FireGen for NetScreen Log Analysis Report

Altair Technologies - "sample" firewall log analysis for the period
Thu May 20 00:00:00 2004 to Thu May 20 23:59:59 2004

Firewall IPFirewall NameSectionsFirst messageLast message
192.168.5.28  bastion  Summary Message types Message Details Protocols Traffic Denials VPN,IDS,Management 05/20/04 00:00:49 05/20/04 17:57:34

-
Research links: - Go to top
TCP/IP Protocol
Whois
Latest NetScreen logs analysis recommendations
Altair Technologies NetScreen discussion forum
Send your comments or suggestions to the FireGen developers!
 
Glossary
Analysis performance
-
Keywords: - Go to top
Keywords to include
Keywords to exclude
Not configured
-
Analyzed logs: - Go to top
Analyzed log(s) Log size (kb) Log entries Log type
C:\Program Files\FireGenNs\\Sample\syslog-2004-05-20.log 1,154.46 3,257 WinSyslog
-
Summary for the 192.168.5.28 firewall. : - Go to top
Level Severity Description Total
1 Alert Immediate action needed 0
2 Critical Critical condition 1
3 Error Error condition 0
4 Warning Warning condition 0
5 Notification Normal but significant condition 3,256
6 Information Informational message only 0
7 Debugging Appears during debugging only 0
    Total 3,257
-
Message types distribution for the 192.168.5.28 firewall. : - Go to top
No Code Total Example
1 critical-00023 1 VIP server 192.168.5.25 cannot be contacted. (2004-05-20 hh:mm:ss)
2 notification-00257 3,255 start_time="2004-05-20 hh:mm:ss" duration=4 policy_id=0 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=727 rcvd=702 src=192.168.5.70 dst=216.203.49.198 src_port=4491 dst_port=80 src-xlated ip=209.161.200.238 port=2788
3 notification-00533 1 VIP server 192.168.5.25 is now alive. (2004-05-20 hh:mm:ss)
-
Message details for the 192.168.5.28 firewall: - Go to top
-
Severity level 1 (Alert) details for the 192.168.5.28 firewall. : - Go to top
No First Message Last Message Code Message Count
No messages with severity level 1 were recorded.

-
Severity level 2 (Critical) details for the 192.168.5.28 firewall. : - Go to top
No First Message Last Message Code Message Count
1 05/20/04 11:24:12 05/20/04 11:24:12 2-00023 VIP server 192.168.5.25 cannot be contacted. (2004-05-20 hh:mm:ss) 1

-
Severity level 3 (Error) details for the 192.168.5.28 firewall. : - Go to top
No First Message Last Message Code Message Count
No messages with severity level 3 were recorded.

-
Severity level 4 (Warning) details for the 192.168.5.28 firewall. : - Go to top
No First Message Last Message Code Message Count
No messages with severity level 4 were recorded.

-
Severity level 5 (Notification) details for the 192.168.5.28 firewall. : - Go to top
No First Message Last Message Code Message Count
1 05/20/04 00:00:49 05/20/04 17:56:30 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=0 service=udp/port:1718 proto=17 src zone=Trust dst zone=Untrust action=Permit sent=bbbb rcvd=bbbb src=192.168.5.12 dst=224.0.1.41 src_port=pppp dst_port=1718 src-xlated ip=209.161.200.238 port=pppp 826
2 05/20/04 15:26:29 05/20/04 17:27:07 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=0 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=bbbb rcvd=bbbb src=192.168.5.70 dst=216.198.223.175 src_port=pppp dst_port=80 src-xlated ip=209.161.200.238 port=pppp 239
3 05/20/04 11:39:07 05/20/04 17:57:32 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=0 service=dns proto=17 src zone=Trust dst zone=Untrust action=Permit sent=bbbb rcvd=bbbb src=192.168.5.70 dst=198.77.116.8 src_port=pppp dst_port=53 src-xlated ip=209.161.200.238 port=pppp 112
4 05/20/04 11:34:19 05/20/04 11:46:02 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=0 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=bbbb rcvd=bbbb src=192.168.5.70 dst=199.246.67.210 src_port=pppp dst_port=80 src-xlated ip=209.161.200.238 port=pppp 89
5 05/20/04 12:17:37 05/20/04 12:28:56 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=0 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=bbbb rcvd=bbbb src=192.168.5.70 dst=212.58.240.140 src_port=pppp dst_port=80 src-xlated ip=209.161.200.238 port=pppp 71
6 05/20/04 11:51:33 05/20/04 12:15:37 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=0 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=bbbb rcvd=bbbb src=192.168.5.70 dst=206.107.131.10 src_port=pppp dst_port=80 src-xlated ip=209.161.200.238 port=pppp 67
7 05/20/04 11:51:31 05/20/04 12:15:37 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=0 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=bbbb rcvd=bbbb src=192.168.5.70 dst=66.150.87.2 src_port=pppp dst_port=80 src-xlated ip=209.161.200.238 port=pppp 62
8 05/20/04 11:20:40 05/20/04 17:57:32 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=0 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=bbbb rcvd=bbbb src=192.168.5.70 dst=64.191.159.133 src_port=pppp dst_port=80 src-xlated ip=209.161.200.238 port=pppp 60
9 05/20/04 16:53:30 05/20/04 17:19:28 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=0 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=bbbb rcvd=bbbb src=192.168.5.70 dst=64.135.99.58 src_port=pppp dst_port=80 src-xlated ip=209.161.200.238 port=pppp 57
10 05/20/04 16:53:28 05/20/04 17:19:08 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=0 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=bbbb rcvd=bbbb src=192.168.5.70 dst=66.232.154.29 src_port=pppp dst_port=80 src-xlated ip=209.161.200.238 port=pppp 44
