 192.168.2.35.22: S 1326603758:1326603758(0) win 5840 <mss 1452,sackOK,timestamp 761909131[|tcp]> (DF)
Nov 05 06:29:36.396702 rule 5/(match) pass in on re1: 64.18.145.194.44803 > 192.168.2.35.22: S 1324453020:1324453020(0) win 5840 <mss 1452,sackOK,timestamp 761909936[|tcp]> (DF)
Nov 05 06:29:37.292951 rule 5/(match) pass in on re1: 64.18.145.194.44900 > 192.168.2.35.22: S 1313910634:1313910634(0) win 5840 <mss 1452,sackOK,timestamp 761910831[|tcp]> (DF)
Nov 05 06:29:38.071281 rule 5/(match) pass in on re1: 64.18.145.194.44981 > 192.168.2.35.22: S 1324754095:1324754095(0) win 5840 <mss 1452,sackOK,timestamp 761911610[|tcp]> (DF)
Nov 05 06:29:38.844508 rule 5/(match) pass in on re1: 64.18.145.194.45052 > 192.168.2.35.22: S 1330705189:1330705189(0) win 5840 <mss 1452,sackOK,timestamp 761912384[|tcp]> (DF)
Nov 05 06:29:47.870272 rule 3/(match) block in on re1: 64.18.145.194.45052 > 192.168.2.35.22: . ack 465063846 win 46 <nop,nop,timestamp 761921412 3192955306,[|tcp]> (DF)
Nov 05 06:29:48.845904 rule 3/(match) block in on re1: 64.18.145.194.45052 > 192.168.2.35.22: F 0:0(0) ack 1 win 46 <nop,nop,timestamp 761922387 3192955306> (DF)
Nov 05 06:29:49.243407 rule 3/(match) block in on re1: 64.18.145.194.45052 > 192.168.2.35.22: F 0:0(0) ack 1 win 46 <nop,nop,timestamp 761922785 3192955306> (DF)
Nov 05 06:29:50.039342 rule 3/(match) block in on re1: 64.18.145.194.45052 > 192.168.2.35.22: F 0:0(0) ack 1 win 46 <nop,nop,timestamp 761923581 3192955306> (DF)
Nov 05 06:29:51.630955 rule 3/(match) block in on re1: 64.18.145.194.45052 > 192.168.2.35.22: F 0:0(0) ack 1 win 46 <nop,nop,timestamp 761925173 3192955306> (DF)
Nov 05 06:29:54.814710 rule 3/(match) block in on re1: 64.18.145.194.45052 > 192.168.2.35.22: F 0:0(0) ack 1 win 46 <nop,nop,timestamp 761928357 3192955306> (DF)
Nov 05 06:29:59.870086 rule 3/(match) block in on re1: 64.18.145.194.45052 > 192.168.2.35.22: . ack 1 win 46 <nop,nop,timestamp 761933413 3192955330,[|tcp]> (DF)
Nov 05 06:30:01.180618 rule 3/(match) block in on re1: 64.18.145.194.45052 > 192.168.2.35.22: F 0:0(0) ack 1 win 46 <nop,nop,timestamp 761934725 3192955330> (DF)
Nov 05 06:30:13.915154 rule 3/(match) block in on re1: 64.18.145.194.45052 > 192.168.2.35.22: F 0:0(0) ack 1 win 46 <nop,nop,timestamp 761947461 3192955330> (DF)
Nov 05 06:30:23.869483 rule 3/(match) block in on re1: 64.18.145.194.45052 > 192.168.2.35.22: . ack 1 win 46 <nop,nop,timestamp 761957417 3192955378,[|tcp]> (DF)
Nov 05 06:30:39.382672 rule 3/(match) block in on re1: 64.18.145.194.45052 > 192.168.2.35.22: F 0:0(0) ack 1 win 46 <nop,nop,timestamp 761972933 3192955378> (DF)
Nov 05 06:31:30.318043 rule 3/(match) block in on re1: 64.18.145.194.45052 > 192.168.2.35.22: F 0:0(0) ack 1 win 46 <nop,nop,timestamp 762023877 3192955378> (DF)
Nov 05 06:36:00.389026 rule 3/(match) block in on re1: 64.18.145.194.45052 > 192.168.2.35.22: R 1330705191:1330705191(0) win 46
Nov 06 03:01:12.658685 rule 5/(match) pass in on re1: 222.68.194.69.63766 > 192.168.2.35.22: S 65452635:65452635(0) win 65535 <mss 1452,nop,nop,sackOK>
Nov 06 03:16:10.533781 rule 5/(match) pass in on re1: 222.68.194.69.41951 > 192.168.2.35.22: S 2188063106:2188063106(0) win 5840 <mss 1452,sackOK,timestamp 2908578659[|tcp]> (DF)
Nov 06 03:16:12.660271 rule 5/(match) pass in on re1: 222.68.194.69.42127 > 192.168.2.35.22: S 2184000208:2184000208(0) win 5840 <mss 1452,sackOK,timestamp 2908580785[|tcp]> (DF)
Nov 06 03:16:14.737963 rule 5/(match) pass in on re1: 222.68.194.69.42302 > 192.168.2.35.22: S 2194831081:2194831081(0) win 5840 <mss 1452,sackOK,timestamp 2908582862[|tcp]> (DF)
Nov 06 03:16:16.795369 rule 5/(match) pass in on re1: 222.68.194.69.42473 > 192.168.2.35.22: S 2191386827:2191386827(0) win 5840 <mss 1452,sackOK,timestamp 2908584920[|tcp]> (DF)
Nov 06 03:16:18.847496 rule 5/(match) pass in on re1: 222.68.194.69.42641 > 192.168.2.35.22: S 2195909784:2195909784(0) win 5840 <mss 1452,sackOK,timestamp 2908586972[|tcp]> (DF)
Nov 06 03:16:20.904521 rule 5/(match) pass in on re1: 222.68.194.69.42833 > 192.168.2.35.22: S 2200498695:2200498695(0) win 5840 <mss 1452,sackOK,timestamp 2908589030[|tcp]> (DF)
Nov 06 03:16:22.963184 rule 5/(match) pass in on re1: 222.68.194.69.42995 > 192.168.2.35.22: S 2197634218:2197634218(0) win 5840 <mss 1452,sackOK,timestamp 2908591089[|tcp]> (DF)
Nov 06 03:16:25.016328 rule 5/(match) pass in on re1: 222.68.194.69.43167 > 192.168.2.35.22: S 2197386932:2197386932(0) win 5840 <mss 1452,sackOK,timestamp 2908593142[|tcp]> (DF)
Nov 06 03:16:27.078767 rule 5/(match) pass in on re1: 222.68.194.69.43351 > 192.168.2.35.22: S 2194293249:2194293249(0) win 5840 <mss 1452,sackOK,timestamp 2908595205[|tcp]> (DF)
Nov 06 03:16:29.135239 rule 5/(match) pass in on re1: 222.68.194.69.43510 > 192.168.2.35.22: S 2205644786:2205644786(0) win 5840 <mss 1452,sackOK,timestamp 2908597262[|tcp]> (DF)
Nov 06 03:16:31.195871 rule 5/(match) pass in on re1: 222.68.194.69.43691 > 192.168.2.35.22: S 2196371652:2196371652(0) win 5840 <mss 1452,sackOK,timestamp 2908599323[|tcp]> (DF)
Nov 06 03:16:33.255176 rule 5/(match) pass in on re1: 222.68.194.69.43861 > 192.168.2.35.22: S 2197527925:2197527925(0) win 5840 <mss 1452,sackOK,timestamp 2908601382[|tcp]> (DF)
Nov 06 03:16:35.320787 rule 5/(match) pass in on re1: 222.68.194.69.44045 > 192.168.2.35.22: S 2207972728:2207972728(0) win 5840 <mss 1452,sackOK,timestamp 2908603447[|tcp]> (DF)
Nov 06 03:16:37.375588 rule 5/(match) pass in on re1: 222.68.194.69.44202 > 192.168.2.35.22: S 2214622153:2214622153(0) win 5840 <mss 1452,sackOK,timestamp 2908605503[|tcp]> (DF)
