FireGen for Pix Log Analysis Report

Altair Technologies - "sample" firewall log analysis for the period
Thu Mar 11 00:00:00 2004 to Thu Mar 11 23:59:59 2004

FirewallSectionsFirst messageLast message
172.17.1.15  Summary Message types Message Details Protocols Traffic Denials VPN,IDS,Management 03/11/04 00:00:31 03/11/04 18:01:05

-
Research links: - Go to top
TCP/IP Protocol
PIX/FWSM message code
Whois
Latest Pix logs analysis recommendations
Altair Technologies Support Forums
Send your comments or suggestions to the FireGen developers!
 
Glossary
Analysis performance
-
Keywords: - Go to top
Keywords to include
Not configured
Keywords to exclude
Not configured
-
Analyzed logs: - Go to top
Analyzed log(s) Log size (kb) Log entries Log type
C:\Program Files\FireGenPix2\Sample\syslog-2004-03-11.log 1,889.86 10,784 Comma separated with no firewall time stamp (0)
-
Summary for the 172.17.1.15 firewall. : - Go to top
Level Severity Description Total
1 Alert Immediate action needed 0
2 Critical Critical condition 1
3 Error Error condition 365
4 Warning Warning condition 4
5 Notification Normal but significant condition 754
6 Informational Informational message only 9,657
7 Debugging Appears during debugging only 1
    Total 10,782

-
Message types distribution for the 172.17.1.15 firewall. : - Go to top
No Code Total Example
1 2-106017 1 Deny IP due to Land Attack from 64.53.150.209 to 209.161.200.227
2 3-106011 363 Deny inbound (No xlate) udp src outside:61.221.171.82/3273 dst outside:209.161.200.230/1434
3 3-315004 2 Fail to establish SSH session because PIX RSA host key retrieval failed.
4 4-106023 2 Deny tcp src inside:172.17.1.102/4177 dst outside:69.6.57.7/80 by access-group "acl_inbound"
5 4-400013 1 IDS:2003 ICMP redirect from 64.53.150.209 to 192.168.1.1 on interface outside
6 4-400032 1 IDS:4051 UDP Snork attack from 64.53.150.209 to 192.168.1.1 on interface outside
7 5-111001 2 Begin configuration: 172.17.1.102 writing to memory
8 5-111004 2 172.17.1.102 end configuration: OK
9 5-111005 2 console end configuration: OK
10 5-111007 8 Begin configuration: console reading from terminal
11 5-304001 740 172.17.1.70 Accessed URL 65.54.194.117:/ADSAdClient31.dll?GetAd?PG=NBCHIA?AP=?TF=_blank
12 6-106015 248 Deny TCP (no connection) from 208.254.18.131/80 to 209.161.200.226/42436 flags ACK on interface outside
13 6-109005 1 Authentication succeeded for user 'jmoore' from 209.161.200.235/0 to 0.0.0.0/0 on interface IKE-XAUTH
14 6-109011 1 Authen Session Start: user 'jmoore', sid 3
15 6-302001 1,645 Built outbound TCP connection 364050 for faddr 65.54.194.117/80 gaddr 209.161.200.226/42445 laddr 172.17.1.70/2722
16 6-302002 1,646 Teardown TCP connection 364041 faddr 64.14.131.71/80 gaddr 209.161.200.226/42439 laddr 172.17.1.70/2711 duration 0:00:51 bytes 6842 (TCP Reset-I)
17 6-302005 1,194 Built UDP connection for faddr 207.136.100.40/7097 gaddr 209.161.200.226/37745 laddr 172.17.1.40/1035
18 6-302006 1,186 Teardown UDP connection for faddr 207.136.100.40/7097 gaddr 209.161.200.226/37745 laddr 172.17.1.40/1035
19 6-302010 107 6 in use, 114 most used
20 6-303002 39 172.17.1.102 Retrieved 205.227.137.57:delta.ini
21 6-305001 1,792 Portmapped translation built for gaddr 209.161.200.226/42447 laddr 172.17.1.70/2731
22 6-305004 1,779 Teardown portmap translation for global 209.161.200.226/42445 local 172.17.1.70/2722
23 6-307002 6 Permitted Telnet login session from 172.17.1.102
24 6-315002 1 Permitted SSH session from 172.17.1.102 on interface inside for user "pix"
25 6-315003 2 SSH login session failed from 172.17.1.102 (3 attempts) on interface inside by user ""
26 6-315011 5 SSH session from 172.17.1.102 on interface inside for user "pix" terminated normally
27 6-602301 2 sa created, (sa) sa_dest= 209.161.200.235, sa_prot= 50, sa_spi= 0xa6afc495(2796536981), sa_trans= esp-des esp-md5-hmac , sa_conn_id= 9
28 6-602302 3 deleting SA, (sa) sa_dest= 209.161.200.235, sa_prot= 50, sa_spi= 0x3de88ffc(1038651388), sa_trans= esp-des esp-md5-hmac , sa_conn_id= 2
29 7-702301 1 lifetime expiring, (sa) sa_dest= 209.161.200.226, sa_prot= 50, sa_spi= 0x21a09f69(564174697), sa_trans= esp-des esp-md5-hmac , sa_conn_id= 1, (identity) local= 209.161.200.226, remote= 209.161.200.235, local_proxy

-
Protocol statistics for the 172.17.1.15 firewall: - Go to top
-
Web traffic (HTTP/HTTPS) - Top 50 internal users (outbound connections) for the 172.17.1.15 firewall: - Go to top
No Source IP Source Host Destination IP Destination Host Connections Comments
1 172.17.1.102   65.54.244.253   85  
2 172.17.1.70   212.58.240.142 www42.thny.bbc.co.uk 64  
3 172.17.1.102   64.4.241.32 www.paypal.com 55 HTTPS 
4 172.17.1.102   63.236.14.21 h21.ip.musicmatch.com 42  
5 172.17.1.102   208.223.219.206 www.charter.com 37  
6 172.17.1.102   216.220.63.73 73.63.220-216.q9.net 34 HTTPS 
7 172.17.1.102   69.28.154.140   29  
8 172.17.1.70   212.58.240.131 www31.thny.bbc.co.uk 29  
9 172.17.1.70   212.58.240.38 www8.thny.bbc.co.uk 25  
10 172.17.1.102   63.236.14.37 h37.ip.musicmatch.com 24  
11 172.17.1.102   212.58.240.144 www44.thny.bbc.co.uk 23  
12 172.17.1.102   64.4.60.7 dav.bay0.hotmail.com 23  
13 172.17.1.70   62.189.244.254   22  
14 172.17.1.70   207.61.132.8   19  
15 172.17.1.70   199.246.67.114 adcounter.globeandmail.com 16  
16 172.17.1.102   207.69.130.52 webmail.atl.earthlink.net 15 HTTPS 
17 172.17.1.102   65.54.229.253 oe.bay110.hotmail.com 15  
18 172.17.1.70   199.246.67.210 stewie.theglobeandmail.com 14  
19 172.17.1.102   64.235.234.140 europa.lunarpages.com 13  
20 172.17.1.102   207.46.248.244 support2.microsoft.com 13  
21 172.17.1.70   199.239.137.245   11  
22 172.17.1.70   63.146.96.171 www.homeseekers.com 10  
23 172.17.1.70   216.52.17.116 112.2O7.net 10  
24 172.17.1.102   216.239.37.99   10  
25 172.17.1.102   66.163.175.128 data1.my.vip.sc5.yahoo.com 10  
26 172.17.1.102   216.52.17.118 102.112.2O7.net 9 HTTPS 
27 172.17.1.102   69.28.159.140 cdn-69-28-159-140.iad.llnw.net 9  
28 172.17.1.70   207.46.245.33 msnbcbusiness.com 9  
29 172.17.1.102   205.188.250.25 cb.icq.com 8  
30 172.17.1.102   207.68.172.249   7  
31 172.17.1.102   64.236.42.63   7  
32 172.17.1.70   12.130.12.31   6  
33 172.17.1.70   206.112.74.4   6  
34 172.17.1.102   64.236.40.55   6  
35 172.17.1.70   199.239.137.200   6  
36 172.17.1.70   209.68.10.225 masterview.ikonosnewmedia.com 6  
37 172.17.1.70   212.58.240.140 www40.thny.bbc.co.uk 6  
38 172.17.1.102   63.236.14.26 h26.ip.musicmatch.com 6  
39 172.17.1.102   63.236.14.12 h12.ip.musicmatch.com 6  
40 172.17.1.70   208.254.18.131   6  
41 172.17.1.102   207.68.173.243   5  
42 172.17.1.70   206.65.183.220   5  
43 172.17.1.102   64.12.174.121 ads.web.aol.com 5  
44 172.17.1.102   220.164.144.132   5  
45 172.17.1.70   63.215.124.60 unknown.Level3.net 5  
46 172.17.1.70   64.14.128.200   5  
47 172.17.1.102   64.236.16.246 edition2.cnn.com 5  
48 172.17.1.70   199.246.67.250 www.theglobeandmail.com 5  
49 172.17.1.70   209.11.106.40   5  
50 172.17.1.102   69.28.154.149   5  

-
Web traffic (HTTP/HTTPS) - Top 50 visited sites for the 172.17.1.15 firewall: - Go to top
No Web site IP Web site name HTTPS Count
1 65.54.244.253     85
2 212.58.240.142 www42.thny.bbc.co.uk   64
3 64.4.241.32 www.paypal.com Yes 55
4 63.236.14.21 h21.ip.musicmatch.com   42
5 208.223.219.206 www.charter.com   37
6 216.220.63.73 73.63.220-216.q9.net Yes 34
7 212.58.240.131 www31.thny.bbc.co.uk   29
8 69.28.154.140     29
9 62.189.244.254     25
10 212.58.240.38 www8.thny.bbc.co.uk   25
11 63.236.14.37 h37.ip.musicmatch.com   24
12 64.4.60.7 dav.bay0.hotmail.com   23
13 212.58.240.144 www44.thny.bbc.co.uk   23
14 207.61.132.8     19
15 199.246.67.114 adcounter.globeandmail.com   16
16 65.54.229.253 oe.bay110.hotmail.com   15
17 207.69.130.52 webmail.atl.earthlink.net Yes 15
18 199.246.67.210 stewie.theglobeandmail.com   14
19 64.235.234.140 europa.lunarpages.com   13
20 207.46.248.244 support2.microsoft.com   13
21 199.239.137.245     11
22 216.239.37.99     10
23 216.52.17.116 112.2O7.net   10
24 66.163.175.128 data1.my.vip.sc5.yahoo.com   10
25 63.146.96.171 www.homeseekers.com   10
26 69.28.159.140 cdn-69-28-159-140.iad.llnw.net   9
27 212.58.240.140 www40.thny.bbc.co.uk   9
28 207.46.245.33 msnbcbusiness.com   9
29 216.52.17.118 102.112.2O7.net Yes 9
30 205.188.250.25 cb.icq.com   8
31 207.68.172.249     7
32 64.236.42.63     7
33 199.239.137.200     6
34 208.254.18.131     6
35 63.236.14.12 h12.ip.musicmatch.com   6
36 63.236.14.26 h26.ip.musicmatch.com   6
37 64.236.40.55     6
38 12.130.12.31     6
39 209.68.10.225 masterview.ikonosnewmedia.com   6
40 206.112.74.4     6
41 220.164.144.132     5
42 199.246.67.250 www.theglobeandmail.com   5
43 207.68.173.243     5
44 63.215.124.60 unknown.Level3.net   5
45 64.14.128.200     5
46 206.65.183.220     5
47 64.12.174.121 ads.web.aol.com   5
48 69.28.154.149     5
49 209.11.106.40     5
50 64.236.16.246 edition2.cnn.com   5

