Firewall	First Event	Last Event
bastion_sef8.altairtech.ca	08/16/05 21:50:30	08/16/05 23:59:59

Analyzed logs: - Go to top

Log file	Log size (kb)	Log entries
C:\Docs\Projects\FGNG\FGNGSEF8\logs\logfile.txt.20050816-10	29,153.18	67,544

Statistics for the bastion_sef8.altairtech.ca firewall: - Go to top

Sections	Sub-sections
Traffic	From internal hosts From external hosts Towards hosts behind the firewall By hour
Protocols	Top 25 HTTP-HTTPS FTP SMTP Email clients Other protocols
URLs	Top 50
Denials	Protocols - 42 By hour Sources - 135 Destinations - 2,763 Connections - 8,345
Warnings	239
Notifications	53
VPNs	0
Management	0
Daemons	14
Message types	19

bastion_sef8.altairtech.ca - Traffic from internal hosts - Top 50: - Go to top

No	Host IP	Host Name	Protocols	Sent	Received	Total	%	Comment
1	192.168.5.49		ICMP/8 - ping, TCP/80 - http	124.78	149,389.84	149,514.61	77.95
2	192.168.1.24		TCP/80 - http	176.04	22,528.02	22,704.06	11.84
3	192.168.101.20		TCP/25 - smtp, UDP/123 - ntp, ICMP/3 - unreach, TCP/80 - http	11.62	7,585.67	7,597.29	3.96
4	192.168.1.13		TCP/80 - http	582.80	2,424.15	3,006.96	1.57
5	192.168.4.75		TCP/80 - http	832.73	954.58	1,787.31	0.93
6	192.168.127.21		TCP/80 - http	156.49	455.46	611.95	0.32
7	192.168.4.168		TCP/80 - http	204.33	330.20	534.53	0.28
8	192.168.1.109		UDP/137 - netbios, TCP/80 - http	29.91	499.36	529.27	0.28
9	192.168.5.109		TCP/80 - http	31.90	414.10	446.00	0.23
10	192.168.4.93		TCP/80 - http	42.40	380.26	422.66	0.22
11	192.168.2.14		UDP/2967 - symantec-av, TCP/3389 - ms rdp, ICMP/3 - unreach	36.38	383.21	419.59	0.22
12	192.168.4.110		TCP/25 - smtp, TCP/80 - http	58.68	345.61	404.29	0.21
13	192.168.127.119		TCP/80 - http	65.33	297.31	362.65	0.19
14	192.168.5.165		TCP/80 - http	15.39	301.87	317.26	0.17
15	192.168.254.11		TCP/110 - pop3, TCP/80 - http	126.62	145.34	271.96	0.14
16	192.168.6.31		TCP/80 - http	48.08	209.85	257.93	0.13
17	192.168.117.148		TCP/80 - http	7.84	189.66	197.49	0.10
18	192.168.5.124		TCP/80 - http	2.93	158.22	161.15	0.08
19	192.168.4.43		TCP/80 - http	7.66	127.42	135.08	0.07
20	192.168.5.66		UDP/123 - ntp, ICMP/3 - unreach, TCP/80 - http	46.82	80.41	127.23	0.07
21	192.168.117.56		TCP/70, TCP/80 - http	32.87	73.71	106.58	0.06
22	192.168.3.246		TCP/25 - smtp	85.92	18.22	104.14	0.05
23	192.168.254.12		TCP/80 - http	26.71	75.33	102.04	0.05
24	192.168.4.182		TCP/80 - http	30.27	60.10	90.37	0.05
25	192.168.5.15		TCP/80 - http	33.17	54.51	87.68	0.05
26	192.168.4.57		TCP/80 - http	8.38	60.10	68.47	0.04
27	192.168.4.97		TCP/80 - http	3.47	64.16	67.63	0.04
28	192.168.118.17		UDP/161 - snmp, ICMP/3 - unreach, TCP/80 - http, TCP/161	3.73	60.59	64.33	0.03
29	192.168.254.10		TCP/80 - http	26.29	37.25	63.54	0.03
30	192.168.4.41		TCP/80 - http	18.01	37.00	55.01	0.03
31	192.168.4.30		TCP/80 - http	2.35	36.72	39.07	0.02
32	192.168.4.222		TCP/80 - http	2.05	36.17	38.22	0.02
33	192.168.127.65		TCP/80 - http	2.05	36.16	38.22	0.02
34	192.168.4.211		TCP/80 - http	2.05	36.16	38.22	0.02
35	192.168.117.1		TCP/80 - http	2.05	36.16	38.22	0.02
36	192.168.117.54		TCP/80 - http	2.05	35.49	37.54	0.02
37	192.168.6.95		TCP/80 - http	2.05	35.49	37.54	0.02
38	192.168.3.114		TCP/80 - http	2.05	35.49	37.54	0.02
39	192.168.6.83		TCP/80 - http	2.05	35.48	37.54	0.02
40	192.168.117.15		TCP/80 - http	2.05	35.48	37.54	0.02
41	192.168.4.44		TCP/80 - http	16.18	20.87	37.04	0.02
42	192.168.6.64		TCP/80 - http	2.05	34.80	36.86	0.02
43	192.168.117.119		TCP/80 - http	2.05	34.80	36.86	0.02
44	192.168.117.159		TCP/80 - http	2.05	34.80	36.86	0.02
45	192.168.117.117		TCP/80 - http	2.05	34.80	36.86	0.02
46	192.168.6.49		TCP/80 - http	2.05	34.80	36.86	0.02
47	192.168.10.165		TCP/80 - http	2.05	34.80	36.86	0.02
48	192.168.117.209		TCP/80 - http	2.05	34.80	36.86	0.02
49	192.168.3.95		TCP/80 - http	2.05	34.80	36.86	0.02
50	192.168.6.91		TCP/80 - http	2.05	34.80	36.86	0.02
	Total			2,935.10	188,469.25	191,404.36
There were more records in this section but the reporting is limited to 50