Nov 06 03:16:39.436017 rule 5/(match) pass in on re1: 222.68.194.69.44389 > 192.168.2.35.22: S 2208968151:2208968151(0) win 5840 <mss 1452,sackOK,timestamp 2908607563[|tcp]> (DF)
Nov 06 03:16:41.485365 rule 5/(match) pass in on re1: 222.68.194.69.44547 > 192.168.2.35.22: S 2221198589:2221198589(0) win 5840 <mss 1452,sackOK,timestamp 2908609613[|tcp]> (DF)
Nov 06 03:16:43.546394 rule 5/(match) pass in on re1: 222.68.194.69.44717 > 192.168.2.35.22: S 2216026852:2216026852(0) win 5840 <mss 1452,sackOK,timestamp 2908611675[|tcp]> (DF)
Nov 06 03:16:45.616949 rule 5/(match) pass in on re1: 222.68.194.69.44884 > 192.168.2.35.22: S 2210424765:2210424765(0) win 5840 <mss 1452,sackOK,timestamp 2908613745[|tcp]> (DF)
Nov 06 03:16:47.689447 rule 5/(match) pass in on re1: 222.68.194.69.45056 > 192.168.2.35.22: S 2221239020:2221239020(0) win 5840 <mss 1452,sackOK,timestamp 2908615818[|tcp]> (DF)
Nov 06 03:16:49.771624 rule 5/(match) pass in on re1: 222.68.194.69.45236 > 192.168.2.35.22: S 2214513612:2214513612(0) win 5840 <mss 1452,sackOK,timestamp 2908617901[|tcp]> (DF)
Nov 06 03:16:51.825176 rule 5/(match) pass in on re1: 222.68.194.69.45394 > 192.168.2.35.22: S 2226250082:2226250082(0) win 5840 <mss 1452,sackOK,timestamp 2908619954[|tcp]> (DF)
Nov 06 03:16:53.893788 rule 5/(match) pass in on re1: 222.68.194.69.45567 > 192.168.2.35.22: S 2229788051:2229788051(0) win 5840 <mss 1452,sackOK,timestamp 2908622023[|tcp]> (DF)
Nov 06 03:16:55.955951 rule 5/(match) pass in on re1: 222.68.194.69.45726 > 192.168.2.35.22: S 2223107349:2223107349(0) win 5840 <mss 1452,sackOK,timestamp 2908624086[|tcp]> (DF)
Nov 06 03:16:58.042179 rule 5/(match) pass in on re1: 222.68.194.69.45912 > 192.168.2.35.22: S 2235602964:2235602964(0) win 5840 <mss 1452,sackOK,timestamp 2908626172[|tcp]> (DF)
Nov 06 03:17:00.112602 rule 5/(match) pass in on re1: 222.68.194.69.46069 > 192.168.2.35.22: S 2238594046:2238594046(0) win 5840 <mss 1452,sackOK,timestamp 2908628243[|tcp]> (DF)
Nov 06 03:17:02.164553 rule 5/(match) pass in on re1: 222.68.194.69.46242 > 192.168.2.35.22: S 2240944167:2240944167(0) win 5840 <mss 1452,sackOK,timestamp 2908630295[|tcp]> (DF)
Nov 06 03:17:04.215497 rule 5/(match) pass in on re1: 222.68.194.69.46396 > 192.168.2.35.22: S 2234320132:2234320132(0) win 5840 <mss 1452,sackOK,timestamp 2908632346[|tcp]> (DF)
Nov 06 03:17:06.265394 rule 5/(match) pass in on re1: 222.68.194.69.46572 > 192.168.2.35.22: S 2243284334:2243284334(0) win 5840 <mss 1452,sackOK,timestamp 2908634396[|tcp]> (DF)
Nov 06 03:17:08.316982 rule 5/(match) pass in on re1: 222.68.194.69.46730 > 192.168.2.35.22: S 2241474308:2241474308(0) win 5840 <mss 1452,sackOK,timestamp 2908636448[|tcp]> (DF)
Nov 06 03:17:10.387758 rule 5/(match) pass in on re1: 222.68.194.69.46899 > 192.168.2.35.22: S 2235655813:2235655813(0) win 5840 <mss 1452,sackOK,timestamp 2908638519[|tcp]> (DF)
Nov 06 03:17:12.450896 rule 5/(match) pass in on re1: 222.68.194.69.47067 > 192.168.2.35.22: S 2249781247:2249781247(0) win 5840 <mss 1452,sackOK,timestamp 2908640583[|tcp]> (DF)
Nov 06 03:17:14.516318 rule 5/(match) pass in on re1: 222.68.194.69.47234 > 192.168.2.35.22: S 2251401806:2251401806(0) win 5840 <mss 1452,sackOK,timestamp 2908642648[|tcp]> (DF)
Nov 06 03:17:16.587366 rule 5/(match) pass in on re1: 222.68.194.69.47403 > 192.168.2.35.22: S 2245007786:2245007786(0) win 5840 <mss 1452,sackOK,timestamp 2908644720[|tcp]> (DF)
Nov 06 03:17:18.751828 rule 5/(match) pass in on re1: 222.68.194.69.47581 > 192.168.2.35.22: S 2258124012:2258124012(0) win 5840 <mss 1452,sackOK,timestamp 2908646885[|tcp]> (DF)
Nov 06 03:17:20.928513 rule 5/(match) pass in on re1: 222.68.194.69.47748 > 192.168.2.35.22: S 2252589939:2252589939(0) win 5840 <mss 1452,sackOK,timestamp 2908649061[|tcp]> (DF)
Nov 06 03:17:22.996903 rule 5/(match) pass in on re1: 222.68.194.69.47903 > 192.168.2.35.22: S 2248766749:2248766749(0) win 5840 <mss 1452,sackOK,timestamp 2908651130[|tcp]> (DF)
Nov 06 03:17:25.046715 rule 5/(match) pass in on re1: 222.68.194.69.48075 > 192.168.2.35.22: S 2260108152:2260108152(0) win 5840 <mss 1452,sackOK,timestamp 2908653180[|tcp]> (DF)
Nov 06 06:26:33.560803 rule 5/(match) pass in on re1: 60.190.34.62.14563 > 192.168.2.35.22: S 92815977:92815977(0) win 65535 <mss 1452,nop,nop,sackOK>
Nov 07 00:30:53.543073 rule 5/(match) pass in on re1: 150.140.190.31.36031 > 192.168.2.35.22: S 759566322:759566322(0) win 5840 <mss 1452,sackOK,timestamp 33120681[|tcp]> (DF)
Nov 07 00:31:18.572426 rule 5/(match) pass in on re1: 150.140.190.31.49822 > 192.168.2.35.22: S 1143533614:1143533614(0) win 5840 <mss 1452,sackOK,timestamp 33123184[|tcp]> (DF)
Nov 07 00:31:18.574683 rule 5/(match) pass in on re1: 150.140.190.31.49870 > 192.168.2.35.22: S 1145068400:1145068400(0) win 5840 <mss 1452,sackOK,timestamp 33123185[|tcp]> (DF)
Nov 07 00:31:22.480118 rule 5/(match) pass in on re1: 150.140.190.31.49942 > 192.168.2.35.22: S 1202203852:1202203852(0) win 5840 <mss 1452,sackOK,timestamp 33123575[|tcp]> (DF)
Nov 07 00:31:25.557455 rule 5/(match) pass in on re1: 150.140.190.31.50015 > 192.168.2.35.22: S 1257684236:1257684236(0) win 5840 <mss 1452,sackOK,timestamp 33123883[|tcp]> (DF)
Nov 07 00:31:27.245484 rule 5/(match) pass in on re1: 150.140.190.31.50074 > 192.168.2.35.22: S 1275811215:1275811215(0) win 5840 <mss 1452,sackOK,timestamp 33124052[|tcp]> (DF)
Nov 07 00:31:31.326356 rule 5/(match) pass in on re1: 150.140.190.31.50160 > 192.168.2.35.22: S 1342864023:1342864023(0) win 5840 <mss 1452,sackOK,timestamp 33124460[|tcp]> (DF)