-
Web traffic (HTTP/HTTPS) - Top 50 incoming connections for the 172.17.1.15 firewall: - Go to top
No Source IP Source Host Destination IP Destination Host Connections Comments
1 209.164.24.114 209.164.24.114.ptr.us.xo.net 172.17.1.40   1  
2 210.117.67.213   172.17.1.40   1  
3 66.194.6.70 66-194-6-70.gen.twtelecom.net 172.17.1.40   1  
-
Email (SMTP) - Top 50 outbound connections for the 172.17.1.15 firewall: - Go to top
No Source IP Source Host Destination IP Destination Host Connections Comments
1 172.17.1.40   65.182.142.112 cashrich.org 20  
2 172.17.1.40   69.50.208.107 mymail.magi.net 2  
3 172.17.1.40   208.213.162.21 office.net-works.com 2  
4 172.17.1.40   66.180.119.165   2  
5 172.17.1.40   129.7.104.60 uhdlx13.dt.uh.edu 1  
6 172.17.1.40   67.97.239.131 mail.ryanco.com 1  
7 172.17.1.40   212.113.20.197   1  
8 172.17.1.40   64.4.50.99 mail.hotmail.com 1  
9 172.17.1.40   66.185.95.98 esmtp-pre0707.bloor.is.net.cable.rogers.com 1  
10 172.17.1.40   216.200.145.35 sitemail.everyone.net 1  
11 172.17.1.40   216.93.166.122 216.93.166.122.hera.net 1  
12 172.17.1.102   64.235.234.140 europa.lunarpages.com 1  
13 172.17.1.40   216.92.192.163 qs666.pair.com 1  
14 172.17.1.40   65.39.203.11 mail.support1.net 1  
15 172.17.1.40   207.217.121.218 pop08.earthlink.net 1  
16 172.17.1.102   66.30.36.214 c-66-30-36-214.hsd1.ma.comcast.net 1  
17 172.17.1.40   199.181.134.14 webmailmta.go.com 1  
-
Email (SMTP) - Top 50 inbound connections for the 172.17.1.15 firewall: - Go to top
No Source IP Source Host Destination IP Destination Host Connections Comments
1 66.30.36.214 c-66-30-36-214.hsd1.ma.comcast.net 172.17.1.40   16  
2 66.31.242.140 c-66-31-242-140.hsd1.ma.comcast.net 172.17.1.40   12  
3 81.195.87.106   172.17.1.40   12  
4 24.5.248.156 c-24-5-248-156.hsd1.ca.comcast.net 172.17.1.40   12  
5 66.191.183.182 66-191-183-182.dhcp.spbg.sc.charter.com 172.17.1.40   12  
6 69.105.197.100 adsl-69-105-197-100.dsl.scrm01.pacbell.net 172.17.1.40   11  
7 64.4.240.67 smtp-outbound.nix.paypal.com 172.17.1.40   9  
8 67.97.239.131 mail.ryanco.com 172.17.1.40   6  
9 217.156.36.6   172.17.1.40   5  
10 216.5.163.55 data1.exhedra.com 172.17.1.40   5  
11 216.239.51.5 proxy.google.com 172.17.1.40   4  
12 82.38.206.222 82-38-206-222.cable.ubr05.shef.blueyonder.co.uk 172.17.1.40   4  
13 82.217.158.72 82-217-158-72.cable.quicknet.nl 172.17.1.40   4  
14 217.99.142.52 pc52.pila.cvx.ppp.tpnet.pl 172.17.1.40   4  
15 200.84.115.110 200-84-115-110.genericrev.cantv.net 172.17.1.40   4  
16 66.187.232.134 mail.rhn.redhat.com 172.17.1.40   3  
17 200.118.10.155 Dynamic-IP-cr20011810155.cable.net.co 172.17.1.40   3  
18 211.109.35.85   172.17.1.40   3  
19 24.201.158.13 modemcable013.158-201-24.mc.videotron.ca 172.17.1.40   3  
20 200.251.170.125 c8fbaa7d.bhz.virtua.com.br 172.17.1.40   3  
21 200.207.127.219 200-207-127-219.dsl.telesp.net.br 172.17.1.40   3  
22 24.173.135.234 rrcs-24-173-135-234.se.biz.rr.com 172.17.1.40   3  
23 200.213.211.19   172.17.1.40   3  
24 200.78.116.130 dsl-200-78-116-130.prod-infinitum.com.mx 172.17.1.40   3  
25 148.63.43.155 vsat-148-63-43-155.c001.g4.mrt.starband.net 172.17.1.40   3  
26 200.118.110.93 Static-IP-cr20011811093.cable.net.co 172.17.1.40   3  
27 200.207.7.86 200-207-7-86.dialdata.net.br 172.17.1.40   3  
28 68.90.242.25 adsl-68-90-242-25.dsl.hstntx.swbell.net 172.17.1.40   3  
29 200.206.168.235 200-206-168-235.dsl.telesp.net.br 172.17.1.40   3  
30 200.78.37.104 dsl-200-78-37-104.prod-infinitum.com.mx 172.17.1.40   3  
31 12.202.167.124 12-202-167-124.client.insightBB.com 172.17.1.40   3  
32 200.171.144.79 200-171-144-79.dsl.telesp.net.br 172.17.1.40   3  
33 65.222.14.154   172.17.1.40   3  
34 200.206.133.62 200-206-133-62.dsl.telesp.net.br 172.17.1.40   3  
35 200.207.164.53 200-207-164-53.dsl.telesp.net.br 172.17.1.40   3  
36 62.59.190.80   172.17.1.40   2  
37 206.54.145.20 mail-out.fnf.com 172.17.1.40   2  
38 64.4.240.74 smtp1.nix.paypal.com 172.17.1.40   2  
39 213.157.174.55   172.17.1.40   2  
40 64.4.240.75 smtp2.nix.paypal.com 172.17.1.40   2  
41 69.6.7.58 mx758.uu02.com 172.17.1.40   2  
42 66.98.86.167 167sdl30m51.codetel.net.do 172.17.1.40   2  
43 142.163.96.236 stjhnf0111w-142163096236.nl.aliant.net 172.17.1.40   2  
44 200.21.19.38   172.17.1.40   2  
45 200.60.225.35 client-200.60.225.35.speedy.net.pe 172.17.1.40   2  
46 217.160.106.138 monitorware.de 172.17.1.40   2  
47 216.0.195.51   172.17.1.40   2  
48 200.152.61.240 net-rede-61-240.urbi.com.br 172.17.1.40   2  
49 212.113.20.197   172.17.1.40   2  
50 68.123.227.173 adsl-68-123-227-173.dsl.irvnca.pacbell.net 172.17.1.40   2  
-
Email clients (POP3/IMAP) - Top 50 connections for the 172.17.1.15 firewall: - Go to top
No Source IP Source Host Destination IP Destination Host Protocol Connections Direction Comments
1 172.17.1.102   64.235.234.140 europa.lunarpages.com TCP/110 - pop3 51 out  
2 80.97.48.21 dev21.histria.ro 172.17.1.40   TCP/143 - imap 37 in  
3 69.19.34.66 dpc691934066.direcpc.com 172.17.1.40   TCP/143 - imap 35 in  
4 64.228.41.54 Toronto-ppp226571.sympatico.ca 172.17.1.40   TCP/143 - imap 12 in  
5 195.20.106.85   172.17.1.40   TCP/110 - pop3 11 in  
6 80.97.89.49   172.17.1.40   TCP/143 - imap 10 in  
7 217.19.7.89 net2-89.seanet.ro 172.17.1.40   TCP/143 - imap 3 in  
8 172.17.1.102   209.161.200.227 mx1.altairtech.ca TCP/143 - imap 1 out  
-
Custom protocol 1 - Gnutella (TCP/6346) - Top 50 connections for the 172.17.1.15 firewall: - Go to top
No Source IP Source Host Destination IP Destination Host Connections Direction Comments
No Gnutella connections recorded. Logging level 6 required for this type of information.
-
Custom protocol 2 - RDP (TCP/3389) - Top 50 connections for the 172.17.1.15 firewall: - Go to top
No Source IP Source Host Destination IP Destination Host Connections Direction Comments
No RDP connections recorded. Logging level 6 required for this type of information.
-
Custom protocol 3 - NetBIOS (UDP/137) - Top 50 connections for the 172.17.1.15 firewall: - Go to top
No Source IP Source Host Destination IP Destination Host Connections Direction Comments
1 83.25.249.115 ajp115.neoplus.adsl.tpnet.pl 209.161.200.227 mx1.altairtech.ca 1 denied  
2 62.11.207.71 ppp-62-11-207-71.dialup.tiscali.it 209.161.200.228 mx2.altairtech.ca 1 denied  
3 172.17.1.40   209.161.200.228 mx2.altairtech.ca 1 denied  
4 217.49.126.114   209.161.200.230   1 denied  
5 80.146.127.144 p50927F90.dip.t-dialin.net 209.161.200.227 mx1.altairtech.ca 1 denied  
6 200.100.97.15 200-100-97-15.dial-up.telesp.net.br 209.161.200.227 mx1.altairtech.ca 1 denied  
7 68.23.221.152 adsl-68-23-221-152.dsl.wotnoh.ameritech.net 209.161.200.230   1 denied  
8 80.146.127.144 p50927F90.dip.t-dialin.net 209.161.200.228 mx2.altairtech.ca 1 denied  
9 82.166.119.91 82-166-119-91.barak.net.il 209.161.200.227 mx1.altairtech.ca 1 denied  
10 218.85.40.111   209.161.200.227 mx1.altairtech.ca 1 denied  
11 200.100.97.15 200-100-97-15.dial-up.telesp.net.br 209.161.200.228 mx2.altairtech.ca 1 denied  
12 217.125.4.117 117.Red-217-125-4.pooles.rima-tde.net 209.161.200.227 mx1.altairtech.ca 1 denied  
13 218.85.40.111   209.161.200.228 mx2.altairtech.ca 1 denied  
14 217.49.126.114   209.161.200.227 mx1.altairtech.ca 1 denied  
15 200.164.100.44   209.161.200.227 mx1.altairtech.ca 1 denied  
16 217.125.4.117 117.Red-217-125-4.pooles.rima-tde.net 209.161.200.228 mx2.altairtech.ca 1 denied  
17 68.23.221.152 adsl-68-23-221-152.dsl.wotnoh.ameritech.net 209.161.200.227 mx1.altairtech.ca 1 denied  
18 200.164.100.44   209.161.200.228 mx2.altairtech.ca 1 denied  
19 148.208.211.33   209.161.200.227 mx1.altairtech.ca 1 denied  
20 218.74.225.244   209.161.200.227 mx1.altairtech.ca 1 denied  
21 195.240.206.92 xs195-240-206-92.dial.tiscali.nl 209.161.200.227 mx1.altairtech.ca 1 denied  
22 200.252.127.11   209.161.200.230   1 denied  
23 148.208.211.33   209.161.200.228 mx2.altairtech.ca 1 denied  
24 216.232.142.175 d216-232-142-175.bchsia.telus.net 209.161.200.230   1 denied  
25 218.74.225.244   209.161.200.228 mx2.altairtech.ca 1 denied  
26 195.240.206.92 xs195-240-206-92.dial.tiscali.nl 209.161.200.228 mx2.altairtech.ca 1 denied  
27 67.124.193.8 adsl-67-124-193-8.dsl.sndg02.pacbell.net 209.161.200.230   1 denied  
28 200.21.140.102   209.161.200.230   1 denied  
29 80.126.210.116 a80-126-210-116.adsl.xs4all.nl 209.161.200.227 mx1.altairtech.ca 1 denied  
30 209.179.193.210 pool0465.cvx21-bradley.dialup.earthlink.net 209.161.200.230   1 denied  
31 213.76.74.228 pc228.poznan.cvx.ppp.tpnet.pl 209.161.200.230   1 denied  
32 200.252.127.11   209.161.200.227 mx1.altairtech.ca 1 denied  
33 80.143.38.169 p508F26A9.dip0.t-ipconnect.de 209.161.200.227 mx1.altairtech.ca 1 denied  
34 202.57.111.30   209.161.200.230   1 denied  
35 80.126.210.116 a80-126-210-116.adsl.xs4all.nl 209.161.200.228 mx2.altairtech.ca 1 denied  
36 83.31.34.209 cik209.neoplus.adsl.tpnet.pl 209.161.200.230   1 denied  
37 201.128.106.54 dsl-201-128-106-54.prod-infinitum.com.mx 209.161.200.230   1 denied  
38 216.232.142.175 d216-232-142-175.bchsia.telus.net 209.161.200.227 mx1.altairtech.ca 1 denied  
39 145.254.50.223 dialin-145-254-050-223.arcor-ip.net 209.161.200.230   1 denied  
40 209.50.157.16 209.50.157.16.res-lew.ptd.net 209.161.200.227 mx1.altairtech.ca 1 denied  
41 80.143.38.169 p508F26A9.dip0.t-ipconnect.de 209.161.200.228 mx2.altairtech.ca 1 denied  
42 195.174.99.166   209.161.200.227 mx1.altairtech.ca 1 denied  
43 67.124.193.8 adsl-67-124-193-8.dsl.sndg02.pacbell.net 209.161.200.227 mx1.altairtech.ca 1 denied  
44 200.21.140.102   209.161.200.227 mx1.altairtech.ca 1 denied  
45 81.215.186.40   209.161.200.230   1 denied  
46 24.232.191.75 OL75-191.fibertel.com.ar 209.161.200.227 mx1.altairtech.ca 1 denied  
47 81.202.147.236 81-202-147-236.user.ono.com 209.161.200.227 mx1.altairtech.ca 1 denied  
48 209.179.193.210 pool0465.cvx21-bradley.dialup.earthlink.net 209.161.200.227 mx1.altairtech.ca 1 denied  
49 213.76.74.228 pc228.poznan.cvx.ppp.tpnet.pl 209.161.200.227 mx1.altairtech.ca 1 denied  
50 200.77.160.248 host-200-77-160-248.cablevision.net.mx 209.161.200.227 mx1.altairtech.ca 1 denied  
-
SSH,Telnet (TCP/22,TCP/23) - Top 50 connections for the 172.17.1.15 firewall: - Go to top
No Source IP Source Host Destination IP Destination Host Protocol Connections Direction Comments
No SSH,Telnet connections. Logging level 6 required for this type of information.
-
Other protocols - Top 50 connections for the 172.17.1.15 firewall: - Go to top
No Source IP Source Host Destination IP Destination Host Protocol Connections Direction Comments
1 172.17.1.40   207.136.100.40 ns1.look.ca UDP/1024+ - dns 762 out  
2 172.17.1.102   198.77.116.8 net0116008.direcpc.com UDP/1024+ - dns 164 out  
3 172.17.1.10   209.161.200.227 mx1.altairtech.ca UDP/1024+ - dns 78 in  
4 172.17.1.20   209.161.200.227 mx1.altairtech.ca UDP/1024+ - dns 59 in  
5 172.17.1.40   216.218.202.31   TCP/20 - ftp-data 34 out  
6 172.17.1.40   216.218.202.31   TCP/21 - ftp 31 out  
7 172.17.1.10   209.161.200.227 mx1.altairtech.ca UDP/514 - syslog 23 in  
8 172.17.1.20   209.161.200.227 mx1.altairtech.ca UDP/514 - syslog 16 in  
9 172.17.1.40   209.148.64.40 ns2.look.ca UDP/1024+ - dns 12 out  
10 172.17.1.40   198.77.116.8 net0116008.direcpc.com UDP/1024+ - dns 11 out  
11 172.17.1.40   192.168.7.77   UDP/1024+ - dns 10 out  
12 172.17.1.40   192.168.236.1   UDP/138 - netbios-dgm 8 out  
13 172.17.1.40   192.168.189.1   UDP/138 - netbios-dgm 8 out  
14 172.17.1.40   192.41.162.32 l3.NSTLD.COM UDP/1024+ - dns 4 out  
15 172.17.1.102   205.227.137.57   TCP/20 - ftp-data 3 out  
16 172.17.1.40   209.61.184.105 server1.gfi.com TCP/21 - ftp 3 out  
17 172.17.1.40   198.41.0.4 a.root-servers.net UDP/1024+ - dns 3 out  
18 172.17.1.40   66.216.95.69 mail.mvcable.net TCP/21 - ftp 3 out  
19 172.17.1.8   209.161.200.227 mx1.altairtech.ca UDP/1024+ - dns 3 in  
20 172.17.1.40   209.61.184.105 server1.gfi.com TCP/20 - ftp-data 3 out  
21 172.17.1.40   202.57.96.3 arayat.smart-ntt.com UDP/1024+ - dns 2 out  
22 172.17.1.40   192.35.51.32 f3.NSTLD.COM UDP/428 2 out  
23 172.17.1.40   192.5.6.32 chia.arin.net UDP/1024+ - dns 2 out  
24 172.17.1.40   202.57.96.4 taal.smart-ntt.com UDP/1024+ - dns 2 out  
25 172.17.1.102   209.161.200.227 mx1.altairtech.ca UDP/1024+ - dns 2 out  
26 172.17.1.40   209.17.66.79   UDP/1024+ - dns 2 out  
27 172.17.1.40   209.17.66.10   UDP/1024+ - dns 2 out  
28 172.17.1.40   129.7.1.1 Walnut.CC.uh.edu UDP/1024+ - dns 1 out  
29 172.17.1.40   193.0.0.193 ns.ripe.net UDP/1024+ - dns 1 out  
30 172.17.1.40   192.58.128.30 j.root-servers.net UDP/1024+ - dns 1 out  
31 172.17.1.40   216.87.64.12 ns1.viawest.net UDP/1024+ - dns 1 out  
32 172.17.1.40   216.239.32.10 ns1.google.com UDP/428 1 out  
33 172.17.1.102   216.155.193.139 cs12.msg.dcn.yahoo.com TCP/5050 - yahoo messenger 1 out  
34 172.17.1.102   63.251.254.11   UDP/370 - nai-antivirus-securecast 1 out  
35 172.17.1.102   216.155.193.143 cs16.msg.dcn.yahoo.com TCP/5050 - yahoo messenger 1 out  
36 172.17.1.40   216.239.34.10 ns2.google.com UDP/428 1 out  
37 172.17.1.102   205.188.9.112   TCP/5190 - icq 1 out  
38 172.17.1.102   205.227.137.57   TCP/21 - ftp 1 out  
39 172.17.1.40   202.12.27.33 m.root-servers.net UDP/1024+ - dns 1 out  
40 172.17.1.25   209.161.200.227 mx1.altairtech.ca UDP/1024+ - dns 1 in  
41 172.17.1.40   202.9.145.7 sdns01.minnambalam.com UDP/1024+ - dns 1 out  
42 172.17.1.102   209.161.200.227 mx1.altairtech.ca TCP/389 - ldap 1 out  
43 172.17.1.102   64.12.200.89 ibucp-vip-m.blue.aol.com TCP/5190 - icq 1 out  
44 172.17.1.70   192.5.41.209 ntp2.usno.navy.mil UDP/123 - ntp 1 out  
45 172.17.1.40   129.250.35.33 C.ns.verio.net UDP/1024+ - dns 1 out  
46 172.17.1.40   192.67.14.17 u.ns.verio.net UDP/1024+ - dns 1 out  
47 172.17.1.40   128.63.2.53 h.root-servers.net UDP/428 1 out  
48 172.17.1.40   202.9.145.6 pdns01.minnambalam.com UDP/1024+ - dns 1 out  
49 172.17.1.40   129.7.1.20 Post-Office.uh.edu UDP/1024+ - dns 1 out  
50 172.17.1.40   61.213.162.91 ns4.verio.net UDP/1024+ - dns 1 out  
-
Protocols - Top 50 for the 172.17.1.15 firewall - ordered by connections: - Go to top
No ProtocolConnections %
1 UDP/1024+ - dns 1,132 39.87
2 TCP/80 - http 914 32.19
3 TCP/25 - smtp 367 12.92
4 TCP/443 - ssl-https 121 4.26
5 TCP/143 - imap 98 3.45
6 TCP/110 - pop3 62 2.18
7 TCP/20 - ftp-data 40 1.4
8 UDP/514 - syslog 39 1.37
9 TCP/21 - ftp 38 1.33
10 UDP/138 - netbios-dgm 16 0.56
11 UDP/428 5 0.17
12 TCP/5050 - yahoo messenger 2 0.07
13 TCP/5190 - icq 2 0.07
14 TCP/389 - ldap 1 0.03
15 UDP/370 - nai-antivirus-securecast 1 0.03
16 UDP/123 - ntp 1 0.03

