Logo
 
firegen home | support | tcp/ip ports | logwiki | support forums
Altair Technologies Ltd. - Firegen report generated on 11/15/2011 7:08:09 PM

FireGen Report
InfoValue
Log profileLog profile Netscreen
Analyzed log(s) F:\Logs\Sonicwall\09-29-2006-SyslogCatchAll.txt (76.00 MB)

Firewall typeSonicwall
Analysis intervalAll entries in the specified log
Firewalls
NoFirewallConnectionsTraffic (MB)DenialsWarningsURLs
172.13.230.292,3612,437.872,6952,15400
Message types
NoCodeMessage sampleCount
21024msg="Connection Closed" n=47123 src=216.46.76.195:28378:X1:ip195.practicaltech.net dst=10.1.2.3:443:X0:STEMPSVR3 proto=tcp/443 sent=1129 rcvd=231692,361
310240msg="ICMP packet from LAN dropped" n=1079 src=10.1.2.14:137:X0 dst=10.1.2.1:1860:X0 type=3 code=3485
41048576msg="VoIP 10.1.2.1 (H.323) Endpoint removed" n=406
5128msg="UDP packet dropped" n=21919 src=192.168.20.250:514:X1 dst=10.1.2.4:514:X0:stempsvr4.stempsystems.local proto=udp/syslog645
616msg="SENDING>>>> ISAKMP OAK INFO (InitCookie:0x3adad5f46307a9b2 RespCookie:0x316153d959e741fb, MsgID: 0x4C75720) *(HASH, NOTIFY:DPD_ACK)" n=35973 src=72.13.230.2:500::2-230-13-72.cosmoweb.net dst=66.108.130.30:500::cpe-66-108-130-30.nyc.res.rr.com102,722
7256msg="ICMP packet dropped" n=1824 src=10.1.46.253:3:X1 dst=10.1.2.1:3:X0 type=3 code=3453
8262144msg="Connection Opened" n=35397 src=10.1.2.8:2830:X0:STEMPVMPNETMON dst=10.24.64.4:53:X1:FHNTSVR2 proto=tcp/dns68,579
932msg="Probable port scan dropped" n=6 src=147.135.8.6:46486:X1 dst=72.13.230.2:33493:X1:2-230-13-72.cosmoweb.net15
10448msg="IPSec (ESP) packet dropped" n=819 src=68.173.146.77:0:X1:cpe-68-173-146-77.nyc.res.rr.com dst=72.13.230.2:0:X1:2-230-13-72.cosmoweb.net01
11512msg="Broadcast packet dropped" n=14137 src=61.159.15.2:3400:X1 dst=255.255.255.255 proto=udp/14342,898
126144msg="UDP packet from LAN dropped" n=93 src=10.1.2.20:137:X0 dst=10.1.2.1:137:X0 proto=047
1364msg="TCP connection dropped" n=3836 src=216.46.76.195:33644:X1:ip195.practicaltech.net dst=72.13.230.43:443:X1:43-230-13-72.cosmoweb.net proto=tcp/443417
14640msg="Received ISAKMP packet destined to port 500, expected on floated port 4500" n=944 src=68.39.142.55:500::pcp04208994pcs.brick101.nj.comcast.net dst=72.13.230.2:500::2-230-13-72.cosmoweb.net527
Firewall: 72.13.230.2

72.13.230.2 - Traffic and denials per hour









HourTraffic (MB)%Connections%Denials%
00-01118.004.868,0648.482428.98
01-02158.006.518,5098.952388.83
02-0391.003.767,7938.202278.42
03-0480.003.287,7438.152348.68
04-0590.003.717,8068.212378.79
05-0675.003.127,7078.112358.72
06-071,042.0042.768,8589.322428.98
07-08232.009.558,6789.132358.72
08-09105.004.318,2028.632338.65
09-10125.005.139,63310.132418.94
10-11238.009.808,1498.572268.39
11-1277.003.193,8174.021023.78
12-1300.000.00000.00000.00
13-1400.000.00000.00000.00
14-1500.000.00000.00000.00
15-1600.000.00000.00000.00
16-1700.000.00000.00000.00
17-1800.000.00000.00000.00
18-1900.000.00000.00000.00
19-2000.000.00000.00000.00
20-2100.000.00000.00000.00
21-2200.000.00000.00000.00
22-2300.000.00000.00000.00
23-2400.000.01970.10030.11
72.13.230.2 - Interfaces
NoInterfacesConnectionsMB%DenialsWarnings
1X08,97814.2000.581,16200
2X0 to X134,075309.3012.690000
3X0 to X24200.0000.000000
4X1 to X020,9532,098.9786.101,10800
5X128,20814.9000.6136200
6X2 to X09300.4900.020600
7X21200.0100.005400
8X1 to 0000.0000.000300
9Not specified0000.0000.00002,154
 Total92,3612,437.87 2,6952,154
Firewall: 72.13.230.2 - Interface: X0 - Go to top
Top 10 sources
NoSourceBytes%Comment
110.1.2.5013,051,86087.64 
210.1.2.11,570,68010.55 
310.1.2.5147,4750.99 
410.1.2.8121,8220.82257 denials recorded on 9/29/2006 12:00:55 AM



Top 10 destinations
NoDestinationBytes%Comment
110.1.2.113,051,86087.64 
210.1.2.3887,5195.96170 denials recorded on 9/29/2006 12:10:36 AM
310.1.2.5826,0395.55 
410.1.2.1437,1280.25403 denials recorded on 9/29/2006 12:04:40 AM
510.1.2.1559,0420.06 
610.1.2.2136,9740.05 
710.1.2.1716,2400.04 
810.1.2.1325,5380.04 
910.1.2.435,1940.03 
1010.1.2.1684,9920.03 



Top 10 sources, protocols and bytes
NoSourceProtocolConnectionsBytes%Comment
110.1.2.50HTTP1,16613,026,45487.47 
210.1.2.1DNS6,6781,435,3479.64 
310.1.2.5TCP/443 - ssl-https12146,3960.98 
410.1.2.1NETBIOS-NS1,004134,8910.91 
510.1.2.8HTTP101121,8220.82257 denials recorded on 9/29/2006 12:00:55 AM
610.1.2.50HTTP0923,9800.16 
710.1.2.50HTTP051,4260.01 
810.1.2.5HTTP011,0790.01 
910.1.2.1UDP/1719024420.00 

Top 10 sources, destinations, protocols and bytes
NoSourceDestinationProtocolConnectionsBytes%Comment
110.1.2.5010.1.2.1HTTP1,16613,026,45487.47 
210.1.2.110.1.2.3DNS3,339735,3764.94170 denials recorded on 9/29/2006 12:10:36 AM
310.1.2.110.1.2.5DNS3,339699,9714.70 
410.1.2.510.1.2.3TCP/443 - ssl-https12146,3960.98 
510.1.2.810.1.2.5HTTP101121,8220.82257 denials recorded on 9/29/2006 12:00:55 AM
610.1.2.110.1.2.14NETBIOS-NS47637,1280.25403 denials recorded on 9/29/2006 12:04:40 AM
710.1.2.5010.1.2.1HTTP0923,9800.16 
810.1.2.110.1.2.155NETBIOS-NS309,0420.06 
910.1.2.110.1.2.213NETBIOS-NS226,9740.05 
1010.1.2.110.1.2.171NETBIOS-NS806,2400.04 