bastion_sef8.altairtech.ca - Traffic from external hosts - Top 50: - Go to top

No	Host IP	Host Name	Protocols	Sent	Received	Total	%	Comment
1	69.166.17.140	eccb01-00-barwga-69-166-17-140.atlaga.adelphia.net	TCP/80 - http	75.91	22,506.11	22,582.02	16.96
2	24.98.85.128	c-24-98-85-128.hsd1.ga.comcast.net	TCP/80 - http	440.75	8,848.95	9,289.70	6.98
3	68.219.44.6	adsl-219-44-6.asm.bellsouth.net	TCP/80 - http	327.02	7,490.50	7,817.53	5.87
4	68.214.28.212	adsl-214-28-212.asm.bellsouth.net	TCP/80 - http	565.27	5,768.37	6,333.64	4.76
5	69.160.226.232	ga-gwinnett-cuda1-c3b-232.atlaga.adelphia.net	TCP/80 - http	30.46	5,299.95	5,330.41	4.00
6	24.30.65.101	c-24-30-65-101.hsd1.ga.comcast.net	TCP/80 - http	151.70	4,993.18	5,144.88	3.86
7	205.152.59.73	imf25aec.mail.bellsouth.net	TCP/25 - smtp	3,944.38	1.09	3,945.47	2.96
8	68.211.104.206	adsl-211-104-206.asm.bellsouth.net	TCP/80 - http	148.56	3,165.52	3,314.08	2.49
9	69.166.17.147	eccb01-00-barwga-69-166-17-147.atlaga.adelphia.net	TCP/80 - http	83.44	2,635.92	2,719.36	2.04
10	65.13.4.211	adsl-065-013-004-211.sip.asm.bellsouth.net	TCP/80 - http	199.00	2,392.99	2,591.99	1.95
11	72.10.67.181	181-67-10-72.pineland.net	TCP/80 - http	109.24	2,220.03	2,329.27	1.75
12	67.140.207.85	h85.207.140.67.ip.alltel.net	TCP/80 - http	255.05	2,063.73	2,318.78	1.74
13	66.32.178.160	user-1121cl0.dsl.mindspring.com	TCP/80 - http	43.62	2,237.26	2,280.87	1.71
14	68.190.45.141	68-190-45-141.dhcp.athn.ga.charter.com	TCP/80 - http	257.17	1,919.07	2,176.25	1.63
15	67.140.197.146	h146.197.140.67.ip.alltel.net	TCP/80 - http	188.61	1,599.92	1,788.53	1.34
16	68.158.180.14	adsl-158-180-14.mia.bellsouth.net	TCP/80 - http	164.89	1,610.39	1,775.29	1.33
17	24.98.80.98	c-24-98-80-98.hsd1.ga.comcast.net	TCP/80 - http	65.13	1,610.49	1,675.62	1.26
18	68.154.96.113	adsl-154-96-113.asm.bellsouth.net	TCP/80 - http	38.98	1,593.25	1,632.23	1.23
19	166.102.165.166	ispmxmta05-srv.alltel.net	TCP/25 - smtp	1,618.67	1.92	1,620.60	1.22
20	68.155.166.147	adsl-155-166-147.asm.bellsouth.net	TCP/80 - http	77.32	1,486.69	1,564.01	1.17
21	67.140.205.233	h233.205.140.67.ip.alltel.net	TCP/80 - http	105.02	1,391.56	1,496.58	1.12
22	162.39.213.149	h149.213.39.162.ip.alltel.net	TCP/80 - http	124.44	1,121.01	1,245.46	0.94
23	166.102.165.170	ispmxmta09-srv.alltel.net	TCP/25 - smtp	1,175.04	3.84	1,178.88	0.89