-
Protocols - Top 50 for the 172.17.1.15 firewall - ordered by traffic: - Go to top
No Protocol Total Traffic % Bytes In Bytes Out
1 TCP/80 - http 48,944,886 86.97 2,860 48,942,026
2 TCP/20 - ftp-data 3,913,608 6.95 0 3,913,608
3 TCP/25 - smtp 1,748,621 3.11 1,600,946 147,675
4 TCP/443 - ssl-https 1,040,378 1.85 0 1,040,378
5 TCP/143 - imap 572,488 1.02 572,488 0
6 TCP/110 - pop3 27,467 0.05 15,002 12,465
7 TCP/21 - ftp 16,221 0.03 0 16,221
8 TCP/5050 - yahoo messenger 6,236 0.01 0 6,236
9 TCP/5190 - icq 5,971 0.01 0 5,971
Total 0   2,191,296 54,084,580
Unknown 1,885,206 Traffic that could not be mapped to a specific protocol or as inbound/outbound

-
FTP downloads - Top 50 for the 172.17.1.15 firewall: - Go to top
No FTP client IP FTP client host FTP server IP FTP server host File Count Comments
1 172.17.1.40   216.218.202.31   nvc5.txt 11  
2 172.17.1.40   216.218.202.31   bitdefender.txt 10  
3 172.17.1.40   216.218.202.31   eed.txt 10  
4 172.17.1.102   205.227.137.57   delta.ini 1  
5 172.17.1.102   205.227.137.57   update.ini 1  
6 172.17.1.40   216.218.202.31   nvc5.zip 1  
7 172.17.1.40   216.218.202.31   bitdefender.zip 1  
8 172.17.1.40   209.61.184.105 server1.gfi.com eed.txt 1  
9 172.17.1.40   216.218.202.31   eed.zip 1  
10 172.17.1.40   209.61.184.105 server1.gfi.com bitdefender.txt 1  
11 172.17.1.40   209.61.184.105 server1.gfi.com nvc5.txt 1  
-
FTP uploads - Top 50 for the 172.17.1.15 firewall: - Go to top
No FTP client IP FTP client host FTP server IP FTP server host File Count Comments
No FTP Uploads recorded - Level 5 (Notification) logging is required to capture FTP uploads.
-
Traffic statistics for the 172.17.1.15 firewall: - Go to top
-
Internal IP addresses - Top 50 by bandwitdh use for the 172.17.1.15 firewall: - Go to top
No Source IP Source Host Connections Protocols Traffic (kb) Comments
1 172.17.1.102   749 TCP/143 - imap, TCP/80 - http, TCP/5050 - yahoo messenger, TCP/20 - ftp-data, TCP/389 - ldap, TCP/21 - ftp, TCP/110 - pop3, TCP/443 - ssl-https, TCP/25 - smtp, TCP/5190 - icq40,083.98 Potentially performed a port scan or may be running many network-related applications. 
2 172.17.1.70   387 TCP/80 - http, TCP/443 - ssl-https8,756.90  
3 172.17.1.40   129 TCP/80 - http, TCP/20 - ftp-data, TCP/21 - ftp, TCP/25 - smtp3,976.09  