Top 10 protocols
NoProtocolConnectionsBytes%Comment
1HTTP OP=GET1,26813,149,35588.30 
2DNS6,6781,435,3479.64 
3TCP/443 - ssl-https12146,3960.98 
4NETBIOS-NS1,004134,8910.91 
5HTTP OP=POST0923,9800.16 
6HTTP051,4260.01 
7UDP/1719024420.00 



Top 10 denied sources
NoSourceConnectionsFirst denial%Comment
110.1.2.144039/29/2006 12:04:40 AM34.68403 denials recorded on 9/29/2006 12:04:40 AM
210.1.2.82579/29/2006 12:00:55 AM22.12257 denials recorded on 9/29/2006 12:00:55 AM
310.1.2.31709/29/2006 12:10:36 AM14.63170 denials recorded on 9/29/2006 12:10:36 AM
410.1.2.213869/29/2006 12:03:09 AM07.40 
510.1.2.54609/29/2006 1:14:52 AM05.16 
610.1.2.171299/29/2006 12:01:54 AM02.50 
710.1.2.132279/29/2006 12:44:09 AM02.32 
810.1.2.168179/29/2006 12:09:25 AM01.46 
910.1.2.155119/29/2006 12:29:55 AM00.95 
1010.1.2.42099/29/2006 1:09:24 AM00.77 

Top 10 destinations for denied connections
NoDestinationConnectionsFirst denial%Comment
110.1.2.15329/29/2006 12:01:54 AM45.78 
210.1.2.2554079/29/2006 12:00:55 AM35.03 
3Broadcast2239/29/2006 12:10:36 AM19.19 

Top 10 denied protocols
NoDenied protocolConnectionsFirst denial%Comment
1ICMP/3 - unreach4859/29/2006 12:01:54 AM41.74 
2NETBIOS-NS2509/29/2006 12:00:55 AM21.51 
3NETBIOS-DGM1579/29/2006 12:03:09 AM13.51 
4UDP/12661229/29/2006 12:10:36 AM10.50 
5UDP/5000569/29/2006 9:41:08 AM04.82 
6UDP/161 - snmp429/29/2006 12:14:10 AM03.61 
7UDP/20046 - network probe399/29/2006 1:22:17 AM03.36 
8UDP/58085069/29/2006 12:19:03 AM00.52 
9UDP/137 - netbios049/29/2006 7:00:13 AM00.34 
10UDP/1900 - univ. plug-and-play019/29/2006 12:48:20 AM00.09 



Top 10 denial reasons
NoDenial reasonConnectionsFirst denial%Comment
1Broadcast packet dropped6309/29/2006 12:00:55 AM54.22 
2ICMP packet from LAN dropped4859/29/2006 12:01:54 AM41.74 
3UDP packet from LAN dropped479/29/2006 12:14:10 AM04.04 



Top 10 denied sources, destinations, protocols and reasons
NoSourceDestinationProtocolReasonConnectionsFirst denial%Comment
110.1.2.1410.1.2.1ICMP/3 - unreachICMP packet from LAN dropped4039/29/2006 12:04:40 AM34.68403 denials recorded on 9/29/2006 12:04:40 AM
210.1.2.810.1.2.255NETBIOS-NSBroadcast packet dropped2119/29/2006 12:00:55 AM18.16257 denials recorded on 9/29/2006 12:00:55 AM
310.1.2.3BroadcastUDP/1266Broadcast packet dropped1229/29/2006 12:10:36 AM10.50170 denials recorded on 9/29/2006 12:10:36 AM
410.1.2.21310.1.2.255NETBIOS-DGMBroadcast packet dropped869/29/2006 12:03:09 AM7.40 
510.1.2.54BroadcastUDP/5000Broadcast packet dropped569/29/2006 9:41:08 AM4.82 
610.1.2.810.1.2.1UDP/161 - snmpUDP packet from LAN dropped429/29/2006 12:14:10 AM3.61 
710.1.2.3BroadcastUDP/20046 - network probeBroadcast packet dropped399/29/2006 1:22:17 AM3.36 
810.1.2.17110.1.2.1ICMP/3 - unreachICMP packet from LAN dropped299/29/2006 12:01:54 AM2.50 
910.1.2.13210.1.2.1ICMP/3 - unreachICMP packet from LAN dropped279/29/2006 12:44:09 AM2.32 
1010.1.2.16810.1.2.1ICMP/3 - unreachICMP packet from LAN dropped179/29/2006 12:09:25 AM1.46 

Top 10 denied protocols and reasons
NoProtocolReasonDenials%Comment
1ICMP/3 - unreachICMP packet from LAN dropped48541.74 
2NETBIOS-NSBroadcast packet dropped25021.51 
3NETBIOS-DGMBroadcast packet dropped15713.51 
4UDP/1266Broadcast packet dropped12210.50 
5UDP/5000Broadcast packet dropped564.82 
6UDP/161 - snmpUDP packet from LAN dropped423.61 
7UDP/20046 - network probeBroadcast packet dropped393.36 
8UDP/58085Broadcast packet dropped060.52 
9UDP/137 - netbiosUDP packet from LAN dropped040.34 
10UDP/1900 - univ. plug-and-playUDP packet from LAN dropped010.09 

Firewall: 72.13.230.2 - Interfaces: X0 to X1 - Go to top
Top 10 sources
NoSourceBytes%Comment
110.1.2.5104,489,27132.22 
210.1.2.862,992,31619.42257 denials recorded on 9/29/2006 12:00:55 AM
310.1.2.5054,413,73416.78 
410.1.2.4236,551,04311.27 
510.1.2.5428,577,7448.81 
610.1.2.16821,997,4596.78 
710.1.2.605,089,7431.57 
810.1.2.1614,350,0021.34 
910.1.2.32,166,2960.67170 denials recorded on 9/29/2006 12:10:36 AM
1010.1.2.1321,175,0480.36 



Top 10 destinations
NoDestinationBytes%Comment
1ip67-93-135-175.z135-93-67.customer.algx.net (67.93.135.175)83,990,10325.90 
2192.168.20.122,339,2856.89 
3147.135.0.12821,955,5886.77 
410.24.64.417,440,3855.38 
5172.20.4.10114,964,1694.61 
610.1.13.212,380,6963.82 
7www.xs4all.nl (194.109.6.92)11,830,4583.65 
8mailserver-druckzentrum.de (80.190.240.92)10,772,2793.32 
9192.168.20.410,355,1473.19 
10xml02.good.com (216.136.156.86)6,873,3122.12 



Top 10 sources, protocols and bytes
NoSourceProtocolConnectionsBytes%Comment
110.1.2.5HTTP3286,451,83226.66 
210.1.2.50TCP/6129 - agobot-worm2047,943,45614.78 
310.1.2.8UDP/161 - snmp6,78145,403,09814.00257 denials recorded on 9/29/2006 12:00:55 AM
410.1.2.42HTTP1,07835,037,57510.80 
510.1.2.54TCP/6129 - agobot-worm0527,198,4058.39 
610.1.2.168UDP/148420121,412,3326.60 
710.1.2.5TCP/443 - ssl-https11417,289,9475.33 
810.1.2.8TCP/13511536,847,8702.11 
910.1.2.50TCP/443 - ssl-https6575,023,9321.55 
1010.1.2.60TCP/6129 - agobot-worm074,575,5201.41 