Nov 07 00:31:37.196297 rule 5/(match) pass in on re1: 150.140.190.31.50295 > 192.168.2.35.22: S 1438025736:1438025736(0) win 5840 <mss 1452,sackOK,timestamp 33125047[|tcp]> (DF)
Nov 07 00:31:38.987948 rule 5/(match) pass in on re1: 150.140.190.31.50322 > 192.168.2.35.22: S 1457680816:1457680816(0) win 5840 <mss 1452,sackOK,timestamp 33125226[|tcp]> (DF)
Nov 07 00:31:41.740633 rule 5/(match) pass in on re1: 150.140.190.31.50389 > 192.168.2.35.22: S 1500510884:1500510884(0) win 5840 <mss 1452,sackOK,timestamp 33125501[|tcp]> (DF)
Nov 07 00:31:46.328481 rule 5/(match) pass in on re1: 150.140.190.31.50468 > 192.168.2.35.22: S 1579639028:1579639028(0) win 5840 <mss 1452,sackOK,timestamp 33125960[|tcp]> (DF)
Nov 07 00:31:49.863957 rule 5/(match) pass in on re1: 150.140.190.31.50543 > 192.168.2.35.22: S 1628079335:1628079335(0) win 5840 <mss 1452,sackOK,timestamp 33126313[|tcp]> (DF)
Nov 07 00:31:52.944656 rule 5/(match) pass in on re1: 150.140.190.31.50616 > 192.168.2.35.22: S 1677721714:1677721714(0) win 5840 <mss 1452,sackOK,timestamp 33126622[|tcp]> (DF)
Nov 07 00:31:58.206860 rule 5/(match) pass in on re1: 150.140.190.31.50735 > 192.168.2.35.22: S 1772597089:1772597089(0) win 5840 <mss 1452,sackOK,timestamp 33127148[|tcp]> (DF)
Nov 07 00:31:59.580287 rule 5/(match) pass in on re1: 150.140.190.31.50765 > 192.168.2.35.22: S 1789004711:1789004711(0) win 5840 <mss 1452,sackOK,timestamp 33127285[|tcp]> (DF)
Nov 07 00:32:02.594027 rule 5/(match) pass in on re1: 150.140.190.31.50838 > 192.168.2.35.22: S 1832473292:1832473292(0) win 5840 <mss 1452,sackOK,timestamp 33127586[|tcp]> (DF)
Nov 07 00:32:05.984760 rule 5/(match) pass in on re1: 150.140.190.31.50906 > 192.168.2.35.22: S 1889262834:1889262834(0) win 5840 <mss 1452,sackOK,timestamp 33127926[|tcp]> (DF)
Nov 07 00:32:10.398635 rule 5/(match) pass in on re1: 150.140.190.31.50987 > 192.168.2.35.22: S 1954841146:1954841146(0) win 5840 <mss 1452,sackOK,timestamp 33128367[|tcp]> (DF)
Nov 07 00:32:14.808220 rule 5/(match) pass in on re1: 150.140.190.31.51084 > 192.168.2.35.22: S 2018269236:2018269236(0) win 5840 <mss 1452,sackOK,timestamp 33128808[|tcp]> (DF)
Nov 07 00:32:17.215937 rule 5/(match) pass in on re1: 150.140.190.31.51133 > 192.168.2.35.22: S 2060639436:2060639436(0) win 5840 <mss 1452,sackOK,timestamp 33129049[|tcp]> (DF)
Nov 07 00:32:18.879537 rule 5/(match) pass in on re1: 150.140.190.31.51177 > 192.168.2.35.22: S 2094890984:2094890984(0) win 5840 <mss 1452,sackOK,timestamp 33129215[|tcp]> (DF)
Nov 07 00:32:23.932832 rule 5/(match) pass in on re1: 150.140.190.31.51282 > 192.168.2.35.22: S 2162063450:2162063450(0) win 5840 <mss 1452,sackOK,timestamp 33129721[|tcp]> (DF)
Nov 07 00:32:24.285159 rule 5/(match) pass in on re1: 150.140.190.31.51292 > 192.168.2.35.22: S 2166709293:2166709293(0) win 5840 <mss 1452,sackOK,timestamp 33129756[|tcp]> (DF)
Nov 07 00:32:25.729607 rule 5/(match) pass in on re1: 150.140.190.31.51337 > 192.168.2.35.22: S 2194155319:2194155319(0) win 5840 <mss 1452,sackOK,timestamp 33129900[|tcp]> (DF)
Nov 07 00:32:28.416107 rule 5/(match) pass in on re1: 150.140.190.31.51401 > 192.168.2.35.22: S 2230250890:2230250890(0) win 5840 <mss 1452,sackOK,timestamp 33130169[|tcp]> (DF)
Nov 07 00:32:31.604750 rule 5/(match) pass in on re1: 150.140.190.31.51482 > 192.168.2.35.22: S 2291934189:2291934189(0) win 5840 <mss 1452,sackOK,timestamp 33130487[|tcp]> (DF)
Nov 07 00:32:32.628710 rule 5/(match) pass in on re1: 150.140.190.31.51504 > 192.168.2.35.22: S 2300051128:2300051128(0) win 5840 <mss 1452,sackOK,timestamp 33130590[|tcp]> (DF)
Nov 07 00:32:36.814389 rule 5/(match) pass in on re1: 150.140.190.31.51614 > 192.168.2.35.22: S 2371003462:2371003462(0) win 5840 <mss 1452,sackOK,timestamp 33131009[|tcp]> (DF)
Nov 07 00:32:38.625005 rule 5/(match) pass in on re1: 150.140.190.31.51661 > 192.168.2.35.22: S 2396273632:2396273632(0) win 5840 <mss 1452,sackOK,timestamp 33131190[|tcp]> (DF)
Nov 07 00:32:38.756851 rule 5/(match) pass in on re1: 150.140.190.31.51666 > 192.168.2.35.22: S 2398939523:2398939523(0) win 5840 <mss 1452,sackOK,timestamp 33131203[|tcp]> (DF)
Nov 07 00:32:40.866079 rule 5/(match) pass in on re1: 150.140.190.31.51723 > 192.168.2.35.22: S 2438683818:2438683818(0) win 5840 <mss 1452,sackOK,timestamp 33131414[|tcp]> (DF)
Nov 07 00:32:42.655901 rule 5/(match) pass in on re1: 150.140.190.31.51773 > 192.168.2.35.22: S 2453182473:2453182473(0) win 5840 <mss 1452,sackOK,timestamp 33131593[|tcp]> (DF)
Nov 07 00:32:43.845356 rule 5/(match) pass in on re1: 150.140.190.31.51811 > 192.168.2.35.22: S 2480502456:2480502456(0) win 5840 <mss 1452,sackOK,timestamp 33131712[|tcp]> (DF)
Nov 07 00:32:45.804494 rule 5/(match) pass in on re1: 150.140.190.31.51864 > 192.168.2.35.22: S 2515695839:2515695839(0) win 5840 <mss 1452,sackOK,timestamp 33131908[|tcp]> (DF)
Nov 07 00:32:48.153456 rule 5/(match) pass in on re1: 150.140.190.31.51921 > 192.168.2.35.22: S 2545018240:2545018240(0) win 5840 <mss 1452,sackOK,timestamp 33132142[|tcp]> (DF)
Nov 07 00:32:50.237986 rule 5/(match) pass in on re1: 150.140.190.31.51981 > 192.168.2.35.22: S 2581931420:2581931420(0) win 5840 <mss 1452,sackOK,timestamp 33132351[|tcp]> (DF)
Nov 07 04:00:50.746681 rule 5/(match) pass in on re1: 218.56.61.114.55404 > 192.168.2.35.22: S 182143067:182143067(0) win 65535 <mss 1452,nop,nop,sackOK>