-
External IP addresses - Top 50 by bandwitdh use for the 172.17.1.15 firewall: - Go to top
No Source IP Source Host Connections Protocols Traffic (kb) Comments
1 172.17.1.40   2 TCP/80 - http, TCP/20 - ftp-data, TCP/21 - ftp, TCP/25 - smtp3,976.09  
2 217.19.7.89 net2-89.seanet.ro 7 TCP/143 - imap, TCP/25 - smtp378.31  
3 69.19.34.66 dpc691934066.direcpc.com 35 TCP/143 - imap184.57  
4 80.97.48.21 dev21.histria.ro 47 TCP/143 - imap106.35  
5 65.222.14.154   8 TCP/25 - smtp93.05  
6 68.90.242.25 adsl-68-90-242-25.dsl.hstntx.swbell.net 3 TCP/25 - smtp91.83  
7 208.41.6.199 208-41-6-199.client.dsl.net 6 TCP/25 - smtp71.11  
8 216.5.163.55 data1.exhedra.com 5 TCP/25 - smtp62.53  
9 213.157.174.55   2 TCP/25 - smtp61.16  
10 129.7.176.19   1 TCP/25 - smtp50.99  
11 62.59.190.80   6 TCP/25 - smtp49.76  
12 64.228.41.54 Toronto-ppp226571.sympatico.ca 21 TCP/143 - imap36.11  
13 81.84.239.104 a81-84-239-104.cpe.netcabo.pt 1 TCP/25 - smtp32.00  
14 68.194.43.92 ool-44c22b5c.dyn.optonline.net 3 TCP/25 - smtp30.98  
15 212.33.131.238 npstvg-0110.netpower.no 1 TCP/25 - smtp30.61  
16 218.1.220.35   1 TCP/25 - smtp30.47  
17 217.156.36.6   5 TCP/25 - smtp29.72  
18 24.173.135.234 rrcs-24-173-135-234.se.biz.rr.com 3 TCP/25 - smtp28.57  
19 66.134.233.106 h-66-134-233-106.lsanca54.covad.net 3 TCP/25 - smtp24.87  
20 81.49.87.155   1 TCP/25 - smtp24.85  
21 213.120.96.191 host213-120-96-191.in-addr.btopenworld.com 3 TCP/25 - smtp24.84  
22 195.20.106.85   12 TCP/110 - pop3, TCP/25 - smtp23.21  
23 65.214.43.167 mailhost4.lists.techtarget.com 1 TCP/25 - smtp22.71  
24 24.150.100.252 d150-100-252.home.cgocable.net 1 TCP/25 - smtp20.92  
25 220.171.41.50   2 TCP/25 - smtp19.43  
26 80.33.162.5 5.Red-80-33-162.pooles.rima-tde.net 3 TCP/25 - smtp19.37  
27 24.107.232.45 24-107-232-45.dhcp.oxfr.ma.charter.com 1 TCP/25 - smtp19.35  
28 148.223.231.101 customer-148-223-231-101.uninet-ide.com.mx 3 TCP/25 - smtp19.34  
29 218.90.138.22   2 TCP/25 - smtp19.33  
30 61.10.53.74 cm61-10-53-74.hkcable.com.hk 3 TCP/25 - smtp19.33  
31 61.153.216.142   3 TCP/25 - smtp19.32  
32 210.117.107.222   3 TCP/25 - smtp19.32  
33 64.4.240.67 smtp-outbound.nix.paypal.com 9 TCP/25 - smtp18.74  
34 80.97.89.49   12 TCP/143 - imap18.05  
35 64.4.240.74 smtp1.nix.paypal.com 2 TCP/25 - smtp17.75  
36 64.132.70.201   2 TCP/25 - smtp17.50  
37 64.4.240.75 smtp2.nix.paypal.com 2 TCP/25 - smtp17.18  
38 66.187.232.134 mail.rhn.redhat.com 3 TCP/25 - smtp14.79  
39 66.180.119.165   1 TCP/25 - smtp13.47  
40 24.16.126.55 c-24-16-126-55.hsd1.wa.comcast.net 1 TCP/25 - smtp12.24  
41 24.4.150.25 c-24-4-150-25.hsd1.ca.comcast.net 1 TCP/25 - smtp12.03  
42 66.222.174.219 d66-222-174-219.abhsia.telus.net 1 TCP/25 - smtp11.67  
43 148.235.66.55 customer-148-235-66-55.uninet-ide.com.mx 1 TCP/25 - smtp10.30  
44 69.60.104.201   3 TCP/25 - smtp9.82  
45 206.16.1.131 alias-2.c10-ave-mta1.cnet.com 1 TCP/25 - smtp9.60  
46 4.41.159.162 evrtwa1-ar19-4-41-159-162.evrtwa1.dsl-verizon.net 1 TCP/25 - smtp8.94  
47 216.0.195.51   2 TCP/25 - smtp7.98  
48 194.204.113.148   1 TCP/25 - smtp7.47  
49 69.6.7.58 mx758.uu02.com 2 TCP/25 - smtp7.04  
50 24.238.79.42 24.238.79.42.res-cmts.sth.ptd.net 1 TCP/25 - smtp6.54  

-
Total traffic by hour for the 172.17.1.15 firewall: - Go to top
Hours Bytes Inbound Bytes Outbound Bytes Unknown Bytes Total % Denials
00 - 01 33,273 5,156 0 38,429 0.07 15
01 - 02 169,945 1,342 0 171,287 0.29 19
02 - 03 26,852 1,341 0 28,193 0.05 32
03 - 04 187,595 19,082 0 206,677 0.36 31
04 - 05 65,054 1,341 0 66,395 0.11 18
05 - 06 47,302 2,517,485 0 2,564,787 4.41 37
06 - 07 47,479 1,340 0 48,819 0.08 26
07 - 08 91,452 45,456 0 136,908 0.24 39
08 - 09 342,454 1,338 0 343,792 0.59 46
09 - 10 131,021 1,353,340 0 1,484,361 2.55 23
10 - 11 156,091 256,784 0 412,875 0.71 17
11 - 12 31,001 830,613 47,416 909,030 1.56 52
12 - 13 171,914 456,605 0 628,519 1.08 26
13 - 14 37,390 859,558 1,837,790 2,734,738 4.70 41
14 - 15 114,875 9,688,110 0 9,802,985 16.85 55
15 - 16 27,803 26,946 0 54,749 0.09 39
16 - 17 472,914 8,462,245 0 8,935,159 15.36 45
17 - 18 36,881 29,313,505 0 29,350,386 50.46 53
18 - 19 0 242,993 0 242,993 0.42 0
19 - 20 0 0 0 0 0 0
20 - 21 0 0 0 0 0 0
21 - 22 0 0 0 0 0 0
22 - 23 0 0 0 0 0 0
23 - 24 0 0 0 0 0 0
Total 2,191,296 54,084,580 1,885,206 58,161,082   614
Total 2,140 kb 52,817 kb 1,841 kb 56,798 kb    

-
Denials statistics for the 172.17.1.15 firewall: - Go to top
-
Denied connections - Top 50 for the 172.17.1.15 firewall: - Go to top
No Source IP Source Host Destination IP Destination Host Protocol Reason Count Location Comments
1172.17.1.102   63.236.14.21 h21.ip.musicmatch.com TCP/80 - httpNo connection 33 internal  
2143.101.75.110   209.161.200.226 mail.altairtech.ca TCP/80 - httpNo connection 21 external  
369.28.154.144   209.161.200.226 mail.altairtech.ca TCP/80 - httpNo connection 13 external  
469.28.154.149   209.161.200.226 mail.altairtech.ca TCP/80 - httpNo connection 13 external  
564.4.241.32 www.paypal.com 209.161.200.226 mail.altairtech.ca TCP/443 - ssl-httpsNo connection 10 external  
680.97.48.21 dev21.histria.ro 209.161.200.227 mx1.altairtech.ca TCP/143 - imapNo connection 10 external  
764.228.41.54 Toronto-ppp226571.sympatico.ca 209.161.200.227 mx1.altairtech.ca TCP/143 - imapNo connection 9 external  
8200.141.196.250   209.161.200.226 mail.altairtech.ca TCP/80 - httpNo connection 6 external  
983.157.142.37 dyn-83-157-142-37.ppp.tiscali.fr 209.161.200.227 mx1.altairtech.ca TCP/135 - ms rpcNo xlate 6 external  
10207.46.248.244 support2.microsoft.com 209.161.200.226 mail.altairtech.ca TCP/80 - httpNo connection 5 external  
11209.163.187.3 crt.idsint.integrateddigitalsolutions.net 209.161.200.227 mx1.altairtech.ca ICMP/8 - echoNo xlate 5 external  
1265.222.14.154   209.161.200.227 mx1.altairtech.ca TCP/25 - smtpNo connection 5 external  
13209.161.230.194 209-161-230-194.dsl.look.ca 209.161.200.227 mx1.altairtech.ca ICMP/8 - echoNo xlate 5 external  
14199.246.67.210 stewie.theglobeandmail.com 209.161.200.226 mail.altairtech.ca TCP/80 - httpNo connection 5 external  
15172.17.1.40   64.4.240.67 smtp-outbound.nix.paypal.com TCP/25 - smtpNo connection 5 internal  
1683.157.142.37 dyn-83-157-142-37.ppp.tiscali.fr 209.161.200.228 mx2.altairtech.ca TCP/135 - ms rpcNo xlate 4 external  
1763.236.14.37 h37.ip.musicmatch.com 209.161.200.226 mail.altairtech.ca TCP/80 - httpNo connection 4 external  
1862.59.190.80   209.161.200.227 mx1.altairtech.ca TCP/25 - smtpNo connection 4 external  
19208.254.18.131   209.161.200.226 mail.altairtech.ca TCP/80 - httpNo connection 4 external  
20216.239.51.5 proxy.google.com 209.161.200.227 mx1.altairtech.ca TCP/25 - smtpNo connection 4 external  
21208.41.6.199 208-41-6-199.client.dsl.net 209.161.200.227 mx1.altairtech.ca TCP/25 - smtpNo connection 4 external  
22172.142.34.19 AC8E2213.ipt.aol.com 209.161.200.227 mx1.altairtech.ca TCP/135 - ms rpcNo xlate 3 external  
23212.126.218.124 da7cc.unt0.fw.i-u.de 209.161.200.227 mx1.altairtech.ca TCP/21 - ftpNo xlate 3 external  
24218.144.184.36   209.161.200.228 mx2.altairtech.ca TCP/445 - netbios-dsNo xlate 3 external  
25209.86.0.224 user-38lc070.dialup.mindspring.com 209.161.200.227 mx1.altairtech.ca TCP/135 - ms rpcNo xlate 3 external  
26209.139.2.21   209.161.200.227 mx1.altairtech.ca TCP/135 - ms rpcNo xlate 3 external  
2763.90.3.55   209.161.200.227 mx1.altairtech.ca TCP/135 - ms rpcNo xlate 3 external  
28209.162.130.14 209-162-130-14.cortland.com 209.161.200.227 mx1.altairtech.ca TCP/445 - netbios-dsNo xlate 3 external  
2924.93.30.147 cpe-24-93-30-147.rochester.res.rr.com 209.161.200.227 mx1.altairtech.ca TCP/135 - ms rpcNo xlate 3 external  
3081.33.7.251 251.Red-81-33-7.pooles.rima-tde.net 209.161.200.227 mx1.altairtech.ca TCP/135 - ms rpcNo xlate 3 external  
3165.69.126.157 adsl-65-69-126-157.dsl.tulsok.swbell.net 209.161.200.227 mx1.altairtech.ca TCP/445 - netbios-dsNo xlate 3 external  
3269.19.18.104 dpc691918104.direcpc.com 209.161.200.227 mx1.altairtech.ca TCP/135 - ms rpcNo xlate 3 external  
33209.161.171.38 chev3640-modem-4.unicom-alaska.com 209.161.200.230   TCP/135 - ms rpcNo xlate 3 external  
34209.11.106.40   209.161.200.226 mail.altairtech.ca TCP/80 - httpNo connection 3 external  
35216.209.93.71 HSE-Toronto-ppp119300.sympatico.ca 209.161.200.227 mx1.altairtech.ca TCP/135 - ms rpcNo xlate 3 external  
36203.146.193.136 r248-cmiLF2.N.loxinfo.net.th 209.161.200.227 mx1.altairtech.ca TCP/135 - ms rpcNo xlate 3 external  
37217.19.7.89 net2-89.seanet.ro 209.161.200.227 mx1.altairtech.ca TCP/143 - imapNo connection 3 external  
3865.54.244.253   209.161.200.226 mail.altairtech.ca TCP/80 - httpNo connection 3 external  
3965.69.126.157 adsl-65-69-126-157.dsl.tulsok.swbell.net 209.161.200.227 mx1.altairtech.ca TCP/135 - ms rpcNo xlate 3 external  
4064.164.53.2 64-164-53-2.hotelmetropole.net 209.161.200.227 mx1.altairtech.ca TCP/135 - ms rpcNo xlate 3 external  
41209.163.187.3 crt.idsint.integrateddigitalsolutions.net 209.161.200.230   ICMP/8 - echoNo xlate 3 external  
42208.186.151.157 208-186-151-157.nrp3.brv.mn.frontiernet.net 209.161.200.227 mx1.altairtech.ca TCP/443 - ssl-httpsNo xlate 3 external  
43209.161.171.38 chev3640-modem-4.unicom-alaska.com 209.161.200.227 mx1.altairtech.ca TCP/135 - ms rpcNo xlate 3 external  
44172.17.1.70   199.246.67.210 stewie.theglobeandmail.com TCP/80 - httpNo connection 3 internal  
45217.34.66.13 host217-34-66-13.in-addr.btopenworld.com 209.161.200.228 mx2.altairtech.ca TCP/139 - netbios-ssnNo xlate 3 external  
46209.161.230.194 209-161-230-194.dsl.look.ca 209.161.200.230   ICMP/8 - echoNo xlate 3 external  
4763.146.96.171 www.homeseekers.com 209.161.200.226 mail.altairtech.ca TCP/80 - httpNo connection 3 external  
4869.19.18.104 dpc691918104.direcpc.com 209.161.200.228 mx2.altairtech.ca TCP/135 - ms rpcNo xlate 2 external  
49172.142.34.19 AC8E2213.ipt.aol.com 209.161.200.230   TCP/135 - ms rpcNo xlate 2 external  
5081.53.110.127   209.161.200.227 mx1.altairtech.ca TCP/445 - netbios-dsNo xlate 2 external  
-
Denied protocols - Top 50 for the 172.17.1.15 firewall: - Go to top
No Protocol Reason Count
1TCP/80 - httpNo connection 116
2TCP/135 - ms rpcNo xlate 53
3TCP/25 - smtpNo connection 22
4TCP/143 - imapNo connection 22
5ICMP/8 - echoNo xlate 16
6TCP/445 - netbios-dsNo xlate 11
7TCP/443 - ssl-httpsNo connection 10
8TCP/443 - ssl-httpsNo xlate 3
9TCP/139 - netbios-ssnNo xlate 3
10TCP/21 - ftpNo xlate 3