Top 10 sources, destinations, protocols and bytes
NoSourceDestinationProtocolConnectionsBytes%Comment
110.1.2.5ip67-93-135-175.z135-93-67.customer.algx.net (67.93.135.175)HTTP1983,921,32225.88 
210.1.2.54192.168.20.1TCP/6129 - agobot-worm0322,270,2806.87 
310.1.2.168147.135.0.128UDP/148420121,412,3326.60 
410.1.2.5010.24.64.4TCP/6129 - agobot-worm0116,711,3405.15 
510.1.2.50172.20.4.101TCP/6129 - agobot-worm0114,963,8704.61 
610.1.2.42www.xs4all.nl (194.109.6.92)HTTP2111,830,4583.65 
710.1.2.42mailserver-druckzentrum.de (80.190.240.92)HTTP0110,767,8013.32 
810.1.2.50192.168.20.4TCP/6129 - agobot-worm018,501,0572.62 
910.1.2.5xml02.good.com (216.136.156.86)TCP/443 - ssl-https206,873,3122.12 
1010.1.2.810.1.13.2TCP/13511536,847,8702.11257 denials recorded on 9/29/2006 12:00:55 AM

Top 10 protocols
NoProtocolConnectionsBytes%Comment
1HTTP OP=GET1,528126,934,76939.14 
2TCP/6129 - agobot-worm3380,456,87624.81 
3UDP/161 - snmp6,78145,403,09814.00 
4TCP/443 - ssl-https1,30226,608,3508.20 
5UDP/148420121,412,3326.60 
6TCP/13511536,847,8702.11 
7NETBIOS-NS8,9483,533,1001.09 
8DNS7,7392,965,3330.91 
9TCP/1356622,754,7900.85 
10TCP/17962582,450,8200.76 



Top 10 protocol TCP/3389 - ms rdp: Sources, destinations, and traffic
NoSourceDestinationConnectionsBytesComment
110.1.2.50ip-66-80-255-195.nyc.megapath.net (66.80.255.195)01212,094 
210.1.2.5010.1.46.201209,339 
310.1.2.4210.1.47.1240194,028 
410.1.2.50ip-216-36-121-234.dsl.nyc.megapath.net (216.36.121.234)0156,009 
510.1.2.50192.168.1.30148,34615139 denials recorded on 4/3/2006 11:01:31 PM
610.1.2.50192.168.1.606528 
710.1.2.50172.20.4.3101435 
810.1.2.50192.168.1.403264 
910.1.2.5010.1.46.403264 
1010.1.2.5010.1.46.30196 

Firewall: 72.13.230.2 - Interfaces: X0 to X2 - Go to top
Top 10 sources
NoSourceBytes%Comment
110.1.2.31,79488.46170 denials recorded on 9/29/2006 12:10:36 AM
210.1.2.123411.54 



Top 10 destinations
NoDestinationBytes%Comment
1cpe-24-193-139-129.nyc.res.rr.com (24.193.139.129)1,65681.66 
210.1.72.237218.34 



Top 10 sources, protocols and bytes
NoSourceProtocolConnectionsBytes%Comment
110.1.2.3UDP/1049361,65681.66170 denials recorded on 9/29/2006 12:10:36 AM
210.1.2.1NETBIOS-NS0323411.54 
310.1.2.3UDP/2872031386.80 

Top 10 sources, destinations, protocols and bytes
NoSourceDestinationProtocolConnectionsBytes%Comment
110.1.2.3cpe-24-193-139-129.nyc.res.rr.com (24.193.139.129)UDP/1049361,65681.66170 denials recorded on 9/29/2006 12:10:36 AM
210.1.2.110.1.72.2NETBIOS-NS0323411.54 
310.1.2.310.1.72.2UDP/2872031386.80 

Top 10 protocols
NoProtocolConnectionsBytes%Comment
1UDP/1049361,65681.66 
2NETBIOS-NS0323411.54 
3UDP/2872031386.80 



Firewall: 72.13.230.2 - Interfaces: X1 to X0 - Go to top
Top 10 sources
NoSourceBytes%Comment
1ool-18b88aae.dyn.optonline.net (24.184.138.174)1,003,489,46445.59 
210.110.2.50857,286,85138.95 
3ip-69-33-141-98.nyc.megapath.net (69.33.141.98)252,069,24011.45 
464-6-187-66.t1.nyc.megapath.net (64.6.187.66)32,843,6951.49 
510.100.2.10017,527,8840.80 
610.100.2.505,907,3120.27 
710.110.2.1003,660,3460.17 
8yahoo-wildcard.a05.yahoodns.net (66.218.94.151)3,610,5780.16 
9cpe-24-193-35-150.nyc.res.rr.com (24.193.35.150)3,525,4110.16 
1010.111.2.503,375,6160.15 



Top 10 destinations
NoDestinationBytes%Comment
110.1.2.541,004,387,54645.63 
210.1.2.3817,611,33037.15170 denials recorded on 9/29/2006 12:10:36 AM
310.1.2.14258,370,21211.74403 denials recorded on 9/29/2006 12:04:40 AM
410.1.2.50114,465,1245.20 
510.1.2.161901,9920.04 
610.1.2.77900,4940.04 
710.1.2.43898,5240.04 
810.1.2.51898,3140.04 
910.1.2.56894,5400.04 
1010.1.2.53890,0540.04 



Top 10 sources, protocols and bytes
NoSourceProtocolConnectionsBytes%Comment
1ool-18b88aae.dyn.optonline.net (24.184.138.174)TCP/3389 - ms rdp021,003,489,46445.59 
210.110.2.50TCP/4000253725,774,45032.98 
3ip-69-33-141-98.nyc.megapath.net (69.33.141.98)SYSLOG244252,069,24011.45 
410.110.2.50TCP/3389 - ms rdp02131,102,2315.96 
564-6-187-66.t1.nyc.megapath.net (64.6.187.66)SMTP0432,843,6951.49 
610.100.2.100TCP/40002769,587,7240.44 
710.100.2.100TCP/135 - ms rpc5,5747,224,6400.33 
810.100.2.50TCP/40002624,795,3620.22 
9yahoo-wildcard.a05.yahoodns.net (66.218.94.151)SMTP013,610,5780.16 
10cpe-24-193-35-150.nyc.res.rr.com (24.193.35.150)SYSLOG513,525,4110.16 

Top 10 sources, destinations, protocols and bytes
NoSourceDestinationProtocolConnectionsBytes%Comment
1ool-18b88aae.dyn.optonline.net (24.184.138.174)10.1.2.54TCP/3389 - ms rdp021,003,489,46445.59 
210.110.2.5010.1.2.3TCP/4000253725,774,45032.98170 denials recorded on 9/29/2006 12:10:36 AM
3ip-69-33-141-98.nyc.megapath.net (69.33.141.98)10.1.2.14SYSLOG244252,069,24011.45403 denials recorded on 9/29/2006 12:04:40 AM
410.110.2.5010.1.2.50TCP/3389 - ms rdp01113,554,6405.16 
564-6-187-66.t1.nyc.megapath.net (64.6.187.66)10.1.2.3SMTP0432,843,6951.49 
610.110.2.5010.1.2.3TCP/3389 - ms rdp0117,547,5910.80 
710.100.2.10010.1.2.3TCP/40002769,587,7240.44 
810.100.2.5010.1.2.3TCP/40002624,795,3620.22 
9yahoo-wildcard.a05.yahoodns.net (66.218.94.151)10.1.2.3SMTP013,610,5780.16 
10cpe-24-193-35-150.nyc.res.rr.com (24.193.35.150)10.1.2.14SYSLOG513,525,4110.16 