11 05/20/04 14:58:47 05/20/04 14:58:55 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=0 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=bbbb rcvd=bbbb src=192.168.5.70 dst=65.77.217.68 src_port=pppp dst_port=80 src-xlated ip=209.161.200.238 port=pppp 43
12 05/20/04 11:34:21 05/20/04 11:46:02 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=0 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=bbbb rcvd=bbbb src=192.168.5.70 dst=199.246.67.114 src_port=pppp dst_port=80 src-xlated ip=209.161.200.238 port=pppp 40
13 05/20/04 17:32:06 05/20/04 17:33:58 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=0 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=bbbb rcvd=bbbb src=192.168.5.70 dst=212.58.240.133 src_port=pppp dst_port=80 src-xlated ip=209.161.200.238 port=pppp 39
14 05/20/04 15:57:14 05/20/04 15:57:21 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=0 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=bbbb rcvd=bbbb src=192.168.5.70 dst=66.203.65.79 src_port=pppp dst_port=80 src-xlated ip=209.161.200.238 port=pppp 34
15 05/20/04 11:27:22 05/20/04 17:20:27 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=0 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=bbbb rcvd=bbbb src=192.168.5.70 dst=64.233.167.104 src_port=pppp dst_port=80 src-xlated ip=209.161.200.238 port=pppp 26
16 05/20/04 16:53:32 05/20/04 17:20:29 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=0 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=bbbb rcvd=bbbb src=192.168.5.70 dst=207.61.132.40 src_port=pppp dst_port=80 src-xlated ip=209.161.200.238 port=pppp 24
17 05/20/04 11:50:16 05/20/04 17:57:32 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=0 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=bbbb rcvd=bbbb src=192.168.5.70 dst=64.191.159.120 src_port=pppp dst_port=80 src-xlated ip=209.161.200.238 port=pppp 22
18 05/20/04 11:56:31 05/20/04 12:15:09 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=0 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=bbbb rcvd=bbbb src=192.168.5.70 dst=216.34.209.13 src_port=pppp dst_port=80 src-xlated ip=209.161.200.238 port=pppp 21
19 05/20/04 16:53:34 05/20/04 17:19:28 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=0 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=bbbb rcvd=bbbb src=192.168.5.70 dst=209.225.33.13 src_port=pppp dst_port=80 src-xlated ip=209.161.200.238 port=pppp 21
20 05/20/04 11:50:14 05/20/04 17:26:55 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=0 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=bbbb rcvd=bbbb src=192.168.5.70 dst=69.28.154.22 src_port=pppp dst_port=80 src-xlated ip=209.161.200.238 port=pppp 21
21 05/20/04 12:17:37 05/20/04 17:34:14 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=0 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=bbbb rcvd=bbbb src=192.168.5.70 dst=62.189.244.254 src_port=pppp dst_port=80 src-xlated ip=209.161.200.238 port=pppp 21
22 05/20/04 16:51:50 05/20/04 17:19:35 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=0 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=bbbb rcvd=bbbb src=192.168.5.70 dst=216.73.86.110 src_port=pppp dst_port=80 src-xlated ip=209.161.200.238 port=pppp 19
23 05/20/04 12:45:16 05/20/04 14:03:57 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=0 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=bbbb rcvd=bbbb src=192.168.5.70 dst=202.87.41.115 src_port=pppp dst_port=80 src-xlated ip=209.161.200.238 port=pppp 19
24 05/20/04 11:34:21 05/20/04 17:19:34 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=0 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=bbbb rcvd=bbbb src=192.168.5.70 dst=65.59.207.13 src_port=pppp dst_port=80 src-xlated ip=209.161.200.238 port=pppp 18
25 05/20/04 11:34:39 05/20/04 11:46:24 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=0 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=bbbb rcvd=bbbb src=192.168.5.70 dst=199.246.67.250 src_port=pppp dst_port=80 src-xlated ip=209.161.200.238 port=pppp 18
26 05/20/04 17:39:34 05/20/04 17:47:09 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=0 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=bbbb rcvd=bbbb src=192.168.5.70 dst=80.245.41.10 src_port=pppp dst_port=80 src-xlated ip=209.161.200.238 port=pppp 18
27 05/20/04 13:20:55 05/20/04 17:56:30 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=0 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=bbbb rcvd=bbbb src=192.168.5.70 dst=64.233.167.99 src_port=pppp dst_port=80 src-xlated ip=209.161.200.238 port=pppp 16
28 05/20/04 17:39:54 05/20/04 17:47:27 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=0 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=bbbb rcvd=bbbb src=192.168.5.70 dst=217.24.84.2 src_port=pppp dst_port=80 src-xlated ip=209.161.200.238 port=pppp 15
29 05/20/04 14:02:43 05/20/04 17:56:30 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=0 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=bbbb rcvd=bbbb src=192.168.5.70 dst=207.61.132.35 src_port=pppp dst_port=80 src-xlated ip=209.161.200.238 port=pppp 15
30 05/20/04 11:24:12 05/20/04 11:24:14 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=1 service=http proto=6 src zone=Untrust dst zone=Trust action=Permit sent=bbbb rcvd=bbbb src=24.217.193.47 dst=209.161.200.238 src_port=pppp dst_port=80 src-xlated ip=24.217.193.47 port=pppp 15
31 05/20/04 11:47:44 05/20/04 17:55:46 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=0 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=bbbb rcvd=bbbb src=192.168.5.70 dst=199.239.136.200 src_port=pppp dst_port=80 src-xlated ip=209.161.200.238 port=pppp 14