-
Denied IP addresses - Top 50 for the 172.17.1.15 firewall: - Go to top
No Source IP Source Host Count Location Comments
1 172.17.1.102   37 internal  
2 143.101.75.110   21 external  
3 172.17.1.40   19 internal  
4 69.28.154.149   13 external  
5 69.28.154.144   13 external  
6 83.157.142.37 dyn-83-157-142-37.ppp.tiscali.fr 12 external  
7 80.97.48.21 dev21.histria.ro 10 external  
8 209.163.187.3 crt.idsint.integrateddigitalsolutions.net 10 external  
9 64.4.241.32 www.paypal.com 10 external  
10 209.161.230.194 209-161-230-194.dsl.look.ca 9 external  
11 64.228.41.54 Toronto-ppp226571.sympatico.ca 9 external  
12 209.86.0.224 user-38lc070.dialup.mindspring.com 6 external  
13 63.90.3.55   6 external  
14 208.186.151.157 208-186-151-157.nrp3.brv.mn.frontiernet.net 6 external  
15 209.162.130.14 209-162-130-14.cortland.com 6 external  
16 200.141.196.250   6 external  
17 64.164.53.2 64-164-53-2.hotelmetropole.net 6 external  
18 209.161.171.38 chev3640-modem-4.unicom-alaska.com 6 external  
19 24.93.30.147 cpe-24-93-30-147.rochester.res.rr.com 6 external  
20 81.33.7.251 251.Red-81-33-7.pooles.rima-tde.net 6 external  
21 216.209.93.71 HSE-Toronto-ppp119300.sympatico.ca 6 external  
22 65.69.126.157 adsl-65-69-126-157.dsl.tulsok.swbell.net 6 external  
23 209.139.2.21   6 external  
24 172.142.34.19 AC8E2213.ipt.aol.com 6 external  
25 212.126.218.124 da7cc.unt0.fw.i-u.de 6 external  
26 203.146.193.136 r248-cmiLF2.N.loxinfo.net.th 6 external  
27 69.19.18.104 dpc691918104.direcpc.com 6 external  
28 217.225.237.141   5 external  
29 217.34.66.13 host217-34-66-13.in-addr.btopenworld.com 5 external  
30 199.246.67.210 stewie.theglobeandmail.com 5 external  
31 207.46.248.244 support2.microsoft.com 5 external  
32 65.222.14.154   5 external  
33 172.17.1.70   5 internal  
34 80.191.170.150   4 external  
35 218.70.60.5   4 external  
36 149.169.140.155   4 external  
37 217.46.185.185 host217-46-185-185.in-addr.btopenworld.com 4 external  
38 208.254.18.131   4 external  
39 216.239.51.5 proxy.google.com 4 external  
40 63.236.14.37 h37.ip.musicmatch.com 4 external  
41 82.83.145.5 dsl-082-083-145-005.arcor-ip.net 4 external  
42 62.59.190.80   4 external  
43 80.142.225.88 p508EE158.dip.t-dialin.net 4 external  
44 208.41.6.199 208-41-6-199.client.dsl.net 4 external  
45 218.144.184.36   3 external  
46 63.146.96.171 www.homeseekers.com 3 external  
47 64.235.234.140 europa.lunarpages.com 3 external  
48 65.54.244.253   3 external  
49 217.19.7.89 net2-89.seanet.ro 3 external  
50 209.11.106.40   3 external  

-
Targeted IP addresses (by denied connections) - Top 50 for the 172.17.1.15 firewall: - Go to top
No Destination IP Destination Host Count Comments
1 209.161.200.227 mx1.altairtech.ca 277  
2 209.161.200.226 mail.altairtech.ca 97  
3 209.161.200.230   91  
4 209.161.200.228 mx2.altairtech.ca 90  
5 63.236.14.21 h21.ip.musicmatch.com 33  
6 64.4.240.67 smtp-outbound.nix.paypal.com 5  
7 199.246.67.210 stewie.theglobeandmail.com 3  
8 64.4.240.74 smtp1.nix.paypal.com 2  
9 64.4.240.75 smtp2.nix.paypal.com 2  
10 63.146.96.171 www.homeseekers.com 2  
11 69.6.57.7   2  
12 216.218.202.31   1  
13 216.239.51.5 proxy.google.com 1  
14 216.155.193.143 cs16.msg.dcn.yahoo.com 1  
15 217.19.7.89 net2-89.seanet.ro 1  
16 69.19.34.66 dpc691934066.direcpc.com 1  
17 217.156.36.6   1  
18 69.60.104.201   1  
19 172.17.1.40   1  
20 207.149.237.213 sodium.pdx.net 1  
21 65.60.27.42   1  

-
Various statistics (VPN, IDS, Management) for the 172.17.1.15 firewall: - Go to top
-
VPN Events - Top 50 for the 172.17.1.15 firewall: - Go to top
No Operation Source IP Source Host Destination IP Destination Host Count Comments
1 Tunnel deleted   - 209.161.200.226 mail.altairtech.ca Used protocol number 50 - SA parameters: esp-des esp-md5-hmac  
2 Tunnel terminated 209.161.200.226 mail.altairtech.ca Reason: Lifetime expired 
3 Tunnel established   - 209.161.200.235   Using protocol number 50 - SA parameters: esp-des esp-md5-hmac 
4 User authentication initiated   -   - User jmoore 
5 Tunnel established   - 209.161.200.226 mail.altairtech.ca Using protocol number 50 - SA parameters: esp-des esp-md5-hmac 
6 Tunnel deleted   - 209.161.200.235   Used protocol number 50 - SA parameters: esp-des esp-md5-hmac  
7 Authentication success 209.161.200.235   0.0.0.0   User jmoore via IKE-XAUTH 
-
IDS Events - Top 50 for the 172.17.1.15 firewall: - Go to top
No Source IP Source Host Destination IP Destination Host Interface IDS Event Count Comments
1 64.53.150.209 d53-64-209-150.nap.wideopenwest.com 192.168.1.1   outside  ICMP redirect (IDS signature: 2003)  
2 64.53.150.209 d53-64-209-150.nap.wideopenwest.com 192.168.1.1   outside  UDP Snork attack (IDS signature: 4051)  
-
Firewall management - Top 50 for the 172.17.1.15 firewall: - Go to top
No Client IP Client host Protocol Count Operation Comments
1 172.17.1.102   Terminal 7 Listed configuration  
2 172.17.1.102   Telnet 6 Successful login  
3 172.17.1.102   Console 2 Saved configuration to memory  
4 172.17.1.102   Console 2 Finished configuration - OK  
5 console console Console 1 Ended configuration  
6 console console Terminal 1 Listed configuration  
7 172.17.1.102   SSH 1 Failed login (3 attempts) on interface inside by user "telnet" 
8 172.17.1.102   SSH 1 Failed login (3 attempts) on interface inside by user "" 
9 172.17.1.102   Console 1 Ended configuration  
-
Warnings and notifications - Top 50 for the 172.17.1.15 firewall: - Go to top
No Operation Count Code
No warnings recorded.
-
Message details for the 172.17.1.15 firewall: - Go to top
-
Severity level 1 (Alert) details for the 172.17.1.15 firewall. : - Go to top
No First Message Last Message Code Message Count
No messages with severity level 1 were recorded.