Top 10 protocols
NoProtocolConnectionsBytes%Comment
1TCP/3389 - ms rdp041,134,591,69551.55 
2TCP/40002,363748,950,88034.03 
3SYSLOG829258,362,11211.74 
4SMTP51742,568,1491.93 
5TCP/135 - ms rpc5,6157,275,6960.33 
6TCP/40033,4743,658,0800.17 
7TCP/1433 - ms sql4,6543,072,1620.14 
8TCP/443 - ssl-https499934,2030.04 
9HTTP OP=GET32832,5380.04 
10TCP/1984 - big brother2,050192,7000.01 



Top 10 protocol TCP/3389 - ms rdp: Sources, destinations, and traffic
NoSourceDestinationConnectionsBytesComment
1ool-18b88aae.dyn.optonline.net (24.184.138.174)10.1.2.54021,003,489,464 
210.110.2.5010.1.2.5001113,554,640 
310.110.2.5010.1.2.30117,547,591170 denials recorded on 9/29/2006 12:10:36 AM

Top 10 denied sources
NoSourceConnectionsFirst denial%Comment
1192.168.20.2505019/29/2006 12:00:49 AM45.22501 denials recorded on 9/29/2006 12:00:49 AM
210.3.64.11659/29/2006 12:06:36 AM14.89165 denials recorded on 9/29/2006 12:06:36 AM
310.1.11.15539/29/2006 12:07:39 AM04.7853 denials recorded on 9/29/2006 12:07:39 AM
410.2.64.1419/29/2006 12:29:42 AM03.70 
510.1.13.3319/29/2006 12:14:11 AM02.80 
610.1.13.184289/29/2006 8:44:25 AM02.53 
7192.168.101.132279/29/2006 12:21:47 AM02.44 
8146.203.230.1269/29/2006 12:04:28 AM02.35 
910.1.60.1249/29/2006 12:02:17 AM02.17 
1010.1.30.1249/29/2006 12:46:53 AM02.17 

Top 10 destinations for denied connections
NoDestinationConnectionsFirst denial%Comment
110.1.2.45899/29/2006 12:00:49 AM53.16 
210.1.2.13399/29/2006 12:00:45 AM30.60 
310.1.2.3779/29/2006 12:21:47 AM06.95170 denials recorded on 9/29/2006 12:10:36 AM
410.1.2.8599/29/2006 12:07:39 AM05.32257 denials recorded on 9/29/2006 12:00:55 AM
510.1.2.5249/29/2006 1:53:07 AM02.17 
610.1.2.50069/29/2006 12:08:58 AM00.54 
710.1.2.119049/29/2006 12:11:19 AM00.36 
810.1.2.42039/29/2006 7:10:42 AM00.27 
910.1.2.54029/29/2006 12:36:55 AM00.18 
1010.1.2.59019/29/2006 1:15:08 AM00.09 

Top 10 denied protocols
NoDenied protocolConnectionsFirst denial%Comment
1UDP/514 - syslog5899/29/2006 12:00:49 AM53.16 
2ICMP/3 - unreach3909/29/2006 12:00:45 AM35.20 
3UDP/53 - dns279/29/2006 12:21:47 AM02.44 
4TCP/80 - http269/29/2006 8:14:21 AM02.35 
5TCP/25 - smtp119/29/2006 1:13:00 AM00.99 
6TCP/445 - netbios109/29/2006 4:01:44 AM00.90 
7UDP/162 - snmp-trap079/29/2006 2:22:13 AM00.63 
8TCP/11677059/29/2006 3:59:47 AM00.45 
9UDP/2967 - symantec-av049/29/2006 12:11:19 AM00.36 
10TCP/1433 - ms sql049/29/2006 1:15:08 AM00.36 



Top 10 denial reasons
NoDenial reasonConnectionsFirst denial%Comment
1UDP packet dropped6279/29/2006 12:00:49 AM56.59 
2ICMP packet dropped3959/29/2006 12:00:45 AM35.65 
3TCP connection dropped609/29/2006 12:36:55 AM05.42 
4Web access request dropped269/29/2006 8:14:21 AM02.35 



Top 10 denied sources, destinations, protocols and reasons
NoSourceDestinationProtocolReasonConnectionsFirst denial%Comment
1192.168.20.25010.1.2.4UDP/514 - syslogUDP packet dropped5019/29/2006 12:00:49 AM45.22501 denials recorded on 9/29/2006 12:00:49 AM
210.3.64.110.1.2.4UDP/514 - syslogUDP packet dropped889/29/2006 12:07:06 AM7.94165 denials recorded on 9/29/2006 12:06:36 AM
310.3.64.110.1.2.1ICMP/3 - unreachICMP packet dropped779/29/2006 12:06:36 AM6.95 
410.1.11.1510.1.2.8ICMP/3 - unreachICMP packet dropped479/29/2006 12:07:39 AM4.24257 denials recorded on 9/29/2006 12:00:55 AM
257 denials recorded on 9/29/2006 12:00:55 AM
53 denials recorded on 9/29/2006 12:07:39 AM
510.2.64.110.1.2.1ICMP/3 - unreachICMP packet dropped419/29/2006 12:29:42 AM3.70 
610.1.13.310.1.2.1ICMP/3 - unreachICMP packet dropped319/29/2006 12:14:11 AM2.80 
7192.168.101.13210.1.2.3UDP/53 - dnsUDP packet dropped279/29/2006 12:21:47 AM2.44170 denials recorded on 9/29/2006 12:10:36 AM
8146.203.230.110.1.2.1ICMP/3 - unreachICMP packet dropped269/29/2006 12:04:28 AM2.35 
910.1.60.110.1.2.1ICMP/3 - unreachICMP packet dropped249/29/2006 12:02:17 AM2.17 
1010.1.30.110.1.2.1ICMP/3 - unreachICMP packet dropped249/29/2006 12:46:53 AM2.17 

Top 10 denied protocols and reasons
NoProtocolReasonDenials%Comment
1UDP/514 - syslogUDP packet dropped58953.16 
2ICMP/3 - unreachICMP packet dropped39035.20 
3UDP/53 - dnsUDP packet dropped272.44 
4TCP/80 - httpWeb access request dropped262.35 
5TCP/25 - smtpTCP connection dropped110.99 
6TCP/445 - netbiosTCP connection dropped100.90 
7UDP/162 - snmp-trapUDP packet dropped070.63 
8TCP/11677TCP connection dropped050.45 
9UDP/2967 - symantec-avUDP packet dropped040.36 
10TCP/1433 - ms sqlTCP connection dropped040.36 

Firewall: 72.13.230.2 - Interface: X1 - Go to top
Top 10 sources
NoSourceBytes%Comment
1ool-18b88aae.dyn.optonline.net (24.184.138.174)7,747,85649.60 
22-230-13-72.static.cosmoweb.net (72.13.230.2)5,161,48833.04 
3c-68-39-142-55.hsd1.nj.comcast.net (68.39.142.55)290,0881.86 
443-248-234-66.static.cosmoweb.net (66.234.248.43)287,6681.84 
5adsl-66-139-44-124.dsl.tulsok.swbell.net (66.139.44.124)282,7681.81 
6p84-114.acedsl.com (66.114.84.114)156,4481.00 
7mail.mikam.com (216.46.84.195)156,3441.00 
8ool-182fc26b.dyn.optonline.net (24.47.194.107)156,3161.00 
9cpe-66-108-130-30.nyc.res.rr.com (66.108.130.30)156,1401.00 
10cpe-24-193-35-150.nyc.res.rr.com (24.193.35.150)155,9481.00 