32 05/20/04 12:29:34 05/20/04 16:27:15 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=0 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=bbbb rcvd=bbbb src=192.168.5.70 dst=216.58.170.30 src_port=pppp dst_port=80 src-xlated ip=209.161.200.238 port=pppp 14
33 05/20/04 01:04:44 05/20/04 17:23:29 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=320001 service=tcp/port:5000 proto=6 src zone=Null dst zone=self action=Deny sent=bbbb rcvd=bbbb src=209.161.236.174 dst=209.161.200.238 scr_port=nnnn dst_port=5000 11
34 05/20/04 11:51:55 05/20/04 12:15:53 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=0 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=bbbb rcvd=bbbb src=192.168.5.70 dst=64.41.127.150 src_port=pppp dst_port=80 src-xlated ip=209.161.200.238 port=pppp 11
35 05/20/04 11:26:06 05/20/04 17:53:08 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=0 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=bbbb rcvd=bbbb src=192.168.5.70 dst=205.189.214.250 src_port=pppp dst_port=80 src-xlated ip=209.161.200.238 port=pppp 11
36 05/20/04 16:56:02 05/20/04 17:19:27 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=0 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=bbbb rcvd=bbbb src=192.168.5.70 dst=209.133.111.19 src_port=pppp dst_port=80 src-xlated ip=209.161.200.238 port=pppp 11
37 05/20/04 12:45:54 05/20/04 13:13:41 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=0 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=bbbb rcvd=bbbb src=192.168.5.70 dst=63.99.224.66 src_port=pppp dst_port=80 src-xlated ip=209.161.200.238 port=pppp 11
38 05/20/04 11:52:39 05/20/04 13:23:44 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=0 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=bbbb rcvd=bbbb src=192.168.5.70 dst=216.239.41.96 src_port=pppp dst_port=80 src-xlated ip=209.161.200.238 port=pppp 11
39 05/20/04 11:34:21 05/20/04 11:46:00 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=0 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=bbbb rcvd=bbbb src=192.168.5.70 dst=199.246.67.251 src_port=pppp dst_port=80 src-xlated ip=209.161.200.238 port=pppp 10
40 05/20/04 17:06:43 05/20/04 17:18:42 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=0 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=bbbb rcvd=bbbb src=192.168.5.70 dst=65.206.60.206 src_port=pppp dst_port=80 src-xlated ip=209.161.200.238 port=pppp 10
41 05/20/04 12:17:37 05/20/04 12:28:54 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=0 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=bbbb rcvd=bbbb src=192.168.5.70 dst=212.58.240.145 src_port=pppp dst_port=80 src-xlated ip=209.161.200.238 port=pppp 10
42 05/20/04 11:52:09 05/20/04 12:16:11 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=0 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=bbbb rcvd=bbbb src=192.168.5.70 dst=66.118.182.94 src_port=pppp dst_port=80 src-xlated ip=209.161.200.238 port=pppp 10
43 05/20/04 11:34:23 05/20/04 11:46:04 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=0 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=bbbb rcvd=bbbb src=192.168.5.70 dst=206.65.183.140 src_port=pppp dst_port=80 src-xlated ip=209.161.200.238 port=pppp 10
44 05/20/04 11:56:33 05/20/04 12:15:09 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=0 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=bbbb rcvd=bbbb src=192.168.5.70 dst=66.226.5.172 src_port=pppp dst_port=80 src-xlated ip=209.161.200.238 port=pppp 9
45 05/20/04 10:15:57 05/20/04 10:16:06 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=320001 service=tcp/port:445 proto=6 src zone=Null dst zone=self action=Deny sent=bbbb rcvd=bbbb src=209.161.240.77 dst=209.161.200.238 scr_port=nnnn dst_port=445 9
46 05/20/04 12:03:38 05/20/04 12:05:34 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=0 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=bbbb rcvd=bbbb src=192.168.5.70 dst=209.17.95.114 src_port=pppp dst_port=80 src-xlated ip=209.161.200.238 port=pppp 9
47 05/20/04 16:37:18 05/20/04 16:37:30 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=0 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=bbbb rcvd=bbbb src=192.168.5.70 dst=65.54.246.253 src_port=pppp dst_port=80 src-xlated ip=209.161.200.238 port=pppp 9
48 05/20/04 17:39:34 05/20/04 17:47:07 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=0 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=bbbb rcvd=bbbb src=192.168.5.70 dst=193.149.121.11 src_port=pppp dst_port=80 src-xlated ip=209.161.200.238 port=pppp 9
49 05/20/04 12:03:24 05/20/04 12:05:49 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=320001 service=tcp/port:2885 proto=6 src zone=Null dst zone=self action=Deny sent=bbbb rcvd=bbbb src=63.236.98.32 dst=209.161.200.238 scr_port=nnnn dst_port=2885 9
50 05/20/04 12:03:40 05/20/04 12:06:22 5-00257 start_time="2004-05-20 hh:mm:ss" duration=dddd policy_id=0 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=bbbb rcvd=bbbb src=192.168.5.70 dst=63.68.55.124 src_port=pppp dst_port=80 src-xlated ip=209.161.200.238 port=pppp 8
There were more messages to be reported but the listing is limited to 50!!!

-
Severity level 6 (Information) details for the 192.168.5.28 firewall. : - Go to top
No First Message Last Message Code Message Count
No messages with severity level 6 were recorded.

-
Severity level 7 (Debugging) details for the 192.168.5.28 firewall. : - Go to top
No First Message Last Message Code Message Count
No messages with severity level 7 were recorded.