-
Severity level 2 (Critical) details for the 172.17.1.15 firewall. : - Go to top
No First Message Last Message Code Message Count
1 03/11/04 12:49:20 03/11/04 12:49:20 2-106017 Deny IP due to Land Attack from 64.53.150.209 to 209.161.200.227 1

-
Severity level 3 (Error) details for the 172.17.1.15 firewall. : - Go to top
No First Message Last Message Code Message Count
1 03/11/04 08:32:08 03/11/04 08:32:30 3-106011 Deny inbound (No xlate) tcp src outside:83.157.142.37/nnnn dst outside:209.161.200.227/135 6
2 03/11/04 08:40:54 03/11/04 16:56:06 3-106011 Deny inbound (No xlate) icmp src outside:209.161.230.194 dst outside:209.161.200.227 (type 8, code 0) 5
3 03/11/04 04:39:37 03/11/04 16:06:14 3-106011 Deny inbound (No xlate) icmp src outside:209.163.187.3 dst outside:209.161.200.227 (type 8, code 0) 5
4 03/11/04 08:32:08 03/11/04 08:32:30 3-106011 Deny inbound (No xlate) tcp src outside:83.157.142.37/nnnn dst outside:209.161.200.228/135 4
5 03/11/04 04:39:37 03/11/04 07:57:44 3-106011 Deny inbound (No xlate) icmp src outside:209.163.187.3 dst outside:209.161.200.230 (type 8, code 0) 3
6 03/11/04 08:40:54 03/11/04 16:56:06 3-106011 Deny inbound (No xlate) icmp src outside:209.161.230.194 dst outside:209.161.200.230 (type 8, code 0) 3
7 03/11/04 13:10:35 03/11/04 13:10:44 3-106011 Deny inbound (No xlate) tcp src outside:69.19.18.104/nnnn dst outside:209.161.200.227/135 3
8 03/11/04 05:21:14 03/11/04 05:21:23 3-106011 Deny inbound (No xlate) tcp src outside:209.139.2.21/nnnn dst outside:209.161.200.227/135 3
9 03/11/04 15:58:02 03/11/04 16:05:46 3-106011 Deny inbound (No xlate) tcp src outside:217.34.66.13/nnnn dst outside:209.161.200.228/139 3
10 03/11/04 09:47:58 03/11/04 09:48:07 3-106011 Deny inbound (No xlate) tcp src outside:203.146.193.136/nnnn dst outside:209.161.200.227/135 3
11 03/11/04 02:20:17 03/11/04 14:29:38 3-106011 Deny inbound (No xlate) tcp src outside:209.161.171.38/nnnn dst outside:209.161.200.227/135 3
12 03/11/04 08:27:52 03/11/04 08:28:01 3-106011 Deny inbound (No xlate) tcp src outside:81.33.7.251/nnnn dst outside:209.161.200.227/135 3
13 03/11/04 12:38:04 03/11/04 12:38:13 3-106011 Deny inbound (No xlate) tcp src outside:209.162.130.14/nnnn dst outside:209.161.200.227/445 3
14 03/11/04 15:08:07 03/11/04 15:08:16 3-106011 Deny inbound (No xlate) tcp src outside:172.142.34.19/nnnn dst outside:209.161.200.227/135 3
15 03/11/04 14:20:52 03/11/04 14:21:01 3-106011 Deny inbound (No xlate) tcp src outside:209.86.0.224/nnnn dst outside:209.161.200.227/135 3
16 03/11/04 07:05:51 03/11/04 07:06:00 3-106011 Deny inbound (No xlate) tcp src outside:65.69.126.157/nnnn dst outside:209.161.200.227/135 3
17 03/11/04 08:42:24 03/11/04 08:42:33 3-106011 Deny inbound (No xlate) tcp src outside:212.126.218.124/nnnn dst outside:209.161.200.227/21 3
18 03/11/04 02:20:17 03/11/04 14:29:38 3-106011 Deny inbound (No xlate) tcp src outside:209.161.171.38/nnnn dst outside:209.161.200.230/135 3
19 03/11/04 05:27:21 03/11/04 05:27:30 3-106011 Deny inbound (No xlate) tcp src outside:63.90.3.55/nnnn dst outside:209.161.200.227/135 3
20 03/11/04 06:54:16 03/11/04 06:54:25 3-106011 Deny inbound (No xlate) tcp src outside:64.164.53.2/nnnn dst outside:209.161.200.227/135 3
21 03/11/04 01:10:51 03/11/04 01:11:00 3-106011 Deny inbound (No xlate) tcp src outside:216.209.93.71/nnnn dst outside:209.161.200.227/135 3
22 03/11/04 03:01:31 03/11/04 03:01:40 3-106011 Deny inbound (No xlate) tcp src outside:24.93.30.147/nnnn dst outside:209.161.200.227/135 3
23 03/11/04 07:44:02 03/11/04 07:44:33 3-106011 Deny inbound (No xlate) tcp src outside:218.144.184.36/nnnn dst outside:209.161.200.228/445 3
24 03/11/04 02:20:23 03/11/04 02:20:32 3-106011 Deny inbound (No xlate) tcp src outside:208.186.151.157/nnnn dst outside:209.161.200.227/443 3
25 03/11/04 07:06:12 03/11/04 07:06:22 3-106011 Deny inbound (No xlate) tcp src outside:65.69.126.157/nnnn dst outside:209.161.200.227/445 3
26 03/11/04 15:40:51 03/11/04 15:40:57 3-106011 Deny inbound (No xlate) tcp src outside:217.225.237.141/nnnn dst outside:209.161.200.230/135 2
27 03/11/04 05:44:18 03/11/04 05:44:21 3-106011 Deny inbound (No xlate) tcp src outside:218.70.60.5/nnnn dst outside:209.161.200.227/nnnn 2
28 03/11/04 13:01:26 03/11/04 13:01:30 3-106011 Deny inbound (No xlate) tcp src outside:80.191.170.150/nnnn dst outside:209.161.200.230/445 2
29 03/11/04 08:33:23 03/11/04 08:33:26 3-106011 Deny inbound (No xlate) tcp src outside:218.66.25.144/nnnn dst outside:209.161.200.228/445 2
30 03/11/04 05:21:14 03/11/04 05:21:23 3-106011 Deny inbound (No xlate) tcp src outside:209.139.2.21/nnnn dst outside:209.161.200.230/135 2
31 03/11/04 02:40:36 03/11/04 02:40:38 3-106011 Deny inbound (No xlate) tcp src outside:207.191.210.156/nnnn dst outside:209.161.200.227/445 2
32 03/11/04 05:27:21 03/11/04 05:27:30 3-106011 Deny inbound (No xlate) tcp src outside:63.90.3.55/nnnn dst outside:209.161.200.230/135 2
33 03/11/04 02:06:12 03/11/04 02:06:15 3-106011 Deny inbound (No xlate) tcp src outside:149.169.140.155/nnnn dst outside:209.161.200.228/nnnn 2
34 03/11/04 09:36:43 03/11/04 16:06:14 3-106011 Deny inbound (No xlate) icmp src outside:209.163.187.3 dst outside:209.161.200.228 (type 8, code 0) 2
35 03/11/04 12:38:04 03/11/04 12:38:07 3-106011 Deny inbound (No xlate) tcp src outside:209.162.130.14/nnnn dst outside:209.161.200.230/445 2
36 03/11/04 03:01:31 03/11/04 03:01:40 3-106011 Deny inbound (No xlate) tcp src outside:24.93.30.147/nnnn dst outside:209.161.200.230/135 2
37 03/11/04 11:04:54 03/11/04 11:04:57 3-106011 Deny inbound (No xlate) tcp src outside:217.46.185.185/nnnn dst outside:209.161.200.227/554 2
38 03/11/04 01:10:51 03/11/04 01:10:54 3-106011 Deny inbound (No xlate) tcp src outside:216.209.93.71/nnnn dst outside:209.161.200.228/135 2
39 03/11/04 13:10:35 03/11/04 13:10:44 3-106011 Deny inbound (No xlate) tcp src outside:69.19.18.104/nnnn dst outside:209.161.200.228/135 2
40 03/11/04 08:32:11 03/11/04 08:32:24 3-106011 Deny inbound (No xlate) tcp src outside:83.157.142.37/nnnn dst outside:209.161.200.230/135 2
41 03/11/04 15:08:07 03/11/04 15:08:16 3-106011 Deny inbound (No xlate) tcp src outside:172.142.34.19/nnnn dst outside:209.161.200.230/135 2
42 03/11/04 06:44:00 03/11/04 06:44:03 3-106011 Deny inbound (No xlate) tcp src outside:80.142.225.88/nnnn dst outside:209.161.200.230/nnnn 2
43 03/11/04 06:03:19 03/11/04 06:03:22 3-106011 Deny inbound (No xlate) tcp src outside:213.234.241.4/nnnn dst outside:209.161.200.227/445 2
44 03/11/04 10:57:22 03/11/04 10:57:59 3-315004 Fail to establish SSH session because PIX RSA host key retrieval failed. 2
45 03/11/04 15:40:51 03/11/04 15:40:57 3-106011 Deny inbound (No xlate) tcp src outside:217.225.237.141/nnnn dst outside:209.161.200.227/135 2
46 03/11/04 15:57:52 03/11/04 15:57:55 3-106011 Deny inbound (No xlate) tcp src outside:217.34.66.13/nnnn dst outside:209.161.200.230/139 2
47 03/11/04 13:01:26 03/11/04 13:01:30 3-106011 Deny inbound (No xlate) tcp src outside:80.191.170.150/nnnn dst outside:209.161.200.227/445 2
48 03/11/04 09:47:58 03/11/04 09:48:07 3-106011 Deny inbound (No xlate) tcp src outside:203.146.193.136/nnnn dst outside:209.161.200.228/135 2
49 03/11/04 02:20:23 03/11/04 02:20:26 3-106011 Deny inbound (No xlate) tcp src outside:208.186.151.157/nnnn dst outside:209.161.200.228/443 2
50 03/11/04 06:44:00 03/11/04 06:44:03 3-106011 Deny inbound (No xlate) tcp src outside:80.142.225.88/nnnn dst outside:209.161.200.227/nnnn 2
There were more messages to be reported but the listing is limited to 50!!!

-
Severity level 4 (Warning) details for the 172.17.1.15 firewall. : - Go to top
No First Message Last Message Code Message Count
1 03/11/04 13:47:40 03/11/04 13:47:40 4-106023 Deny tcp src inside:172.17.1.102/nnnn dst outside:69.6.57.7/80 by access-group "acl_inbound" 2
2 03/11/04 13:34:36 03/11/04 13:34:36 4-400013 IDS:2003 ICMP redirect from 64.53.150.209 to 192.168.1.1 on interface outside 1
3 03/11/04 13:13:40 03/11/04 13:13:40 4-400032 IDS:4051 UDP Snork attack from 64.53.150.209 to 192.168.1.1 on interface outside 1