Nov 07 05:26:52.040974 rule 5/(match) pass in on re1: 218.56.61.114.52361 > 192.168.2.35.22: S 478022470:478022470(0) win 5840 <mss 1452,sackOK,timestamp 316524964[|tcp]> (DF)
Nov 07 05:26:55.051932 rule 5/(match) pass in on re1: 218.56.61.114.52421 > 192.168.2.35.22: S 473493723:473493723(0) win 5840 <mss 1452,sackOK,timestamp 316527979[|tcp]> (DF)
Nov 07 05:26:58.031743 rule 5/(match) pass in on re1: 218.56.61.114.52492 > 192.168.2.35.22: S 481288748:481288748(0) win 5840 <mss 1452,sackOK,timestamp 316530954[|tcp]> (DF)
Nov 07 05:27:02.132723 rule 5/(match) pass in on re1: 218.56.61.114.52591 > 192.168.2.35.22: S 473938063:473938063(0) win 5840 <mss 1452,sackOK,timestamp 316535060[|tcp]> (DF)
Nov 07 05:27:07.592244 rule 5/(match) pass in on re1: 218.56.61.114.52715 > 192.168.2.35.22: S 484960081:484960081(0) win 5840 <mss 1452,sackOK,timestamp 316540518[|tcp]> (DF)
Nov 07 05:27:10.556792 rule 5/(match) pass in on re1: 218.56.61.114.52785 > 192.168.2.35.22: S 490301275:490301275(0) win 5840 <mss 1452,sackOK,timestamp 316543483[|tcp]> (DF)
Nov 07 05:27:16.488791 rule 5/(match) pass in on re1: 218.56.61.114.52929 > 192.168.2.35.22: S 492237332:492237332(0) win 5840 <mss 1452,sackOK,timestamp 316549417[|tcp]> (DF)
Nov 07 05:27:19.406346 rule 5/(match) pass in on re1: 218.56.61.114.53006 > 192.168.2.35.22: S 491626969:491626969(0) win 5840 <mss 1452,sackOK,timestamp 316552334[|tcp]> (DF)
Nov 07 05:27:24.862065 rule 5/(match) pass in on re1: 218.56.61.114.53128 > 192.168.2.35.22: S 508224530:508224530(0) win 5840 <mss 1452,sackOK,timestamp 316557790[|tcp]> (DF)
Nov 07 07:08:46.348885 rule 5/(match) pass in on re1: 64.22.121.236.4583 > 192.168.2.35.22: S 1116406580:1116406580(0) win 5840 <mss 1452,sackOK,timestamp 19939100[|tcp]> (DF)
Nov 07 07:09:49.150519 rule 5/(match) pass in on re1: 64.22.121.236.1225 > 192.168.2.35.22: S 1177248212:1177248212(0) win 5840 <mss 1452,sackOK,timestamp 19945382[|tcp]> (DF)
Nov 07 07:09:50.896345 rule 5/(match) pass in on re1: 64.22.121.236.1871 > 192.168.2.35.22: S 1176958090:1176958090(0) win 5840 <mss 1452,sackOK,timestamp 19945557[|tcp]> (DF)
Nov 07 07:09:52.521272 rule 5/(match) pass in on re1: 64.22.121.236.2145 > 192.168.2.35.22: S 1194120740:1194120740(0) win 5840 <mss 1452,sackOK,timestamp 19945728[|tcp]> (DF)
Nov 07 07:09:53.671122 rule 5/(match) pass in on re1: 64.22.121.236.2397 > 192.168.2.35.22: S 1190459888:1190459888(0) win 5840 <mss 1452,sackOK,timestamp 19945843[|tcp]> (DF)
Nov 07 07:09:55.390111 rule 5/(match) pass in on re1: 64.22.121.236.3003 > 192.168.2.35.22: S 1195552979:1195552979(0) win 5840 <mss 1452,sackOK,timestamp 19946015[|tcp]> (DF)
Nov 07 07:09:56.356124 rule 5/(match) pass in on re1: 64.22.121.236.3242 > 192.168.2.35.22: S 1187404200:1187404200(0) win 5840 <mss 1452,sackOK,timestamp 19946112[|tcp]> (DF)
Nov 07 07:09:57.314281 rule 5/(match) pass in on re1: 64.22.121.236.3457 > 192.168.2.35.22: S 1185827324:1185827324(0) win 5840 <mss 1452,sackOK,timestamp 19946207[|tcp]> (DF)
Nov 07 07:09:58.917509 rule 5/(match) pass in on re1: 64.22.121.236.3919 > 192.168.2.35.22: S 1199676271:1199676271(0) win 5840 <mss 1452,sackOK,timestamp 19946368[|tcp]> (DF)
Nov 07 07:10:00.052817 rule 5/(match) pass in on re1: 64.22.121.236.4193 > 192.168.2.35.22: S 1191934869:1191934869(0) win 5840 <mss 1452,sackOK,timestamp 19946480[|tcp]> (DF)
Nov 07 07:10:01.547845 rule 5/(match) pass in on re1: 64.22.121.236.1264 > 192.168.2.35.22: S 1198864765:1198864765(0) win 5840 <mss 1452,sackOK,timestamp 19946622[|tcp]> (DF)
Nov 07 07:10:03.048780 rule 5/(match) pass in on re1: 64.22.121.236.1779 > 192.168.2.35.22: S 1194376378:1194376378(0) win 5840 <mss 1452,sackOK,timestamp 19946772[|tcp]> (DF)
Nov 07 07:10:07.526400 rule 5/(match) pass in on re1: 64.22.121.236.2787 > 192.168.2.35.22: S 1200280812:1200280812(0) win 5840 <mss 1452,sackOK,timestamp 19947220[|tcp]> (DF)
Nov 07 07:10:18.407485 rule 5/(match) pass in on re1: 64.22.121.236.4666 > 192.168.2.35.22: S 1204382834:1204382834(0) win 5840 <mss 1452,sackOK,timestamp 19948318[|tcp]> (DF)
Nov 07 07:10:19.367058 rule 5/(match) pass in on re1: 64.22.121.236.4291 > 192.168.2.35.22: S 1218440683:1218440683(0) win 5840 <mss 1452,sackOK,timestamp 19948413[|tcp]> (DF)
Nov 07 07:10:20.389520 rule 5/(match) pass in on re1: 64.22.121.236.1113 > 192.168.2.35.22: S 1221759289:1221759289(0) win 5840 <mss 1452,sackOK,timestamp 19948516[|tcp]> (DF)
Nov 07 07:10:21.360347 rule 5/(match) pass in on re1: 64.22.121.236.1141 > 192.168.2.35.22: S 1221172580:1221172580(0) win 5840 <mss 1452,sackOK,timestamp 19948613[|tcp]> (DF)
Nov 07 07:10:22.332474 rule 5/(match) pass in on re1: 64.22.121.236.1177 > 192.168.2.35.22: S 1213283312:1213283312(0) win 5840 <mss 1452,sackOK,timestamp 19948710[|tcp]> (DF)
Nov 07 07:10:23.297492 rule 5/(match) pass in on re1: 64.22.121.236.1244 > 192.168.2.35.22: S 1209582177:1209582177(0) win 5840 <mss 1452,sackOK,timestamp 19948806[|tcp]> (DF)
Nov 07 07:10:24.324162 rule 5/(match) pass in on re1: 64.22.121.236.2082 > 192.168.2.35.22: S 1218721323:1218721323(0) win 5840 <mss 1452,sackOK,timestamp 19948906[|tcp]> (DF)
Nov 07 07:10:26.104069 rule 5/(match) pass in on re1: 64.22.121.236.2156 > 192.168.2.35.22: S 1215129075:1215129075(0) win 5840 <mss 1452,sackOK,timestamp 19949078[|tcp]> (DF)
Nov 07 07:10:27.562120 rule 5/(match) pass in on re1: 64.22.121.236.2240 > 192.168.2.35.22: S 1226983772:1226983772(0) win 5840 <mss 1452,sackOK,timestamp 19949228[|tcp]> (DF)
Nov 07 07:10:28.754716 rule 5/(match) pass in on re1: 64.22.121.236.3069 > 192.168.2.35.22: S 1219958328:1219958328(0) win 5840 <mss 1452,sackOK,timestamp 19949352[|tcp]> (DF)