-
Protocol statistics for the 192.168.5.28 firewall: - Go to top
-
Web traffic (HTTP/HTTPS) - Top 50 internal users (outbound connections) for the 192.168.5.28 firewall: - Go to top
No Source IP Source Host Destination IP Destination Host Connections Comments
1 192.168.5.70 appserver1.altairtech.net 216.198.223.175   239  
2 192.168.5.70 appserver1.altairtech.net 199.246.67.210 theglobeandmail.com 89  
3 192.168.5.70 appserver1.altairtech.net 212.58.240.140 www40.thny.bbc.co.uk 71  
4 192.168.5.70 appserver1.altairtech.net 206.107.131.10   67  
5 192.168.5.70 appserver1.altairtech.net 66.150.87.2   62  
6 192.168.5.70 appserver1.altairtech.net 64.191.159.133 s.abetterinternet.com 60  
7 192.168.5.70 appserver1.altairtech.net 64.135.99.58 www.maxweblinks.com 57  
8 192.168.5.70 appserver1.altairtech.net 66.232.154.29   44  
9 192.168.5.70 appserver1.altairtech.net 65.77.217.68   43  
10 192.168.5.70 appserver1.altairtech.net 199.246.67.114 theglobeandmail.com 40  
11 192.168.5.70 appserver1.altairtech.net 212.58.240.133 www33.thny.bbc.co.uk 39  
12 192.168.5.70 appserver1.altairtech.net 66.203.65.79 host-79-65-203-66.axsne.net 34  
13 192.168.5.70 appserver1.altairtech.net 64.233.167.104   26  
14 192.168.5.70 appserver1.altairtech.net 207.61.132.40   24  
15 192.168.5.70 appserver1.altairtech.net 64.191.159.120 xads.hostpool.net 22  
16 192.168.5.70 appserver1.altairtech.net 209.225.33.13 fornewsCollect.247realmedia.com 21  
17 192.168.5.70 appserver1.altairtech.net 62.189.244.254   21  
18 192.168.5.70 appserver1.altairtech.net 216.34.209.13   21  
19 192.168.5.70 appserver1.altairtech.net 69.28.154.22   21  
20 192.168.5.70 appserver1.altairtech.net 216.73.86.110 ad.us.doubleclick.net 19  
21 192.168.5.70 appserver1.altairtech.net 202.87.41.115   19  
22 192.168.5.70 appserver1.altairtech.net 80.245.41.10 prof.estat.com 18  
23 192.168.5.70 appserver1.altairtech.net 65.59.207.13 eqchmdvip1.doubleclick.net 18  
24 192.168.5.70 appserver1.altairtech.net 199.246.67.250 theglobeandmail.com 18  
25 192.168.5.70 appserver1.altairtech.net 64.233.167.99   16  
26 192.168.5.70 appserver1.altairtech.net 217.24.84.2 alan.rezo.net 15  
27 192.168.5.70 appserver1.altairtech.net 207.61.132.35   15  
28 192.168.5.70 appserver1.altairtech.net 216.58.170.30   14  
29 192.168.5.70 appserver1.altairtech.net 199.239.136.200   14  
30 192.168.5.70 appserver1.altairtech.net 216.239.41.96   11  
31 192.168.5.70 appserver1.altairtech.net 209.133.111.19 209.133.111.19.available.above.net 11  
32 192.168.5.70 appserver1.altairtech.net 63.99.224.66   11  
33 192.168.5.70 appserver1.altairtech.net 64.41.127.150 lma445.siteprotect.com 11  
34 192.168.5.70 appserver1.altairtech.net 205.189.214.250 www.eventid.net 11  
35 192.168.5.70 appserver1.altairtech.net 206.65.183.140   10  
36 192.168.5.70 appserver1.altairtech.net 199.246.67.251 theglobeandmail.com 10  
37 192.168.5.70 appserver1.altairtech.net 212.58.240.145 www45.thny.bbc.co.uk 10  
38 192.168.5.70 appserver1.altairtech.net 65.206.60.206 vpd1.ttn.xpc-mii.net 10  
39 192.168.5.70 appserver1.altairtech.net 66.118.182.94 unknown.sagonet.com 10  
40 192.168.5.70 appserver1.altairtech.net 65.54.246.253 bay2-dav.bay2.hotmail.com 9  
41 192.168.5.70 appserver1.altairtech.net 66.226.5.172 gorillanation.com 9  
42 192.168.5.70 appserver1.altairtech.net 209.17.95.114 worldnetdaily.com 9  
43 192.168.5.70 appserver1.altairtech.net 193.149.121.11 pubs.lemonde.fr 9  
44 192.168.5.70 appserver1.altairtech.net 63.68.55.124 i.gms1.net 8  
45 192.168.5.70 appserver1.altairtech.net 199.181.77.89   8  
46 192.168.5.70 appserver1.altairtech.net 64.236.40.55   8  
47 192.168.5.70 appserver1.altairtech.net 64.15.251.199   8  
48 192.168.5.70 appserver1.altairtech.net 69.28.158.22   8  
49 192.168.5.70 appserver1.altairtech.net 65.216.72.114 vrp1.ord.xpc-mii.net 8  
50 192.168.5.70 appserver1.altairtech.net 198.65.119.21   7  
-
Web traffic (HTTP/HTTPS) - Top 50 visited sites for the 192.168.5.28 firewall: - Go to top
No Web site HTTPS Count
1 216.198.223.175   239
2 theglobeandmail.com   161
3 www40.thny.bbc.co.uk   71
4 206.107.131.10   67
5 66.150.87.2   62
6 s.abetterinternet.com   60
7 www.maxweblinks.com   57
8 66.232.154.29   44
9 65.77.217.68   43
10 www33.thny.bbc.co.uk   39
11 host-79-65-203-66.axsne.net   34
12 ad.us.doubleclick.net   26
13 64.233.167.104   26
14 207.61.132.40   24
15 xads.hostpool.net   22
16 69.28.154.22   21
17 62.189.244.254   21
18 fornewsCollect.247realmedia.com   21
19 216.34.209.13   21
20 202.87.41.115   19
21 eqchmdvip1.doubleclick.net   18
22 prof.estat.com   18
23 64.233.167.99   16
24 207.61.132.35   15
25 alan.rezo.net   15
26 199.239.136.200   14
27 216.58.170.30   14
28 www.eventid.net   11
29 lma445.siteprotect.com   11
30 216.239.41.96   11
31 209.133.111.19.available.above.net   11
32 63.99.224.66   11
33 unknown.sagonet.com   10
34 www45.thny.bbc.co.uk   10
35 vpd1.ttn.xpc-mii.net   10
36 206.65.183.140   10
37 bay2-dav.bay2.hotmail.com   9
38 gorillanation.com   9
39 pubs.lemonde.fr   9
40 worldnetdaily.com   9
41 i.gms1.net   8
42 64.15.251.199   8
43 199.181.77.89   8
44 69.28.158.22   8
45 64.236.40.55   8
46 vrp1.ord.xpc-mii.net   8
47 216.74.132.11   7
48 66.129.67.227   7
49 ip-64-202-167-129.secureserver.net   7
50 i3.cnn.net   7
-
Web traffic (HTTP/HTTPS) - Top 50 incoming connections for the 192.168.5.28 firewall: - Go to top
No Source IP Source Host Destination IP Destination Host Connections Comments
1 24.217.193.47 cc3-24.217.193.47.charter-stl.com 209.161.200.238   15  
2 212.240.134.51 no-dns-yet.co.uk 209.161.200.238   1  
3 211.97.182.13   209.161.200.238   1  
-
Email (SMTP) - Top 50 outbound connections for the 192.168.5.28 firewall: - Go to top
No Source IP Source Host Destination IP Destination Host Connections Comments
No destinations recorded. Logging level 6 required for this type of information.