-
Severity level 5 (Notification) details for the 172.17.1.15 firewall. : - Go to top
No First Message Last Message Code Message Count
1 03/11/04 11:26:46 03/11/04 16:47:42 5-304001 172.17.1.102 Accessed URL 64.235.234.140:/ac/acmelogo.jpg 13
2 03/11/04 10:41:15 03/11/04 12:21:15 5-304001 172.17.1.102 Accessed URL 66.163.175.128:/feed/pg4?s=quotes 10
3 03/11/04 10:54:26 03/11/04 17:54:03 5-111007 Begin configuration: 172.17.1.102 reading from terminal 7
4 03/11/04 13:34:42 03/11/04 13:58:20 5-304001 172.17.1.102 Accessed URL 69.28.159.140:/mm_cdn/01068ABAASAAAAAsDq0mG.Pth3YbANncOnzAvOaXPiWXbxImylXyL5JzhApAtK6k27bxNA6FFoVAkCsUvcLKYtO7ilT2u_.DAhmtra1IxvQ--/album_image/amg/drd400/d485/d48583l9l32.jpg 6
5 03/11/04 13:34:36 03/11/04 13:34:36 5-304001 172.17.1.102 Accessed URL 63.236.14.37:/nova/images/small-play-button.gif 4
6 03/11/04 10:47:05 03/11/04 17:37:24 5-304001 172.17.1.102 Accessed URL 64.236.16.246:/ 3
7 03/11/04 17:46:56 03/11/04 17:48:01 5-304001 172.17.1.70 Accessed URL 63.146.96.171:/wst/images/2402631.JPG 3
8 03/11/04 17:46:56 03/11/04 17:48:01 5-304001 172.17.1.70 Accessed URL 63.146.96.171:/wst/images/2314369.JPG 3
9 03/11/04 13:34:09 03/11/04 17:20:45 5-304001 172.17.1.102 Accessed URL 63.236.14.26:/mmjb/check.cgi 3
10 03/11/04 17:47:10 03/11/04 17:48:01 5-304001 172.17.1.70 Accessed URL 65.18.223.30:/images/citysites-cp-nytimes.jpg 3
11 03/11/04 10:55:47 03/11/04 17:47:00 5-111005 172.17.1.102 end configuration: OK 3
12 03/11/04 10:47:05 03/11/04 17:37:24 5-304001 172.17.1.102 Accessed URL 64.236.24.28:/ 3
13 03/11/04 17:52:38 03/11/04 17:59:30 5-304001 172.17.1.70 Accessed URL 63.215.124.60:/i/msnbc/Components/Art/SITEWIDE/Marquee/bn_marquee2.gif 3
14 03/11/04 17:31:40 03/11/04 17:33:36 5-304001 172.17.1.70 Accessed URL 212.58.240.131:/media/images/39870000/jpg/_39870384_obese_66.jpg 2
15 03/11/04 17:34:04 03/11/04 17:39:12 5-304001 172.17.1.70 Accessed URL 206.112.74.4:/mdsefc?a2125;MCBL103C12595P256031B256032S0 2
16 03/11/04 11:37:41 03/11/04 11:48:41 5-304001 172.17.1.102 Accessed URL 207.46.248.244:/library/images/support/emailicon.gif 2
17 03/11/04 17:31:40 03/11/04 17:33:35 5-304001 172.17.1.70 Accessed URL 212.58.240.131:/media/images/39938000/jpg/_39938291_chian_surfers6666afp.jpg 2
18 03/11/04 14:29:23 03/11/04 16:38:19 5-304001 172.17.1.102 Accessed URL 63.236.14.21:/mmjb/ev/mx?EVENT=MXTrackDone&VER=8%2E20%2E0107MMD&OS=WinXPSP1&MMUID=957308CF%2DD475%2D4261%2DAC46%2D21A5D52566AD&SEQ=1&TRACKPOS=2&STATION%5FID=artistMatch%253a300%253a%253a 2
19 03/11/04 14:10:50 03/11/04 14:22:57 5-304001 172.17.1.102 Accessed URL 69.28.154.140:/mm_cdn/01068ABAASAAAAAsDq0mG.Pth3YbANncOnzAvOaXPiWXbxImylXyL5JzhApAtK6k27bxNA6FFoVAkCsUvcLKYtO7ilT2u_.DAhmtra1IxvQ--/album_image/amg/drd400/d485/d48583l9l32.jpg 2
20 03/11/04 11:37:41 03/11/04 11:48:41 5-304001 172.17.1.102 Accessed URL 207.46.248.244:/common/resources/Content_subban.gif 2
21 03/11/04 17:48:52 03/11/04 17:52:10 5-304001 172.17.1.70 Accessed URL 199.246.67.114:/servlet/AdletCounter?ad1=cna_120x120_matters20040309_7485274 2
22 03/11/04 17:31:39 03/11/04 17:33:34 5-304001 172.17.1.70 Accessed URL 212.58.240.131:/media/images/39913000/jpg/_39913063_if_6666.jpg 2
23 03/11/04 17:31:38 03/11/04 17:33:33 5-304001 172.17.1.70 Accessed URL 212.58.240.131:/media/images/39936000/jpg/_39936163_rover_nasa_66.jpg 2
24 03/11/04 17:48:47 03/11/04 17:52:09 5-304001 172.17.1.70 Accessed URL 199.246.67.250:/ 2
25 03/11/04 17:31:38 03/11/04 17:33:33 5-304001 172.17.1.70 Accessed URL 212.58.240.131:/media/images/39873000/jpg/_39873620_tusker_ifaw_203.jpg 2
26 03/11/04 17:37:05 03/11/04 17:39:07 5-304001 172.17.1.70 Accessed URL 207.61.132.8:/images/2004/03/11/international/20040311_MADRID_55.jpg 2
27 03/11/04 11:57:17 03/11/04 11:57:22 5-304001 172.17.1.102 Accessed URL 143.101.75.110:/AVTuserguides/CallXpress%20%26%20CallXpress%20Enterprise/5.30%20Online%20Books/DMM_EXCH_OLB.pdf 2
28 03/11/04 17:31:40 03/11/04 17:33:35 5-304001 172.17.1.70 Accessed URL 212.58.240.131:/media/images/39872000/jpg/_39872784_bbc66puffcorn.jpg 2
29 03/11/04 17:52:53 03/11/04 17:57:26 5-304001 172.17.1.70 Accessed URL 207.68.166.119:/xmlbuddy/eShopOffer.aspx?formatType=6&ptnrData=131&PS=69728&pmpType=0&styletype=2&v=3&ptnrId=1 2
30 03/11/04 17:48:52 03/11/04 17:52:10 5-304001 172.17.1.70 Accessed URL 199.246.67.210:/RTGAM_Archive/images/20040311/wxmathfront0311/mathewIngram50x603.gif 2
31 03/11/04 16:44:23 03/11/04 16:44:23 5-304001 172.17.1.70 Accessed URL 64.233.161.104:/ 2
32 03/11/04 17:31:39 03/11/04 17:33:33 5-304001 172.17.1.70 Accessed URL 212.58.240.131:/media/images/39876000/jpg/_39876136_toyota_bot6649alsoap.jpg 2
33 03/11/04 14:25:33 03/11/04 16:38:18 5-304001 172.17.1.102 Accessed URL 63.236.14.21:/mmjb/ev/mx?EVENT=MXTrackDone&VER=8%2E20%2E0107MMD&OS=WinXPSP1&MMUID=957308CF%2DD475%2D4261%2DAC46%2D21A5D52566AD&SEQ=1&TRACKPOS=1&STATION%5FID=artistMatch%253a300%253a%253a 2
34 03/11/04 17:37:05 03/11/04 17:39:08 5-304001 172.17.1.70 Accessed URL 199.239.137.245:/images/2004/03/11/international/audio55.jpg 2
35 03/11/04 13:34:25 03/11/04 13:34:25 5-304001 172.17.1.102 Accessed URL 63.236.14.37:/nova/images/norm-right-side.gif 2
36 03/11/04 17:45:17 03/11/04 17:48:27 5-304001 172.17.1.70 Accessed URL 199.239.137.200:/2004/03/09/international/europe/09RUSS.html?pagewanted=2 2
37 03/11/04 17:31:39 03/11/04 17:33:33 5-304001 172.17.1.70 Accessed URL 212.58.240.131:/media/images/39877000/jpg/_39877914_exosk_berk_66.jpg 2
38 03/11/04 17:39:28 03/11/04 17:39:28 5-304001 172.17.1.70 Accessed URL 12.130.12.31:/ix.e?fl&s=75563&w=468&h=60&u=http%3A//www.nytimes.com/pages/world/index.html&x=http://www.nytimes.com/adx/bin/adx_click.html?type=goto&page=www.nytimes.com/pages/world/index 2
39 03/11/04 17:34:04 03/11/04 17:39:12 5-304001 172.17.1.70 Accessed URL 63.240.173.48:/custom/nyt-com/global-market-chart.img 2
40 03/11/04 14:34:19 03/11/04 16:41:46 5-304001 172.17.1.102 Accessed URL 63.236.14.21:/mmjb/ev/mx?EVENT=MXTrackDone&VER=8%2E20%2E0107MMD&OS=WinXPSP1&MMUID=957308CF%2DD475%2D4261%2DAC46%2D21A5D52566AD&SEQ=1&TRACKPOS=3&STATION%5FID=artistMatch%253a300%253a%253a 2
41 03/11/04 17:48:52 03/11/04 17:52:10 5-304001 172.17.1.70 Accessed URL 199.246.67.114:/servlet/AdletCounter?ad1=bmw_vineyards_7442324 2
42 03/11/04 17:31:39 03/11/04 17:33:35 5-304001 172.17.1.70 Accessed URL 212.58.240.131:/nol/shared/img/branded_puffs/line_prog.gif 2
43 03/11/04 17:57:25 03/11/04 17:59:29 5-304001 172.17.1.70 Accessed URL 207.46.245.33:/css/html40.css 2
44 03/11/04 14:43:44 03/11/04 16:51:49 5-304001 172.17.1.102 Accessed URL 63.236.14.21:/mmjb/ev/mx?EVENT=MXTrackDone&VER=8%2E20%2E0107MMD&OS=WinXPSP1&MMUID=957308CF%2DD475%2D4261%2DAC46%2D21A5D52566AD&SEQ=1&TRACKPOS=5&STATION%5FID=artistMatch%253a300%253a%253a 2
45 03/11/04 10:41:23 03/11/04 10:41:30 5-304001 172.17.1.102 Accessed URL 205.188.250.25:/cb/556/datafiles/antispam.cb 2
46 03/11/04 17:37:05 03/11/04 17:39:07 5-304001 172.17.1.70 Accessed URL 207.61.132.8:/images/2004/03/11/international/040312_web_MADRIDmap.gif 2
47 03/11/04 17:47:08 03/11/04 17:47:29 5-304001 172.17.1.70 Accessed URL 209.11.106.40:/sales/listingJS.asp 2
48 03/11/04 17:37:04 03/11/04 17:39:07 5-304001 172.17.1.70 Accessed URL 207.61.132.8:/images/2004/03/11/international/11cnd-blast.10.184.jpg 2
49 03/11/04 13:38:51 03/11/04 14:02:13 5-304001 172.17.1.102 Accessed URL 69.28.159.140:/mm_cdn/01068ABAASAAAAAsDq0mG.Pth3YbANncOnzAvOaXPiWXbxImylXyL5JzhApAtK6k27bxNA6FFoVAkCsUvcLKYtO7ilT2u_.DAhmtra1IxvQ--/album_image/amg/drg000/g039/g03906cmlmn.jpg 2
50 03/11/04 12:47:04 03/11/04 12:47:05 5-304001 172.17.1.102 Accessed URL 64.233.161.104:/ 2
There were more messages to be reported but the listing is limited to 50!!!