Top 10 destinations
NoDestinationBytes%Comment
12-230-13-72.static.cosmoweb.net (72.13.230.2)10,460,15866.96 
2v997.core1.ash1.he.net (216.66.37.13)3,392,70021.72 
3pool-141-155-152-168.ny5030.east.verizon.net (141.155.152.168)570,9203.65 
4c-67-172-11-40.hsd1.in.comcast.net (67.172.11.40)460,5802.95 
58.4.112.74215,9081.38 
664.41.135.42130,0200.83 
7218.1.128.24948,1060.31 
8147.135.0.719,5820.13 
968.166.102.20214,5200.09 
10moon.cosmoweb.net (66.234.224.3)12,6870.08 



Top 10 sources, protocols and bytes
NoSourceProtocolConnectionsBytes%Comment
1ool-18b88aae.dyn.optonline.net (24.184.138.174)TCP/90008177,747,85649.60 
22-230-13-72.static.cosmoweb.net (72.13.230.2)DNS15,2583,624,80423.20 
32-230-13-72.static.cosmoweb.net (72.13.230.2)UDP/500 - ipsec6231,211,6847.76 
4c-68-39-142-55.hsd1.nj.comcast.net (68.39.142.55)UDP/4500 - vpn client528290,0881.86 
543-248-234-66.static.cosmoweb.net (66.234.248.43)UDP/500 - ipsec679287,6681.84 
6adsl-66-139-44-124.dsl.tulsok.swbell.net (66.139.44.124)UDP/500 - ipsec669282,7681.81 
72-230-13-72.static.cosmoweb.net (72.13.230.2)NETBIOS-NS1,625192,1881.23 
8p84-114.acedsl.com (66.114.84.114)UDP/500 - ipsec677156,4481.00 
9mail.mikam.com (216.46.84.195)UDP/500 - ipsec679156,3441.00 
10ool-182fc26b.dyn.optonline.net (24.47.194.107)UDP/500 - ipsec679156,3161.00 

Top 10 sources, destinations, protocols and bytes
NoSourceDestinationProtocolConnectionsBytes%Comment
1ool-18b88aae.dyn.optonline.net (24.184.138.174)2-230-13-72.static.cosmoweb.net (72.13.230.2)TCP/90008177,747,85649.60 
22-230-13-72.static.cosmoweb.net (72.13.230.2)v997.core1.ash1.he.net (216.66.37.13)DNS14,4423,392,21221.71 
32-230-13-72.static.cosmoweb.net (72.13.230.2)pool-141-155-152-168.ny5030.east.verizon.net (141.155.152.168)UDP/500 - ipsec01570,7643.65 
42-230-13-72.static.cosmoweb.net (72.13.230.2)c-67-172-11-40.hsd1.in.comcast.net (67.172.11.40)UDP/500 - ipsec479460,5802.95 
5c-68-39-142-55.hsd1.nj.comcast.net (68.39.142.55)2-230-13-72.static.cosmoweb.net (72.13.230.2)UDP/4500 - vpn client528290,0881.86 
643-248-234-66.static.cosmoweb.net (66.234.248.43)2-230-13-72.static.cosmoweb.net (72.13.230.2)UDP/500 - ipsec679287,6681.84 
7adsl-66-139-44-124.dsl.tulsok.swbell.net (66.139.44.124)2-230-13-72.static.cosmoweb.net (72.13.230.2)UDP/500 - ipsec669282,7681.81 
82-230-13-72.static.cosmoweb.net (72.13.230.2)8.4.112.74DNS674199,9001.28 
9p84-114.acedsl.com (66.114.84.114)2-230-13-72.static.cosmoweb.net (72.13.230.2)UDP/500 - ipsec677156,4481.00 
10mail.mikam.com (216.46.84.195)2-230-13-72.static.cosmoweb.net (72.13.230.2)UDP/500 - ipsec679156,3441.00 

Top 10 protocols
NoProtocolConnectionsBytes%Comment
1TCP/90008177,747,85649.60 
2UDP/500 - ipsec9,8643,629,75823.24 
3DNS15,2583,624,80423.20 
4UDP/4500 - vpn client528290,0881.86 
5NETBIOS-NS1,625192,1881.23 
6TCP/443 - ssl-https11129,9420.83 
7HTTP904,1400.03 
8NTP121,7480.01 
9HTTP OP=GET016340.00 
10UDP/1719024880.00 



Top 10 denied sources
NoSourceConnectionsFirst denial%Comment
1ip-216-46-76-195.dsl.nyc.megapath.net (216.46.76.195)2029/29/2006 12:01:59 AM55.80202 denials recorded on 9/29/2006 12:01:59 AM
2209.150.98.78429/29/2006 12:22:03 AM11.6042 denials recorded on 9/29/2006 12:22:03 AM
3ps3-img.us.dell.com (143.166.224.238)079/29/2006 9:05:53 AM01.937 denials recorded on 9/29/2006 9:05:53 AM
48.4.112.100059/29/2006 1:10:13 AM01.38 
5h228.62.16.72.dynamic.ip.windstream.net (72.16.62.228)059/29/2006 2:05:49 AM01.38 
6211.147.224.237059/29/2006 4:19:19 AM01.38 
7147.135.20.6059/29/2006 6:42:59 AM01.38 
8194.109.22.135059/29/2006 7:14:42 AM01.38 
9ge-16-1-cdnt01.brick1.nj.panjde.comcast.net (68.86.221.90)049/29/2006 12:10:31 AM01.10 
10147.135.0.19049/29/2006 1:27:14 AM01.10 

Top 10 destinations for denied connections
NoDestinationConnectionsFirst denial%Comment
1mail.stempsystems.com (72.13.230.43)2349/29/2006 12:00:05 AM64.64 
22-230-13-72.static.cosmoweb.net (72.13.230.2)989/29/2006 12:10:31 AM27.07 
345-230-13-72.static.cosmoweb.net (72.13.230.45)079/29/2006 5:59:09 AM01.93 
4Broadcast069/29/2006 12:55:25 AM01.66 
544-230-13-72.static.cosmoweb.net (72.13.230.44)049/29/2006 2:15:38 AM01.10 
6mail.stempsystems.com (72.13.230.49)039/29/2006 12:04:26 AM00.83 
750-230-13-72.static.cosmoweb.net (72.13.230.50)039/29/2006 1:16:37 AM00.83 
854-230-13-72.static.cosmoweb.net (72.13.230.54)029/29/2006 4:21:05 AM00.55 
957-230-13-72.static.cosmoweb.net (72.13.230.57)019/29/2006 12:29:11 AM00.28 
10v997.core1.ash1.he.net (216.66.37.13)019/29/2006 2:06:38 AM00.28 

Top 10 denied protocols
NoDenied protocolConnectionsFirst denial%Comment
1TCP/443 - ssl-https2029/29/2006 12:01:59 AM55.80 
2ICMP/3 - unreach429/29/2006 12:22:03 AM11.60 
3TCP/25 - smtp319/29/2006 12:00:05 AM08.56 
4UDP/33438059/29/2006 1:27:14 AM01.38 
5ICMP/13059/29/2006 1:44:53 AM01.38 
6TCP/15221059/29/2006 7:14:42 AM01.38 
7ICMP/1049/29/2006 12:10:31 AM01.10 
8ICMP/0049/29/2006 12:50:45 AM01.10 
9UDP/8049/29/2006 2:05:49 AM01.10 
10TCP/15660039/29/2006 5:59:09 AM00.83 