-
Email (SMTP) - Top 50 inbound connections for the 192.168.5.28 firewall: - Go to top
No Source IP Source Host Destination IP Destination Host Connections Comments
No destinations recorded. Logging level 6 required for this type of information.
-
Email clients (POP3/IMAP) - Top 50 connections for the 192.168.5.28 firewall: - Go to top
No Source IP Source Host Destination IP Destination Host Protocol Connections Direction Comments
No POP3/IMAP connections recorded. Logging level 6 required for this type of information.
-
Custom protocol 1 - (TCP/135) - Top 50 connections for the 192.168.5.28 firewall: - Go to top
No Source IP Source Host Destination IP Destination Host Connections Direction Comments
No connections recorded. Logging level 6 required for this type of information.
-
Custom protocol 2 - (TCP/3389) - Top 50 connections for the 192.168.5.28 firewall: - Go to top
No Source IP Source Host Destination IP Destination Host Connections Direction Comments
No connections recorded. Logging level 6 required for this type of information.
-
Custom protocol 3 - (UDP/137) - Top 50 connections for the 192.168.5.28 firewall: - Go to top
No Source IP Source Host Destination IP Destination Host Connections Direction Comments
No connections recorded. Logging level 6 required for this type of information.
-
(TCP/22,TCP/23) - Top 50 connections for the 192.168.5.28 firewall: - Go to top
No Source IP Source Host Destination IP Destination Host Protocol Connections Direction Comments
No connections. Logging level 6 required for this type of information.
-
Other protocols - Top 50 connections for the 192.168.5.28 firewall: - Go to top
No Source IP Source Host Destination IP Destination Host Protocol Connections Direction Comments
1 192.168.5.12 dell12.altairtech.net 224.0.1.41 GATEKEEPER.MCAST.NET UDP/1718 - h323-multicast 826 out  
2 192.168.5.70 appserver1.altairtech.net 198.77.116.8 ns.direcpc.com UDP/53 - dns 112 out  
3 192.168.5.70 appserver1.altairtech.net 192.5.41.209 ntp2.usno.navy.mil UDP/123 - ntp 2 out  
4 192.168.5.70 appserver1.altairtech.net 198.77.116.8 ns.direcpc.com ICMP/8 - echo 1 out  
5 192.168.5.102 dell102.altairtech.net 239.255.255.250   UDP/1900 - univ. plug-and-play 1 out  
6 192.168.5.25 xincom.altairtech.net 192.43.244.18 time.nist.gov UDP/123 - ntp 1 out  
7 192.168.5.70 appserver1.altairtech.net 205.227.137.53   TCP/21 - ftp 1 out  
8 192.168.5.70 appserver1.altairtech.net 63.251.254.11   UDP/370 - nai-antivirus-securecast 1 out  
-
Protocols - Top 50 for the 192.168.5.28 firewall - ordered by connections: - Go to top
No ProtocolConnections %  
1 TCP/80 - http 1,871 66.2                                                                    
2 UDP/1718 - h323-multicast 826 29.22                               
3 UDP/53 - dns 112 3.96     
4 TCP/443 - ssl-https 10 0.35  
5 UDP/123 - ntp 3 0.1  
6 UDP/1900 - univ. plug-and-play 1 0.03  
7 TCP/21 - ftp 1 0.03  
8 ICMP/8 - echo 1 0.03  
9 UDP/370 - nai-antivirus-securecast 1 0.03  
-
Protocols - Top 50 for the 192.168.5.28 firewall - ordered by traffic: - Go to top
No Protocol Total Traffic %   Bytes In Bytes Out
1 TCP/80 - http 46,858,128 98.41                                                                                                     12,387 46,845,741
2 UDP/1718 - h323-multicast 327,096 0.69   0 327,096
3 TCP/21 - ftp 232,091 0.49   0 232,091
4 TCP/443 - ssl-https 153,915 0.32   0 153,915
5 UDP/53 - dns 40,408 0.08   0 40,408
6 UDP/370 - nai-antivirus-securecast 1,915 0.00   0 1,915
7 UDP/123 - ntp 1,880 0.00   0 1,880
8 UDP/1900 - univ. plug-and-play 537 0.00   0 537
9 ICMP/8 - echo 74 0.00   0 74
Total 0     12,387 47,603,657
Unknown 0 Traffic that could not be mapped to a specific protocol or as inbound/outbound
-
FTP downloads - Top 50 for the 192.168.5.28 firewall: - Go to top
No FTP client IP FTP client host FTP server IP FTP server host File Count Comments
No FTP downloads recorded - Level 5 (Notification) logging is required to capture FTP traffic.