-
Severity level 6 (Informational) details for the 172.17.1.15 firewall. : - Go to top
No First Message Last Message Code Message Count
1 03/11/04 12:02:04 03/11/04 18:01:05 6-305004 Teardown portmap translation (details consolidated) 1,303
2 03/11/04 12:00:45 03/11/04 18:00:23 6-302002 Teardown TCP connection (details consolidated) 1,098
3 03/11/04 12:01:15 03/11/04 17:59:34 6-302001 Built outbound TCP connection (details consolidated) 981
4 03/11/04 10:39:42 03/11/04 17:59:13 6-305001 Portmapped translation built for gaddr 209.161.200.226/nnnn laddr 172.17.1.102/nnnn 888
5 03/11/04 11:59:58 03/11/04 17:59:55 6-302005 Built UDP connection connection (details consolidated) 646
6 03/11/04 12:02:04 03/11/04 18:00:35 6-302006 Teardown UDP connection (details consolidated) 642
7 03/11/04 16:42:25 03/11/04 18:00:56 6-305001 Portmapped translation built for gaddr 209.161.200.226/nnnn laddr 172.17.1.70/nnnn 387
8 03/11/04 00:19:51 03/11/04 11:45:11 6-302005 Built UDP connection for faddr 207.136.100.40/nnnn gaddr 209.161.200.226/nnnn laddr 172.17.1.40/nnnn 326
9 03/11/04 00:20:07 03/11/04 11:45:29 6-302006 Teardown UDP connection for faddr 207.136.100.40/nnnn gaddr 209.161.200.226/nnnn laddr 172.17.1.40/nnnn 326
10 03/11/04 00:06:39 03/11/04 17:59:30 6-305001 Portmapped translation built for gaddr 209.161.200.226/nnnn laddr 172.17.1.40/nnnn 218
11 03/11/04 10:42:07 03/11/04 11:56:32 6-305004 Teardown portmap translation for global 209.161.200.226/nnnn local 172.17.1.102/nnnn 160
12 03/11/04 00:09:04 03/11/04 11:45:59 6-305004 Teardown portmap translation for global 209.161.200.226/nnnn local 172.17.1.40/nnnn 129
13 03/11/04 12:00:45 03/11/04 17:58:57 6-302001 Built inbound TCP connection (details consolidated) 116
14 03/11/04 00:06:47 03/11/04 17:56:23 6-305001 Portmapped translation built for gaddr 209.161.200.226/nnnn laddr 172.17.1.10/nnnn 101
15 03/11/04 00:09:04 03/11/04 11:48:30 6-305004 Teardown portmap translation for global 209.161.200.226/nnnn local 172.17.1.10/nnnn 69
16 03/11/04 00:09:04 03/11/04 11:48:30 6-302006 Teardown UDP connection for faddr 209.161.200.227/514 gaddr 209.161.200.226/nnnn laddr 172.17.1.10/nnnn 69
17 03/11/04 00:06:47 03/11/04 11:56:10 6-302005 Built UDP connection for faddr 209.161.200.227/514 gaddr 209.161.200.226/nnnn laddr 172.17.1.10/nnnn 68
18 03/11/04 08:18:42 03/11/04 10:08:25 6-302001 Built inbound TCP connection nnnnn for faddr 69.19.34.66/nnnn gaddr 209.161.200.227/143 laddr 172.17.1.40/143 35
19 03/11/04 00:48:35 03/11/04 10:53:59 6-302001 Built outbound TCP connection nnnnn for faddr 216.218.202.31/nnnn gaddr 209.161.200.226/nnnn laddr 172.17.1.40/nnnn 34
20 03/11/04 13:43:43 03/11/04 17:59:13 6-106015 Deny TCP (no connection) from 172.17.1.102/nnnn to 63.236.14.21/80 flags FIN ACK on interface inside 33
21 03/11/04 00:48:36 03/11/04 10:53:59 6-302002 Teardown TCP connection nnnnn faddr 216.218.202.31/nnnn gaddr 209.161.200.226/nnnn laddr 172.17.1.40/nnnn duration 0:00:01 bytes nnnnn (TCP FINs) 32
22 03/11/04 00:48:35 03/11/04 10:53:58 6-302001 Built outbound TCP connection nnnnn for faddr 216.218.202.31/21 gaddr 209.161.200.226/nnnn laddr 172.17.1.40/nnnn 31
23 03/11/04 01:55:29 03/11/04 15:05:14 6-302010 1 in use, 114 most used 28
24 03/11/04 02:33:28 03/11/04 10:44:03 6-302001 Built inbound TCP connection nnnnn for faddr 80.97.48.21/nnnn gaddr 209.161.200.227/143 laddr 172.17.1.40/143 28
25 03/11/04 00:48:36 03/11/04 10:53:59 6-302002 Teardown TCP connection nnnnn faddr 216.218.202.31/21 gaddr 209.161.200.226/nnnn laddr 172.17.1.40/nnnn duration 0:00:01 bytes nnnnn (TCP FINs) 28
26 03/11/04 00:35:31 03/11/04 17:45:11 6-302010 2 in use, 114 most used 27
27 03/11/04 11:03:49 03/11/04 11:46:53 6-302001 Built outbound TCP connection nnnnn for faddr 65.54.244.253/80 gaddr 209.161.200.226/nnnn laddr 172.17.1.102/nnnn 22
28 03/11/04 00:05:32 03/11/04 09:35:20 6-302010 0 in use, 114 most used 21
29 03/11/04 00:06:39 03/11/04 05:08:44 6-302001 Built outbound TCP connection nnnnn for faddr 65.182.142.112/25 gaddr 209.161.200.226/nnnn laddr 172.17.1.40/nnnn 20
30 03/11/04 11:57:17 03/11/04 11:57:22 6-106015 Deny TCP (no connection) from 143.101.75.110/80 to 209.161.200.226/nnnn flags ACK on interface outside 20
31 03/11/04 11:03:50 03/11/04 11:46:53 6-302002 Teardown TCP connection nnnnn faddr 65.54.244.253/80 gaddr 209.161.200.226/nnnn laddr 172.17.1.102/nnnn duration 0:00:01 bytes nnnnn (TCP FINs) 18
32 03/11/04 10:45:55 03/11/04 10:46:04 6-302001 Built inbound TCP connection nnnnn for faddr 66.30.36.214/nnnn gaddr 209.161.200.227/25 laddr 172.17.1.40/25 16
33 03/11/04 10:45:55 03/11/04 10:46:04 6-302002 Teardown TCP connection nnnnn faddr 66.30.36.214/nnnn gaddr 209.161.200.227/25 laddr 172.17.1.40/25 duration 0:00:00 bytes nnnnn (TCP Reset-I) 16
34 03/11/04 11:37:39 03/11/04 11:48:41 6-302001 Built outbound TCP connection nnnnn for faddr 207.46.248.244/80 gaddr 209.161.200.226/nnnn laddr 172.17.1.102/nnnn 13
35 03/11/04 10:44:23 03/11/04 10:44:30 6-302001 Built inbound TCP connection nnnnn for faddr 66.31.242.140/nnnn gaddr 209.161.200.227/25 laddr 172.17.1.40/25 12
36 03/11/04 08:59:35 03/11/04 09:08:44 6-302001 Built inbound TCP connection nnnnn for faddr 64.228.41.54/nnnn gaddr 209.161.200.227/143 laddr 172.17.1.40/143 12
37 03/11/04 10:43:41 03/11/04 10:43:50 6-302002 Teardown TCP connection nnnnn faddr 81.195.87.106/nnnn gaddr 209.161.200.227/25 laddr 172.17.1.40/25 duration 0:00:00 bytes nnnnn (TCP Reset-I) 12
38 03/11/04 10:43:11 03/11/04 10:43:19 6-302001 Built inbound TCP connection nnnnn for faddr 66.191.183.182/nnnn gaddr 209.161.200.227/25 laddr 172.17.1.40/25 12
39 03/11/04 10:43:41 03/11/04 10:43:50 6-302001 Built inbound TCP connection nnnnn for faddr 81.195.87.106/nnnn gaddr 209.161.200.227/25 laddr 172.17.1.40/25 12
40 03/11/04 10:43:11 03/11/04 10:43:19 6-302002 Teardown TCP connection nnnnn faddr 66.191.183.182/nnnn gaddr 209.161.200.227/25 laddr 172.17.1.40/25 duration 0:00:00 bytes nnnnn (TCP Reset-I) 12
41 03/11/04 10:44:23 03/11/04 10:44:30 6-302002 Teardown TCP connection nnnnn faddr 66.31.242.140/nnnn gaddr 209.161.200.227/25 laddr 172.17.1.40/25 duration 0:00:00 bytes nnnnn (TCP Reset-I) 12
42 03/11/04 10:48:23 03/11/04 10:48:40 6-302001 Built inbound TCP connection nnnnn for faddr 69.105.197.100/nnnn gaddr 209.161.200.227/25 laddr 172.17.1.40/25 11
43 03/11/04 10:48:23 03/11/04 10:48:40 6-302002 Teardown TCP connection nnnnn faddr 69.105.197.100/nnnn gaddr 209.161.200.227/25 laddr 172.17.1.40/25 duration 0:00:00 bytes nnnnn (TCP Reset-I) 11
44 03/11/04 00:48:36 03/11/04 10:53:59 6-303002 172.17.1.40 Retrieved 216.218.202.31:nvc5.txt 11
45 03/11/04 00:48:38 03/11/04 10:23:56 6-303002 172.17.1.40 Retrieved 216.218.202.31:eed.txt 10
46 03/11/04 00:48:37 03/11/04 10:23:55 6-303002 172.17.1.40 Retrieved 216.218.202.31:bitdefender.txt 10
47 03/11/04 11:25:27 03/11/04 11:52:24 6-302001 Built outbound TCP connection nnnnn for faddr 216.239.37.99/80 gaddr 209.161.200.226/nnnn laddr 172.17.1.102/nnnn 10
48 03/11/04 06:53:04 03/11/04 08:59:22 6-302001 Built inbound TCP connection nnnnn for faddr 80.97.89.49/nnnn gaddr 209.161.200.227/143 laddr 172.17.1.40/143 10
49 03/11/04 14:08:15 03/11/04 14:08:26 6-106015 Deny TCP (no connection) from 64.4.241.32/443 to 209.161.200.226/nnnn flags ACK on interface outside 10
50 03/11/04 11:37:40 03/11/04 11:48:41 6-302002 Teardown TCP connection nnnnn faddr 207.46.248.244/80 gaddr 209.161.200.226/nnnn laddr 172.17.1.102/nnnn duration 0:00:01 bytes nnnnn (TCP Reset-I) 10
There were more messages to be reported but the listing is limited to 50!!!

-
Severity level 7 (Debugging) details for the 172.17.1.15 firewall. : - Go to top
No First Message Last Message Code Message Count
1 03/11/04 13:50:41 03/11/04 13:50:41 7-702301 lifetime expiring, (sa) sa_dest= 209.161.200.226, sa_prot= 50, sa_spi= 0x21a09f69(564174697), sa_trans= esp-des esp-md5-hmac , sa_conn_id= 1, (identity) local= 209.161.200.226, remote= 209.161.200.235, local_proxy 1


* * *

-
Glossary of terms used in this report: - Go to top
No Term Explanation
1 Addresses generating denial messages IP addresses that caused the firewall to generate a deny message (see "Denial messages"). It helps in identifying potential intruders or abusers.
2 Bytes in
Bytes out		 Cisco defines the traffic "in" or "out" based on how a connection was initiated. If an HTTP connection is initiated by an internal IP address (i.e. a typical web browsing) all the traffic generated is labeled as "out" even though in fact, most of the traffic is coming from the web server
3 Denial messages Messages recorded by the firewall when a connection is denied. Connections can be denied by the lack of access list for the protocol or source/destination IPs or for their lack of validity.
4 Denied protocols Protocols used in various deny messages recorded by the firewall (see "Denial messages")
5 Message types distribution Offers a quick overview of the type of messages found in the analyzed logs. An example of each type of message is given.
6 Severity level Cisco %PIX messages category based on their criticality for the functionality of the firewall and their security implications.
7 Internal IP addresses Hosts considered "internal" by the %PIX firewall.
8 Unknown traffic When they are initiated, the firewall assigns to each connection a connection id and labels it as "inbound" or "outbound" When the connection is terminated the firewall records the number of bytes that were transferred but the "direction" of this traffic can be identified only by matching the connection IDs. If the initial message is missing from the log, no connection matching can be done and the "direction" of the traffic cannot be established. This typically happens when a connection is initiated shortly before midnight and it is terminated after 12:00 pm. This way, the connection information lies in 2 logs.
-
Analysis performance: - Go to top
Report generated on 08/31/05 11:08:22
Analysis engine version 2.67
Analysis duration: 443 seconds
Log lines analyzed: 10,784
Kb log analyzed: 1,889.86
Analysis speed: 24 lines/second
Analysis speed: 4 kb/second
Hosts in DNS cache: 382
DNS resolution took 437 seconds - (98 % from the processing time)..
-
Unknown messages types: - Go to top
The analyzer is always a work in progress. In order to optimize the performance only certain error codes are processed. All the unknown message are reported here as well as in the "Message details" sections. Please email us the following information so we can include them in the next version of Firegen.
CodeMessage
3-315004Fail to establish SSH session because PIX RSA host key retrieval failed.
6-315011SSH session from 0.0.0.0 on interface outside for user "" disconnected by SSH server, reason: "Internal error" (0x00)
6-315002Permitted SSH session from 172.17.1.102 on interface inside for user "pix"