Top 10 denial reasons
NoDenial reasonConnectionsFirst denial%Comment
1TCP connection dropped2759/29/2006 12:00:05 AM75.97 
2ICMP packet dropped569/29/2006 12:10:31 AM15.47 
3UDP packet dropped139/29/2006 1:27:14 AM03.59 
4Possible port scan dropped069/29/2006 5:58:11 AM01.66 
5Smurf Amplification attack dropped049/29/2006 2:05:49 AM01.10 
6Probable port scan dropped049/29/2006 5:58:21 AM01.10 
7Broadcast packet dropped029/29/2006 12:55:25 AM00.55 
8IPSec (ESP) packet dropped019/29/2006 1:40:21 AM00.28 
9Land attack dropped019/29/2006 6:58:53 AM00.28 



Top 10 denied sources, destinations, protocols and reasons
NoSourceDestinationProtocolReasonConnectionsFirst denial%Comment
1ip-216-46-76-195.dsl.nyc.megapath.net (216.46.76.195)mail.stempsystems.com (72.13.230.43)TCP/443 - ssl-httpsTCP connection dropped2029/29/2006 12:01:59 AM55.80202 denials recorded on 9/29/2006 12:01:59 AM
2209.150.98.782-230-13-72.static.cosmoweb.net (72.13.230.2)ICMP/3 - unreachICMP packet dropped429/29/2006 12:22:03 AM11.6042 denials recorded on 9/29/2006 12:22:03 AM
38.4.112.100mail.stempsystems.com (72.13.230.43)TCP/25 - smtpTCP connection dropped059/29/2006 1:10:13 AM1.38 
4194.109.22.1352-230-13-72.static.cosmoweb.net (72.13.230.2)TCP/15221TCP connection dropped059/29/2006 7:14:42 AM1.38 
5ge-16-1-cdnt01.brick1.nj.panjde.comcast.net (68.86.221.90)2-230-13-72.static.cosmoweb.net (72.13.230.2)ICMP/1ICMP packet dropped049/29/2006 12:10:31 AM1.10 
6147.135.0.192-230-13-72.static.cosmoweb.net (72.13.230.2)UDP/33438UDP packet dropped049/29/2006 1:27:14 AM1.10 
7209.182.0.220mail.stempsystems.com (72.13.230.43)TCP/25 - smtpTCP connection dropped049/29/2006 8:25:52 AM1.10 
8h228.62.16.72.dynamic.ip.windstream.net (72.16.62.228)BroadcastUDP/8Smurf Amplification attack dropped039/29/2006 2:05:49 AM0.83 
9switch1.mia1.he.net (216.66.37.10)mail.stempsystems.com (72.13.230.43)TCP/25 - smtpTCP connection dropped039/29/2006 3:52:47 AM0.83 
10211.147.224.23745-230-13-72.static.cosmoweb.net (72.13.230.45)TCP/15660TCP connection dropped039/29/2006 5:59:09 AM0.83 

Top 10 denied protocols and reasons
NoProtocolReasonDenials%Comment
1TCP/443 - ssl-httpsTCP connection dropped20255.80 
2ICMP/3 - unreachICMP packet dropped4211.60 
3TCP/25 - smtpTCP connection dropped318.56 
4UDP/33438UDP packet dropped051.38 
5ICMP/13ICMP packet dropped051.38 
6TCP/15221TCP connection dropped051.38 
7ICMP/1ICMP packet dropped041.10 
8ICMP/0ICMP packet dropped041.10 
9UDP/8Smurf Amplification attack dropped041.10 
10TCP/15660TCP connection dropped030.83 

Firewall: 72.13.230.2 - Interfaces: X2 to X0 - Go to top
Top 10 sources
NoSourceBytes%Comment
1cpe-24-193-139-129.nyc.res.rr.com (24.193.139.129)342,66667.36 
2mrc45-1-82-229-110-113.fbx.proxad.net (82.229.110.113)22,7134.46 
3220.125.142.1515,8193.11 
4modemcable186.22-202-24.mc.videotron.ca (24.202.22.186)13,6492.68 
567.151.253.7710,2812.021 denials recorded on 9/29/2006 12:40:33 AM
6adsl-68-19-89-93.flo.bellsouth.net (68.19.89.93)9,5581.88 
7211.49.2.2385,8731.15 
8218.5.72.925,7381.13 
967.151.253.805,4191.07 
1062.233.193.435,3701.06 



Top 10 destinations
NoDestinationBytes%Comment
110.1.2.3508,739100.00170 denials recorded on 9/29/2006 12:10:36 AM

Top 10 sources, protocols and bytes
NoSourceProtocolConnectionsBytes%Comment
1cpe-24-193-139-129.nyc.res.rr.com (24.193.139.129)TCP/400002272,08253.48 
2cpe-24-193-139-129.nyc.res.rr.com (24.193.139.129)TCP/40032138,3967.55 
3cpe-24-193-139-129.nyc.res.rr.com (24.193.139.129)TCP/135 - ms rpc3029,3525.77 
4mrc45-1-82-229-110-113.fbx.proxad.net (82.229.110.113)SMTP0122,7134.46 
5220.125.142.15SMTP0115,8193.11 
6modemcable186.22-202-24.mc.videotron.ca (24.202.22.186)SMTP0113,6492.68 
767.151.253.77SMTP0210,2812.021 denials recorded on 9/29/2006 12:40:33 AM
8adsl-68-19-89-93.flo.bellsouth.net (68.19.89.93)SMTP019,5581.88 
9211.49.2.238SMTP015,8731.15 
10218.5.72.92SMTP015,7381.13 

Top 10 sources, destinations, protocols and bytes
NoSourceDestinationProtocolConnectionsBytes%Comment
1cpe-24-193-139-129.nyc.res.rr.com (24.193.139.129)10.1.2.3TCP/400002272,08253.48170 denials recorded on 9/29/2006 12:10:36 AM
2cpe-24-193-139-129.nyc.res.rr.com (24.193.139.129)10.1.2.3TCP/40032138,3967.55 
3cpe-24-193-139-129.nyc.res.rr.com (24.193.139.129)10.1.2.3TCP/135 - ms rpc3029,3525.77 
4mrc45-1-82-229-110-113.fbx.proxad.net (82.229.110.113)10.1.2.3SMTP0122,7134.46 
5220.125.142.1510.1.2.3SMTP0115,8193.11 
6modemcable186.22-202-24.mc.videotron.ca (24.202.22.186)10.1.2.3SMTP0113,6492.68 
767.151.253.7710.1.2.3SMTP0210,2812.021 denials recorded on 9/29/2006 12:40:33 AM
8adsl-68-19-89-93.flo.bellsouth.net (68.19.89.93)10.1.2.3SMTP019,5581.88 
9211.49.2.23810.1.2.3SMTP015,8731.15 
10218.5.72.9210.1.2.3SMTP015,7381.13 

Top 10 protocols
NoProtocolConnectionsBytes%Comment
1TCP/400002272,08253.48 
2SMTP38166,07332.64 
3TCP/40032138,3967.55 
4TCP/135 - ms rpc3029,3525.77 
5TCP/4001022,8360.56 