Nov 07 07:10:29.875598 rule 5/(match) pass in on re1: 64.22.121.236.3123 > 192.168.2.35.22: S 1231565612:1231565612(0) win 5840 <mss 1452,sackOK,timestamp 19949456[|tcp]> (DF)
Nov 07 07:10:31.651199 rule 5/(match) pass in on re1: 64.22.121.236.3225 > 192.168.2.35.22: S 1231932140:1231932140(0) win 5840 <mss 1452,sackOK,timestamp 19949642[|tcp]> (DF)
Nov 07 07:10:32.677635 rule 5/(match) pass in on re1: 64.22.121.236.4048 > 192.168.2.35.22: S 1228344718:1228344718(0) win 5840 <mss 1452,sackOK,timestamp 19949743[|tcp]> (DF)
Nov 07 07:10:34.785168 rule 5/(match) pass in on re1: 64.22.121.236.4150 > 192.168.2.35.22: S 1235215178:1235215178(0) win 5840 <mss 1452,sackOK,timestamp 19949955[|tcp]> (DF)
Nov 07 07:10:36.937535 rule 5/(match) pass in on re1: 64.22.121.236.1057 > 192.168.2.35.22: S 1223900078:1223900078(0) win 5840 <mss 1452,sackOK,timestamp 19950161[|tcp]> (DF)
Nov 07 07:10:38.496877 rule 5/(match) pass in on re1: 64.22.121.236.1594 > 192.168.2.35.22: S 1247343266:1247343266(0) win 5840 <mss 1452,sackOK,timestamp 19950326[|tcp]> (DF)
Nov 07 07:10:40.824612 rule 5/(match) pass in on re1: 64.22.121.236.2920 > 192.168.2.35.22: S 1250426840:1250426840(0) win 5840 <mss 1452,sackOK,timestamp 19950551[|tcp]> (DF)
Nov 07 07:10:42.233632 rule 5/(match) pass in on re1: 64.22.121.236.3007 > 192.168.2.35.22: S 1255669029:1255669029(0) win 5840 <mss 1452,sackOK,timestamp 19950700[|tcp]> (DF)
Nov 07 07:10:43.701936 rule 5/(match) pass in on re1: 64.22.121.236.3851 > 192.168.2.35.22: S 1248760948:1248760948(0) win 5840 <mss 1452,sackOK,timestamp 19950834[|tcp]> (DF)
Nov 07 07:10:45.495657 rule 5/(match) pass in on re1: 64.22.121.236.4655 > 192.168.2.35.22: S 1259618502:1259618502(0) win 5840 <mss 1452,sackOK,timestamp 19951014[|tcp]> (DF)
Nov 07 07:10:50.953095 rule 5/(match) pass in on re1: 64.22.121.236.1386 > 192.168.2.35.22: S 1264299783:1264299783(0) win 5840 <mss 1452,sackOK,timestamp 19951560[|tcp]> (DF)
Nov 07 07:10:55.587739 rule 5/(match) pass in on re1: 64.22.121.236.2891 > 192.168.2.35.22: S 1258473349:1258473349(0) win 5840 <mss 1452,sackOK,timestamp 19952026[|tcp]> (DF)
Nov 07 07:10:56.957815 rule 5/(match) pass in on re1: 64.22.121.236.3908 > 192.168.2.35.22: S 1259575926:1259575926(0) win 5840 <mss 1452,sackOK,timestamp 19952172[|tcp]> (DF)
Nov 07 07:10:58.416930 rule 5/(match) pass in on re1: 64.22.121.236.4142 > 192.168.2.35.22: S 1266540649:1266540649(0) win 5840 <mss 1452,sackOK,timestamp 19952318[|tcp]> (DF)
Nov 07 07:10:59.951526 rule 5/(match) pass in on re1: 64.22.121.236.4664 > 192.168.2.35.22: S 1270892702:1270892702(0) win 5840 <mss 1452,sackOK,timestamp 19952455[|tcp]> (DF)
Nov 07 07:11:01.145816 rule 5/(match) pass in on re1: 64.22.121.236.1252 > 192.168.2.35.22: S 1263378421:1263378421(0) win 5840 <mss 1452,sackOK,timestamp 19952590[|tcp]> (DF)
Nov 07 07:11:02.214093 rule 5/(match) pass in on re1: 64.22.121.236.1646 > 192.168.2.35.22: S 1278393463:1278393463(0) win 5840 <mss 1452,sackOK,timestamp 19952698[|tcp]> (DF)
Nov 07 07:11:03.202329 rule 5/(match) pass in on re1: 64.22.121.236.2265 > 192.168.2.35.22: S 1273286240:1273286240(0) win 5840 <mss 1452,sackOK,timestamp 19952797[|tcp]> (DF)
Nov 07 07:11:04.150634 rule 5/(match) pass in on re1: 64.22.121.236.2513 > 192.168.2.35.22: S 1274190728:1274190728(0) win 5840 <mss 1452,sackOK,timestamp 19952892[|tcp]> (DF)
Nov 07 07:11:05.124843 rule 5/(match) pass in on re1: 64.22.121.236.2583 > 192.168.2.35.22: S 1279506407:1279506407(0) win 5840 <mss 1452,sackOK,timestamp 19952989[|tcp]> (DF)
Nov 07 07:11:06.104262 rule 5/(match) pass in on re1: 64.22.121.236.2800 > 192.168.2.35.22: S 1281496357:1281496357(0) win 5840 <mss 1452,sackOK,timestamp 19953087[|tcp]> (DF)
Nov 07 07:11:07.120700 rule 5/(match) pass in on re1: 64.22.121.236.3311 > 192.168.2.35.22: S 1275540060:1275540060(0) win 5840 <mss 1452,sackOK,timestamp 19953189[|tcp]> (DF)
Nov 07 07:11:08.083507 rule 5/(match) pass in on re1: 64.22.121.236.3635 > 192.168.2.35.22: S 1283223607:1283223607(0) win 5840 <mss 1452,sackOK,timestamp 19953285[|tcp]> (DF)
Nov 07 07:11:09.043497 rule 5/(match) pass in on re1: 64.22.121.236.3715 > 192.168.2.35.22: S 1284996416:1284996416(0) win 5840 <mss 1452,sackOK,timestamp 19953381[|tcp]> (DF)
Nov 07 07:11:10.457684 rule 5/(match) pass in on re1: 64.22.121.236.4033 > 192.168.2.35.22: S 1280696264:1280696264(0) win 5840 <mss 1452,sackOK,timestamp 19953523[|tcp]> (DF)
Nov 07 07:11:11.925352 rule 5/(match) pass in on re1: 64.22.121.236.4840 > 192.168.2.35.22: S 1287112027:1287112027(0) win 5840 <mss 1452,sackOK,timestamp 19953669[|tcp]> (DF)
Nov 07 07:11:12.911843 rule 5/(match) pass in on re1: 64.22.121.236.1058 > 192.168.2.35.22: S 1281649657:1281649657(0) win 5840 <mss 1452,sackOK,timestamp 19953768[|tcp]> (DF)
Nov 07 07:11:13.904744 rule 5/(match) pass in on re1: 64.22.121.236.1298 > 192.168.2.35.22: S 1287151480:1287151480(0) win 5840 <mss 1452,sackOK,timestamp 19953864[|tcp]> (DF)
Nov 07 07:11:23.887341 rule 5/(match) pass in on re1: 64.22.121.236.1880 > 192.168.2.35.22: S 1282871842:1282871842(0) win 5840 <mss 1452,sackOK,timestamp 19954865[|tcp]> (DF)
Nov 07 07:11:26.936965 rule 3/(match) block in on re1: 64.22.121.236.1880 > 192.168.2.35.22: . ack 3058872376 win 730 <nop,nop,timestamp 19955170 3318047523,[|tcp]> (DF)
Nov 07 07:11:27.899142 rule 3/(match) block in on re1: 64.22.121.236.1880 > 192.168.2.35.22: F 4294967295:4294967295(0) ack 1 win 730 <nop,nop,timestamp 19955267 3318047523> (DF)