24	66.249.66.178	crawl-66-249-66-178.googlebot.com	TCP/80 - http	23.79	1,144.63	1,168.41	0.88
25	207.46.98.83	msnbot.msn.com	TCP/80 - http	37.59	1,093.71	1,131.30	0.85
26	207.69.140.24	ca01-ch03-bl06.accel.atl.earthlink.net	TCP/80 - http	83.34	1,021.04	1,104.38	0.83
27	64.12.137.7	imo-m26.mx.aol.com	TCP/25 - smtp	1,053.88	0.53	1,054.41	0.79
28	166.102.165.167	ispmxmta06-srv.alltel.net	TCP/25 - smtp	1,048.09	5.53	1,053.62	0.79
29	151.193.165.154	p259.travelocity.com	TCP/25 - smtp	1,048.86	2.15	1,051.01	0.79
30	67.140.202.179	h179.202.140.67.ip.alltel.net	TCP/80 - http	118.36	827.34	945.70	0.71
31	68.158.52.86	adsl-158-52-86.asm.bellsouth.net	TCP/80 - http	15.74	906.68	922.41	0.69
32	172.163.186.148	ACA3BA94.ipt.aol.com	TCP/80 - http	52.12	772.23	824.36	0.62
33	206.190.49.119	web54309.mail.yahoo.com	TCP/25 - smtp	725.11	0.44	725.55	0.54
34	206.190.38.23	web50008.mail.yahoo.com	TCP/25 - smtp	714.11	0.44	714.55	0.54
35	68.233.186.35	eccb01-00-barwga-68-233-186-35.atlaga.adelphia.net	TCP/80 - http	21.91	625.44	647.35	0.49
36	151.193.165.14	p136.travelocity.com	TCP/25 - smtp	578.60	2.14	580.74	0.44
37	64.12.116.67	cache-mtc-ab03.proxy.aol.com	TCP/80 - http	9.62	554.52	564.14	0.42
38	151.193.165.236	mail8.travelocity.com	TCP/25 - smtp	550.60	1.62	552.22	0.41
39	158.93.6.9	stjames1.mcg.edu	TCP/25 - smtp	501.16	0.44	501.59	0.38
40	152.163.100.5	cache-rtc-aa01.proxy.aol.com	TCP/80 - http	8.87	468.85	477.72	0.36
41	64.12.117.6	cache-mtc-ae02.proxy.aol.com	TCP/80 - http	8.86	449.99	458.85	0.34
42	64.12.116.131	cache-mtc-ac02.proxy.aol.com	TCP/80 - http	10.24	441.10	451.35	0.34
43	68.117.216.133	68-117-216-133.dhcp.athn.ga.charter.com	TCP/80 - http	2.18	440.97	443.15	0.33
44	64.12.116.130	cache-mtc-ac01.proxy.aol.com	TCP/80 - http	14.76	426.51	441.27	0.33
45	68.142.251.45	lj2435.inktomisearch.com	TCP/80 - http	0.43	438.39	438.82	0.33
46	66.147.139.22	info02.snapshotdesign.com	TCP/25 - smtp	403.71	22.91	426.62	0.32
47	64.136.20.164	outbound-mail.nyc.untd.com	TCP/25 - smtp	420.46	0.79	421.26	0.32
48	64.233.162.196	zproxy.gmail.com	TCP/25 - smtp	399.71	0.47	400.18	0.30
49	205.188.144.207	imo-d21.mx.aol.com	TCP/25 - smtp	398.08	1.84	399.93	0.30
50	170.140.8.221	pales.cc.emory.edu	TCP/25 - smtp	397.75	0.53	398.28	0.30
	Total			18,847.02	91,989.53	110,836.56
There were more records in this section but the reporting is limited to 50