Top 10 denied sources
NoSourceConnectionsFirst denial%Comment
167.151.253.6029/29/2006 1:05:42 AM33.332 denials recorded on 9/29/2006 1:05:42 AM
267.151.253.77019/29/2006 12:40:33 AM16.671 denials recorded on 9/29/2006 12:40:33 AM
3200.31.26.28019/29/2006 7:03:25 AM16.671 denials recorded on 9/29/2006 7:03:25 AM
4221.145.172.240019/29/2006 10:12:36 AM16.67 
5chello062178221016.12.15.vie.surfer.at (62.178.221.16)019/29/2006 10:29:06 AM16.67 

Top 10 destinations for denied connections
NoDestinationConnectionsFirst denial%Comment
110.1.2.3069/29/2006 12:40:33 AM100.00170 denials recorded on 9/29/2006 12:10:36 AM

Top 10 denied protocols
NoDenied protocolConnectionsFirst denial%Comment
1TCP/25 - smtp069/29/2006 12:40:33 AM100.00 

Top 10 denial reasons
NoDenial reasonConnectionsFirst denial%Comment
1TCP connection dropped069/29/2006 12:40:33 AM100.00170 denials recorded on 9/29/2006 12:10:36 AM

Top 10 denied sources, destinations, protocols and reasons
NoSourceDestinationProtocolReasonConnectionsFirst denial%Comment
167.151.253.610.1.2.3TCP/25 - smtpTCP connection dropped029/29/2006 1:05:42 AM33.33170 denials recorded on 9/29/2006 12:10:36 AM
170 denials recorded on 9/29/2006 12:10:36 AM
2 denials recorded on 9/29/2006 1:05:42 AM
267.151.253.7710.1.2.3TCP/25 - smtpTCP connection dropped019/29/2006 12:40:33 AM16.671 denials recorded on 9/29/2006 12:40:33 AM
3200.31.26.2810.1.2.3TCP/25 - smtpTCP connection dropped019/29/2006 7:03:25 AM16.671 denials recorded on 9/29/2006 7:03:25 AM
4221.145.172.24010.1.2.3TCP/25 - smtpTCP connection dropped019/29/2006 10:12:36 AM16.67 
5chello062178221016.12.15.vie.surfer.at (62.178.221.16)10.1.2.3TCP/25 - smtpTCP connection dropped019/29/2006 10:29:06 AM16.67 

Top 10 denied protocols and reasons
NoProtocolReasonDenials%Comment
1TCP/25 - smtpTCP connection dropped06100.00 

Firewall: 72.13.230.2 - Interface: X2 - Go to top
Top 10 sources
NoSourceBytes%Comment
1cpe-24-193-139-129.nyc.res.rr.com (24.193.139.129)4,84543.24 
2ip-64-32-177-99.dsl.nyc.megapath.net (64.32.177.99)2,91626.02 
3ool-44c17f09.dyn.optonline.net (68.193.127.9)2,02818.10 
4mail.stempsystems.com (24.136.103.26)1,41612.64 



Top 10 destinations
NoDestinationBytes%Comment
1mail.stempsystems.com (24.136.103.26)9,78987.36 
2ip-64-32-177-99.dsl.nyc.megapath.net (64.32.177.99)1,41612.64 



Top 10 sources, protocols and bytes
NoSourceProtocolConnectionsBytes%Comment
1cpe-24-193-139-129.nyc.res.rr.com (24.193.139.129)UDP/500 - ipsec084,84543.24 
2ip-64-32-177-99.dsl.nyc.megapath.net (64.32.177.99)UDP/500 - ipsec012,91626.02 
3ool-44c17f09.dyn.optonline.net (68.193.127.9)UDP/500 - ipsec012,02818.10 
4mail.stempsystems.com (24.136.103.26)UDP/500 - ipsec021,41612.64 

Top 10 sources, destinations, protocols and bytes
NoSourceDestinationProtocolConnectionsBytes%Comment
1cpe-24-193-139-129.nyc.res.rr.com (24.193.139.129)mail.stempsystems.com (24.136.103.26)UDP/500 - ipsec084,84543.24 
2ip-64-32-177-99.dsl.nyc.megapath.net (64.32.177.99)mail.stempsystems.com (24.136.103.26)UDP/500 - ipsec012,91626.02 
3ool-44c17f09.dyn.optonline.net (68.193.127.9)mail.stempsystems.com (24.136.103.26)UDP/500 - ipsec012,02818.10 
4mail.stempsystems.com (24.136.103.26)ip-64-32-177-99.dsl.nyc.megapath.net (64.32.177.99)UDP/500 - ipsec021,41612.64 

Top 10 protocols
NoProtocolConnectionsBytes%Comment
1UDP/500 - ipsec1211,205100.00 

Top 10 denied sources
NoSourceConnectionsFirst denial%Comment
1user-0c8hbfd.cable.mindspring.com (24.136.173.237)129/29/2006 1:54:59 AM22.2212 denials recorded on 9/29/2006 1:54:59 AM
2user-0c8hg8k.cable.mindspring.com (24.136.193.20)099/29/2006 12:22:33 AM16.679 denials recorded on 9/29/2006 12:22:33 AM
3rrcs-24-136-118-145.nyc.biz.rr.com (24.136.118.145)089/29/2006 6:21:04 AM14.818 denials recorded on 9/29/2006 6:21:04 AM
4rrcs-24-136-122-130.nyc.biz.rr.com (24.136.122.130)029/29/2006 2:11:12 AM03.70 
5user-0c8hb58.cable.mindspring.com (24.136.172.168)019/29/2006 12:15:14 AM01.85 
624-176-137-179.dhcp.plbg.ny.charter.com (24.176.137.179)019/29/2006 12:17:45 AM01.85 
7rrcs-24-136-96-177.nyc.biz.rr.com (24.136.96.177)019/29/2006 12:47:08 AM01.85 
8S0106001346ac3007.vs.shawcable.net (24.83.89.155)019/29/2006 12:58:14 AM01.85 
924.85.215.114019/29/2006 1:34:40 AM01.85 
1024.85.144.184019/29/2006 2:26:40 AM01.85 

Top 10 destinations for denied connections
NoDestinationConnectionsFirst denial%Comment
1mail.stempsystems.com (24.136.103.26)549/29/2006 12:15:14 AM100.00 

Top 10 denied protocols
NoDenied protocolConnectionsFirst denial%Comment
1TCP/445 - netbios409/29/2006 12:15:14 AM74.07 
2TCP/135 - ms rpc039/29/2006 2:26:40 AM05.56 
3TCP/4899 - radmin029/29/2006 3:19:15 AM03.70 
4ICMP/0029/29/2006 3:40:38 AM03.70 
5TCP/139 - netbios019/29/2006 1:34:40 AM01.85 
6UDP/1029019/29/2006 3:51:34 AM01.85 
7TCP/1433 - ms sql019/29/2006 4:27:28 AM01.85 
8UDP/137 - netbios019/29/2006 4:52:24 AM01.85 
9TCP/9898019/29/2006 5:10:39 AM01.85 
10TCP/25 - smtp019/29/2006 6:28:38 AM01.85 



Top 10 denial reasons
NoDenial reasonConnectionsFirst denial%Comment
1TCP connection dropped509/29/2006 12:15:14 AM92.59 
2ICMP packet dropped029/29/2006 3:40:38 AM03.70 
3UDP packet dropped029/29/2006 3:51:34 AM03.70 