Nov 07 07:11:31.339815 rule 3/(match) block in on re1: 64.22.121.236.1880 > 192.168.2.35.22: F 4294967295:4294967295(0) ack 1 win 730 <nop,nop,timestamp 19955611 3318047523> (DF)
Nov 07 07:11:32.936528 rule 3/(match) block in on re1: 64.22.121.236.1880 > 192.168.2.35.22: . ack 1 win 730 <nop,nop,timestamp 19955770 3318047535,[|tcp]> (DF)
Nov 07 07:11:38.220888 rule 3/(match) block in on re1: 64.22.121.236.1880 > 192.168.2.35.22: F 4294967295:4294967295(0) ack 1 win 730 <nop,nop,timestamp 19956299 3318047535> (DF)
Nov 07 07:11:44.936830 rule 3/(match) block in on re1: 64.22.121.236.1880 > 192.168.2.35.22: . ack 1 win 730 <nop,nop,timestamp 19956970 3318047559,[|tcp]> (DF)
Nov 07 07:11:51.973942 rule 3/(match) block in on re1: 64.22.121.236.1880 > 192.168.2.35.22: F 4294967295:4294967295(0) ack 1 win 730 <nop,nop,timestamp 19957675 3318047559> (DF)
Nov 07 07:12:08.936237 rule 3/(match) block in on re1: 64.22.121.236.1880 > 192.168.2.35.22: . ack 1 win 730 <nop,nop,timestamp 19959370 3318047607,[|tcp]> (DF)
Nov 07 07:12:19.498240 rule 3/(match) block in on re1: 64.22.121.236.1880 > 192.168.2.35.22: F 4294967295:4294967295(0) ack 1 win 730 <nop,nop,timestamp 19960427 3318047607> (DF)
Nov 07 07:13:14.538033 rule 3/(match) block in on re1: 64.22.121.236.1880 > 192.168.2.35.22: F 4294967295:4294967295(0) ack 1 win 730 <nop,nop,timestamp 19965931 3318047607> (DF)
Nov 07 07:17:44.780579 rule 3/(match) block in on re1: 64.22.121.236.1880 > 192.168.2.35.22: R 1282871844:1282871844(0) win 730
Nov 07 23:25:14.643367 rule 5/(match) pass in on re1: 192.168.1.32.2569 > 192.168.2.35.22: S 2181540123:2181540123(0) win 32768 <mss 1460,nop,nop,sackOK> (DF)
Nov 08 05:12:54.993978 rule 5/(match) pass in on re1: 59.56.174.253.40044 > 192.168.2.35.22: S 4244181120:4244181120(0) win 5840 <mss 1452,sackOK,timestamp 1134551432[|tcp]> (DF)
Nov 08 05:14:46.311540 rule 5/(match) pass in on re1: 59.56.174.253.50788 > 192.168.2.35.22: S 84528599:84528599(0) win 5840 <mss 1452,sackOK,timestamp 1134662756[|tcp]> (DF)
Nov 08 05:14:48.753275 rule 5/(match) pass in on re1: 59.56.174.253.51168 > 192.168.2.35.22: S 92609502:92609502(0) win 5840 <mss 1452,sackOK,timestamp 1134665213[|tcp]> (DF)
Nov 08 05:14:49.337424 rule 5/(match) pass in on re1: 59.56.174.253.51783 > 192.168.2.35.22: S 80539534:80539534(0) win 5840 <mss 1452,sackOK,timestamp 1134665782[|tcp]> (DF)
Nov 08 05:14:51.096107 rule 5/(match) pass in on re1: 59.56.174.253.52017 > 192.168.2.35.22: S 86229490:86229490(0) win 5840 <mss 1452,sackOK,timestamp 1134667541[|tcp]> (DF)
Nov 08 05:14:51.772377 rule 5/(match) pass in on re1: 59.56.174.253.52120 > 192.168.2.35.22: S 84925677:84925677(0) win 5840 <mss 1452,sackOK,timestamp 1134668233[|tcp]> (DF)
Nov 08 05:14:52.348867 rule 5/(match) pass in on re1: 59.56.174.253.52237 > 192.168.2.35.22: S 88007452:88007452(0) win 5840 <mss 1452,sackOK,timestamp 1134668809[|tcp]> (DF)
Nov 08 05:14:53.548743 rule 5/(match) pass in on re1: 59.56.174.253.52491 > 192.168.2.35.22: S 90967947:90967947(0) win 5840 <mss 1452,sackOK,timestamp 1134669993[|tcp]> (DF)
Nov 08 05:14:54.695643 rule 5/(match) pass in on re1: 59.56.174.253.53153 > 192.168.2.35.22: S 96673357:96673357(0) win 5840 <mss 1452,sackOK,timestamp 1134671141[|tcp]> (DF)
Nov 08 05:14:55.059984 rule 5/(match) pass in on re1: 59.56.174.253.53224 > 192.168.2.35.22: S 88536616:88536616(0) win 5840 <mss 1452,sackOK,timestamp 1134671505[|tcp]> (DF)
Nov 08 05:14:55.375149 rule 5/(match) pass in on re1: 59.56.174.253.53320 > 192.168.2.35.22: S 94582880:94582880(0) win 5840 <mss 1452,sackOK,timestamp 1134671836[|tcp]> (DF)
Nov 08 05:14:56.008058 rule 5/(match) pass in on re1: 59.56.174.253.53404 > 192.168.2.35.22: S 99697456:99697456(0) win 5840 <mss 1452,sackOK,timestamp 1134672452[|tcp]> (DF)
Nov 08 05:14:57.169008 rule 5/(match) pass in on re1: 59.56.174.253.53581 > 192.168.2.35.22: S 100785768:100785768(0) win 5840 <mss 1452,sackOK,timestamp 1134673613[|tcp]> (DF)
Nov 08 05:14:57.527534 rule 5/(match) pass in on re1: 59.56.174.253.53656 > 192.168.2.35.22: S 95021526:95021526(0) win 5840 <mss 1452,sackOK,timestamp 1134673972[|tcp]> (DF)
Nov 08 05:14:57.712059 rule 5/(match) pass in on re1: 59.56.174.253.53677 > 192.168.2.35.22: S 94233592:94233592(0) win 5840 <mss 1452,sackOK,timestamp 1134674172[|tcp]> (DF)
Nov 08 05:14:58.412308 rule 5/(match) pass in on re1: 59.56.174.253.53905 > 192.168.2.35.22: S 96039210:96039210(0) win 5840 <mss 1452,sackOK,timestamp 1134674873[|tcp]> (DF)
Nov 08 05:14:59.610154 rule 5/(match) pass in on re1: 59.56.174.253.54609 > 192.168.2.35.22: S 93318301:93318301(0) win 5840 <mss 1452,sackOK,timestamp 1134676071[|tcp]> (DF)
Nov 08 05:15:00.032135 rule 5/(match) pass in on re1: 59.56.174.253.54692 > 192.168.2.35.22: S 94169980:94169980(0) win 5840 <mss 1452,sackOK,timestamp 1134676493[|tcp]> (DF)
Nov 08 05:15:00.041720 rule 5/(match) pass in on re1: 59.56.174.253.54690 > 192.168.2.35.22: S 92780332:92780332(0) win 5840 <mss 1452,sackOK,timestamp 1134676487[|tcp]> (DF)
Nov 08 05:15:00.054159 rule 5/(match) pass in on re1: 59.56.174.253.54695 > 192.168.2.35.22: S 91830892:91830892(0) win 5840 <mss 1452,sackOK,timestamp 1134676514[|tcp]> (DF)
Nov 08 05:15:00.767867 rule 5/(match) pass in on re1: 59.56.174.253.54818 > 192.168.2.35.22: S 106413972:106413972(0) win 5840 <mss 1452,sackOK,timestamp 1134677213[|tcp]> (DF)
Nov 08 05:15:01.447224 rule 5/(match) pass in on re1: 59.56.174.253.54964 > 192.168.2.35.22: S 95270778:95270778(0) win 5840 <mss 1452,sackOK,timestamp 1134677908[|tcp]> (DF)