bastion_sef8.altairtech.ca - Traffic toward hosts behind the firewall - Top 50: - Go to top

No	Host IP	Host Name	Protocols	Total	%	Comment
1	192.168.101.20		TCP/25 - smtp, ICMP/3 - unreach, UDP/123 - ntp, TCP/80 - http	858.74	100.00
	Total			858.74

bastion_sef8.altairtech.ca - Protocols - Top 25: - Go to top

No	Protocol	Sent	Received	Total	%	Comment
1	TCP/80 - http	8,132.35	294,639.69	302,772.05	93.17
2	TCP/25 - smtp	21,297.03	441.26	21,738.29	6.69
3	TCP/3389 - ms rdp	36.38	383.21	419.59	0.13
4	TCP/70	0.21	22.45	22.66	0.01
5	TCP/110 - pop3	5.15	11.79	16.93	0.01
6	ICMP/8 - ping	1.98	0.00	1.98	0.00
7	TCP/33443	0.00	0.00	0.00	0
8	TCP/33444	0.00	0.00	0.00	0
9	TCP/139 - netbios	0.00	0.00	0.00	0
10	TCP/33445	0.00	0.00	0.00	0
11	TCP/33446	0.00	0.00	0.00	0
12	TCP/33447	0.00	0.00	0.00	0
13	TCP/33448	0.00	0.00	0.00	0
14	TCP/443 - ssl-https	0.00	0.00	0.00	0
15	TCP/33449	0.00	0.00	0.00	0
16	TCP/445 - netbios	0.00	0.00	0.00	0
17	UDP/38293	0.00	0.00	0.00	0
18	UDP/2967 - symantec-av	0.00	0.00	0.00	0
19	UDP/137 - netbios	0.00	0.00	0.00	0
20	UDP/138 - netbios	0.00	0.00	0.00	0
21	UDP/33440	0.00	0.00	0.00	0
22	UDP/33441	0.00	0.00	0.00	0
23	TCP/1026 - trojan	0.00	0.00	0.00	0
24	TCP/1027 - icq	0.00	0.00	0.00	0
25	TCP/161	0.00	0.00	0.00	0
	Total	0.00	0.00	0.00
There were more records in this section but the reporting is limited to 25

No	First	Last	Source IP	Source Host	Destination IP	Destination Host	Sent	Received	Total	Count	Comment
1	08/16/05 22:23:16	08/16/05 23:28:26