Top 10 denied sources, destinations, protocols and reasons
NoSourceDestinationProtocolReasonConnectionsFirst denial%Comment
1user-0c8hbfd.cable.mindspring.com (24.136.173.237)mail.stempsystems.com (24.136.103.26)TCP/445 - netbiosTCP connection dropped129/29/2006 1:54:59 AM22.2212 denials recorded on 9/29/2006 1:54:59 AM
2user-0c8hg8k.cable.mindspring.com (24.136.193.20)mail.stempsystems.com (24.136.103.26)TCP/445 - netbiosTCP connection dropped099/29/2006 12:22:33 AM16.679 denials recorded on 9/29/2006 12:22:33 AM
3rrcs-24-136-118-145.nyc.biz.rr.com (24.136.118.145)mail.stempsystems.com (24.136.103.26)TCP/445 - netbiosTCP connection dropped089/29/2006 6:21:04 AM14.818 denials recorded on 9/29/2006 6:21:04 AM
4rrcs-24-136-122-130.nyc.biz.rr.com (24.136.122.130)mail.stempsystems.com (24.136.103.26)TCP/445 - netbiosTCP connection dropped029/29/2006 2:11:12 AM3.70 
5user-0c8hb58.cable.mindspring.com (24.136.172.168)mail.stempsystems.com (24.136.103.26)TCP/445 - netbiosTCP connection dropped019/29/2006 12:15:14 AM1.85 
624-176-137-179.dhcp.plbg.ny.charter.com (24.176.137.179)mail.stempsystems.com (24.136.103.26)TCP/445 - netbiosTCP connection dropped019/29/2006 12:17:45 AM1.85 
7rrcs-24-136-96-177.nyc.biz.rr.com (24.136.96.177)mail.stempsystems.com (24.136.103.26)TCP/445 - netbiosTCP connection dropped019/29/2006 12:47:08 AM1.85 
8S0106001346ac3007.vs.shawcable.net (24.83.89.155)mail.stempsystems.com (24.136.103.26)TCP/445 - netbiosTCP connection dropped019/29/2006 12:58:14 AM1.85 
924.85.215.114mail.stempsystems.com (24.136.103.26)TCP/139 - netbiosTCP connection dropped019/29/2006 1:34:40 AM1.85 
1024.85.144.184mail.stempsystems.com (24.136.103.26)TCP/135 - ms rpcTCP connection dropped019/29/2006 2:26:40 AM1.85 

Top 10 denied protocols and reasons
NoProtocolReasonDenials%Comment
1TCP/445 - netbiosTCP connection dropped4074.07 
2TCP/135 - ms rpcTCP connection dropped035.56 
3TCP/4899 - radminTCP connection dropped023.70 
4ICMP/0ICMP packet dropped023.70 
5TCP/139 - netbiosTCP connection dropped011.85 
6UDP/1029UDP packet dropped011.85 
7TCP/1433 - ms sqlTCP connection dropped011.85 
8UDP/137 - netbiosUDP packet dropped011.85 
9TCP/9898TCP connection dropped011.85 
10TCP/25 - smtpTCP connection dropped011.85 

Firewall: 72.13.230.2 - Interfaces: X1 to - Go to top
Top 10 denied sources
NoSourceConnectionsFirst denial%Comment
1user-0ccevrl.cable.mindspring.com (24.199.127.117)039/29/2006 12:32:16 AM100.003 denials recorded on 9/29/2006 12:32:16 AM

Top 10 destinations for denied connections
NoDestinationConnectionsFirst denial%Comment
12-230-13-72.static.cosmoweb.net (72.13.230.2)039/29/2006 12:32:16 AM100.00 

Top 10 denied protocols
NoDenied protocolConnectionsFirst denial%Comment
1UDP/500 - ipsec039/29/2006 12:32:16 AM100.00 

Top 10 denial reasons
NoDenial reasonConnectionsFirst denial%Comment
1UDP packet dropped039/29/2006 12:32:16 AM100.00 

Top 10 denied sources, destinations, protocols and reasons
NoSourceDestinationProtocolReasonConnectionsFirst denial%Comment
1user-0ccevrl.cable.mindspring.com (24.199.127.117)2-230-13-72.static.cosmoweb.net (72.13.230.2)UDP/500 - ipsecUDP packet dropped039/29/2006 12:32:16 AM100.003 denials recorded on 9/29/2006 12:32:16 AM

Top 10 denied protocols and reasons
NoProtocolReasonDenials%Comment
1UDP/500 - ipsecUDP packet dropped03100.00 

Firewall: 72.13.230.2 - Interfaces: Not specified - Go to top
Top 10 warning messages
NoSourceDestinationProtocolWarningCountFirst warning%Comment
10.0.0.050-230-13-72.static.cosmoweb.net (72.13.230.50)ARPARP timeout4679/29/2006 12:00:55 AM21.68 
20.0.0.010.1.2.103ARPARP timeout1099/29/2006 12:12:27 AM5.06 
3192.168.20.4:0:X1:BGBKSVR10.1.2.8ARPICMP packet allowed729/29/2006 12:06:47 AM3.34257 denials recorded on 9/29/2006 12:00:55 AM
410.1.2.8:512:X0:stempvmpnetmon.stempsystems.local192.168.20.4ARPICMP packet from LAN allowed469/29/2006 12:40:22 AM2.14 
5172.20.3.31:0:X1:WA_BACKUPSVR10.1.2.8ARPICMP packet allowed369/29/2006 12:21:55 AM1.67 
610.24.64.1:0:X110.1.2.8ARPICMP packet allowed319/29/2006 12:08:05 AM1.44 
710.1.2.8:512:X0:STEMPVMPNETMON192.168.20.4ARPICMP packet from LAN allowed309/29/2006 12:06:47 AM1.39 
810.1.2.3:1142:X0:stempsvr3.stempsystems.localns3.megapath.net (64.7.11.2)ARPDNS packet allowed249/29/2006 12:17:02 AM1.11170 denials recorded on 9/29/2006 12:10:36 AM
910.1.2.8:512:X0:stempvmpnetmon.stempsystems.local172.20.3.31ARPICMP packet from LAN allowed229/29/2006 1:29:49 AM1.02 
1010.1.2.8:512:X0:STEMPVMPNETMON172.20.3.31ARPICMP packet from LAN allowed179/29/2006 12:08:56 AM0.79 

Other messages
NoCodeMessage sampleCountComment
1640msg="Received ISAKMP packet destined to port 500, expected on floated port 4500" n=944 src=68.39.142.55:500::pcp04208994pcs.brick101.nj.comcast.net dst=72.13.230.2:500::2-230-13-72.cosmoweb.net527 
2512msg="ARP timeout" n=5208 src=0.0.0.0 dst=10.1.2.119112 
31048576msg="VoIP 10.1.2.1 (H.323) Endpoint removed" n=46 
To assist us in improving the analyzer, please send the messages above to support@firegen.com and they will be added to the next release of Firegen.

Analysis details
Analysis start time11/15/2011 7:08:08 PM
Analysis duration2.96 minutes (177 seconds)
Analysis engine versionSonicwall parser version: 0.02
FireGen30Service.exe - FireGen scheduler service: 3.0.0.0
Filtering criteriaAll entries
Excluded keywordsNone
Glossary
!!!Indicates that a high denials:connections ration has been detected. The current configured ratio is 3. The !!! indicates that the percentage of denials for that hour is bigger than 3 x the connections percentage. This indicates some unusual denial activity that may have to be investigated. The ratio can be configured on the Report Formats interface.
Other messagesThe Other messages represents a list of message not yet configured in the Firegen parser. Please send these messages to us (support@firegen.com) and we will add them in the next Firegen update. These messages are included in the list of message types but they are not yet fully understood by the analyzer.
  • Navigation