Nov 08 05:15:01.964789 rule 5/(match) pass in on re1: 59.56.174.253.55674 > 192.168.2.35.22: S 102134276:102134276(0) win 5840 <mss 1452,sackOK,timestamp 1134678424[|tcp]> (DF)
Nov 08 05:15:02.473287 rule 5/(match) pass in on re1: 59.56.174.253.55764 > 192.168.2.35.22: S 105126951:105126951(0) win 5840 <mss 1452,sackOK,timestamp 1134678933[|tcp]> (DF)
Nov 08 05:15:02.495445 rule 5/(match) pass in on re1: 59.56.174.253.55765 > 192.168.2.35.22: S 99185094:99185094(0) win 5840 <mss 1452,sackOK,timestamp 1134678941[|tcp]> (DF)
Nov 08 05:15:02.530656 rule 5/(match) pass in on re1: 59.56.174.253.55771 > 192.168.2.35.22: S 103882157:103882157(0) win 5840 <mss 1452,sackOK,timestamp 1134678992[|tcp]> (DF)
Nov 08 05:15:03.796134 rule 5/(match) pass in on re1: 59.56.174.253.56082 > 192.168.2.35.22: S 99346508:99346508(0) win 5840 <mss 1452,sackOK,timestamp 1134680242[|tcp]> (DF)
Nov 08 05:15:04.812681 rule 5/(match) pass in on re1: 59.56.174.253.56769 > 192.168.2.35.22: S 111039818:111039818(0) win 5840 <mss 1452,sackOK,timestamp 1134681272[|tcp]> (DF)
Nov 08 05:15:04.845898 rule 5/(match) pass in on re1: 59.56.174.253.56775 > 192.168.2.35.22: S 108402886:108402886(0) win 5840 <mss 1452,sackOK,timestamp 1134681306[|tcp]> (DF)
Nov 08 05:15:04.949813 rule 5/(match) pass in on re1: 59.56.174.253.56784 > 192.168.2.35.22: S 106036995:106036995(0) win 5840 <mss 1452,sackOK,timestamp 1134681393[|tcp]> (DF)
Nov 08 05:15:05.647879 rule 5/(match) pass in on re1: 59.56.174.253.56912 > 192.168.2.35.22: S 97436324:97436324(0) win 5840 <mss 1452,sackOK,timestamp 1134682094[|tcp]> (DF)
Nov 08 05:15:06.326859 rule 5/(match) pass in on re1: 59.56.174.253.57634 > 192.168.2.35.22: S 113006824:113006824(0) win 5840 <mss 1452,sackOK,timestamp 1134682788[|tcp]> (DF)
Nov 08 05:15:06.336869 rule 5/(match) pass in on re1: 59.56.174.253.57631 > 192.168.2.35.22: S 112086958:112086958(0) win 5840 <mss 1452,sackOK,timestamp 1134682781[|tcp]> (DF)
Nov 08 05:15:07.196461 rule 5/(match) pass in on re1: 59.56.174.253.57781 > 192.168.2.35.22: S 101896788:101896788(0) win 5840 <mss 1452,sackOK,timestamp 1134683656[|tcp]> (DF)
Nov 08 05:15:07.237978 rule 5/(match) pass in on re1: 59.56.174.253.57786 > 192.168.2.35.22: S 102680354:102680354(0) win 5840 <mss 1452,sackOK,timestamp 1134683684[|tcp]> (DF)
Nov 08 05:15:07.407858 rule 5/(match) pass in on re1: 59.56.174.253.57829 > 192.168.2.35.22: S 100569318:100569318(0) win 5840 <mss 1452,sackOK,timestamp 1134683853[|tcp]> (DF)
Nov 08 05:15:08.091690 rule 5/(match) pass in on re1: 59.56.174.253.57944 > 192.168.2.35.22: S 109043939:109043939(0) win 5840 <mss 1452,sackOK,timestamp 1134684553[|tcp]> (DF)
Nov 08 05:15:08.699513 rule 5/(match) pass in on re1: 59.56.174.253.58139 > 192.168.2.35.22: S 110165627:110165627(0) win 5840 <mss 1452,sackOK,timestamp 1134685146[|tcp]> (DF)
Nov 08 05:15:09.544910 rule 5/(match) pass in on re1: 59.56.174.253.58805 > 192.168.2.35.22: S 112628439:112628439(0) win 5840 <mss 1452,sackOK,timestamp 1134686005[|tcp]> (DF)
Nov 08 05:15:09.729764 rule 5/(match) pass in on re1: 59.56.174.253.58821 > 192.168.2.35.22: S 108137205:108137205(0) win 5840 <mss 1452,sackOK,timestamp 1134686174[|tcp]> (DF)
Nov 08 05:15:09.869382 rule 5/(match) pass in on re1: 59.56.174.253.58843 > 192.168.2.35.22: S 104645639:104645639(0) win 5840 <mss 1452,sackOK,timestamp 1134686314[|tcp]> (DF)
Nov 08 05:15:10.434289 rule 5/(match) pass in on re1: 59.56.174.253.58945 > 192.168.2.35.22: S 103337023:103337023(0) win 5840 <mss 1452,sackOK,timestamp 1134686894[|tcp]> (DF)
Nov 08 05:15:11.172047 rule 5/(match) pass in on re1: 59.56.174.253.59078 > 192.168.2.35.22: S 108450516:108450516(0) win 5840 <mss 1452,sackOK,timestamp 1134687617[|tcp]> (DF)
Nov 08 05:15:11.296172 rule 5/(match) pass in on re1: 59.56.174.253.59691 > 192.168.2.35.22: S 114704682:114704682(0) win 5840 <mss 1452,sackOK,timestamp 1134687741[|tcp]> (DF)
Nov 08 05:15:11.900449 rule 5/(match) pass in on re1: 59.56.174.253.59786 > 192.168.2.35.22: S 110185814:110185814(0) win 5840 <mss 1452,sackOK,timestamp 1134688347[|tcp]> (DF)
Nov 08 05:15:12.197833 rule 5/(match) pass in on re1: 59.56.174.253.59840 > 192.168.2.35.22: S 103193189:103193189(0) win 5840 <mss 1452,sackOK,timestamp 1134688643[|tcp]> (DF)
Nov 08 05:15:12.340072 rule 5/(match) pass in on re1: 59.56.174.253.59881 > 192.168.2.35.22: S 113648763:113648763(0) win 5840 <mss 1452,sackOK,timestamp 1134688785[|tcp]> (DF)
Nov 08 05:15:12.812991 rule 5/(match) pass in on re1: 59.56.174.253.59966 > 192.168.2.35.22: S 114157727:114157727(0) win 5840 <mss 1452,sackOK,timestamp 1134689259[|tcp]> (DF)
Nov 08 05:15:13.736653 rule 5/(match) pass in on re1: 59.56.174.253.60198 > 192.168.2.35.22: S 120151620:120151620(0) win 5840 <mss 1452,sackOK,timestamp 1134690198[|tcp]> (DF)
Nov 08 05:15:14.353344 rule 5/(match) pass in on re1: 59.56.174.253.60839 > 192.168.2.35.22: S 116330000:116330000(0) win 5840 <mss 1452,sackOK,timestamp 1134690815[|tcp]> (DF)
Nov 08 05:15:14.691305 rule 5/(match) pass in on re1: 59.56.174.253.60887 > 192.168.2.35.22: S 119861306:119861306(0) win 5840 <mss 1452,sackOK,timestamp 1134691136[|tcp]> (DF)
Nov 08 05:15:14.809309 rule 5/(match) pass in on re1: 59.56.174.253.60901 > 192.168.2.35.22: S 110154014:110154014(0) win 5840 <mss 1452,sackOK,timestamp 1134691254[|tcp]> (DF)
Nov 08 05:15:15.112249 rule 3/(match) block in on re1: 59.56.174.253.60951 > 192.168.2.35.22: S 115064681:115064681(0) win 5840 <mss 1452,sackOK,timestamp 1134691574[|tcp]> (DF)