-
FTP uploads - Top 50 for the 192.168.5.28 firewall: - Go to top
No FTP client IP FTP client host FTP server IP FTP server host File Count Comments
No FTP Uploads recorded - Level 5 (Notification) logging is required to capture FTP uploads.
-
Traffic statistics for the 192.168.5.28 firewall: - Go to top
-
Internal IP addresses - Top 50 for the 192.168.5.28 firewall: - Go to top
No Source IP Source Host Connections Protocols Traffic (kb) Comments
1 192.168.5.70 appserver1.altairtech.net 1981 UDP/53 - dns, TCP/21 - ftp, ICMP/8 - echo, TCP/80 - http, TCP/443 - ssl-https, UDP/370 - nai-antivirus-securecast, UDP/123 - ntp46,168  
2 192.168.5.12 dell12.altairtech.net 826 UDP/1718 - h323-multicast319  
3 192.168.5.25 xincom.altairtech.net 1 UDP/123 - ntp0  
4 192.168.5.102 dell102.altairtech.net 1 UDP/1900 - univ. plug-and-play1  
-
External IP addresses - Top 50 for the 192.168.5.28 firewall: - Go to top
No Source IP Source Host Connections Protocols Traffic (kb) Comments
No external IP addresses recorded. Logging level 6 required for this type of information.
-
Total traffic by hour for the 192.168.5.28 firewall: - Go to top
Hours Bytes Inbound Bytes Outbound Bytes Unknown Bytes Total %  
00 - 01 0 28,022 0 28,022 0.06  
01 - 02 0 18,216 0 18,216 0.04  
02 - 03 0 253,255 0 253,255 0.53  
03 - 04 0 18,216 0 18,216 0.04  
04 - 05 0 18,612 0 18,612 0.04  
05 - 06 0 18,216 0 18,216 0.04  
06 - 07 0 18,780 0 18,780 0.04  
07 - 08 0 18,216 0 18,216 0.04  
08 - 09 0 18,216 0 18,216 0.04  
09 - 10 965 20,131 0 21,096 0.04  
10 - 11 0 18,216 0 18,216 0.04  
11 - 12 10,559 23,677,804 0 23,688,363 49.75                                                   
12 - 13 0 2,800,595 0 2,800,595 5.88       
13 - 14 0 1,793,143 0 1,793,143 3.77     
14 - 15 0 4,290,902 0 4,290,902 9.01           
15 - 16 863 1,761,366 0 1,762,229 3.70     
16 - 17 0 5,012,193 0 5,012,193 10.53            
17 - 18 0 7,819,558 0 7,819,558 16.42                  
18 - 19 0 0 0 0 0  
19 - 20 0 0 0 0 0  
20 - 21 0 0 0 0 0  
21 - 22 0 0 0 0 0  
22 - 23 0 0 0 0 0  
23 - 24 0 0 0 0 0  
Total 12,387 47,603,657 0 47,616,044    
Total 12 kb 46,488 kb 0 kb 46,500 kb    
-
Inbound traffic by hour for the 192.168.5.28 firewall: - Go to top
Hours Bytes Inbound %  
00 - 01 0 0  
01 - 02 0 0  
02 - 03 0 0  
03 - 04 0 0  
04 - 05 0 0  
05 - 06 0 0  
06 - 07 0 0  
07 - 08 0 0  
08 - 09 0 0  
09 - 10 965 7.79         
10 - 11 0 0  
11 - 12 10,559 85.24                                                                                       
12 - 13 0 0  
13 - 14 0 0  
14 - 15 0 0  
15 - 16 863 6.97        
16 - 17 0 0  
17 - 18 0 0  
18 - 19 0 0  
19 - 20 0 0  
20 - 21 0 0  
21 - 22 0 0  
22 - 23 0 0  
23 - 24 0 0  
Total 12,387    
Total 12 kb    
-
Outbound traffic by hour for the 192.168.5.28 firewall: - Go to top
Hours Bytes Outbound %  
00 - 01 28,022 0.06  
01 - 02 18,216 0.04  
02 - 03 253,255 0.53  
03 - 04 18,216 0.04  
04 - 05 18,612 0.04  
05 - 06 18,216 0.04  
06 - 07 18,780 0.04  
07 - 08 18,216 0.04  
08 - 09 18,216 0.04  
09 - 10 20,131 0.04  
10 - 11 18,216 0.04  
11 - 12 23,677,804 49.74                                                   
12 - 13 2,800,595 5.88       
13 - 14 1,793,143 3.77     
14 - 15 4,290,902 9.01           
15 - 16 1,761,366 3.70     
16 - 17 5,012,193 10.53            
17 - 18 7,819,558 16.43                  
18 - 19 0 0  
19 - 20 0 0  
20 - 21 0 0  
21 - 22 0 0  
22 - 23 0 0  
23 - 24 0 0  
Total 47,603,657    
Total 46,488 kb    
-
Denials statistics for the 192.168.5.28 firewall: - Go to top
-
Denied connections - Top 50 for the 192.168.5.28 firewall: - Go to top
No Source IP Source Host Destination IP Destination Host Protocol Reason Count Location Comments
1209.161.236.174   209.161.200.238   TCP/5000 - kibuv-wormDefault policy 11 external  
263.236.98.32   209.161.200.238   TCP/2885 Default policy 9 external  
3209.161.240.77   209.161.200.238   TCP/445 - netbiosDefault policy 9 external  
4209.161.240.106   209.161.200.238   TCP/135 - ms rpcDefault policy 7 external  
5209.161.240.106   209.161.200.238   TCP/5000 - kibuv-wormDefault policy 7 external  
6209.161.237.225   209.161.200.238   TCP/445 - netbiosDefault policy 6 external  
7209.161.232.87   209.161.200.238   TCP/135 - ms rpcDefault policy 6 external  
863.99.224.66   209.161.200.238   UDP/137 - netbiosDefault policy 6 external  
9209.161.76.199 rice-b-07.altoona.nb.net 209.161.200.238   TCP/445 - netbiosDefault policy 6 external  
10209.161.240.77   209.161.200.238   TCP/135 - ms rpcDefault policy 6 external  
11209.161.232.87   209.161.200.238   TCP/5000 - kibuv-wormDefault policy 6 external  
12209.161.240.77   209.161.200.238   TCP/1025 - agobot-wormDefault policy 6 external  
13209.161.234.95   209.161.200.238   TCP/445 - netbiosDefault policy 6 external  
1463.240.86.80   209.161.200.238   TCP/2096 Default policy 5 external  
15209.161.240.141   209.161.200.238   TCP/135 - ms rpcDefault policy 5 external  
1663.240.86.80   209.161.200.238   TCP/2040 Default policy 5 external  
1763.240.86.80   209.161.200.238   TCP/2094 Default policy 5 external  
18203.203.46.6 203-203-46-6.cable.dynamic.giga.net.tw 209.161.200.238   TCP/139 - netbiosDefault policy 4 external  
19209.161.237.225   209.161.200.238   TCP/1025 - agobot-wormDefault policy 4 external  
20209.161.237.225   209.161.200.238   TCP/135 - ms rpcDefault policy 4 external  
21209.161.170.123 beth3661-modem-94.unicom-alaska.com 209.161.200.238   TCP/135 - ms rpcDefault policy 4 external  
22209.152.65.108 cnjt1-pool2-108.grm.net 209.161.200.238   TCP/135 - ms rpcDefault policy 4 external  
23209.161.170.228 emmo3640-modem-2.unicom-alaska.com 209.161.200.238   TCP/135 - ms rpcDefault policy 4 external  
24209.161.237.105   209.161.200.238   TCP/139 - netbiosDefault policy 4 external  
25209.161.240.77   209.161.200.238   TCP/2745 - bagle-trojanDefault policy 3 external  
2663.83.96.5 vulcan.pagequest.net 209.161.200.238   UDP/137 - netbiosDefault policy 3 external  
27216.15.175.21 www.livehelper.com 209.161.200.238   UDP/137 - netbiosDefault policy 3 external  
2810.2.1.69   209.161.200.238   UDP/137 - netbiosDefault policy 3 external  
2966.82.51.189 dpc6682051189.direcpc.com 209.161.200.238   TCP/445 - netbiosDefault policy 3 external  
30210.51.184.230   209.161.200.238   TCP/32773 Default policy 3 external  
31203.155.202.40   209.161.200.238   TCP/1433 - ms sqlDefault policy 3 external  
32209.161.172.219 customer.akfiberstar.net 209.161.200.238   TCP/445 - netbiosDefault policy 3 external  
3366.98.152.54   209.161.200.238   UDP/137 - netbiosDefault policy 3 external  
34209.161.179.103 pool.dsl.179.103.cvinternet.net 209.161.200.238   TCP/445 - netbiosDefault policy 3 external  
35209.195.148.196 3.vnta1.xdsl.nauticom.net 209.161.200.238   TCP/445 - netbiosDefault policy 3 external  
36211.243.69.7   209.161.200.238   TCP/1433 - ms sqlDefault policy 3 external  
37209.161.76.194 rice-b-02.altoona.nb.net 209.161.200.238   TCP/445 - netbiosDefault policy 3 external  
38209.161.240.77   209.161.200.238   TCP/139 - netbiosDefault policy 3 external  
39209.161.237.250   209.161.200.238   TCP/445 - netbiosDefault policy 3 external  
40211.233.59.94 211-233-59-94.kidc.net 209.161.200.238   TCP/443 - ssl-httpsDefault policy 3 external  
4166.232.154.29   209.161.200.238   TCP/2480 Default policy 3 external  
4266.64.168.146 ext-pix.conso.com 209.161.200.238   TCP/445 - netbiosDefault policy 3 external  
43218.28.9.252   209.161.200.238   TCP/3127 - agobot-wormDefault policy 3 external  
4480.109.197.172 chello080109197172.2.graz.surfer.at 209.161.200.238   TCP/3127 - agobot-wormDefault policy 3 external  
45213.154.144.81 unassigned-reverse.pcnet.ro 209.161.200.238   UDP/137 - netbiosDefault policy 3 external  
46209.161.240.77   209.161.200.238   TCP/3127 - agobot-wormDefault policy 3 external  
47151.198.202.246 client-151-198-202-246.bellatlantic.net 209.161.200.238   TCP/445 - netbiosDefault policy 3 external  
48209.161.240.77   209.161.200.238   TCP/6129 - agobot-wormDefault policy 3 external  
49209.161.238.199   209.161.200.238   TCP/5000 - kibuv-wormDefault policy 3 external  
50218.166.104.96 218-166-104-96.dynamic.hinet.net 209.161.200.238   TCP/139 - netbiosDefault policy 3 external  
-
Denied protocols - Top 50 for the 192.168.5.28 firewall: - Go to top
No Protocol Reason Count
1TCP/445 - netbiosDefault policy 51
2TCP/135 - ms rpcDefault policy 40
3TCP/5000 - kibuv-wormDefault policy 27
4UDP/137 - netbiosDefault policy 21
5TCP/139 - netbiosDefault policy 14
6TCP/1025 - agobot-wormDefault policy 10
7TCP/2885Default policy 9
8TCP/3127 - agobot-wormDefault policy 9
9TCP/1433 - ms sqlDefault policy 6
10TCP/2094Default policy 5
11TCP/2040Default policy 5
12TCP/2096Default policy 5
13TCP/6129 - agobot-wormDefault policy 3
14TCP/2745 - bagle-trojanDefault policy 3
15TCP/32773Default policy 3
16TCP/443 - ssl-httpsDefault policy 3
17TCP/2480Default policy 3
-
Denied IP addresses - Top 50 for the 192.168.5.28 firewall: - Go to top
No Source IP Source Host Count Location Comments
1 209.161.240.77   33 external  
2 209.161.237.225   22 external  
3 127.0.0.1   15 external  
4 63.240.86.80   15 external  
5 209.161.240.106   14 external  
6 209.161.232.87   12 external  
7 209.161.236.174   11 external  
8 63.236.98.32   9 external  
9 209.161.76.199 rice-b-07.altoona.nb.net 6 external  
10 209.161.238.199   6 external  
11 63.99.224.66   6 external  
12 209.161.234.95   6 external  
13 218.166.104.96 218-166-104-96.dynamic.hinet.net 6 external  
14 66.82.51.189 dpc6682051189.direcpc.com 6 external  
15 209.161.240.141   5 external  
16 66.232.154.29   5 external  
17 209.161.170.228 emmo3640-modem-2.unicom-alaska.com 4 external  