Nov 08 05:15:15.278404 rule 3/(match) block in on re1: 59.56.174.253.60969 > 192.168.2.35.22: S 108717270:108717270(0) win 5840 <mss 1452,sackOK,timestamp 1134691724[|tcp]> (DF)
Nov 08 05:15:16.705805 rule 3/(match) block in on re1: 59.56.174.253.33586 > 192.168.2.35.22: S 113883352:113883352(0) win 5840 <mss 1452,sackOK,timestamp 1134693152[|tcp]> (DF)
Nov 08 05:15:17.185000 rule 3/(match) block in on re1: 59.56.174.253.33662 > 192.168.2.35.22: S 122848836:122848836(0) win 5840 <mss 1452,sackOK,timestamp 1134693630[|tcp]> (DF)
Nov 08 05:15:18.112267 rule 3/(match) block in on re1: 59.56.174.253.60951 > 192.168.2.35.22: S 115064681:115064681(0) win 5840 <mss 1452,sackOK,timestamp 1134694574[|tcp]> (DF)
Nov 08 05:15:18.277218 rule 3/(match) block in on re1: 59.56.174.253.60969 > 192.168.2.35.22: S 108717270:108717270(0) win 5840 <mss 1452,sackOK,timestamp 1134694724[|tcp]> (DF)
Nov 08 05:15:19.065880 rule 3/(match) block in on re1: 59.56.174.253.34085 > 192.168.2.35.22: S 119793426:119793426(0) win 5840 <mss 1452,sackOK,timestamp 1134695513[|tcp]> (DF)
Nov 08 05:15:19.705294 rule 3/(match) block in on re1: 59.56.174.253.33586 > 192.168.2.35.22: S 113883352:113883352(0) win 5840 <mss 1452,sackOK,timestamp 1134696152[|tcp]> (DF)
Nov 08 05:15:20.183305 rule 3/(match) block in on re1: 59.56.174.253.33662 > 192.168.2.35.22: S 122848836:122848836(0) win 5840 <mss 1452,sackOK,timestamp 1134696630[|tcp]> (DF)
Nov 08 05:15:22.066161 rule 3/(match) block in on re1: 59.56.174.253.34085 > 192.168.2.35.22: S 119793426:119793426(0) win 5840 <mss 1452,sackOK,timestamp 1134698513[|tcp]> (DF)
Nov 08 05:15:24.043801 rule 3/(match) block in on re1: 59.56.174.253.60901 > 192.168.2.35.22: . ack 4019545409 win 5840 <nop,nop,timestamp 1134700491 4095233593,[|tcp]> (DF)
Nov 08 05:15:24.111664 rule 3/(match) block in on re1: 59.56.174.253.60951 > 192.168.2.35.22: S 115064681:115064681(0) win 5840 <mss 1452,sackOK,timestamp 1134700574[|tcp]> (DF)
Nov 08 05:15:24.277015 rule 3/(match) block in on re1: 59.56.174.253.60969 > 192.168.2.35.22: S 108717270:108717270(0) win 5840 <mss 1452,sackOK,timestamp 1134700724[|tcp]> (DF)
Nov 08 05:15:24.808747 rule 3/(match) block in on re1: 59.56.174.253.60901 > 192.168.2.35.22: F 0:0(0) ack 1 win 5840 <nop,nop,timestamp 1134701256 4095233593> (DF)
Nov 08 05:15:25.604842 rule 3/(match) block in on re1: 59.56.174.253.60901 > 192.168.2.35.22: F 0:0(0) ack 1 win 5840 <nop,nop,timestamp 1134702052 4095233593> (DF)
Nov 08 05:15:25.704737 rule 3/(match) block in on re1: 59.56.174.253.33586 > 192.168.2.35.22: S 113883352:113883352(0) win 5840 <mss 1452,sackOK,timestamp 1134702152[|tcp]> (DF)
Nov 08 05:15:26.183089 rule 3/(match) block in on re1: 59.56.174.253.33662 > 192.168.2.35.22: S 122848836:122848836(0) win 5840 <mss 1452,sackOK,timestamp 1134702630[|tcp]> (DF)
Nov 08 05:15:27.196719 rule 3/(match) block in on re1: 59.56.174.253.60901 > 192.168.2.35.22: F 0:0(0) ack 1 win 5840 <nop,nop,timestamp 1134703644 4095233593> (DF)
Nov 08 05:15:28.065691 rule 3/(match) block in on re1: 59.56.174.253.34085 > 192.168.2.35.22: S 119793426:119793426(0) win 5840 <mss 1452,sackOK,timestamp 1134704513[|tcp]> (DF)
Nov 08 05:15:30.380410 rule 3/(match) block in on re1: 59.56.174.253.60901 > 192.168.2.35.22: F 0:0(0) ack 1 win 5840 <nop,nop,timestamp 1134706828 4095233593> (DF)
Nov 08 05:15:36.043622 rule 3/(match) block in on re1: 59.56.174.253.60901 > 192.168.2.35.22: . ack 1 win 5840 <nop,nop,timestamp 1134712492 4095233617,[|tcp]> (DF)
Nov 08 05:15:36.747969 rule 3/(match) block in on re1: 59.56.174.253.60901 > 192.168.2.35.22: F 0:0(0) ack 1 win 5840 <nop,nop,timestamp 1134713196 4095233617> (DF)
Nov 08 05:15:49.483301 rule 3/(match) block in on re1: 59.56.174.253.60901 > 192.168.2.35.22: F 0:0(0) ack 1 win 5840 <nop,nop,timestamp 1134725932 4095233617> (DF)
Nov 08 05:16:00.043983 rule 3/(match) block in on re1: 59.56.174.253.60901 > 192.168.2.35.22: . ack 1 win 5840 <nop,nop,timestamp 1134736493 4095233665,[|tcp]> (DF)
Nov 08 05:16:14.953584 rule 3/(match) block in on re1: 59.56.174.253.60901 > 192.168.2.35.22: F 0:0(0) ack 1 win 5840 <nop,nop,timestamp 1134751404 4095233665> (DF)
Nov 08 05:17:05.894327 rule 3/(match) block in on re1: 59.56.174.253.60901 > 192.168.2.35.22: F 0:0(0) ack 1 win 5840 <nop,nop,timestamp 1134802348 4095233665> (DF)
Nov 08 05:18:47.775912 rule 3/(match) block in on re1: 59.56.174.253.60901 > 192.168.2.35.22: F 0:0(0) ack 1 win 5840 <nop,nop,timestamp 1134904236 4095233665> (DF)
Nov 08 05:19:53.771641 rule 3/(match) block in on re1: 59.56.174.253.60951 > 192.168.2.35.22: R 115064682:115064682(0) win 5840
Nov 08 05:19:53.772050 rule 3/(match) block in on re1: 59.56.174.253.60969 > 192.168.2.35.22: R 108717271:108717271(0) win 5840
Nov 08 05:19:53.772435 rule 3/(match) block in on re1: 59.56.174.253.33586 > 192.168.2.35.22: R 113883353:113883353(0) win 5840
Nov 08 05:19:57.771507 rule 3/(match) block in on re1: 59.56.174.253.33662 > 192.168.2.35.22: R 122848837:122848837(0) win 5840
Nov 08 05:19:57.771967 rule 3/(match) block in on re1: 59.56.174.253.34085 > 192.168.2.35.22: R 119793427:119793427(0) win 5840
Nov 08 05:23:17.765219 rule 3/(match) block in on re1: 59.56.174.253.60901 > 192.168.2.35.22: R 110154016:110154016(0) win 5840
Nov 08 06:34:48.363513 rule 5/(match) pass in on re1: 150.188.85.228.53774 > 192.168.2.35.22: S 1700239561:1700239561(0) win 5840 <mss 1452,sackOK,timestamp 122924254[|tcp]> (DF)
......