18 209.161.170.123 beth3661-modem-94.unicom-alaska.com 4 external  
19 209.161.237.105   4 external  
20 203.203.46.6 203-203-46-6.cable.dynamic.giga.net.tw 4 external  
21 209.152.65.108 cnjt1-pool2-108.grm.net 4 external  
22 203.155.202.40   3 external  
23 211.243.69.7   3 external  
24 210.22.185.214   3 external  
25 209.161.76.194 rice-b-02.altoona.nb.net 3 external  
26 209.195.148.196 3.vnta1.xdsl.nauticom.net 3 external  
27 66.64.168.146 ext-pix.conso.com 3 external  
28 63.83.96.5 vulcan.pagequest.net 3 external  
29 218.28.9.252   3 external  
30 209.161.238.88   3 external  
31 209.161.179.103 pool.dsl.179.103.cvinternet.net 3 external  
32 12.106.67.25   3 external  
33 66.98.152.54   3 external  
34 211.233.59.94 211-233-59-94.kidc.net 3 external  
35 80.109.197.172 chello080109197172.2.graz.surfer.at 3 external  
36 66.76.205.82 cdm-66-76-205-82.eldr.cox-internet.com 3 external  
37 216.15.175.21 www.livehelper.com 3 external  
38 209.161.237.250   3 external  
39 10.2.1.69   3 external  
40 209.161.172.219 customer.akfiberstar.net 3 external  
41 209.161.228.62   3 external  
42 151.198.202.246 client-151-198-202-246.bellatlantic.net 3 external  
43 210.51.184.230   3 external  
44 213.154.144.81 unassigned-reverse.pcnet.ro 3 external  
45 218.63.229.136   2 external  
46 209.161.231.14   2 external  
47 210.54.158.246 port54-158-246.adsl.maxnet.co.nz 2 external  
48 209.165.46.169 209-165-46-169.jps.net 2 external  
49 209.161.75.37 12.a.bedford.nb.net 2 external  
50 209.151.234.239   2 external  
-
Targeted IP addresses (by denied connections) - Top 50 for the 192.168.5.28 firewall: - Go to top
No Destination IP Destination Host Count Comments
1 209.161.200.238   427  
2 224.0.0.22 IGMP.MCAST.NET 2  
-
Various statistics (VPN, IDS, Management) for the 192.168.5.28 firewall: - Go to top
-
VPN Events - Top 50 for the 192.168.5.28 firewall: - Go to top
No Operation Source IP Source host Destination IP Destination host Count Comments
No VPN events recorded.
-
IDS Events - Top 50 for the 192.168.5.28 firewall: - Go to top
No Source IP Source host Destination IP Destination host Interface IDS Event Count Comments
No IDS events recorded.
-
Firewall management - Top 50 for the 192.168.5.28 firewall: - Go to top
No Client IP Client host User Count Operation Comments
No management sessions recorded.
-
Notifications - Top 50 for the 192.168.5.28 firewall: - Go to top
No Message Code Count Comments
1 Virtual IP server 192.168.5.25 cannot be contacted 2-00023 1  
2 Virtual IP server 192.168.5.25 is now alive 5-00533 1  
No management sessions recorded.

* * *

-
Messages matching include keywords: - Go to top
None
-
Glossary of terms used in this report: - Go to top
No Term Explanation
1 Addresses generating denial messages IP addresses that caused the firewall to generate a deny message (see "Denial messages"). It helps in identifying potential intruders or abusers.
2 Bytes in
Bytes out		 The traffic is defined "in" or "out" based on how a connection was initiated. If an HTTP connection is initiated by an internal IP address (i.e. a typical web browsing) all the traffic generated is labeled as "out" even though in fact, most of the traffic is coming from the web server
3 Denial messages Messages recorded by the firewall when a connection is denied. Connections can be denied by the lack of access list for the protocol or source/destination IPs or for their lack of validity.
4 Denied protocols Protocols used in various deny messages recorded by the firewall (see "Denial messages")
5 Message types distribution Offers a quick overview of the type of messages found in the analyzed logs. An example of each type of message is given.
6 Severity level NetScreen messages category based on their criticality for the functionality of the firewall and their security implications.
7 Internal IP addresses Hosts considered "internal" by the NetScreen firewall.
8 Unknown traffic When they are initiated, the firewall assigns to each connection a connection id and labels it as "inbound" or "outbound" When the connection is terminated the firewall records the number of bytes that were transferred but the "direction" of this traffic can be identified only by matching the connection IDs. If the initial message is missing from the log, no connection matching can be done and the "direction" of the traffic cannot be established. This typically happens when a connection is initiated shortly before midnight and it is terminated after 12:00 pm. This way, the connection information lies in 2 logs.
-
Analysis performance: - Go to top
Report generated on 07/01/04 15:44:08
Analysis duration: 4 seconds
Log lines analyzed: 3,257
Kb log analyzed: 1,154.46
Analysis speed: 814 lines/second
Analysis speed: 289 kb/second
Hosts in DNS cache: 751
DNS resolution took 0 seconds .